Lennart Poettering [Tue, 12 Jun 2018 13:57:47 +0000 (15:57 +0200)]
hwdb: update from upstream
Lennart Poettering [Tue, 12 Jun 2018 13:43:59 +0000 (15:43 +0200)]
terminal-util: make file names in --cat-config output clickable links
Lennart Poettering [Tue, 12 Jun 2018 13:37:53 +0000 (15:37 +0200)]
binfmt,sysctl,sysuers,tmpfiles: add auto-paging for --cat-config commands
The output of these commands is really long, and already enriched with
color. Let's add auto-paging to make this easier to digest.
Lennart Poettering [Tue, 12 Jun 2018 13:20:05 +0000 (15:20 +0200)]
NEWS: add an example that actually applies
Lennart Poettering [Tue, 12 Jun 2018 13:19:54 +0000 (15:19 +0200)]
NEWS: the tool is called resolvconf, without the inner e
Lennart Poettering [Tue, 12 Jun 2018 13:18:50 +0000 (15:18 +0200)]
NEWS: break lines with emacs once more
Let's follow the line break rules our .dir-locals.el file defines
Lennart Poettering [Tue, 12 Jun 2018 13:18:25 +0000 (15:18 +0200)]
NEWS: some .mailmap work to clean up contributors list
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 12:09:14 +0000 (14:09 +0200)]
Merge pull request #8863 from evelikov/shell-completion-fixes
Shell completion fixes/perf improvements
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 06:52:58 +0000 (08:52 +0200)]
Merge pull request #9172 from yuwata/timesync-ntp-parser
timesync: check validity of NTP server name or address
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 06:46:07 +0000 (08:46 +0200)]
Merge pull request #9280 from yuwata/follow-ups-8849
Several follow-ups for #8849
Yu Watanabe [Wed, 13 Jun 2018 05:52:57 +0000 (14:52 +0900)]
NEWS: add more news
Zbigniew Jędrzejewski-Szmek [Wed, 13 Jun 2018 06:20:18 +0000 (08:20 +0200)]
Merge pull request #9153 from poettering/private-mounts
introduce PrivateMounts= setting and clean up documentation for MountFlags=
Lennart Poettering [Tue, 12 Jun 2018 18:50:15 +0000 (20:50 +0200)]
NEWS: announce DNS-over-TLS too
Yu Watanabe [Wed, 13 Jun 2018 05:34:26 +0000 (14:34 +0900)]
man: drop unnecessary '=' after nta
Yu Watanabe [Wed, 13 Jun 2018 05:30:51 +0000 (14:30 +0900)]
resolvectl: fix indentation
Yu Watanabe [Mon, 4 Jun 2018 13:32:45 +0000 (22:32 +0900)]
timesync: add more log messages in manager_network_read_link_servers()
Yu Watanabe [Sun, 3 Jun 2018 09:54:29 +0000 (18:54 +0900)]
timesync: check validity of NTP server name or address
Yu Watanabe [Mon, 4 Jun 2018 12:27:57 +0000 (21:27 +0900)]
conf-parser: simplify conf_parse_path()
Follow-up for
97651797e83d0548aef9f808657d3518d89e5aee.
Yu Watanabe [Wed, 13 Jun 2018 04:43:36 +0000 (13:43 +0900)]
resolve: do not complete stream transaction when it is under retrying
Yu Watanabe [Wed, 13 Jun 2018 04:20:23 +0000 (13:20 +0900)]
resolve: drop unused argument of dns_server_packet_lost()
Yu Watanabe [Wed, 13 Jun 2018 04:13:34 +0000 (13:13 +0900)]
resolve: correctly count TCP transaction failures
Fixes #9281.
Yu Watanabe [Wed, 13 Jun 2018 03:21:54 +0000 (12:21 +0900)]
resolve: fix log message
Yu Watanabe [Wed, 13 Jun 2018 02:16:26 +0000 (11:16 +0900)]
bash-completion/resolvectl: support privatedns command
Yu Watanabe [Wed, 13 Jun 2018 02:00:52 +0000 (11:00 +0900)]
resolve: reject PrivateDNS=yes
Yu Watanabe [Wed, 13 Jun 2018 01:56:02 +0000 (10:56 +0900)]
resolve: make manager_get_private_dns_mode() always return valid setting
Yu Watanabe [Wed, 13 Jun 2018 01:50:30 +0000 (10:50 +0900)]
resolve: add missing bus property and method
Follow-up for #8849.
