--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package systemd/241-7~deb10u5
- From: Michael Biebl <biebl@debian.org>
- Date: Sat, 24 Oct 2020 21:28:57 +0200
- Message-id: <160356773771.46191.6666273152586332483.reportbug@pluto.milchstrasse.xx>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-systemd-maintainers@lists.alioth.debian.org
Hi,
I'd like to make a stable upload for systemd fixing two issues:
- #963488
systemd-network assigns a random network address to bridge interfaces
Helmut Grohne explicitly asked for a back port of this specific fix
https://salsa.debian.org/systemd-team/systemd/-/commit/99e4b8f0c74731b4a80fa7ed8c31c540a69cc997
- #964926
systemctl show <service> prints "Failed to parse bus message: Invalid
argument" before output
Reported by several people running buster with a kernel >= 5.8 (either
self-compiled or via bpo)
https://salsa.debian.org/systemd-team/systemd/-/commit/efe7d941f7b23d13c87be0b018eea67a56b9378c
https://salsa.debian.org/systemd-team/systemd/-/commit/4bdc4f8c5ed82ea5fe515b9a8b71d321e439cfe9
The package is build tested and tested via the (extensive) autopkgtest
suite, and users also confirmed the fix at least for #964926
The complete debdiff is attached.
The changes do not touch udev code so shouldn't affect d-i. That said, I've CC
kibi for an ACK.
Regards,
Michael
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.0-1-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 14ef57f..8c3b276 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+systemd (241-7~deb10u5) buster; urgency=medium
+
+ * basic/cap-list: parse/print numerical capabilities (Closes: #964926)
+ * missing: add new Linux capabilities.
+ Linux kernel v5.8 adds two new capabilities. Make sure we can recognize
+ them even when built with an older kernel.
+ * networkd: do not generate MAC for bridge device (Closes: #963488)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 24 Oct 2020 20:44:48 +0200
+
systemd (241-7~deb10u4) buster; urgency=medium
* polkit: when authorizing via PolicyKit re-resolve callback/userdata
diff --git a/debian/patches/basic-cap-list-parse-print-numerical-capabilities.patch b/debian/patches/basic-cap-list-parse-print-numerical-capabilities.patch
new file mode 100644
index 0000000..3b9eb09
--- /dev/null
+++ b/debian/patches/basic-cap-list-parse-print-numerical-capabilities.patch
@@ -0,0 +1,87 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 9 Jul 2020 23:15:47 +0200
+Subject: basic/cap-list: parse/print numerical capabilities
+
+We would refuse to print capabilities which were didn't have a name
+for. The kernel adds new capabilities from time to time, most recently
+cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
+"Failed to parse bus message: Invalid argument" because
+capability_set_to_string_alloc() would fail with -EINVAL. So let's
+print such capabilities in hexadecimal:
+
+CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
+ cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
+ cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
+ cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
+ 0x17 0x18 0x19 0x1a ...
+
+For symmetry, also allow capabilities that we don't know to be specified.
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.
+
+(cherry picked from commit 417770f3033c426ca848b158d0bf057cd8ad1329)
+---
+ src/basic/cap-list.c | 10 +++++++---
+ src/test/test-cap-list.c | 4 +++-
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
+index 29a17d9..b72b037 100644
+--- a/src/basic/cap-list.c
++++ b/src/basic/cap-list.c
+@@ -10,6 +10,7 @@
+ #include "macro.h"
+ #include "missing.h"
+ #include "parse-util.h"
++#include "stdio-util.h"
+ #include "util.h"
+
+ static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
+@@ -37,7 +38,7 @@ int capability_from_name(const char *name) {
+ /* Try to parse numeric capability */
+ r = safe_atoi(name, &i);
+ if (r >= 0) {
+- if (i >= 0 && (size_t) i < ELEMENTSOF(capability_names))
++ if (i >= 0 && i < 64)
+ return i;
+ else
+ return -EINVAL;
+@@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
+ for (i = 0; i < cap_last_cap(); i++)
+ if (set & (UINT64_C(1) << i)) {
+ const char *p;
++ char buf[2 + 16 + 1];
+ size_t add;
+
+ p = capability_to_name(i);
+- if (!p)
+- return -EINVAL;
++ if (!p) {
++ xsprintf(buf, "0x%lx", i);
++ p = buf;
++ }
+
+ add = strlen(p);
+
+diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c
+index de5fa72..84bbb7b 100644
+--- a/src/test/test-cap-list.c
++++ b/src/test/test-cap-list.c
+@@ -30,6 +30,8 @@ static void test_cap_list(void) {
+ assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ);
+ assert_se(capability_from_name("0") == 0);
+ assert_se(capability_from_name("15") == 15);
++ assert_se(capability_from_name("63") == 63);
++ assert_se(capability_from_name("64") == -EINVAL);
+ assert_se(capability_from_name("-1") == -EINVAL);
+
+ for (i = 0; i < capability_list_length(); i++) {
+@@ -64,7 +66,7 @@ static void test_capability_set_one(uint64_t c, const char *t) {
+
+ free(t1);
+ assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t,
+- " hogehoge foobar 12345 3.14 -3 ", t));
++ " hogehoge foobar 18446744073709551616 3.14 -3 ", t));
+ assert_se(capability_set_from_string(t1, &c1) == 0);
+ assert_se(c1 == c_masked);
+ }
diff --git a/debian/patches/missing-Add-new-Linux-capabilities.patch b/debian/patches/missing-Add-new-Linux-capabilities.patch
new file mode 100644
index 0000000..324e024
--- /dev/null
+++ b/debian/patches/missing-Add-new-Linux-capabilities.patch
@@ -0,0 +1,36 @@
+From: =?utf-8?q?Michal_Koutn=C3=BD?= <mkoutny@suse.com>
+Date: Wed, 24 Jun 2020 12:43:22 +0200
+Subject: missing: Add new Linux capabilities
+
+Linux kernel v5.8 adds two new capabilities. Make sure we can recognize
+them even when built with an older kernel.
