platform/upstream/systemd.git
9 years agoNEWS: fix typos
Kay Sievers [Mon, 27 Jul 2015 16:20:54 +0000 (18:20 +0200)]
NEWS: fix typos

9 years agoMerge pull request #738 from poettering/machined-caps
Daniel Mack [Mon, 27 Jul 2015 16:18:16 +0000 (18:18 +0200)]
Merge pull request #738 from poettering/machined-caps

units: add more caps to machined

9 years agoNEWS: add entries for v223
David Herrmann [Mon, 27 Jul 2015 16:13:37 +0000 (18:13 +0200)]
NEWS: add entries for v223

New features and API changes for v223. Please review carefully and amend!

9 years agounits: add more caps to machined
Lennart Poettering [Mon, 27 Jul 2015 15:45:45 +0000 (17:45 +0200)]
units: add more caps to machined

Otherwise copying full directory trees between container and host won't
work, as we cannot access some fiels and cannot adjust the ownership
properly on the destination.

Of course, adding these many caps to the daemon kinda defeats the
purpose of the caps lock-down... but well...

Fixes #433

9 years agobus-proxy: augment debug message for dropped broadcasts a bit
Daniel Mack [Mon, 27 Jul 2015 13:41:53 +0000 (15:41 +0200)]
bus-proxy: augment debug message for dropped broadcasts a bit

Add the PID we are proxying for, as well as the message's sender and
destination string, to the debug message that is printed when the proxy
drops unmatched broadcasts.

9 years agonetworkd-wait-online: fix -i argument
Martin Pitt [Sun, 26 Jul 2015 13:37:42 +0000 (15:37 +0200)]
networkd-wait-online: fix -i argument

-i (aka --interface) takes an argument. Tell getopt_long() that, so that optarg
isn't NULL.

9 years agoMerge pull request #716 from michaelolbrich/automount-fixes
Kay Sievers [Sun, 26 Jul 2015 11:56:50 +0000 (13:56 +0200)]
Merge pull request #716 from michaelolbrich/automount-fixes

Automount fixes

9 years agoMerge pull request #724 from dbuch/master
Kay Sievers [Sun, 26 Jul 2015 09:43:13 +0000 (11:43 +0200)]
Merge pull request #724 from dbuch/master

proxyd: downgrade to log_debug() for unmatched broadcasts

9 years agosystemd-boot: fix whitespace
Kay Sievers [Sat, 25 Jul 2015 22:38:01 +0000 (00:38 +0200)]
systemd-boot: fix whitespace

9 years agoMerge pull request #634 from icarlosvenegas/sd-boot-show-efi-cmdline_v2
Kay Sievers [Sat, 25 Jul 2015 22:35:23 +0000 (00:35 +0200)]
Merge pull request #634 from icarlosvenegas/sd-boot-show-efi-cmdline_v2

sd-boot: Show stub cmdline when edit (v2)

9 years agoMerge pull request #727 from phomes/master
Tom Gundersen [Sat, 25 Jul 2015 21:27:44 +0000 (23:27 +0200)]
Merge pull request #727 from phomes/master

man: typo fixes

9 years agoMerge pull request #725 from keszybz/network-file-masking
Tom Gundersen [Sat, 25 Jul 2015 21:25:30 +0000 (23:25 +0200)]
Merge pull request #725 from keszybz/network-file-masking

man: describe masking of .network files better

9 years agoman: typo fixes
Thomas Hindoe Paaboel Andersen [Sat, 25 Jul 2015 21:15:05 +0000 (23:15 +0200)]
man: typo fixes

9 years agoman: describe masking of .network files better
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 17:03:44 +0000 (13:03 -0400)]
man: describe masking of .network files better

This should clear up some confusion in
https://github.com/systemd/systemd/issues/717.

This basically copies the description from systemd.unit to this
man page. Masking can happen also in /run, so strike the part
about /etc, and also add the magic work "mask".

