| 1 |
commit: 4ad264dbae71c361b268ef521ace36d81b118dc8 |
| 2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Aug 13 23:32:31 2017 +0000 |
| 4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Aug 13 23:32:40 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ad264db |
| 7 |
|
| 8 |
sys-apps/systemd: backport bug fixes |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/625970 |
| 11 |
Bug: https://bugs.gentoo.org/625480 |
| 12 |
Package-Manager: Portage-2.3.6_p34, Repoman-2.3.3_p12 |
| 13 |
|
| 14 |
...-look-for-generators-in-usr-lib-systemd-s.patch | 4 +- |
| 15 |
...0002-cryptsetup-fix-infinite-timeout-6486.patch | 43 ++++++++++ |
| 16 |
...ke-sure-idn2-conversions-are-roundtrippab.patch | 92 ++++++++++++++++++++++ |
| 17 |
...systemd-234-r2.ebuild => systemd-234-r3.ebuild} | 2 + |
| 18 |
4 files changed, 139 insertions(+), 2 deletions(-) |
| 19 |
|
| 20 |
diff --git a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch |
| 21 |
index 47e2730a7b3..6912b481f20 100644 |
| 22 |
--- a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch |
| 23 |
+++ b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch |
| 24 |
@@ -1,7 +1,7 @@ |
| 25 |
From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001 |
| 26 |
From: Mike Gilbert <floppym@g.o> |
| 27 |
Date: Mon, 17 Jul 2017 11:21:25 -0400 |
| 28 |
-Subject: [PATCH] path-lookup: look for generators in |
| 29 |
+Subject: [PATCH 1/3] path-lookup: look for generators in |
| 30 |
{,/usr}/lib/systemd/system-generators |
| 31 |
|
| 32 |
Bug: https://bugs.gentoo.org/625402 |
| 33 |
@@ -23,5 +23,5 @@ index e2b3f8b74..1ee0e1cdb 100644 |
| 34 |
NULL); |
| 35 |
|
| 36 |
-- |
| 37 |
-2.13.3 |
| 38 |
+2.14.0 |
| 39 |
|
| 40 |
|
| 41 |
diff --git a/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch b/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch |
| 42 |
new file mode 100644 |
| 43 |
index 00000000000..8ea131adfd0 |
| 44 |
--- /dev/null |
| 45 |
+++ b/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch |
| 46 |
@@ -0,0 +1,43 @@ |
| 47 |
+From 793c786f470aeedf443686cff30f97acaff23a04 Mon Sep 17 00:00:00 2001 |
| 48 |
+From: Andrew Soutar <andrew@××××××××××××.com> |
| 49 |
+Date: Mon, 31 Jul 2017 02:19:16 -0400 |
| 50 |
+Subject: [PATCH 2/3] cryptsetup: fix infinite timeout (#6486) |
| 51 |
+ |
| 52 |
+0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The |
| 53 |
+logic here now matches this change. |
| 54 |
+ |
| 55 |
+Fixes #6381 |
| 56 |
+--- |
| 57 |
+ src/cryptsetup/cryptsetup.c | 8 ++++---- |
| 58 |
+ 1 file changed, 4 insertions(+), 4 deletions(-) |
| 59 |
+ |
| 60 |
+diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c |
| 61 |
+index 3b4c08616..08ed7e53b 100644 |
| 62 |
+--- a/src/cryptsetup/cryptsetup.c |
| 63 |
++++ b/src/cryptsetup/cryptsetup.c |
| 64 |
+@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false; |
| 65 |
+ static char **arg_tcrypt_keyfiles = NULL; |
| 66 |
+ static uint64_t arg_offset = 0; |
| 67 |
+ static uint64_t arg_skip = 0; |
| 68 |
+-static usec_t arg_timeout = 0; |
| 69 |
++static usec_t arg_timeout = USEC_INFINITY; |
