1 |
commit: 4ad264dbae71c361b268ef521ace36d81b118dc8 |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Aug 13 23:32:31 2017 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Aug 13 23:32:40 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ad264db |
7 |
|
8 |
sys-apps/systemd: backport bug fixes |
9 |
|
10 |
Bug: https://bugs.gentoo.org/625970 |
11 |
Bug: https://bugs.gentoo.org/625480 |
12 |
Package-Manager: Portage-2.3.6_p34, Repoman-2.3.3_p12 |
13 |
|
14 |
...-look-for-generators-in-usr-lib-systemd-s.patch | 4 +- |
15 |
...0002-cryptsetup-fix-infinite-timeout-6486.patch | 43 ++++++++++ |
16 |
...ke-sure-idn2-conversions-are-roundtrippab.patch | 92 ++++++++++++++++++++++ |
17 |
...systemd-234-r2.ebuild => systemd-234-r3.ebuild} | 2 + |
18 |
4 files changed, 139 insertions(+), 2 deletions(-) |
19 |
|
20 |
diff --git a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch |
21 |
index 47e2730a7b3..6912b481f20 100644 |
22 |
--- a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch |
23 |
+++ b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch |
24 |
@@ -1,7 +1,7 @@ |
25 |
From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001 |
26 |
From: Mike Gilbert <floppym@g.o> |
27 |
Date: Mon, 17 Jul 2017 11:21:25 -0400 |
28 |
-Subject: [PATCH] path-lookup: look for generators in |
29 |
+Subject: [PATCH 1/3] path-lookup: look for generators in |
30 |
{,/usr}/lib/systemd/system-generators |
31 |
|
32 |
Bug: https://bugs.gentoo.org/625402 |
33 |
@@ -23,5 +23,5 @@ index e2b3f8b74..1ee0e1cdb 100644 |
34 |
NULL); |
35 |
|
36 |
-- |
37 |
-2.13.3 |
38 |
+2.14.0 |
39 |
|
40 |
|
41 |
diff --git a/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch b/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch |
42 |
new file mode 100644 |
43 |
index 00000000000..8ea131adfd0 |
44 |
--- /dev/null |
45 |
+++ b/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch |
46 |
@@ -0,0 +1,43 @@ |
47 |
+From 793c786f470aeedf443686cff30f97acaff23a04 Mon Sep 17 00:00:00 2001 |
48 |
+From: Andrew Soutar <andrew@××××××××××××.com> |
49 |
+Date: Mon, 31 Jul 2017 02:19:16 -0400 |
50 |
+Subject: [PATCH 2/3] cryptsetup: fix infinite timeout (#6486) |
51 |
+ |
52 |
+0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The |
53 |
+logic here now matches this change. |
54 |
+ |
55 |
+Fixes #6381 |
56 |
+--- |
57 |
+ src/cryptsetup/cryptsetup.c | 8 ++++---- |
58 |
+ 1 file changed, 4 insertions(+), 4 deletions(-) |
59 |
+ |
60 |
+diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c |
61 |
+index 3b4c08616..08ed7e53b 100644 |
62 |
+--- a/src/cryptsetup/cryptsetup.c |
63 |
++++ b/src/cryptsetup/cryptsetup.c |
64 |
+@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false; |
65 |
+ static char **arg_tcrypt_keyfiles = NULL; |
66 |
+ static uint64_t arg_offset = 0; |
67 |
+ static uint64_t arg_skip = 0; |
68 |
+-static usec_t arg_timeout = 0; |
69 |
++static usec_t arg_timeout = USEC_INFINITY; |
70 |
+ |
71 |
+ /* Options Debian's crypttab knows we don't: |
72 |
+ |
73 |
+@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) { |
74 |
+ if (arg_discards) |
75 |
+ flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; |
76 |
+ |
77 |
+- if (arg_timeout > 0) |
78 |
+- until = now(CLOCK_MONOTONIC) + arg_timeout; |
79 |
+- else |
80 |
++ if (arg_timeout == USEC_INFINITY) |
81 |
+ until = 0; |
82 |
++ else |
83 |
++ until = now(CLOCK_MONOTONIC) + arg_timeout; |
84 |
+ |
85 |
+ arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8)); |
86 |
+ |
87 |
+-- |
88 |
+2.14.0 |
89 |
+ |
90 |
|
91 |
diff --git a/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch b/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch |
92 |
new file mode 100644 |
93 |
index 00000000000..e083f854107 |
94 |
--- /dev/null |
95 |
+++ b/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch |
96 |
@@ -0,0 +1,92 @@ |
97 |
+From 47d36aeaebc3083795de40c80e75f0fda48c3053 Mon Sep 17 00:00:00 2001 |
98 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
99 |
+Date: Fri, 21 Jul 2017 07:51:07 -0400 |
100 |
+Subject: [PATCH 3/3] resolved: make sure idn2 conversions are roundtrippable |
101 |
+MIME-Version: 1.0 |
102 |
+Content-Type: text/plain; charset=UTF-8 |
103 |
+Content-Transfer-Encoding: 8bit |
104 |
+ |
105 |
+While working on the gateway→_gateway conversion, I noticed that |
106 |
+libidn2 strips the leading underscore in some names. |
107 |
