Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-CC: pkg-systemd-maintainers@lists.alioth.debian.org Please unblock package systemd As requested by Michael, opening unblock ticket. Debdiff attached. Two high-impact patches are backported from upstream and should be included in Bullseye. * Backport patch to fix assert with invalid LoadCredentials= Regression introduced in v247, fixed in v249, see: https://github.com/systemd/systemd/issues/19178 (Closes: #986302) * network: Delay addition of IPv6 Proxy NDP addresses. Fixes "IPv6 Proxy NDP addresses are being lost from interfaces after networkd adds them". (Closes: #985510) The first patch fixes a crash when a malformed option is set in any unit. unblock systemd/247.3-4 -- Kind regards, Luca Boccassi
diff -Nru systemd-247.3/debian/changelog systemd-247.3/debian/changelog
--- systemd-247.3/debian/changelog 2021-03-11 17:09:35.000000000 +0000
+++ systemd-247.3/debian/changelog 2021-04-11 15:06:46.000000000 +0100
@@ -1,3 +1,18 @@
+systemd (247.3-4) unstable; urgency=medium
+
+ [ Luca Boccassi ]
+ * Backport patch to fix assert with invalid LoadCredentials=
+ Regression introduced in v247, fixed in v249, see:
+ https://github.com/systemd/systemd/issues/19178
+ (Closes: #986302)
+
+ [ Michael Biebl ]
+ * network: Delay addition of IPv6 Proxy NDP addresses.
+ Fixes "IPv6 Proxy NDP addresses are being lost from interfaces after
+ networkd adds them". (Closes: #985510)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 11 Apr 2021 16:06:46 +0200
+
systemd (247.3-3) unstable; urgency=medium
* pkg-config: make prefix overridable again (Closes: #984763)
diff -Nru systemd-247.3/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch systemd-247.3/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch
--- systemd-247.3/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch 2021-03-11 17:09:35.000000000 +0000
+++ systemd-247.3/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch 2021-04-11 15:06:46.000000000 +0100
@@ -16,7 +16,7 @@
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
-index 4964249..2d48783 100644
+index 5b66fb1..df5669a 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -372,6 +372,7 @@ static int patch_var_run(
diff -Nru systemd-247.3/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch systemd-247.3/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch
--- systemd-247.3/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch 1970-01-01 01:00:00.000000000 +0100
+++ systemd-247.3/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch 2021-04-11 15:06:46.000000000 +0100
@@ -0,0 +1,34 @@
+From: Luca Boccassi <luca.boccassi@microsoft.com>
+Date: Thu, 1 Apr 2021 22:18:29 +0100
+Subject: LoadCredentials: do not assert on invalid syntax
+
+LoadCredentials=foo causes an assertion to be triggered, as we
+are not checking that the rvalue's right hand side part is non-empty
+before using it in unit_full_printf.
+
+Fixes #19178
+
+# printf [Service]nLoadCredential=passwd.hashed-password.rootn > hello.service
+# systemd-analyze verify ./hello.service
+...
+Assertion 'format' failed at src/core/unit-printf.c:232, function unit_full_printf(). Aborting.
+Aborted (core dumped)
+
+(cherry picked from commit f7a6f1226e800f7695c2073675523062ea697aa4)
+---
+ src/core/load-fragment.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index 4964249..5b66fb1 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -4569,7 +4569,7 @@ int config_parse_load_credential(
+ r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+ if (r == -ENOMEM)
+ return log_oom();
+- if (r <= 0) {
++ if (r <= 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
+ return 0;
+ }
diff -Nru systemd-247.3/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch systemd-247.3/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch
--- systemd-247.3/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch 1970-01-01 01:00:00.000000000 +0100
+++ systemd-247.3/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch 2021-04-11 15:06:46.000000000 +0100
@@ -0,0 +1,86 @@
+From: "Kevin P. Fleming" <kevin@km6g.us>
+Date: Sat, 6 Feb 2021 10:58:43 -0500
+Subject: network: Delay addition of IPv6 Proxy NDP addresses
+
+Setting of IPv6 Proxy NDP addresses must be done at the same
+time as static addresses, static routes, and other link attributes
+that must be configured when the link is up. Doing this ensures
+that they are reconfigured on the link if the link goes down
+and returns to service.
+
+(cherry picked from commit 12f7469bbe0142d7f360a29ca2b407ce7f5ff096)
+
+Fixes https://github.com/systemd/systemd-stable/issues/89
+
+(cherry picked from commit d5ea028e46673ef627843e90c3d01ebac8fe0e62)
+---
+ src/network/networkd-address.c | 11 +++++++++++
+ src/network/networkd-link.c | 5 -----
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
+index 961b248..ef47af4 100644
+--- a/src/network/networkd-address.c
++++ b/src/network/networkd-address.c
+@@ -9,6 +9,7 @@
+ #include "netlink-util.h"
+ #include "networkd-address-pool.h"
+ #include "networkd-address.h"
++#include "networkd-ipv6-proxy-ndp.h"
+ #include "networkd-manager.h"
+ #include "networkd-network.h"
+ #include "parse-util.h"
+@@ -903,6 +904,7 @@ int address_configure(
+ static int static_address_ready_callback(Address *address) {
+ Address *a;
+ Link *link;
++ int r;
+
+ assert(address);
+ assert(address->link);
+@@ -927,6 +929,10 @@ static int static_address_ready_callback(Address *address) {
+
+ link->addresses_ready = true;
+
++ r = link_set_ipv6_proxy_ndp_addresses(link);
++ if (r < 0)
++ return r;
++
+ return link_set_routes(link);
+ }
+
+@@ -1046,6 +1052,11 @@ int link_set_addresses(Link *link) {
+ if (link->address_messages == 0) {
+ link->addresses_configured = true;
+ link->addresses_ready = true;
++
++ r = link_set_ipv6_proxy_ndp_addresses(link);
++ if (r < 0)
++ return r;
++
+ r = link_set_routes(link);
+ if (r < 0)
+ return r;
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 8120343..e8a7223 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -28,7 +28,6 @@
+ #include "networkd-dhcp6.h"
+ #include "networkd-fdb.h"
+ #include "networkd-ipv4ll.h"
+-#include "networkd-ipv6-proxy-ndp.h"
+ #include "networkd-link-bus.h"
+ #include "networkd-link.h"
+ #include "networkd-lldp-tx.h"
+@@ -2056,10 +2055,6 @@ int link_configure(Link *link) {
+ if (r < 0)
+ return r;
+
+- r = link_set_ipv6_proxy_ndp_addresses(link);
+- if (r < 0)
+- return r;
+-
+ r = link_set_mac(link);
+ if (r < 0)
+ return r;
diff -Nru systemd-247.3/debian/patches/series systemd-247.3/debian/patches/series
--- systemd-247.3/debian/patches/series 2021-03-11 17:09:35.000000000 +0000
+++ systemd-247.3/debian/patches/series 2021-04-11 15:06:46.000000000 +0100
@@ -5,6 +5,8 @@
rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch
table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch
pkg-config-make-prefix-overridable-again.patch
+LoadCredentials-do-not-assert-on-invalid-syntax.patch
+network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch
debian/Use-Debian-specific-config-files.patch
debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
debian/Make-run-lock-tmpfs-an-API-fs.patch
Attachment:
signature.asc
Description: This is a digitally signed message part