summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* tests: add a reproducer for another infinite loop in ndisc_handle_datagramEvgeny Vereshchagin2019-05-032-0/+1
| | | | | | (cherry picked from commit bbb393877b2cfcbe2f205c902ca7d9f7ce91f1a1) Resolves: #1696224
* tests: add a reproducer for an infinite loop in ndisc_handle_datagramEvgeny Vereshchagin2019-05-032-0/+1
| | | | | | | | | | | | | | | =0 ndisc_router_parse (rt=0x60d000000110) at ../src/libsystemd-network/ndisc-router.c:126 =1 0x000055555558dc67 in ndisc_handle_datagram (nd=0x608000000020, rt=0x60d000000110) at ../src/libsystemd-network/sd-ndisc.c:170 =2 0x000055555558e65d in ndisc_recv (s=0x611000000040, fd=4, revents=1, userdata=0x608000000020) at ../src/libsystemd-network/sd-ndisc.c:233 =3 0x00007ffff63913a8 in source_dispatch (s=0x611000000040) at ../src/libsystemd/sd-event/sd-event.c:3042 =4 0x00007ffff6395eab in sd_event_dispatch (e=0x617000000080) at ../src/libsystemd/sd-event/sd-event.c:3455 =5 0x00007ffff6396b12 in sd_event_run (e=0x617000000080, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:3512 =6 0x0000555555583f5c in LLVMFuzzerTestOneInput (data=0x6060000000e0 "\206", size=53) at ../src/fuzz/fuzz-ndisc-rs.c:422 =7 0x0000555555586356 in main (argc=2, argv=0x7fffffffe3d8) at ../src/fuzz/fuzz-main.c:33 (cherry picked from commit df30e78e02f653c9e6ee6677b7ccaea21d3dcd7d) Resolves: #1696224
* tests: add reproducers for several issues uncovered with fuzz-journald-syslogEvgeny Vereshchagin2019-05-035-0/+8
| | | | | | | | This is a follow-up to a70f343cacf03ac51cdefb0d2e. (cherry picked from commit 3311c74d0560e4aa6a223f5e288a5fbf2404d3fa) Resolves: #1696224
* ndisc: fix two infinite loopsYu Watanabe2019-05-031-2/+2
| | | | | | (cherry picked from commit f3241c61f12dbd8f0ed37419ae272e291d09461d) Resolves: #1696224
* tests: add a fuzzer for sd-ndiscEvgeny Vereshchagin2019-05-032-0/+67
| | | | | | (cherry picked from commit 0f0a1dad7d69802a7e6c7fc9aba350f0e87c1952) Resolves: #1696224
* tests: add a fuzzer for server_process_native_messageEvgeny Vereshchagin2019-05-032-0/+15
| | | | | | (cherry picked from commit 9cdea02db57a36442ad9e9afcd67760ca319173a) Resolves: #1696224
* journald: make server_process_native_message compatible with ↵Evgeny Vereshchagin2019-05-032-2/+2
| | | | | | | | fuzz_journald_processing_function (cherry picked from commit 21acb27b71f6284a57e4e9f3ac5f0d38721ef4eb) Resolves: #1696224
* tests: rework the code fuzzing journaldEvgeny Vereshchagin2019-05-032-21/+32
| | | | | | | | | This should make it easier to add a new fuzzer without a lot of duplication. (cherry picked from commit b1bd453f36b9428b6bf9feba31fa0a2b36143e9c) Resolves: #1696224
* journald: free the allocated memory before returning from dev_kmsg_recordEvgeny Vereshchagin2019-05-031-1/+1
| | | | | | | | This fixes a minor memory leak. (cherry picked from commit 30eddcd51b8a472e05d3b8d1f0b89fbd3e094d71) Resolves: #1696224
* journald: make it clear that dev_kmsg_record modifies the string passed to itEvgeny Vereshchagin2019-05-031-1/+1
| | | | | | | | | | The function replaces a couple commas, a semicolon and the final newline with zero bytes in the string passed to it. The 'const' seems to have been added by accident during a bulk edit (more specifically 3b3154df7e2773332bb814). (cherry picked from commit 1e0c5fc2a76e4f3d508331f410899c50493e1fc9) Resolves: #1696224
* tests: add a rudimentary fuzzer for server_process_syslog_message (#9979)Evgeny Vereshchagin2019-05-032-0/+34
| | | | | | (cherry picked from commit a70f343cacf03ac51cdefb0d2e7651b04fd2e23a) Resolves: #1696224
* analyze: add new security verbLennart Poettering2019-05-038-26/+2150
| | | | | | | | | (cherry picked from commit ec16f3b6dd8b03e3ce6eff1fa9f21432208ef42b) Conflicts: src/analyze/analyze.c Resolves: #1689832
* locale-util: add logic to output smiley emojis at various happiness levelsLennart Poettering2019-05-034-20/+90
| | | | | | | | | | | | (cherry picked from commit 5f1b0cc6d064f7847982e7b680cab3d080aef52e) Conflicts: doc/ENVIRONMENT.md src/basic/locale-util.c src/basic/locale-util.h src/test/test-locale-util.c Related: #1689832
* format-table: never try to reuse cells that have color/url/uppercase setLennart Poettering2019-05-031-0/+8