Matthias-Christian Ott [Mon, 11 Jun 2018 18:07:36 +0000 (20:07 +0200)]
resolve: do not derive query timeout from RTT
DNS queries need timeout values to detect whether a DNS server is
unresponsive or, if the query is sent over UDP, whether a DNS message
was lost and has to be resent. The total time that it takes to answer a
query to arrive is t + RTT, where t is the maximum time that the DNS
server that is being queried needs to answer the query.
An authoritative server stores a copy of the zone that it serves in main
memory or secondary storage, so t is very small and therefore the time
that it takes to answer a query is almost entirely determined by the
RTT. Modern authoritative server software keeps its zones in main memory
and, for example, Knot DNS and NSD are able to answer in less than
100 µs [1]. So iterative resolvers continuously measure the RTT to
optimize their query timeouts and to resend queries more quickly if they
are lost.
systemd-resolved is a stub resolver: it forwards DNS queries to an
upstream resolver and waits for an answer. So the time that it takes for
systemd-resolved to answer a query is determined by the RTT and the time
that it takes the upstream resolver to answer the query.
It seems common for iterative resolver software to set a total timeout
for the query. Such total timeout subsumes the timeout of all queries
that the iterative has to make to answer a query. For example, BIND
seems to use a default timeout of 10 s.
At the moment systemd-resolved derives its query timeout entirely from
the RTT and does not consider the query timeout of the upstream
resolver. Therefore it often mistakenly degrades the feature set of its
upstream resolvers if it takes them longer than usual to answer a query.
It has been reported to be a considerable problem in practice, in
particular if DNSSEC=yes. So the query timeout systemd-resolved should
be derived from the timeout of the upstream resolved and the RTT to the
upstream resolver.
At the moment systemd-resolved measures the RTT as the time that it
takes the upstream resolver to answer a query. This clearly leads to
incorrect measurements. In order to correctly measure the RTT
systemd-resolved would have to measure RTT separately and continuously,
for example with a query with an empty question section or a query for
the SOA RR of the root zone so that the upstream resolver would be able
to answer to query without querying another server. However, this
requires significant changes to systemd-resolved. So it seems best to
postpone them until other issues have been addressed and to set the
resend timeout to a fixed value for now.
As mentioned, BIND seems to use a timeout of 10 s, so perhaps 12 s is a
reasonable value that also accounts for common RTT values. If we assume
that the we are going to retry, it could be less. So it should be enough
to set the resend timeout to DNS_TIMEOUT_MAX_USEC as
DNS_SERVER_FEATURE_RETRY_ATTEMPTS * DNS_TIMEOUT_MAX_USEC = 15 s.
However, this will not solve the incorrect feature set degradation and
should be seen as a temporary change until systemd-resolved does
probe the feature set of an upstream resolver independently from the
actual queries.
[1] https://www.knot-dns.cz/benchmark/
Lennart Poettering [Tue, 12 Jun 2018 17:37:22 +0000 (19:37 +0200)]
core: when applying io/blkio per-device rules, don't remove them if they fail
These devices might show up later, hence leave the rules as they are.
Applying the limits should not alter configuration.
Lennart Poettering [Thu, 7 Jun 2018 14:03:43 +0000 (16:03 +0200)]
tree-wide: unify how we define bit mak enums
Let's always write "1 << 0", "1 << 1" and so on, except where we need
more than 31 flag bits, where we write "UINT64(1) << 0", and so on to force
64bit values.
Lennart Poettering [Tue, 12 Jun 2018 18:45:39 +0000 (20:45 +0200)]
Merge pull request #8849 from irtimmer/feature/dns-over-tls
resolve: Support for DNS-over-TLS
Iwan Timmer [Mon, 11 Jun 2018 19:33:57 +0000 (21:33 +0200)]
man: document DNS-over-TLS options
Michael Biebl [Tue, 12 Jun 2018 14:19:21 +0000 (16:19 +0200)]
doc: more spelling fixes
Lennart Poettering [Tue, 12 Jun 2018 14:26:36 +0000 (16:26 +0200)]
update NEWS with new PrivateMounts= blurb
Lennart Poettering [Fri, 1 Jun 2018 09:24:40 +0000 (11:24 +0200)]
units: switch udev service to use PrivateMounts=yes
Given that PrivateMounts=yes is the "successor" to MountFlags=slave in
unit files, let's make use of it for udevd.