| 70 |
+ |
| 71 |
+ /* Options Debian's crypttab knows we don't: |
| 72 |
+ |
| 73 |
+@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) { |
| 74 |
+ if (arg_discards) |
| 75 |
+ flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; |
| 76 |
+ |
| 77 |
+- if (arg_timeout > 0) |
| 78 |
+- until = now(CLOCK_MONOTONIC) + arg_timeout; |
| 79 |
+- else |
| 80 |
++ if (arg_timeout == USEC_INFINITY) |
| 81 |
+ until = 0; |
| 82 |
++ else |
| 83 |
++ until = now(CLOCK_MONOTONIC) + arg_timeout; |
| 84 |
+ |
| 85 |
+ arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); |
| 86 |
+ |
| 87 |
+-- |
| 88 |
+2.14.0 |
| 89 |
+ |
| 90 |
|
| 91 |
diff --git a/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch b/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch |
| 92 |
new file mode 100644 |
| 93 |
index 00000000000..e083f854107 |
| 94 |
--- /dev/null |
| 95 |
+++ b/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch |
| 96 |
@@ -0,0 +1,92 @@ |
| 97 |
+From 47d36aeaebc3083795de40c80e75f0fda48c3053 Mon Sep 17 00:00:00 2001 |
| 98 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
| 99 |
+Date: Fri, 21 Jul 2017 07:51:07 -0400 |
| 100 |
+Subject: [PATCH 3/3] resolved: make sure idn2 conversions are roundtrippable |
| 101 |
+MIME-Version: 1.0 |
| 102 |
+Content-Type: text/plain; charset=UTF-8 |
| 103 |
+Content-Transfer-Encoding: 8bit |
| 104 |
+ |
| 105 |
+While working on the gateway→_gateway conversion, I noticed that |
| 106 |
+libidn2 strips the leading underscore in some names. |
| 107 |
+https://gitlab.com/libidn/libidn2/issues/30 was resolved in |
| 108 |
+https://gitlab.com/libidn/libidn2/commit/05d753ea69e2308cd02436d0511f4b844071dc79, |
| 109 |
+which disabled "STD3 ASCII rules" by default, i.e. disabled stripping |
| 110 |
+of underscores. So the situation is that with previously released libidn2 |
| 111 |
+versions we would get incorrect behaviour, and once new libidn2 is released, |
| 112 |
+we should be OK. |
| 113 |
+ |
| 114 |
+Let's implement a simple test which checks that the name survives the |
| 115 |
+roundtrip, and if it doesn't, skip IDN resolution. Under old libidn2 this will |
| 116 |
+fail in more cases, and under new libidn2 in fewer, but should be the right |
| 117 |
+thing to do also under new libidn2. |
| 118 |
+--- |
| 119 |
+ src/shared/dns-domain.c | 29 ++++++++++++++++++++++++++--- |
| 120 |
+ src/test/test-dns-domain.c | 6 ++++++ |
| 121 |
+ 2 files changed, 32 insertions(+), 3 deletions(-) |
| 122 |
+ |
| 123 |
+diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c |
| 124 |
+index 12c4d65dd..139d286af 100644 |
| 125 |
+--- a/src/shared/dns-domain.c |
| 126 |
++++ b/src/shared/dns-domain.c |
| 127 |
+@@ -1274,15 +1274,38 @@ int dns_name_apply_idna(const char *name, char **ret) { |
| 128 |
+ |
| 129 |
+ #if defined(HAVE_LIBIDN2) |
| 130 |
+ int r; |
| 131 |
++ _cleanup_free_ char *t = NULL; |
| 132 |
+ |
| 133 |
+ assert(name); |
| 134 |
+ assert(ret); |
| 135 |
+ |
| 136 |
+- r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) ret, |
| 137 |