9 years agoproxyd: downgrade to log_debug() for unmatched broadcasts
Daniel Buch [Sat, 25 Jul 2015 12:12:39 +0000 (14:12 +0200)]
proxyd: downgrade to log_debug() for unmatched broadcasts

9 years agoMerge pull request #722 from keszybz/networkd-clarifications
Daniel Mack [Sat, 25 Jul 2015 08:48:43 +0000 (10:48 +0200)]
Merge pull request #722 from keszybz/networkd-clarifications

Networkd clarifications

9 years agonetworkd: rename RootBlock to AllowPortToBeRoot
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 03:12:20 +0000 (23:12 -0400)]
networkd: rename RootBlock to AllowPortToBeRoot

Justification is similar to BPDUGuard rename. "Positive" values
are easier. This is a rather uncommon option, so using a slightly
longer name should not be a problem, and may in fact may make it
easier to guess what the option does without reading the
documentation.

9 years agonetworkd: turn UnicastFlood on by default
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 03:04:57 +0000 (23:04 -0400)]
networkd: turn UnicastFlood on by default

Looking at the kernel commit, "on" seems to be the default value:
commit 867a59436fc35593ae0e0efcd56cc6d2f8506586
Author: Vlad Yasevich <vyasevic@redhat.com>
Date:   Wed Jun 5 10:08:01 2013 -0400

    bridge: Add a flag to control unicast packet flood.

    Add a flag to control flood of unicast traffic.  By default, flood is
    on and the bridge will flood unicast traffic if it doesn't know
    the destination.  When the flag is turned off, unicast traffic
    without an FDB will not be forwarded to the specified port.

... and it seems to be the reasonable thing to do by default.

9 years agonetworkd: rename BPDUGuard to UseBPDU
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 02:52:26 +0000 (22:52 -0400)]
networkd: rename BPDUGuard to UseBPDU

Rename to follow the follow the style of other options.

In general "positive" options are preferred to "negative" ones,
because they are easier to describe and easier for humans to
parse (c.f. the shortening on the man page entry).

9 years agoman: reword new Bridge descriptions
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 02:37:04 +0000 (22:37 -0400)]
man: reword new Bridge descriptions

9 years agonetwork: rename DiffServiceCodePoint to CopyDSCP
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 02:26:00 +0000 (22:26 -0400)]
network: rename DiffServiceCodePoint to CopyDSCP

Old name was slightly misleading, because this flag does not determine
whether DSCP is used overall, but only if it is copied to the
decapsulated packet. Rename to better reflect that.

"Copy" does not imply direction. This is on purpose, because we might
later on enhance the setting to allow/disallow copying in the other
direction, to the encapsulated packet. If that is implemented,
CopyDSCP could understand additional values. This is nicer than
having two separate settings and follows the example of DHCP=.

Also, we try to avoid abbreviations, but we allow acronyms
like MTU, in DiscoverPathMTU=.

This setting was recently added, so it's fine to rename it without
backwards compat.

9 years agoman: try to better describe DiffServiceCodePoint= setting
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 01:57:32 +0000 (21:57 -0400)]
man: try to better describe DiffServiceCodePoint= setting

http://marc.info/?l=linux-netdev&m=109507453227993&w=2

9 years agonetlink-types: use consistent whitespace at EOL
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 01:41:35 +0000 (21:41 -0400)]
netlink-types: use consistent whitespace at EOL

Follow up for v222-124-g79e27dbcb1.

9 years agoman: reword description of Hostname=
Zbigniew Jędrzejewski-Szmek [Sat, 25 Jul 2015 01:38:24 +0000 (21:38 -0400)]
man: reword description of Hostname=

Also add dots at the end of sentences.