Lennart Poettering [Fri, 1 Jun 2018 09:23:51 +0000 (11:23 +0200)]
man: document the new PrivateMounts= setting
Also, extend the documentation on MountFlags= substantially, hopefully
addressing all the questions of #4393
Fixes: #4393
Lennart Poettering [Fri, 1 Jun 2018 09:10:49 +0000 (11:10 +0200)]
core: add new PrivateMounts= unit setting
This new setting is supposed to be useful in most cases where
"MountFlags=slave" is currently used, i.e. as an explicit way to run a
service in its own mount namespace and decouple propagation from all
mounts of the new mount namespace towards the host.
The effect of MountFlags=slave and PrivateMounts=yes is mostly the same,
as both cause a CLONE_NEWNS namespace to be opened, and both will result
in all mounts within it to be mounted MS_SLAVE. The difference is mostly
on the conceptual/philosophical level: configuring the propagation mode
is nothing people should have to think about, in particular as the
matter is not precisely easyto grok. Moreover, MountFlags= allows configuration
of "private" and "slave" modes which don't really make much sense to use
in real-life and are quite confusing. In particular PrivateMounts=private means
mounts made on the host stay pinned for good by the service which is
particularly nasty for removable media mount. And PrivateMounts=shared
is in most ways a NOP when used a alone...
The main technical difference between setting only MountFlags=slave or
only PrivateMounts=yes in a unit file is that the former remounts all
mounts to MS_SLAVE and leaves them there, while that latter remounts
them to MS_SHARED again right after. The latter is generally a nicer
approach, since it disables propagation, while MS_SHARED is afterwards
in effect, which is really nice as that means further namespacing down
the tree will get MS_SHARED logic by default and we unify how
applications see our mounts as we always pass them as MS_SHARED
regardless whether any mount namespacing is used or not.
The effect of PrivateMounts=yes was implied already by all the other
mount namespacing options. With this new option we add an explicit knob
for it, to request it without any other option used as well.
See: #4393
Lennart Poettering [Tue, 12 Jun 2018 14:00:37 +0000 (16:00 +0200)]
Merge pull request #9270 from mbiebl/typo-fixes
NEWS: typo fixes
Michael Biebl [Tue, 12 Jun 2018 13:49:37 +0000 (15:49 +0200)]
doc: typo fixes, mostly duplicated words
Michael Biebl [Tue, 12 Jun 2018 13:41:38 +0000 (15:41 +0200)]
NEWS: typo fixes
Lennart Poettering [Tue, 12 Jun 2018 12:58:13 +0000 (14:58 +0200)]
Merge pull request #9268 from keszybz/news
NEWS followup and a small man addition
Zbigniew Jędrzejewski-Szmek [Tue, 12 Jun 2018 12:06:47 +0000 (14:06 +0200)]
NEWS: mention "bad-setting" load state and other small additions
Zbigniew Jędrzejewski-Szmek [Tue, 12 Jun 2018 12:06:13 +0000 (14:06 +0200)]
NEWS, CODE_QUALITY: wording fixes
No additions, just moving stuff around and wording cleanups.
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 15:04:08 +0000 (17:04 +0200)]
man: mention that /var/lib/systemd/timesync/clock might have the compilation timestamp
https://bugs.freedesktop.org/show_bug.cgi?id=90085
Lennart Poettering [Tue, 12 Jun 2018 10:03:28 +0000 (12:03 +0200)]
tree-wide: drop trailing whitespace
Lennart Poettering [Tue, 12 Jun 2018 10:03:13 +0000 (12:03 +0200)]
doc: extend CODE_QUALITY.md with two more items
Lennart Poettering [Tue, 12 Jun 2018 10:02:51 +0000 (12:02 +0200)]
prepare an initial NEWS file for v239
Zbigniew Jędrzejewski-Szmek [Tue, 12 Jun 2018 10:53:37 +0000 (12:53 +0200)]
Merge pull request #9255 from poettering/block-dev-fixes
some block device handling fixes
Iwan Timmer [Fri, 4 May 2018 15:31:16 +0000 (17:31 +0200)]
resolve: make PrivateDNS configurable per link
Like with DNSSec, make PrivateDNS configurable per link, so you can have trusted and untrusted links.