++ r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t, |
| 138 |
+ IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL); |
| 139 |
+- if (r == IDN2_OK) |
| 140 |
++ log_debug("idn2_lookup_u8: %s → %s", name, t); |
| 141 |
++ if (r == IDN2_OK) { |
| 142 |
++ if (!startswith(name, "xn--")) { |
| 143 |
++ _cleanup_free_ char *s = NULL; |
| 144 |
++ |
| 145 |
++ r = idn2_to_unicode_8z8z(t, &s, 0); |
| 146 |
++ if (r != IDN2_OK) { |
| 147 |
++ log_debug("idn2_to_unicode_8z8z(\"%s\") failed: %d/%s", |
| 148 |
++ t, r, idn2_strerror(r)); |
| 149 |
++ return 0; |
| 150 |
++ } |
| 151 |
++ |
| 152 |
++ if (!streq_ptr(name, s)) { |
| 153 |
++ log_debug("idn2 roundtrip failed: \"%s\" → \"%s\" → \"%s\", ignoring.", |
| 154 |
++ name, t, s); |
| 155 |
++ return 0; |
| 156 |
++ } |
| 157 |
++ } |
| 158 |
++ |
| 159 |
++ *ret = t; |
| 160 |
++ t = NULL; |
| 161 |
+ return 1; /* *ret has been written */ |
| 162 |
+- log_debug("idn2_lookup_u8(\"%s\") failed: %s", name, idn2_strerror(r)); |
| 163 |
++ } |
| 164 |
++ |
| 165 |
++ log_debug("idn2_lookup_u8(\"%s\") failed: %d/%s", name, r, idn2_strerror(r)); |
| 166 |
+ if (r == IDN2_2HYPHEN) |
| 167 |
+ /* The name has two hypens — forbidden by IDNA2008 in some cases */ |
| 168 |
+ return 0; |
| 169 |
+diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c |
| 170 |
+index 11cf0b1f0..cbd2d1e65 100644 |
| 171 |
+--- a/src/test/test-dns-domain.c |
| 172 |
++++ b/src/test/test-dns-domain.c |
| 173 |
+@@ -652,6 +652,12 @@ static void test_dns_name_apply_idna(void) { |
| 174 |
+ test_dns_name_apply_idna_one("föö.bär.", ret, "xn--f-1gaa.xn--br-via"); |
| 175 |
+ test_dns_name_apply_idna_one("xn--f-1gaa.xn--br-via", ret, "xn--f-1gaa.xn--br-via"); |
| 176 |
+ |
| 177 |
++ test_dns_name_apply_idna_one("_443._tcp.fedoraproject.org", ret2, |
| 178 |
++ "_443._tcp.fedoraproject.org"); |
| 179 |
++ test_dns_name_apply_idna_one("_443", ret2, "_443"); |
| 180 |
++ test_dns_name_apply_idna_one("gateway", ret, "gateway"); |
| 181 |
++ test_dns_name_apply_idna_one("_gateway", ret2, "_gateway"); |
| 182 |
++ |
| 183 |
+ test_dns_name_apply_idna_one("r3---sn-ab5l6ne7.googlevideo.com", ret2, |
| 184 |
+ ret2 ? "r3---sn-ab5l6ne7.googlevideo.com" : ""); |
| 185 |
+ } |
| 186 |
+-- |
| 187 |
+2.14.0 |
| 188 |
+ |
| 189 |
|
| 190 |
diff --git a/sys-apps/systemd/systemd-234-r2.ebuild b/sys-apps/systemd/systemd-234-r3.ebuild |
| 191 |
similarity index 98% |
| 192 |
rename from sys-apps/systemd/systemd-234-r2.ebuild |
| 193 |
rename to sys-apps/systemd/systemd-234-r3.ebuild |
| 194 |
index dceb9eda711..d5be135d849 100644 |
| 195 |
--- a/sys-apps/systemd/systemd-234-r2.ebuild |
| 196 |
+++ b/sys-apps/systemd/systemd-234-r3.ebuild |
| 197 |
@@ -149,6 +149,8 @@ src_unpack() { |
| 198 |
src_prepare() { |
| 199 |
local PATCHES=( |
| 200 |
"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch |
| 201 |
+ "${FILESDIR}"/234-0002-cryptsetup-fix-infinite-timeout-6486.patch |
| 202 |
+ "${FILESDIR}"/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch |
| 203 |
) |
| 204 |
|
| 205 |
if ! use vanilla; then |
Archives