9 years agobootctl: add missing newline
Kay Sievers [Sat, 25 Jul 2015 01:26:32 +0000 (03:26 +0200)]
bootctl: add missing newline

9 years agoMerge pull request #718 from phomes/master
Daniel Mack [Sat, 25 Jul 2015 00:08:00 +0000 (02:08 +0200)]
Merge pull request #718 from phomes/master

ata_id: remove unused union member

9 years agoata_id: remove unused union member
Thomas Hindoe Paaboel Andersen [Fri, 24 Jul 2015 20:32:33 +0000 (22:32 +0200)]
ata_id: remove unused union member

The last use of octa was removed in 01f61d331bb5038f0c877ac03c54333328b6ea28

9 years agoautomount: handle state changes of the corresponding mount unit correctly
Michael Olbrich [Fri, 24 Jul 2015 20:25:28 +0000 (22:25 +0200)]
automount: handle state changes of the corresponding mount unit correctly

The expire timeout must be started/stopped if the corresponding mount unit
changes its state, e.g. it is started via local-fs.target or stopped by a
manual umount.

9 years agoautomount: don't try to umount if it already happened
Michael Olbrich [Fri, 24 Jul 2015 20:21:59 +0000 (22:21 +0200)]
automount: don't try to umount if it already happened

Return the token immediately instead. Otherwise the token is never returned
to the kernel, because the umount job is a noop and will not trigger a
state change.

9 years agoresolved: fix DNS_TYPE_ANY vs DNS_CLASS_ANY confusion
Daniel Mack [Wed, 15 Jul 2015 18:37:42 +0000 (14:37 -0400)]
resolved: fix DNS_TYPE_ANY vs DNS_CLASS_ANY confusion

Assigning a TPYE enum value to a class variable is certainly wrong.
However, they both have the same value, so the result was correct
nevertheless.

9 years agoMerge pull request #704 from richardmaw-codethink/empty-arg-unquote
Daniel Mack [Fri, 24 Jul 2015 17:49:29 +0000 (19:49 +0200)]
Merge pull request #704 from richardmaw-codethink/empty-arg-unquote

unquote_first_word: parse ` '' ` as an empty argument instead of no arg

9 years agoMerge pull request #714 from zonque/automount
Tom Gundersen [Fri, 24 Jul 2015 17:15:54 +0000 (19:15 +0200)]
Merge pull request #714 from zonque/automount

automount: do not start expiration timer for TimeoutIdleSec=0

9 years agoautomount: do not start expiration timer for TimeoutIdleSec=0
Daniel Mack [Fri, 24 Jul 2015 15:40:55 +0000 (17:40 +0200)]
automount: do not start expiration timer for TimeoutIdleSec=0

The timer value for automount unit specified with TimeoutIdleSec= is rounded
up to one second if that directive is set to 0.

Fix this by bailing early in automount_enter_runnning() in case no timeout is
requested.

9 years agoMerge pull request #713 from daurnimator/577-sd_bus-vtable-methods-do-not-have-offset
Lennart Poettering [Fri, 24 Jul 2015 15:10:02 +0000 (17:10 +0200)]
Merge pull request #713 from daurnimator/577-sd_bus-vtable-methods-do-not-have-offset

sd-bus: remove _VTABLE from new method vtable initialiser

9 years agosd-bus: remove _VTABLE from new method vtable initialiser
daurnimator [Fri, 24 Jul 2015 12:59:19 +0000 (22:59 +1000)]
sd-bus: remove _VTABLE from new method vtable initialiser

9 years agoMerge pull request #712 from daurnimator/577-sd_bus-vtable-methods-do-not-have-offset
Lennart Poettering [Fri, 24 Jul 2015 12:53:21 +0000 (14:53 +0200)]
Merge pull request #712 from daurnimator/577-sd_bus-vtable-methods-do-not-have-offset

sd-bus: Add offset member for vtable methods

9 years agosd-bus: add 'offset' member for vtable methods
daurnimator [Fri, 24 Jul 2015 12:22:54 +0000 (22:22 +1000)]
sd-bus: add 'offset' member for vtable methods

Defaults to zero, which retains the current behaviour.
Fixes #577

9 years agoMerge pull request #711 from zonque/const
Daniel Mack [Fri, 24 Jul 2015 12:01:10 +0000 (14:01 +0200)]
Merge pull request #711 from zonque/const

tree-wide: do not use _cleanup_free_ on const pointers

9 years agotree-wide: do not use _cleanup_free_ on const pointers
Daniel Mack [Fri, 24 Jul 2015 11:49:11 +0000 (13:49 +0200)]
tree-wide: do not use _cleanup_free_ on const pointers

free() cannot be used with const pointers. However, our _cleanup_free_
handler features cast logic that hides that qualifier, so we don't get a
warning.