Iwan Timmer [Fri, 27 Apr 2018 15:50:38 +0000 (17:50 +0200)]
resolved: support for DNS-over-TLS
Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported.
Iwan Timmer [Fri, 27 Apr 2018 11:20:31 +0000 (13:20 +0200)]
resolved: TCP fast open connections
Add suport for TCP fast open connection to reduce latency for successive DNS request over TCP
Michal Sekletar [Wed, 30 May 2018 14:27:22 +0000 (16:27 +0200)]
journal: forward messages from /dev/log unmodified to syslog.socket
Iwan Timmer [Sun, 22 Apr 2018 13:23:45 +0000 (15:23 +0200)]
resolved: longlived TCP connections
Keep DNS over TCP connection open until it's closed by the server or after a timeout.
Emil Velikov [Mon, 11 Jun 2018 10:53:08 +0000 (11:53 +0100)]
zsh-completion: systemctl: list template units only as needed
Currently the completion adds template units for commands such as
is-active, is-failed, is-enabled, status, show and others.
At the same time systemctl barfs at us, since an instanced template unit
is needed. Follow the example list from bash-completion as to which
commands should not list template units.
Note: The above is observed regardless of DefaultInstance.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Emil Velikov [Mon, 11 Jun 2018 15:35:23 +0000 (16:35 +0100)]
shell-completion: systemctl: do not list template units in {re,}start
Template units lacking DefaultInstance cannot be enabled/disabled or
started/restarted.
By adding DefaultInstance the unit can be enabled/disabled but it
still cannot be started/restarted.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Zbigniew Jędrzejewski-Szmek [Tue, 29 May 2018 10:19:09 +0000 (12:19 +0200)]
pid1: do not reset subtree_control on already-existing units with delegation
Fixes #8364.
Reproducer:
$ sudo systemd-run -t -p Delegate=yes bash
# mkdir /sys/fs/cgroup/system.slice/run-u6958.service/supervisor
# echo $$ > /sys/fs/cgroup/system.slice/run-u6958.service/supervisor/cgroup.procs
# echo +memory > /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
# cat /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
memory
# systemctl daemon-reload
# cat /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
(empty)
With patch, the last command shows 'memory'.
Emil Velikov [Thu, 7 Jun 2018 15:24:45 +0000 (16:24 +0100)]
shell-completion: systemctl: pass current word to all list_unit*
Earlier patch added the current word to the performance critical paths.
Here we add it to every place, for consistency sake.
Suggested-by: Yu Watanabe (yuwata)
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Emil Velikov [Mon, 30 Apr 2018 13:45:25 +0000 (14:45 +0100)]
zsh-completion: systemctl: tweak --state list for startable units
This effectively ports over
b1bdb6496c07fc4fcf3f0feae69b5ef89ae557d9
from the bash completion to zsh.
Modulo the new function, since it's unrelated perf. improvement.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Emil Velikov [Mon, 30 Apr 2018 12:37:51 +0000 (13:37 +0100)]
zsh-completion: systemctl: pass only $PREFIX* to list-unit*
Using a leading * and $SUFFIX produces misleading results. Let's imagine
that one mistypes nect instead of netc, they will get a rather
misleading completion like: sys-fs-fuse-connections.mount
Not to mention that the execution time is up by ~1/3.
time systemctl list-unit-files netctl* -> ~12ms
time systemctl list-unit-files *netctl* -> ~17ms
Furthermore more units are matched, leading to greater execution time
of `systemctl show' in _filter_units_by_property
Use only $PREFIX*, removing the leading * and trailing $SUFFIX*.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Emil Velikov [Mon, 30 Apr 2018 11:53:50 +0000 (12:53 +0100)]
bash-completion: systemctl: pass current partial unit to list-unit*
Pass the partial name of the unit file to list-unit-files and
list-units. This allows for faster completion, since systemctl does
not need to list all the unit files.