+https://gitlab.com/libidn/libidn2/issues/30 was resolved in |
108 |
+https://gitlab.com/libidn/libidn2/commit/05d753ea69e2308cd02436d0511f4b844071dc79, |
109 |
+which disabled "STD3 ASCII rules" by default, i.e. disabled stripping |
110 |
+of underscores. So the situation is that with previously released libidn2 |
111 |
+versions we would get incorrect behaviour, and once new libidn2 is released, |
112 |
+we should be OK. |
113 |
+ |
114 |
+Let's implement a simple test which checks that the name survives the |
115 |
+roundtrip, and if it doesn't, skip IDN resolution. Under old libidn2 this will |
116 |
+fail in more cases, and under new libidn2 in fewer, but should be the right |
117 |
+thing to do also under new libidn2. |
118 |
+--- |
119 |
+ src/shared/dns-domain.c | 29 ++++++++++++++++++++++++++--- |
120 |
+ src/test/test-dns-domain.c | 6 ++++++ |
121 |
+ 2 files changed, 32 insertions(+), 3 deletions(-) |
122 |
+ |
123 |
+diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c |
124 |
+index 12c4d65dd..139d286af 100644 |
125 |
+--- a/src/shared/dns-domain.c |
126 |
++++ b/src/shared/dns-domain.c |
127 |
+@@ -1274,15 +1274,38 @@ int dns_name_apply_idna(const char *name, char **ret) { |
128 |
+ |
129 |
+ #if defined(HAVE_LIBIDN2) |
130 |
+ int r; |
131 |
++ _cleanup_free_ char *t = NULL; |
132 |
+ |
133 |
+ assert(name); |
134 |
+ assert(ret); |
135 |
+ |
136 |
+- r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) ret, |
137 |
++ r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t, |
138 |
+ IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL); |
139 |
+- if (r == IDN2_OK) |
140 |
++ log_debug("idn2_lookup_u8: %s → %s", name, t); |
141 |
++ if (r == IDN2_OK) { |
142 |
++ if (!startswith(name, "xn--")) { |
143 |
++ _cleanup_free_ char *s = NULL; |
144 |
++ |
145 |
++ r = idn2_to_unicode_8z8z(t, &s, 0); |
146 |
++ if (r != IDN2_OK) { |
147 |
++ log_debug("idn2_to_unicode_8z8z(\"%s\") failed: %d/%s", |
148 |
++ t, r, idn2_strerror(r)); |
149 |
++ return 0; |
150 |
++ } |
151 |
++ |
152 |
++ if (!streq_ptr(name, s)) { |
153 |
++ log_debug("idn2 roundtrip failed: \"%s\" → \"%s\" → \"%s\", ignoring.", |
154 |
++ name, t, s); |
155 |
++ return 0; |
156 |
++ } |
157 |
++ } |
158 |
++ |
159 |
++ *ret = t; |
160 |
++ t = NULL; |
161 |
+ return 1; /* *ret has been written */ |
162 |
+- log_debug("idn2_lookup_u8(\"%s\") failed: %s", name, idn2_strerror(r)); |
163 |
++ } |
164 |
++ |
165 |
++ log_debug("idn2_lookup_u8(\"%s\") failed: %d/%s", name, r, idn2_strerror(r)); |
166 |
+ if (r == IDN2_2HYPHEN) |
167 |
+ /* The name has two hypens — forbidden by IDNA2008 in some cases */ |
168 |
+ return 0; |
169 |
+diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c |
170 |
+index 11cf0b1f0..cbd2d1e65 100644 |
171 |
+--- a/src/test/test-dns-domain.c |
172 |
++++ b/src/test/test-dns-domain.c |
173 |
+@@ -652,6 +652,12 @@ static void test_dns_name_apply_idna(void) { |
174 |
+ test_dns_name_apply_idna_one("föö.bär.", ret, "xn--f-1gaa.xn--br-via"); |
175 |
+ test_dns_name_apply_idna_one("xn--f-1gaa.xn--br-via", ret, "xn--f-1gaa.xn--br-via"); |
176 |
+ |
177 |
++ test_dns_name_apply_idna_one("_443._tcp.fedoraproject.org", ret2, |
178 |
++ "_443._tcp.fedoraproject.org"); |
179 |
++ test_dns_name_apply_idna_one("_443", ret2, "_443"); |
180 |
++ test_dns_name_apply_idna_one("gateway", ret, "gateway"); |
181 |
++ test_dns_name_apply_idna_one("_gateway", ret2, "_gateway"); |
182 |
++ |
183 |
+ test_dns_name_apply_idna_one("r3---sn-ab5l6ne7.googlevideo.com", ret2, |
184 |
+ ret2 ? "r3---sn-ab5l6ne7.googlevideo.com" : ""); |
185 |
+ } |
186 |
+-- |
187 |
+2.14.0 |
188 |
+ |
189 |
|
190 |
diff --git a/sys-apps/systemd/systemd-234-r2.ebuild b/sys-apps/systemd/systemd-234-r3.ebuild |
191 |
similarity index 98% |
192 |
rename from sys-apps/systemd/systemd-234-r2.ebuild |
193 |
rename to sys-apps/systemd/systemd-234-r3.ebuild |
194 |
index dceb9eda711..d5be135d849 100644 |
195 |
--- a/sys-apps/systemd/systemd-234-r2.ebuild |
196 |
+++ b/sys-apps/systemd/systemd-234-r3.ebuild |
197 |
@@ -149,6 +149,8 @@ src_unpack() { |
198 |
src_prepare() { |
199 |
local PATCHES=( |
200 |
"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch |
201 |
+ "${FILESDIR}"/234-0002-cryptsetup-fix-infinite-timeout-6486.patch |
202 |
+ "${FILESDIR}"/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch |
203 |
) |
204 |
|
205 |
if ! use vanilla; then |