9 years agosd-bus: don't treat KDBUS_ITEM_TIMESTAMP as unknown item
David Herrmann [Fri, 24 Jul 2015 10:37:12 +0000 (12:37 +0200)]
sd-bus: don't treat KDBUS_ITEM_TIMESTAMP as unknown item

In bus_kernel_translate_message(), we print a DEBUG message on unknown
items. But right now, we also print this message for KDBUS_ITEM_TIMESTAMP
despite parsing it properly. Fix this!

9 years agoMerge pull request #606 from dvdhrm/bus-proxy-pedantic-matches2
Daniel Mack [Fri, 24 Jul 2015 10:50:56 +0000 (12:50 +0200)]
Merge pull request #606 from dvdhrm/bus-proxy-pedantic-matches2

bus-proxy: never pass on unmatched broadcasts (v2)

9 years agoMerge pull request #695 from poettering/journal-fixes
Daniel Mack [Fri, 24 Jul 2015 10:04:30 +0000 (12:04 +0200)]
Merge pull request #695 from poettering/journal-fixes

Journal fixes

9 years agoMerge pull request #702 from ldzhong/fix
Daniel Mack [Fri, 24 Jul 2015 09:59:30 +0000 (11:59 +0200)]
Merge pull request #702 from ldzhong/fix

udev: fix parameter process

9 years agounquote_first_word: parse ` '' ` as an empty argument instead of no argument
Richard Maw [Fri, 24 Jul 2015 09:29:46 +0000 (09:29 +0000)]
unquote_first_word: parse ` '' ` as an empty argument instead of no argument

9 years agoudev: fix parameter process
Lidong Zhong [Fri, 24 Jul 2015 08:37:17 +0000 (16:37 +0800)]
udev: fix parameter process

9 years agoMerge pull request #699 from ysbnim/master
Daniel Mack [Fri, 24 Jul 2015 08:20:40 +0000 (10:20 +0200)]
Merge pull request #699 from ysbnim/master

exit-status: add missing string for EXIT_SMACK_PROCESS_LABEL

9 years agoMerge pull request #696 from poettering/automount-expiry-freq
Daniel Mack [Fri, 24 Jul 2015 08:09:06 +0000 (10:09 +0200)]
Merge pull request #696 from poettering/automount-expiry-freq

automount: lower the idle polling frequency a bit

9 years agoMerge pull request #697 from poettering/service-bus-name
Daniel Mack [Fri, 24 Jul 2015 08:08:44 +0000 (10:08 +0200)]
Merge pull request #697 from poettering/service-bus-name

core: print a nicer warning when two units have the same BusName= set…

9 years agoexit-status: add a missing string for EXIT_SMACK_PROCESS_LABEL
Sungbae Yoo [Thu, 23 Jul 2015 05:17:03 +0000 (14:17 +0900)]
exit-status: add a missing string for EXIT_SMACK_PROCESS_LABEL

9 years agocore: print a nicer warning when two units have the same BusName= setting
Lennart Poettering [Fri, 24 Jul 2015 01:50:36 +0000 (03:50 +0200)]
core: print a nicer warning when two units have the same BusName= setting

This should make issues like #609 easier to debug.

9 years agoautomount: lower the idle polling frequency a bit
Lennart Poettering [Fri, 24 Jul 2015 01:13:57 +0000 (03:13 +0200)]
automount: lower the idle polling frequency a bit

The autofs kernel idle logic requires us to poll the kernel for
idleness. This is of course suboptimal, but cannot be fixed without
kernel change.