For reference:
- time systemctl list-unit-files -> ~200ms
- time systemctl list-unit-files netctl* -> ~15ms
- time systemctl list-units -> ~5ms
- time systemctl list-units netctl* -> ~5ms
While the list-units time itself is unaffected, now a shorter list is
produced. Thus as we pass it to `systemctl show' (via
__filter_units_by_properties) the execution time will be decreased even
further.
v2: Update list-units hunk in commit message, add quotes around $2*
v3: Remove funky indentation, quote all $cur instances
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Emil Velikov [Mon, 30 Apr 2018 11:37:29 +0000 (12:37 +0100)]
bash-completion: systemctl: use systemctl --no-pager
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Lennart Poettering [Mon, 11 Jun 2018 10:32:37 +0000 (12:32 +0200)]
tree-wide: use PATH_STARTSWITH_SET() at two more places
Lennart Poettering [Mon, 11 Jun 2018 10:22:58 +0000 (12:22 +0200)]
core: rework how we validate DeviceAllow= settings
Let's make sure we don't validate "char-*" and "block-*" expressions as
paths.
Lennart Poettering [Mon, 11 Jun 2018 10:19:01 +0000 (12:19 +0200)]
cgroup: relax checks for block device cgroup settings
This drops needless safety checks that ensure we only reference block
devices for blockio/io settings. The backing code was already able to
accept regular file system paths too, in which case the backing device
node of that file system would be used. Hence, let's drop the artificial
restrictions and open up this underlying functionality.
Lennart Poettering [Mon, 11 Jun 2018 10:17:32 +0000 (12:17 +0200)]
cgroup: beef up device lookup logic for block devices
Let's chase block devices through btrfs and LUKS like we do elsewhere.
Lennart Poettering [Mon, 11 Jun 2018 10:06:27 +0000 (12:06 +0200)]
blockdev: split out actual DM sysfs code of get_block_device_harder() into function of its own
That way we can use it in code that already acquired a dev_t from some
source.
Lennart Poettering [Mon, 11 Jun 2018 10:03:35 +0000 (12:03 +0200)]
blockdev-util: let's initialize return parameter on success
We document the rule that return values >= 0 of functions are supposed
to indicate success, and that in case of success all return parameters
should be initialized. Let's actually do so.
Just a tiny coding style fix-up.
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 11:17:43 +0000 (13:17 +0200)]
meson: also reject shifts that change the sign bit
../src/test/test-sizeof.c: In function ‘main’:
../src/test/test-sizeof.c:70:24: error: result of ‘1 << 31’ requires 33 bits to represent, but ‘int’ only has 32 bits [-Werror=shift-overflow=]
X = (1 << 31),
^~
cc1: some warnings being treated as errors
Follow-up for
b05ecb8cadd8c32d31b1aabcff4e507bd89b5465.
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 12:37:36 +0000 (14:37 +0200)]
basic/path-util: fix ordering in error message
Jun 11 14:29:12 krowka systemd[1]: /etc/systemd/system/workingdir.service:6: = path is not normalizedWorkingDirectory: /../../etc
↓
Jun 11 14:32:12 krowka systemd[1]: /etc/systemd/system/workingdir.service:6: WorkingDirectory= path is not normalized: /../../etc
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 12:37:10 +0000 (14:37 +0200)]
Merge pull request #9157 from poettering/unit-config-load-error
introduce a new "bad-setting" unit load state in order to improve "systemctl status" output when bad settings are used
Bruno Vernay [Thu, 7 Jun 2018 15:38:10 +0000 (17:38 +0200)]
Table is easier to grasp
State goes in CONFIG for users
3rd review
Lennart Poettering [Mon, 11 Jun 2018 10:58:55 +0000 (12:58 +0200)]
Merge pull request #9185 from marckleinebudde/can
networkd: add support to configure CAN devices
xginn8 [Mon, 11 Jun 2018 10:56:26 +0000 (06:56 -0400)]
Add counter for socket unit refuse events (#9217)
core: add counter for socket unit rejection events
Lennart Poettering [Fri, 1 Jun 2018 16:06:54 +0000 (18:06 +0200)]
core: add a couple of more error cases that should result in "bad-setting"
This changes a number of EINVAL cases to ENOEXEC, so that we enter
"bad-setting" state if they fail.
