jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

systemd: sync patches with Arch. A bugfix for swap units and a security fix for polkit.

Browse source
This commit is contained in:
Juan RP 2013-09-23 09:49:05 +02:00
parent 56576628ad
commit 3af9ff2ac9
5 changed files with 201 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
srcpkgs/libudev/template
View file

@ -1,12 +1,12 @@
# Template file for 'libudev'
pkgname=libudev
version=207
revision=1
revision=3
wrksrc="systemd-${version}"
build_style=gnu-configure
configure_args="--libexecdir=/usr/lib --disable-selinux
--disable-static --disable-ima --enable-introspection=no
--disable-kmod --disable-blkid --disable-chkconfig
--disable-kmod --disable-blkid --disable-chkconfig --disable-backlight
--disable-selinux --disable-tcpwrap --disable-pam --disable-tmpfiles
--disable-acl --disable-xattr --disable-audit --disable-machined
--disable-libcryptsetup --disable-qrencode --disable-microhttpd
@ -14,7 +14,8 @@ configure_args="--libexecdir=/usr/lib --disable-selinux
--disable-quotacheck --disable-randomseed --disable-hostnamed
--disable-timedated --disable-localed --disable-coredump
--disable-myhostname --disable-gudev --disable-keymap --without-python
--disable-efi --disable-polkit --with-sysvinit-path= --with-sysvrcnd-path="
--disable-efi --disable-polkit --with-sysvinit-path= --with-sysvrcnd-path=
--with-rc-local-script-path-start= --with-rc-local-script-path-stop="
short_desc="udev shared library"
maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://www.freedesktop.org/wiki/Software/systemd"

75
srcpkgs/systemd/patches/0001-polkit-Avoid-race-condition-in-scraping-proc.patch Normal file
View file

@ -0,0 +1,75 @@
From 72fd713962ca2c2450e23b01d9e22017a7e28fd4 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 22 Aug 2013 13:55:21 -0400
Subject: [PATCH] polkit: Avoid race condition in scraping /proc
If a calling process execve()s a setuid program, it can appear to be
uid 0. Since we're receiving requests over DBus, avoid this by simply
passing system-bus-name as a subject.
---
src/shared/polkit.c | 31 +++++--------------------------
1 file changed, 5 insertions(+), 26 deletions(-)
diff --git a/src/shared/polkit.c b/src/shared/polkit.c
index cea7074..1c5e9e3 100644
--- src/shared/polkit.c
+++ src/shared/polkit.c
@@ -38,12 +38,8 @@ int verify_polkit(
#ifdef ENABLE_POLKIT
DBusMessage *m = NULL, *reply = NULL;
- const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
+ const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
uint32_t flags = interactive ? 1 : 0;
- pid_t pid_raw;
- uint32_t pid_u32;
- unsigned long long starttime_raw;
- uint64_t starttime_u64;
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
int r;
dbus_bool_t authorized = FALSE, challenge = FALSE;
@@ -68,14 +64,6 @@ int verify_polkit(
#ifdef ENABLE_POLKIT
- pid_raw = bus_get_unix_process_id(c, sender, error);
- if (pid_raw == 0)
- return -EINVAL;
-
- r = get_starttime_of_pid(pid_raw, &starttime_raw);
- if (r < 0)
- return r;
-
m = dbus_message_new_method_call(
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
@@ -86,22 +74,13 @@ int verify_polkit(
dbus_message_iter_init_append(m, &iter_msg);
- pid_u32 = (uint32_t) pid_raw;
- starttime_u64 = (uint64_t) starttime_raw;
-
if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
- !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
+ !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
!dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
!dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
- !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
- !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
+ !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
+ !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
+ !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
!dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
!dbus_message_iter_close_container(&iter_array, &iter_dict) ||
!dbus_message_iter_close_container(&iter_struct, &iter_array) ||
--
1.8.4

30
srcpkgs/systemd/patches/0001-swap-fix-reverse-dependencies.patch Normal file
View file

@ -0,0 +1,30 @@
From 90060fa6605446bef7078867423b691e4effa575 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Fri, 13 Sep 2013 14:46:18 +0200
Subject: [PATCH] swap: fix reverse dependencies
Make sure swap.target correctly requires/wants the swap units.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=69291.
Reported-by: Hussam Al-Tayeb
---
src/core/swap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/swap.c b/src/core/swap.c
index 57d15eb..3950860 100644
--- src/core/swap.c
+++ src/core/swap.c
@@ -220,7 +220,7 @@ static int swap_add_default_dependencies(Swap *s) {
}
if (!noauto) {
- r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, (nofail ? UNIT_WANTED_BY : UNIT_REQUIRED_BY),
+ r = unit_add_two_dependencies_by_name_inverse(UNIT(s), UNIT_AFTER, (nofail ? UNIT_WANTS : UNIT_REQUIRES),
SPECIAL_SWAP_TARGET, NULL, true);
if (r < 0)
return r;
--
1.8.4