Currently the polling frequency is set to 1/10 of the idle timeout. This
is quite high, as seen in #571. Let's lower this to 1/3.

9 years agojournal: uppercase first character in verify error messages
Lennart Poettering [Fri, 24 Jul 2015 00:18:13 +0000 (02:18 +0200)]
journal: uppercase first character in verify error messages

In the english language the first character of a sentence is supposed to
be uppercase. Let's make sure this also applies to the journal
verification error messages.

9 years agojournalctl: properly detect empty journal files
Lennart Poettering [Fri, 24 Jul 2015 00:10:32 +0000 (02:10 +0200)]
journalctl: properly detect empty journal files

When we encounter a journal file with exactly zero entries, print a nice
message and exit, and don't print a weird error message.

9 years agojournal: explain the error when we find a non-DATA object that is compressed
Lennart Poettering [Fri, 24 Jul 2015 00:02:07 +0000 (02:02 +0200)]
journal: explain the error when we find a non-DATA object that is compressed

Only objects of type DATA may be compressed, generate a message about
that, like we do for all other errros.

9 years agojournal: when verifying journal files, handle empty ones nicely
Lennart Poettering [Fri, 24 Jul 2015 00:00:43 +0000 (02:00 +0200)]
journal: when verifying journal files, handle empty ones nicely

A journal file that carries no objects should be considered valid.

9 years agojournal: avoid mapping empty data and field hash tables
Lennart Poettering [Thu, 23 Jul 2015 23:55:45 +0000 (01:55 +0200)]
journal: avoid mapping empty data and field hash tables

When a new journal file is created we write the header first, then sync
and only then create the data and field hash tables in them. That means
to other processes it might appear that the files have a valid header
but not data and field hash tables. Our reader code should be able to
deal with this.

With this change we'll not map the two hash tables right-away after
opening a file for reading anymore (because that will of course fail if
the objects are missing), but delay this until the first time we access
them. On top of that, when we want to look something up in the hash
tables and we notice they aren't initialized yet, we consider them
empty.

This improves handling of some journal files reported in #487.

9 years agojournal-verify: don't hit SIGFPE when determining progress
Lennart Poettering [Thu, 23 Jul 2015 23:40:44 +0000 (01:40 +0200)]
journal-verify: don't hit SIGFPE when determining progress

If we determine the progress based on a number of objects available,
don't blindly devide by the number of objects, given that it might be 0.

9 years agoMerge pull request #539 from poettering/tmpfiles-journal-acl
Daniel Mack [Thu, 23 Jul 2015 22:22:56 +0000 (00:22 +0200)]
Merge pull request #539 from poettering/tmpfiles-journal-acl

tmpfiles: don't recursively descend into journal directories in /var

9 years agoMerge pull request #694 from poettering/fileio-fixes
Daniel Mack [Thu, 23 Jul 2015 22:04:49 +0000 (00:04 +0200)]
Merge pull request #694 from poettering/fileio-fixes

Fileio fixes

9 years agoprocess: an empty environment block should be returned as such
Lennart Poettering [Thu, 23 Jul 2015 21:47:54 +0000 (23:47 +0200)]
process: an empty environment block should be returned as such

An empty env block is completely valid, hence return it as such, and
don't turn it into an error.

9 years agoprocess: return ESRCH when a PID is not valid anymore
Lennart Poettering [Thu, 23 Jul 2015 21:44:40 +0000 (23:44 +0200)]
process: return ESRCH when a PID is not valid anymore

so far, when we read something from /proc/$PID we would pass on the
ENOENT from the kernel as error, if the process was missing. With this
change we systematically convert this to ESRCH, which is the more
appropriate error code, and what all the other glibc/syscalls like
kill() use.

All code that calls these functions should be fine with this change. In
fact, one invocation of get_process_exe() in bus-creds.c already assumed
ESRCH would be returned if a process is missing, and this assumption is
now validated after the change.