Lennart Poettering [Fri, 1 Jun 2018 15:55:50 +0000 (17:55 +0200)]
systemctl: load_error is a string, don't compare it with 0
Using isempty() is nicer anyway.
Lennart Poettering [Fri, 1 Jun 2018 15:46:01 +0000 (17:46 +0200)]
core: introduce a new load state "bad-setting"
Since
bb28e68477a3a39796e4999a6cbc6ac6345a9159 parsing failures of
certain unit file settings will result in load failures of units. This
introduces a new load state "bad-setting" that is entered in precisely
this case.
With this addition error messages on bad settings should be a lot more
explicit, as we don't have to show some generic "errno" error in that
case, but can explicitly say that a bad setting is at fault.
Internally this unit load state is entered as soon as any configuration
loader call returns ENOEXEC. Hence: config parser calls should return
ENOEXEC now for such essential unit file settings. Turns out, they
generally already do.
Fixes: #9107
Lennart Poettering [Fri, 1 Jun 2018 15:43:16 +0000 (17:43 +0200)]
man: don't mention "stub" and "merged" unit load states
These states should never be visible to the outside, as they are used
only internally while loading unit. Hence let's drop them from the
documentation.
Lennart Poettering [Fri, 1 Jun 2018 15:37:20 +0000 (17:37 +0200)]
core: rework manager_load_startable_unit_or_warn() on top of unit_validate_load_state()
These functions do very similar work, let's unify common code.
Lennart Poettering [Fri, 1 Jun 2018 15:32:54 +0000 (17:32 +0200)]
core: use bus_unit_validate_load_state() for generating LoadError unit bus property
The load_error is only valid in some load_state cases, lets generate
prettier messages for other cases too, by reusing the
bus_unit_validate_load_state() call which does jus that.
Clients (such as systemctl) ignored LoadError unles LoadState was
"error" before. With this change they could even show LoadError in other
cases and it would show a useful name.
Lennart Poettering [Fri, 1 Jun 2018 15:30:43 +0000 (17:30 +0200)]
core: rename (and modernize) bus_unit_check_load_state() → bus_unit_validate_load_state()
Let's use a switch() statement, cover more cases with pretty messages.
Also let's rename it to "validate", as that's more specific that
"check", as it implies checking for a "valid"/"good" state, which is
what this function does.
Lennart Poettering [Mon, 11 Jun 2018 10:52:38 +0000 (12:52 +0200)]
Merge pull request #9246 from keszybz/ellipsize-invalid-mem-ref
Fix invalid memory reference in ellipsize_mem()
Lennart Poettering [Fri, 8 Jun 2018 17:29:05 +0000 (19:29 +0200)]
resolved: rework NSEC covering tests
This makes two changes: first of all we will now explicitly check
whether a domain to test against an NSEC record is actually below the
signer's name. This is relevant for NSEC records that chain up the end
and the beginning of a zone: we shouldn't alow that NSEC record to match
against domains outside of the zone.
This also fixes how we handle NSEC checks for domains that are prefixes
of the NSEC RR domain itself, fixing #8164 which triggers this specific
case. The non-wildcard NSEC check is simplified for that, we can
directly make our between check, there's no need to find the "Next
Closer" first, as the between check should not be affected by additional
prefixes. For the wild card NSEC check we'll prepend the asterisk in
this case to the NSEC RR itself to make a correct check.
Fixes: #8164
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 07:57:05 +0000 (09:57 +0200)]
basic/format-table: remove parameter with constant value
Zbigniew Jędrzejewski-Szmek [Sat, 9 Jun 2018 11:41:44 +0000 (13:41 +0200)]
basic/ellipsize: do not assume the string is NUL-terminated when length is given
oss-fuzz flags this as:
==1==WARNING: MemorySanitizer: use-of-uninitialized-value
0. 0x7fce77519ca5 in ascii_is_valid systemd/src/basic/utf8.c:252:9
1. 0x7fce774d203c in ellipsize_mem systemd/src/basic/string-util.c:544:13
2. 0x7fce7730a299 in print_multiline systemd/src/shared/logs-show.c:244:37
3. 0x7fce772ffdf3 in output_short systemd/src/shared/logs-show.c:495:25
4. 0x7fce772f5a27 in show_journal_entry systemd/src/shared/logs-show.c:1077:15
5. 0x7fce772f66ad in show_journal systemd/src/shared/logs-show.c:1164:29
6. 0x4a2fa0 in LLVMFuzzerTestOneInput systemd/src/fuzz/fuzz-journal-remote.c:64:21
...