90
srcpkgs/systemd/patches/0002-swap-create-.wants-symlink-to-auto-swap-devices.patch Normal file
View file

@ -0,0 +1,90 @@
From 4e82fe5213bedcb70e25c0270e516d5f2706d8c8 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Mon, 16 Sep 2013 01:08:32 +0200
Subject: [PATCH] swap: create .wants symlink to 'auto' swap devices
As we load unit files lazily, we need to make sure something pulls in swap
units that should be started automatically, otherwise the default dependencies
will never be applied.
This partially reinstates code removed in
commit 64347fc2b983f33e7efb0fd2bb44e133fb9f30f4.
Also don't order swap devices after swap.target when they are 'nofail'.
---
src/core/swap.c | 8 ++++++--
src/fstab-generator/fstab-generator.c | 18 ++++++++++++++++--
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/src/core/swap.c b/src/core/swap.c
index 3950860..76c7d45 100644
--- src/core/swap.c
+++ src/core/swap.c
@@ -220,8 +220,12 @@ static int swap_add_default_dependencies(Swap *s) {
}
if (!noauto) {
- r = unit_add_two_dependencies_by_name_inverse(UNIT(s), UNIT_AFTER, (nofail ? UNIT_WANTS : UNIT_REQUIRES),
- SPECIAL_SWAP_TARGET, NULL, true);
+ if (nofail)
+ r = unit_add_dependency_by_name_inverse(UNIT(s),
+ UNIT_WANTS, SPECIAL_SWAP_TARGET, NULL, true);
+ else
+ r = unit_add_two_dependencies_by_name_inverse(UNIT(s),
+ UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SWAP_TARGET, NULL, true);
if (r < 0)
return r;
}
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 6ebe8aa..b73dfa4 100644
--- src/fstab-generator/fstab-generator.c
+++ src/fstab-generator/fstab-generator.c
@@ -66,6 +66,7 @@ static int mount_find_pri(struct mntent *me, int *ret) {
static int add_swap(const char *what, struct mntent *me) {
_cleanup_free_ char *name = NULL, *unit = NULL, *lnk = NULL, *device = NULL;
_cleanup_fclose_ FILE *f = NULL;
+ bool noauto;
int r, pri = -1;
assert(what);
@@ -77,6 +78,8 @@ static int add_swap(const char *what, struct mntent *me) {
return pri;
}
+ noauto = !!hasmntopt(me, "noauto");
+
name = unit_name_from_path(what, ".swap");
if (!name)
return log_oom();
@@ -97,8 +100,7 @@ static int add_swap(const char *what, struct mntent *me) {
fprintf(f,
"# Automatically generated by systemd-fstab-generator\n\n"
"[Unit]\n"
- "SourcePath=/etc/fstab\n"
- "\n"
+ "SourcePath=/etc/fstab\n\n"
"[Swap]\n"
"What=%s\n",
what);
@@ -114,6 +116,18 @@ static int add_swap(const char *what, struct mntent *me) {
return -errno;
}
+ if (!noauto) {
+ lnk = strjoin(arg_dest, "/" SPECIAL_SWAP_TARGET ".wants/", name, NULL);
+ if (!lnk)
+ return log_oom();
+
+ mkdir_parents_label(lnk, 0755);
+ if (symlink(unit, lnk) < 0) {
+ log_error("Failed to create symlink %s: %m", lnk);
+ return -errno;
+ }
+ }
+
return 0;
}
--
1.8.4

3
srcpkgs/systemd/template
View file

@ -1,7 +1,7 @@
# Template file for 'systemd'
pkgname=systemd
version=207
revision=2
revision=3
short_desc="A system and service manager for Linux"
maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://www.freedesktop.org/wiki/Software/systemd"
@ -12,6 +12,7 @@ checksum=ac1f8120315e7969063bbb0c181c8dc59509aeaf10c4266077c257a182ad5942
build_style=gnu-configure
configure_args="--libexecdir=/usr/lib --with-rootprefix=/usr
--disable-selinux --with-sysvinit-path= --with-sysvrcnd-path=
--with-rc-local-script-path-start= --with-rc-local-script-path-stop=
--disable-audit --disable-static --disable-ima"
hostmakedepends="which pkg-config intltool gperf libxslt docbook-xsl libtool"