9 years agofileio: get_status_field() don't clobber arg on OOM
Lennart Poettering [Thu, 23 Jul 2015 21:36:34 +0000 (23:36 +0200)]
fileio: get_status_field() don't clobber arg on OOM

According to our coding style guidelines we shouldn't clobber
pass-by-ref arguments on failure, hence don't do so here either.

9 years agoMerge pull request #692 from poettering/fd-copy-directory-all
Daniel Mack [Thu, 23 Jul 2015 21:20:18 +0000 (23:20 +0200)]
Merge pull request #692 from poettering/fd-copy-directory-all

copy: when we recursively copy a directory tree, copy everything

9 years agocopy: when we recursively copy a directory tree, copy everything
Lennart Poettering [Thu, 23 Jul 2015 19:41:22 +0000 (21:41 +0200)]
copy: when we recursively copy a directory tree, copy everything

Don't ignore hidden files and directories.

Fixes #386

9 years agoMerge pull request #683 from ssahani/tun1
Tom Gundersen [Thu, 23 Jul 2015 20:46:07 +0000 (22:46 +0200)]
Merge pull request #683 from ssahani/tun1

networkd: ip6gre add support for flowlabel

9 years agoMerge pull request #670 from floppym/ptsuid
Lennart Poettering [Thu, 23 Jul 2015 19:56:09 +0000 (21:56 +0200)]
Merge pull request #670 from floppym/ptsuid

nspawn: Don't pass uid mount option for devpts

9 years agoMerge pull request #678 from eworm-de/oracle-kvm
Lennart Poettering [Thu, 23 Jul 2015 19:38:01 +0000 (21:38 +0200)]
Merge pull request #678 from eworm-de/oracle-kvm

Oracle kvm

9 years agoMerge pull request #691 from teg/networkd-after-sysctl
Daniel Mack [Thu, 23 Jul 2015 19:23:49 +0000 (21:23 +0200)]
Merge pull request #691 from teg/networkd-after-sysctl

units: order networkd after sysctl

9 years agovirt: handle Virtualbox 5.0 with kvm hypervisor
Christian Hesse [Thu, 23 Jul 2015 19:18:36 +0000 (21:18 +0200)]
virt: handle Virtualbox 5.0 with kvm hypervisor

Virtualbox 5.0 now supports kvm hypervisor. In this case cpuid
identidies as "kvm", which breaks units depending on
ConditionVirtualization=oracle.
So return "oracle" even with kvm hypervisor.

9 years agoMerge pull request #682 from ssahani/bridge
Lennart Poettering [Thu, 23 Jul 2015 19:07:57 +0000 (21:07 +0200)]
Merge pull request #682 from ssahani/bridge

networkd: add bridge link properties

9 years agounits: order networkd after sysctl
Tom Gundersen [Thu, 23 Jul 2015 18:58:33 +0000 (20:58 +0200)]
units: order networkd after sysctl

This way networkd will correctly and race-freely inherit the default settings
applied by sysctl.

Suggested in issue #468.

9 years agoman: add man for bridge params
Susant Sahani [Thu, 23 Jul 2015 18:03:40 +0000 (23:33 +0530)]
man: add man for bridge params

9 years agonetworkd: add bridge link properties
Susant Sahani [Thu, 23 Jul 2015 18:01:58 +0000 (23:31 +0530)]
networkd: add bridge link properties

new bridge properties

br.network

[Match]
Name=enp0s25

[Network]
Bridge=br-test

[Bridge]
Cost=332
BPDUGuard = true
HairPin = true
FastLeave = true
RootBlock = true
UnicastFlood = true

9 years agoMerge pull request #604 from heftig/master
Lennart Poettering [Thu, 23 Jul 2015 17:02:34 +0000 (19:02 +0200)]
Merge pull request #604 from heftig/master

build-sys: Use slim LTO objects if possible

9 years agoMerge pull request #690 from teg/resolved-fixes-2
Lennart Poettering [Thu, 23 Jul 2015 16:48:25 +0000 (18:48 +0200)]
Merge pull request #690 from teg/resolved-fixes-2

resolved: assorted fixes v2

9 years agoresolve: transaction - stop processing packet when found to be invalid
Tom Gundersen [Sun, 19 Jul 2015 19:42:52 +0000 (21:42 +0200)]
resolve: transaction - stop processing packet when found to be invalid

We were stopping the transaction, but we need to stop processing the packet alltogether.