| | | | | | | | | | The table cell reusing code is supposed to be an internal memory optimization, and not more. This means behaviour should be the same as if we wouldn't reuse cells. (cherry picked from commit 94a80afed42a8b36d69a229bf44ba690f8f59a78) Related: #1689832
* format-table: add option to uppercase cells on displayLennart Poettering2019-05-032-12/+51
| | | | | | | | | | | | | | | This adds a per-cell option for uppercasing displayed strings. Implicitly turn this on for the header row. The fact that we format the table header in uppercase is a formatting thing after all, hence should be applied by the formatter, i.e. the table display code. Moreover, this provides us with the benefit that we can more nicely reuse the specified table headers as JSON field names, like we already do: json field names are usually not uppercase. (cherry picked from commit 359abf6dd05aa6bca3438e9c969ed904bd3d447d) Related: #1689832
* format-table: use right field for displayLennart Poettering2019-05-031-1/+1
| | | | | | | | | | Since .timespan and .timestamp are unionized on top of each other this doesn't actually matter, but it is still more correct to address it under it's correct name. (cherry picked from commit c93d372d7ceda0b080487fa35d3638ef3d8507cb) Related: #1689832
* format-table: make sure we never call memcmp() with NULL parametersLennart Poettering2019-05-032-1/+10
| | | | | | (cherry picked from commit 88db94fa57c9a5b1a0b926c49d3624fc84c88090) Related: #1689832
* format-table: add calls to query the data in a specific cellLennart Poettering2019-05-032-0/+25
| | | | | | (cherry picked from commit 62d99b39709f903f8a66a9aae757deb5546a53eb) Related: #1689832
* format-table: always underline header lineLennart Poettering2019-05-031-2/+9
| | | | | | (cherry picked from commit 30d98de00c68440ff4d77d851b4b3323c34027da) Related: #1689832
* format-table: add an API for getting the cell at a specific row/columnLennart Poettering2019-05-032-0/+17
| | | | | | (cherry picked from commit 9314ead7853a1479fc60eb2ae7e3d0a77b7eba7c) Related: #1689832
* format-table: add table_update() to update existing entriesLennart Poettering2019-05-032-0/+42
| | | | | | (cherry picked from commit 27e730e6d0a7709c17ccef170f10846e92dca2a0) Related: #1689832
* format-table: optionally allow reversing the sort order for a columnLennart Poettering2019-05-032-1/+22
| | | | | | (cherry picked from commit a2c73e2d3823e878de7a7ee193631108c5fc5be0) Related: #1689832
* format-table: add option to store/format percent and uint64_t values in cellsLennart Poettering2019-05-033-0/+59
| | | | | | (cherry picked from commit a4661181fa702a8bff4644210ba7ea14bea51a4a) Related: #1689832
* format-table: before outputting a color, check if colors are availableLennart Poettering2019-05-031-3/+3
| | | | | | | | | | | | This is in many cases redundant, as a similar check is done by various callers already, but in other cases (where we read the color from a static table for example), it's nice to let the color check be done by the table code itself, and since it doesn't hurt in the other cases just do it again. (cherry picked from commit a22318e55492af721879d8692ed039144696bb08) Related: #1689832
* format-table: optionally make specific cells clickable linksLennart Poettering2019-05-032-9/+71
| | | | | | (cherry picked from commit 165ca5663e9859083c70d793a6b4aa4f3b2af24c) Related: #1689832
* format-table: when duplicating a cell, also copy the colorLennart Poettering2019-05-031-0/+2
| | | | | | (cherry picked from commit 13b0d4d7bdb674d0e51a6d595abd1e7bf2691bf9) Related: #1689832
* seccomp: reduce logging about failure to add syscall to seccompZbigniew Jędrzejewski-Szmek2019-05-025-42/+47
| | | | | | | | | | | | | | | | | | | | | | Our logs are full of: Sep 19 09:22:10 autopkgtest systemd[690]: Failed to add rule for system call oldstat() / -10037, ignoring: Numerical argument out of domain Sep 19 09:22:10 autopkgtest systemd[690]: Failed to add rule for system call get_thread_area() / -10076, ignoring: Numerical argument out of domain Sep 19 09:22:10 autopkgtest systemd[690]: Failed to add rule for system call set_thread_area() / -10079, ignoring: Numerical argument out of domain Sep 19 09:22:10 autopkgtest systemd[690]: Failed to add rule for system call oldfstat() / -10034, ignoring: Numerical argument out of domain Sep 19 09:22:10 autopkgtest systemd[690]: Failed to add rule for system call oldolduname() / -10036, ignoring: Numerical argument out of domain Sep 19 09:22:10 autopkgtest systemd[690]: Failed to add rule for system call oldlstat() / -10035, ignoring: Numerical argument out of domain Sep 19 09:22:10 autopkgtest systemd[690]: Failed to add rule for system call waitpid() / -10073, ignoring: Numerical argument out of domain ... This is pointless and makes debug logs hard to read. Let's keep the logs in test code, but disable it in nspawn and pid1. This is done through a function parameter because those functions operate recursively and it's not possible to make the caller to log meaningfully. There should be no functional change, except the skipped debug logs. (cherry-picked from commit b54f36c604472ffe08830ec4306fa2885b4a5424) Resolves: #1658691
* nss: unportect errno before writing to NSS' *errnopLennart Poettering2019-05-024-0/+44
| | | | | | | Fixes: #11321 (cherry picked from commit cdccd29f39cd20cb2a8b71e50445eb839f076331) Resolves: #1691691
* util.h: add new UNPROTECT_ERRNO macroLennart Poettering2019-05-023-3/+37
| | | | | | | | THis is inspired by #11395, but much simpler. (cherry picked from commit 840f606d88fef2f5d240b2d759ce7b951354d5bb) Resolves: #1691691
* nss: do not modify errno when NSS_STATUS_NOTFOUND or NSS_STATUS_SUCCESSYu Watanabe2019-05-024-157/+108
| | | | | | | | | | | | | This also adds PROTECT_ERRNO for all nss module functions. C.f. glibc NSS documents https://www.gnu.org/software/libc/manual/html_node/NSS-Modules-Interface.html and discussion in https://sourceware.org/bugzilla/show_bug.cgi?id=23410. Fixes #9585. (cherry picked from commit 06202b9e659e5cc72aeecc5200155b7c012fccbc) Resolves: #1691691
* units: add [Install] section to tmp.mountJan Synacek2019-05-021-0/+4
| | | | | | rhel-only Resolves: #1667065
* logs-show: use grey color for de-emphasizing journal log outputLennart Poettering2019-05-022-0/+6
| | | | | | (cherry picked from commit 67df9b7a06d749fdd84f19f7d75ccf0d743f6d72) Resolves: #1695601
* journal: don't enable systemd-journald-audit.socket by defaultJan Synacek2019-05-022-3/+2
| | | | Resolves: #1699287
* Revert "journal: remove journal audit socket"Jan Synacek2019-05-023-2/+26
| | | | | | This reverts commit 8618ef2fb30b4139c9bec4e45fb499cd8192a87f. Resolves: #1699287
* unit: enqueue cgroup empty check event if the last ref on a unit is droppedLennart Poettering2019-05-021-0/+6
| | | | | | (cherry picked from commit e5c36295d81971ef75d9c6f98f0890b92a4a353f) Resolves: #1697893
* nspawn: rework how we allocate/kill scopesLennart Poettering2019-05-023-3/+70
| | | | | | | Fixes: #6347 (cherry picked from commit 1d78fea2d6230e0aafa2603abc8f1f51966ef134) Resolves: #1697893
* nspawn: merge two variable declaration linesLennart Poettering2019-05-021-2/+1
| | | | | | (cherry picked from commit df61bc5e4aa19f9b211dbe8414343b44361e442c) Resolves: #1697893
* nspawn: simplify machine terminate bus callLennart Poettering2019-05-023-29/+9
| | | | | | | | | | We have the machine name anyway, let's use TerminateMachine() on machined's Manager object directly with it. That way it's a single method call only, instead of two, to terminate the machine. (cherry picked from commit 11d81e506ed68c6c5cebe319dc57a9a2fc4319c5) Resolves: #1697893
* tree-wide: shorten error logging a bitYu Watanabe2019-05-0216-193/+112
| | | | | | | | Continuation of 4027f96aa08c73f109aa46b89842ca0e25c9c0e9. (cherry picked from commit 4ae25393f37b96b2b753562a349d68947ab1ad3d) Resolves: #1697893
* Revert "core: one step back again, for nspawn we actually can't wait for ↵v239-14Lukas Nykryn2019-04-301-10/+1
| | | | | | | | | | | | cgroups running empty since systemd will get exactly zero notifications about it" This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7. RHEL-only https://bugzilla.redhat.com/show_bug.cgi?id=1141137 https://github.com/systemd/systemd/pull/350 Resolves: #1703485
