Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-CC: pkg-systemd-maintainers@lists.alioth.debian.org Please unblock package systemd As requested by Michael, opening unblock ticket. Debdiff attached. Two high-impact patches are backported from upstream and should be included in Bullseye. * Backport patch to fix assert with invalid LoadCredentials= Regression introduced in v247, fixed in v249, see: https://github.com/systemd/systemd/issues/19178 (Closes: #986302) * network: Delay addition of IPv6 Proxy NDP addresses. Fixes "IPv6 Proxy NDP addresses are being lost from interfaces after networkd adds them". (Closes: #985510) The first patch fixes a crash when a malformed option is set in any unit. unblock systemd/247.3-4 -- Kind regards, Luca Boccassi
diff -Nru systemd-247.3/debian/changelog systemd-247.3/debian/changelog --- systemd-247.3/debian/changelog 2021-03-11 17:09:35.000000000 +0000 +++ systemd-247.3/debian/changelog 2021-04-11 15:06:46.000000000 +0100 @@ -1,3 +1,18 @@ +systemd (247.3-4) unstable; urgency=medium + + [ Luca Boccassi ] + * Backport patch to fix assert with invalid LoadCredentials= + Regression introduced in v247, fixed in v249, see: + https://github.com/systemd/systemd/issues/19178 + (Closes: #986302) + + [ Michael Biebl ] + * network: Delay addition of IPv6 Proxy NDP addresses. + Fixes "IPv6 Proxy NDP addresses are being lost from interfaces after + networkd adds them". (Closes: #985510) + + -- Michael Biebl <biebl@debian.org> Sun, 11 Apr 2021 16:06:46 +0200 + systemd (247.3-3) unstable; urgency=medium * pkg-config: make prefix overridable again (Closes: #984763) diff -Nru systemd-247.3/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch systemd-247.3/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch --- systemd-247.3/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch 2021-03-11 17:09:35.000000000 +0000 +++ systemd-247.3/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch 2021-04-11 15:06:46.000000000 +0100 @@ -16,7 +16,7 @@ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 4964249..2d48783 100644 +index 5b66fb1..df5669a 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -372,6 +372,7 @@ static int patch_var_run( diff -Nru systemd-247.3/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch systemd-247.3/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch --- systemd-247.3/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch 1970-01-01 01:00:00.000000000 +0100 +++ systemd-247.3/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch 2021-04-11 15:06:46.000000000 +0100 @@ -0,0 +1,34 @@ +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Thu, 1 Apr 2021 22:18:29 +0100 +Subject: LoadCredentials: do not assert on invalid syntax + +LoadCredentials=foo causes an assertion to be triggered, as we +are not checking that the rvalue's right hand side part is non-empty +before using it in unit_full_printf. + +Fixes #19178 + +# printf [Service]nLoadCredential=passwd.hashed-password.rootn > hello.service +# systemd-analyze verify ./hello.service +... +Assertion 'format' failed at src/core/unit-printf.c:232, function unit_full_printf(). Aborting. +Aborted (core dumped) + +(cherry picked from commit f7a6f1226e800f7695c2073675523062ea697aa4) +--- + src/core/load-fragment.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 4964249..5b66fb1 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -4569,7 +4569,7 @@ int config_parse_load_credential( + r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS); + if (r == -ENOMEM) + return log_oom(); +- if (r <= 0) { ++ if (r <= 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue); + return 0; + } diff -Nru systemd-247.3/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch systemd-247.3/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch --- systemd-247.3/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch 1970-01-01 01:00:00.000000000 +0100 +++ systemd-247.3/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch 2021-04-11 15:06:46.000000000 +0100 @@ -0,0 +1,86 @@ +From: "Kevin P. Fleming" <kevin@km6g.us> +Date: Sat, 6 Feb 2021 10:58:43 -0500 +Subject: network: Delay addition of IPv6 Proxy NDP addresses + +Setting of IPv6 Proxy NDP addresses must be done at the same +time as static addresses, static routes, and other link attributes +that must be configured when the link is up. Doing this ensures +that they are reconfigured on the link if the link goes down +and returns to service. + +(cherry picked from commit 12f7469bbe0142d7f360a29ca2b407ce7f5ff096) + +Fixes https://github.com/systemd/systemd-stable/issues/89 + +(cherry picked from commit d5ea028e46673ef627843e90c3d01ebac8fe0e62) +--- + src/network/networkd-address.c | 11 +++++++++++ + src/network/networkd-link.c | 5 ----- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 961b248..ef47af4 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -9,6 +9,7 @@ + #include "netlink-util.h" + #include "networkd-address-pool.h" + #include "networkd-address.h" ++#include "networkd-ipv6-proxy-ndp.h" + #include "networkd-manager.h" + #include "networkd-network.h" + #include "parse-util.h" +@@ -903,6 +904,7 @@ int address_configure( + static int static_address_ready_callback(Address *address) { + Address *a; + Link *link; ++ int r; + + assert(address); + assert(address->link); +@@ -927,6 +929,10 @@ static int static_address_ready_callback(Address *address) { + + link->addresses_ready = true; + ++ r = link_set_ipv6_proxy_ndp_addresses(link); ++ if (r < 0) ++ return r; ++ + return link_set_routes(link); + } + +@@ -1046,6 +1052,11 @@ int link_set_addresses(Link *link) { + if (link->address_messages == 0) { + link->addresses_configured = true; + link->addresses_ready = true; ++ ++ r = link_set_ipv6_proxy_ndp_addresses(link); ++ if (r < 0) ++ return r; ++ + r = link_set_routes(link); + if (r < 0) + return r; +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 8120343..e8a7223 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -28,7 +28,6 @@ + #include "networkd-dhcp6.h" + #include "networkd-fdb.h" + #include "networkd-ipv4ll.h" +-#include "networkd-ipv6-proxy-ndp.h" + #include "networkd-link-bus.h" + #include "networkd-link.h" + #include "networkd-lldp-tx.h" +@@ -2056,10 +2055,6 @@ int link_configure(Link *link) { + if (r < 0) + return r; + +- r = link_set_ipv6_proxy_ndp_addresses(link); +- if (r < 0) +- return r; +- + r = link_set_mac(link); + if (r < 0) + return r; diff -Nru systemd-247.3/debian/patches/series systemd-247.3/debian/patches/series --- systemd-247.3/debian/patches/series 2021-03-11 17:09:35.000000000 +0000 +++ systemd-247.3/debian/patches/series 2021-04-11 15:06:46.000000000 +0100 @@ -5,6 +5,8 @@ rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch pkg-config-make-prefix-overridable-again.patch +LoadCredentials-do-not-assert-on-invalid-syntax.patch +network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch debian/Use-Debian-specific-config-files.patch debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch debian/Make-run-lock-tmpfs-an-API-fs.patch
Attachment:
signature.asc
Description: This is a digitally signed message part