+
+(cherry picked from commit e41de5e491942b5391b1efb71c82ffd329b3d23d)
+---
+ src/basic/missing_capability.h | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/basic/missing_capability.h b/src/basic/missing_capability.h
+index 1308a3d..dd6bccd 100644
+--- a/src/basic/missing_capability.h
++++ b/src/basic/missing_capability.h
+@@ -10,3 +10,19 @@
+ #undef CAP_LAST_CAP
+ #define CAP_LAST_CAP CAP_AUDIT_READ
+ #endif
++
++/* 980737282232b752bb14dab96d77665c15889c36 (5.8) */
++#ifndef CAP_PERFMON
++#define CAP_PERFMON 38
++
++#undef CAP_LAST_CAP
++#define CAP_LAST_CAP CAP_PERFMON
++#endif
++
++/* a17b53c4a4b55ec322c132b6670743612229ee9c (5.8) */
++#ifndef CAP_BPF
++#define CAP_BPF 39
++
++#undef CAP_LAST_CAP
++#define CAP_LAST_CAP CAP_BPF
++#endif
diff --git a/debian/patches/networkd-do-not-generate-MAC-for-bridge-device.patch b/debian/patches/networkd-do-not-generate-MAC-for-bridge-device.patch
new file mode 100644
index 0000000..b8788fb
--- /dev/null
+++ b/debian/patches/networkd-do-not-generate-MAC-for-bridge-device.patch
@@ -0,0 +1,24 @@
+From: Susant Sahani <ssahani@gmail.com>
+Date: Tue, 14 May 2019 11:45:23 +0200
+Subject: networkd: do not generate MAC for bridge device.
+
+closes https://github.com/systemd/systemd/issues/12558
+
+(cherry picked from commit deb2cfa4c6885d448eb1f17e5ef1b139106b7e86)
+---
+ src/network/netdev/netdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
+index ecd6cf4..6ef1631 100644
+--- a/src/network/netdev/netdev.c
++++ b/src/network/netdev/netdev.c
+@@ -720,7 +720,7 @@ int netdev_load_one(Manager *manager, const char *filename) {
+ if (!netdev->filename)
+ return log_oom();
+
+- if (!netdev->mac && netdev->kind != NETDEV_KIND_VLAN) {
++ if (!netdev->mac && !IN_SET(netdev->kind, NETDEV_KIND_VLAN, NETDEV_KIND_BRIDGE)) {
+ r = netdev_get_mac(netdev->ifname, &netdev->mac);
+ if (r < 0)
+ return log_error_errno(r, "Failed to generate predictable MAC address for %s: %m", netdev->ifname);
diff --git a/debian/patches/series b/debian/patches/series
index 478c642..c608be7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -52,6 +52,9 @@ polkit-use-structured-initialization.patch
sd-bus-introduce-API-for-re-enqueuing-incoming-messages.patch
polkit-when-authorizing-via-PK-let-s-re-resolve-callback-.patch
Fix-typo-in-function-name.patch
+basic-cap-list-parse-print-numerical-capabilities.patch
+missing-Add-new-Linux-capabilities.patch
+networkd-do-not-generate-MAC-for-bridge-device.patch
debian/Use-Debian-specific-config-files.patch
debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
debian/Make-run-lock-tmpfs-an-API-fs.patch
--- End Message ---