9 years agoresolved: packet - fix segfault in truncate()
Tom Gundersen [Fri, 17 Jul 2015 21:42:18 +0000 (23:42 +0200)]
resolved: packet - fix segfault in truncate()

A size_t was being accessed as a char* due to the order of arguments being inverted.

9 years agoresolved: rr - ignore pseudo types in NSEC(3) bitmaps
Tom Gundersen [Thu, 23 Jul 2015 11:48:56 +0000 (13:48 +0200)]
resolved: rr - ignore pseudo types in NSEC(3) bitmaps

9 years agoresolved: rr - fix parsing of NSEC3
Tom Gundersen [Thu, 23 Jul 2015 11:28:09 +0000 (13:28 +0200)]
resolved: rr - fix parsing of NSEC3

We were appending rather than reading the bitmap.

9 years agoresolved: rr - don't read past end of RR when parsing NSEC(3)
Tom Gundersen [Thu, 23 Jul 2015 11:13:43 +0000 (13:13 +0200)]
resolved: rr - don't read past end of RR when parsing NSEC(3)

We can never read past the end of the packet, so this seems impossible
to exploit, but let's error out early as reading past the end of the
current RR is clearly an error.

Found by Lennart, based on patch by Daniel.

9 years agoresolved: rr - SSHFP contains the fingerprint, not the key
Tom Gundersen [Thu, 23 Jul 2015 11:09:35 +0000 (13:09 +0200)]
resolved: rr - SSHFP contains the fingerprint, not the key

Rename the field to make this clearer.

9 years agoresolved: packet - fail on invalid zero-length data
Tom Gundersen [Thu, 23 Jul 2015 10:57:58 +0000 (12:57 +0200)]
resolved: packet - fail on invalid zero-length data

Most blobs (keys, signatures, ...) should have a specific size given by
the relevant algorithm. However, as we don't use/verify the algorithms
yet, let's just ensure that we don't read out zero-length data in cases
where this does not make sense.

The only exceptions, where zero-length data is allowed are in the NSEC3
salt field, and the generic data (which we don't know anything about,
so  better not make any assumptions).

9 years agoMerge pull request #687 from poettering/bitmap-fixes
Daniel Mack [Thu, 23 Jul 2015 14:13:51 +0000 (16:13 +0200)]
Merge pull request #687 from poettering/bitmap-fixes

bitmap: various clean-ups

9 years agobitmap: various clean-ups
Lennart Poettering [Thu, 23 Jul 2015 13:57:54 +0000 (15:57 +0200)]
bitmap: various clean-ups

a) use memcmp() to compare bitmaps efficiently

b) use UINT64_C() macro instead of ULL suffixes to get right suffix for
   uint64_t constants

c) add a few assert()s

d) when comparing integers with 0 we generally try to make this explicit
   with "!= 0".

e) remove redundant bitmap_isset() if check, as we don't have it in
   bitmap_isset() either.

f) It should be fine to invoke bitmap_unset() on a NULL bitmap

9 years agoMerge pull request #669 from poettering/dns-rr-memdup
Tom Gundersen [Thu, 23 Jul 2015 10:34:34 +0000 (12:34 +0200)]
Merge pull request #669 from poettering/dns-rr-memdup

resolve: unify memdup() code when parsing RRs

9 years agonetworkd: ip6gre add support for flowlabel
Susant Sahani [Thu, 23 Jul 2015 05:44:08 +0000 (11:14 +0530)]
networkd: ip6gre add support for flowlabel

9 years agosd-netlink: add bridge NL params
Susant Sahani [Thu, 23 Jul 2015 09:09:43 +0000 (09:09 +0000)]
sd-netlink: add bridge NL params