I didn't reproduce the issue, but this looks like an obvious error: the length
is specified, so we shouldn't use the string with any functions for normal
C-strings.
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 08:02:49 +0000 (10:02 +0200)]
meson: add fuzz regressions to list
Apparently I haven't been very good at remembering to do this.
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 07:12:21 +0000 (09:12 +0200)]
Merge pull request #9253 from yuwata/fix-timezone_is_valid
util-lib: reject too long path for timedate_is_valid()
Yu Watanabe [Mon, 11 Jun 2018 03:39:59 +0000 (12:39 +0900)]
fuzz: add testcase for issue 8827
Yu Watanabe [Mon, 11 Jun 2018 03:31:02 +0000 (12:31 +0900)]
util-lib: reject too long path for timedate_is_valid()
This should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8827.
Zbigniew Jędrzejewski-Szmek [Sat, 9 Jun 2018 11:12:52 +0000 (13:12 +0200)]
meson: do not allow bit-shift overflows
The primary motivation is to catch enum values created through a shift that is
too big:
../src/test/test-sizeof.c:26:29: error: left shift count >= width of type [-Werror=shift-count-overflow]
enum_with_shift = 1 << 32,
^~
cc1: some warnings being treated as errors
The compiler will now reject those.
This is an alternative to #9224.
Hiram van Paassen [Tue, 10 Apr 2018 15:26:20 +0000 (17:26 +0200)]
networkd-link: add support to configure CAN interfaces
This patch adds support for kind "can". Fixes: #4042.
Marc Kleine-Budde [Wed, 30 May 2018 14:31:59 +0000 (16:31 +0200)]
networkd-link: link_up_can(): move function upwards
This patch is a preparation patch, to avoid forward declarations in the
next patch.
Marc Kleine-Budde [Wed, 30 May 2018 09:47:23 +0000 (11:47 +0200)]
networkd-link: link_configure(); factor out link_configure_can() into separate function
Marc Kleine-Budde [Tue, 5 Jun 2018 14:08:29 +0000 (16:08 +0200)]
conf-parser: add config_parse_permille()
Marc Kleine-Budde [Tue, 5 Jun 2018 13:15:33 +0000 (15:15 +0200)]
parse-util: add permille parser + tests
Zbigniew Jędrzejewski-Szmek [Sat, 9 Jun 2018 11:41:24 +0000 (13:41 +0200)]
basic/utf8: add ascii_is_valid_n()
Lennart Poettering [Fri, 8 Jun 2018 18:44:01 +0000 (20:44 +0200)]
Merge pull request #9240 from poettering/ds-validate
resolved: fix DNSKEY validation by DS RR
Ivan Shapovalov [Fri, 8 Jun 2018 12:09:44 +0000 (15:09 +0300)]
mymachines: fix getgrnam()
getgrnam() was returning input gid instead of the mapped one. Fix that.
Susant Sahani [Fri, 8 Jun 2018 12:32:21 +0000 (18:02 +0530)]
networkd: tunnel ignore wrong conf rather than assert
Closes #9234
Zbigniew Jędrzejewski-Szmek [Fri, 8 Jun 2018 14:05:18 +0000 (16:05 +0200)]
resolved: fix typo in macro name
Filipe Brandenburger [Wed, 6 Jun 2018 16:43:37 +0000 (09:43 -0700)]
analyze: use _cleanup_ for struct unit_times
This introduces a has_data boolean field in struct unit_files which can
be used to detect the end of the array.
Use a _cleanup_ for struct unit_files in acquire_time_data and its
callers. Code for acquire_time_data is also simplified by replacing
goto's with straight returns.
Tested: By running the commands below, also checking them under valgrind.
- build/systemd-analyze blame
- build/systemd-analyze critical-chain
- build/systemd-analyze plot
Fixes: Coverity finding CID 996464.
Lennart Poettering [Fri, 8 Jun 2018 13:41:37 +0000 (15:41 +0200)]
resolved: use Oxford comma at once place
As suggested by @keszybz in https://github.com/systemd/systemd/pull/9235#pullrequestreview-
127150950