v252 batch

docs/CONTAINER_INTERFACE.md

@@ -230,7 +230,9 @@ care should be taken to avoid naming conflicts. `systemd` (and in particular
    directory: it's used by code outside the container to insert mounts inside
    it only, and is mostly an internal vehicle to achieve this. Other container
    managers that want to implement similar functionality might consider using
-   the same directory.
+   the same directory. Alternatively, the new mount API may be used by the
+   container manager to establish new mounts in the container without the need
+   for the `/run/host/incoming/` directory.
 
 2. The `/run/host/inaccessible/` directory may be set up by the container
    manager to include six file nodes: `reg`, `dir`, `fifo`, `sock`, `chr`,

man/repart.d.xml

@@ -562,7 +562,7 @@
         <citerefentry
         project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
 
-        <para>If both bit 50 and 59 are set for a partition (i.e. the partition is marked both read-only and
+        <para>If both bit 60 and 59 are set for a partition (i.e. the partition is marked both read-only and
         marked for file system growing) the latter is typically without effect: the read-only flag takes
         precedence in most tools reading these flags, and since growing the file system involves writing to
         the partition it is consequently ignored.</para>

man/systemd-path.xml

@@ -43,6 +43,12 @@
     The variables whose name begins with <literal>search-</literal>
     do not refer to individual paths, but instead to a list of
     colon-separated search paths, in their order of precedence.</para>
+
+    <para>Note that paths which depend on environment variables are
+    computed with <command>systemd-path</command>'s invoked
+    environment, and not the system or user manager's environment. As
+    such, the output of <command>systemd-path</command> may not
+    reflect the behavior of manager processes.</para>
   </refsect1>
 
   <refsect1>

man/systemd-system.conf.xml

@@ -421,10 +421,12 @@
         <term><varname>ManagerEnvironment=</varname></term>
 
         <listitem><para>Takes the same arguments as <varname>DefaultEnvironment=</varname>, see above. Sets
-        environment variables just for the manager process itself. In contrast to user managers, these variables
-        are not inherited by processes spawned by the system manager, use <varname>DefaultEnvironment=</varname>
+        environment variables for the manager process itself. These variables are inherited by processes
+        spawned by user managers, but not the system manager - use <varname>DefaultEnvironment=</varname>
         for that. Note that these variables are merged into the existing environment block. In particular, in
-        case of the system manager, this includes variables set by the kernel based on the kernel command line.</para>
+        case of the system manager, this includes variables set by the kernel based on the kernel command line.
+        As with <varname>DefaultEnvironment=</varname>, this environment block is internal, and changes are not
+        reflected in the manager's <filename>/proc/PID/environ</filename>.</para>
 
         <para>Setting environment variables for the manager process may be useful to modify its behaviour.
         See <ulink url="https://systemd.io/ENVIRONMENT">ENVIRONMENT</ulink> for a descriptions of some

meson.build

@@ -384,6 +384,7 @@ possible_common_cc_flags = [
         '-Wstrict-aliasing=2',
         '-Wstrict-prototypes',
         '-Wsuggest-attribute=noreturn',
+        '-Wunterminated-string-initialization',
         '-Wunused-function',
         '-Wwrite-strings',
 

network/80-wifi-station.network.example

@@ -12,6 +12,7 @@
 [Match]
 Type=wlan
 WLANInterfaceType=station
+SSID=*
 
 [Network]
 DHCP=yes

src/basic/hexdecoct.c

@@ -36,7 +36,7 @@ int undecchar(char c) {
 }
 
 char hexchar(int x) {
-        static const char table[16] = "0123456789abcdef";
+        static const char table[] = "0123456789abcdef";
 
         return table[x & 15];
 }
@@ -171,8 +171,8 @@ int unhexmem_full(const char *p, size_t l, bool secure, void **ret, size_t *ret_
  * useful when representing NSEC3 hashes, as one can then verify the
  * order of hashes directly from their representation. */
 char base32hexchar(int x) {
-        static const char table[32] = "0123456789"
-                                      "ABCDEFGHIJKLMNOPQRSTUV";
+        static const char table[] = "0123456789"
+                                    "ABCDEFGHIJKLMNOPQRSTUV";
 
         return table[x & 31];
 }
@@ -522,19 +522,19 @@ int unbase32hexmem(const char *p, size_t l, bool padding, void **mem, size_t *_l
 