9 years agoAdd bridge NL params to missing.h
Susant Sahani [Thu, 23 Jul 2015 09:09:11 +0000 (09:09 +0000)]
Add bridge NL params to missing.h

9 years agoMerge pull request #677 from zonque/bitmap2
Tom Gundersen [Thu, 23 Jul 2015 09:35:55 +0000 (11:35 +0200)]
Merge pull request #677 from zonque/bitmap2

basic: bitmap: use uint64_t instead if long long unsigned

9 years agoMerge pull request #674 from ssahani/tunnel
Daniel Mack [Thu, 23 Jul 2015 09:00:15 +0000 (11:00 +0200)]
Merge pull request #674 from ssahani/tunnel

ip6 tunnel: add support for DSCP

9 years agoman: add man for DSCP
Susant Sahani [Thu, 23 Jul 2015 08:08:26 +0000 (13:38 +0530)]
man: add man for DSCP

9 years agoMerge pull request #537 from poettering/nss-mymachines-userns
David Herrmann [Thu, 23 Jul 2015 07:53:47 +0000 (09:53 +0200)]
Merge pull request #537 from poettering/nss-mymachines-userns

Hook up container userns with nss-mymachines

9 years agoMerge pull request #663 from poettering/tmpfiles-chattr-enotty
Daniel Mack [Thu, 23 Jul 2015 07:12:43 +0000 (09:12 +0200)]
Merge pull request #663 from poettering/tmpfiles-chattr-enotty

tmpfiles: downgrade errors when a file system does not support file a…

9 years agoMerge pull request #673 from poettering/dns-packet-append-type-window
Daniel Mack [Thu, 23 Jul 2015 06:53:36 +0000 (08:53 +0200)]
Merge pull request #673 from poettering/dns-packet-append-type-window

resolved: make sure we alway initialize *start in dns_packet_append_t…

9 years agobasic: bitmap: use uint64_t instead if long long unsigned
Daniel Mack [Thu, 23 Jul 2015 06:44:59 +0000 (08:44 +0200)]
basic: bitmap: use uint64_t instead if long long unsigned

long long unsigned is always 64 bit wide, so use a more readable type.

9 years agoMerge pull request #672 from poettering/bitmap-isclear
Daniel Mack [Thu, 23 Jul 2015 06:49:14 +0000 (08:49 +0200)]
Merge pull request #672 from poettering/bitmap-isclear

bitmap: bitmap_clear()

9 years agonetworkd: ip6 tunnel add DSCP
Susant Sahani [Thu, 23 Jul 2015 04:22:24 +0000 (09:52 +0530)]
networkd: ip6 tunnel add DSCP

This patch adds support for setting the
DSCP field in the ip6 tunnel.

when set it inherits DSCP field between inner and outer header.

9 years agoresolved: make sure we alway initialize *start in dns_packet_append_type_window()
Lennart Poettering [Thu, 23 Jul 2015 02:54:35 +0000 (04:54 +0200)]
resolved: make sure we alway initialize *start in dns_packet_append_type_window()

9 years agobitmap: bitmap_clear()
Lennart Poettering [Thu, 23 Jul 2015 02:51:57 +0000 (04:51 +0200)]
bitmap: bitmap_clear()

No need to actually reset the bitmap, we can just truncate it back zero
size. That not only makes bitmap_clear() quicker, but also subsequent
bitmap_isclear().

9 years agoresolve: unify memdup() code when parsing RRs
Lennart Poettering [Thu, 23 Jul 2015 02:04:19 +0000 (04:04 +0200)]
resolve: unify memdup() code when parsing RRs

Let's make dns_packet_read_public_key() more generic by renaming it to
dns_packet_read_memdup() (which more accurately describes what it
does...). Then, patch all cases where we memdup() RR data to use this
new call.

This specifically checks for zero-length objects, and handles them
gracefully. It will set zero length payload fields as a result.

Special care should be taken to ensure that any code using this call
can handle the returned allocated field to be NULL if the size is
specified as 0!