* meson: drop misplaced -Wl,--undefined argumentJussi Pakkanen2019-04-181-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ld's man page says the following: -u symbol --undefined=symbol Force symbol to be entered in the output file as an undefined symbol. Doing this may, for example, trigger linking of additional modules from standard libraries. -u may be repeated with different option arguments to enter additional undefined symbols. This option is equivalent to the "EXTERN" linker script command. If this option is being used to force additional modules to be pulled into the link, and if it is an error for the symbol to remain undefined, then the option --require-defined should be used instead. This would imply that it always requires an argument, which this does not pass. Thus it will grab the next argument on the command line as its argument. Before it took one of the many -lrt args (presumably) and now it grabs something other random linker argument and things break. [zj: this line was added in the first version of the meson configuration back in 5c23128daba7236a6080383b2a5649033cfef85c. AFAICT, this was a mistake. No such flag appeared in Makefile.am at the time.] https://github.com/mesonbuild/meson/issues/5113 (cherry picked from commit 700805f6c546f2adb79059614f3747f7b5474325)
* sd-bus: if we receive an invalid dbus message, ignore and proceeedLennart Poettering2019-04-081-3/+6
| | | | | | | | | | | | | | dbus-daemon might have a slightly different idea of what a valid msg is than us (for example regarding valid msg and field sizes). Let's hence try to proceed if we can and thus drop messages rather than fail the connection if we fail to validate a message. Hopefully the differences in what is considered valid are not visible for real-life usecases, but are specific to exploit attempts only. (cherry-picked from commit 6d586a13717ae057aa1b4127400c3de61cd5b9e7) Related: #1678641
* Allocate temporary strings to hold dbus paths on the heapRiccardo Schirone2019-04-081-14/+54
| | | | | | | | | | Paths are limited to BUS_PATH_SIZE_MAX but the maximum size is anyway too big to be allocated on the stack, so let's switch to the heap where there is a clear way to understand if the allocation fails. (cherry-picked from commit f519a19bcd5afe674a9b8fc462cd77d8bad403c1) Related: #1678641
* Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit.Riccardo Schirone2019-04-082-1/+5
| | | | | | | | | | | | | Even though the dbus specification does not enforce any length limit on the path of a dbus message, having to analyze too long strings in PID1 may be time-consuming and it may have security impacts. In any case, the limit is set so high that real-life applications should not have a problem with it. (cherry-picked from commit 61397a60d98e368a5720b37e83f3169e3eb511c4) Related: #1678641
* bus-socket: Fix line_begins() to accept word matching full stringFilipe Brandenburger2019-03-271-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | The switch to memory_startswith() changed the logic to only look for a space or NUL byte after the matched word, but matching the full size should also be acceptable. This changed the behavior of parsing of "AUTH\r\n", where m will be set to 4, since even though the word will match, the check for it being followed by ' ' or NUL will make line_begins() return false. Tested: - Using netcat to connect to the private socket directly: $ echo -ne '\0AUTH\r\n' | sudo nc -U /run/systemd/private REJECTED EXTERNAL ANONYMOUS - Running the Ignition blackbox test: $ sudo sh -c 'PATH=$PWD/bin/amd64:$PATH ./tests.test' PASS Fixes: d27b725abf64a19a6b2f99332b663f17ad046771 (cherry picked from commit 3f10c66270b74530339b3f466c43874bb40c210f) Resolves: #1692991
* test: don't overwrite TESTDIR if already setFrantisek Sumsal2019-03-131-2/+7
| | | | (cherry picked from commit 3f50fff536d715aee5e5195ec60e2af047b73c7f)
* tests: also run TEST-01-BASIC in an unprivileged container (#9957)Evgeny Vereshchagin2019-03-102-6/+18
| | | | | | | | This should make it much easier to catch regressions like https://github.com/systemd/systemd/issues/9914 and https://github.com/systemd/systemd/issues/8535. (cherry picked from commit 746fbd9c34af5ed8b6d9aa7a9cbd7cac63a3afce)
* tests: allow passing additional arguments to nspawn via NSPAWN_ARGUMENTSEvgeny Vereshchagin2019-03-101-1/+1
| | | | (cherry picked from commit 57916ea352b85153ecbed803d52861ca8b933dd3)
* tests: use the asan wrapper to boot a VM/container if systemd is built with ASANEvgeny Vereshchagin2019-03-101-2/+6
| | | | (cherry picked from commit 016fa3b9e8c3550d49f659c49b5ff4d93337aefe)
* tests: redirect ASAN reports on journald to a fileEvgeny Vereshchagin2019-03-101-0/+6
| | | | | | Otherwise, they will end up in /dev/null. (cherry picked from commit 88ed0f261ba8164a689395ddee8b92d00e073515)
View Lorry Controller Status