 /* https://tools.ietf.org/html/rfc4648#section-4 */
 char base64char(int x) {
-        static const char table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-                                      "abcdefghijklmnopqrstuvwxyz"
-                                      "0123456789+/";
+        static const char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                                    "abcdefghijklmnopqrstuvwxyz"
+                                    "0123456789+/";
         return table[x & 63];
 }
 
 /* This is almost base64char(), but not entirely, as it uses the "url and filename safe" alphabet,
  * since we don't want "/" appear in interface names (since interfaces appear in sysfs as filenames).
  * See section #5 of RFC 4648. */
 char urlsafe_base64char(int x) {
-        static const char table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-                                      "abcdefghijklmnopqrstuvwxyz"
-                                      "0123456789-_";
+        static const char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                                    "abcdefghijklmnopqrstuvwxyz"
+                                    "0123456789-_";
         return table[x & 63];
 }
 

src/basic/log.h

@@ -32,9 +32,8 @@ typedef enum LogTarget{
  * used a regular log level. */
 #define LOG_NULL (LOG_EMERG - 1)
 
-/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */
-#define SYNTHETIC_ERRNO(num)                (1 << 30 | (num))
-#define IS_SYNTHETIC_ERRNO(val)             ((val) >> 30 & 1)
+#define SYNTHETIC_ERRNO(num)                (abs(num) | (1 << 30))
+#define IS_SYNTHETIC_ERRNO(val)             (((val) >> 30) == 1)
 #define ERRNO_VALUE(val)                    (abs(val) & ~(1 << 30))
 
 /* The callback function to be invoked when syntax warnings are seen

src/boot/efi/linux_x86.c

@@ -7,7 +7,7 @@
  * this x86 specific linux_exec function passes the initrd by setting the
  * corresponding fields in the setup_header struct.
  *
- * see https://docs.kernel.org/x86/boot.html
+ * see https://docs.kernel.org/arch/x86/boot.html
  */
 
 #include <efi.h>

src/core/execute.c

@@ -4438,14 +4438,6 @@ static int exec_child(
                 }
         }
 
-        if (context->nice_set) {
-                r = setpriority_closest(context->nice);
-                if (r < 0) {
-                        *exit_status = EXIT_NICE;
-                        return log_unit_error_errno(unit, r, "Failed to set up process scheduling priority (nice level): %m");
-                }
-        }
-
         if (context->cpu_sched_set) {
                 struct sched_attr attr = {
                         .size = sizeof(attr),
@@ -4461,6 +4453,14 @@ static int exec_child(
                 }
         }
 
+        if (context->nice_set) {
+                r = setpriority_closest(context->nice);
+                if (r < 0) {
+                        *exit_status = EXIT_NICE;
+                        return log_unit_error_errno(unit, r, "Failed to set up process scheduling priority (nice level): %m");
+                }
+        }
+
         if (context->cpu_affinity_from_numa || context->cpu_set.set) {
                 _cleanup_(cpu_set_reset) CPUSet converted_cpu_set = {};
                 const CPUSet *cpu_set;

src/import/import-raw.c

@@ -409,6 +409,11 @@ static int raw_import_process(RawImport *i) {
                 goto finish;
         }
 
+        if ((size_t) l > sizeof(i->buffer) - i->buffer_size) {
+                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size.");
+                goto finish;
+        }
+
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {

src/import/import-tar.c

@@ -276,6 +276,11 @@ static int tar_import_process(TarImport *i) {
                 goto finish;
         }
 
+        if ((size_t) l > sizeof(i->buffer) - i->buffer_size) {
+                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size.");
+                goto finish;
+        }
+
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {

src/journal/journald.conf

@@ -30,7 +30,7 @@
 #RuntimeKeepFree=
 #RuntimeMaxFileSize=
 #RuntimeMaxFiles=100
-#MaxRetentionSec=
+#MaxRetentionSec=0
 #MaxFileSec=1month
 #ForwardToSyslog=no
 #ForwardToKMsg=no

src/kernel-install/50-depmod.install

@@ -44,6 +44,7 @@ case "$COMMAND" in
             "/lib/modules/$KERNEL_VERSION/modules.dep.bin" \
             "/lib/modules/$KERNEL_VERSION/modules.devname" \
             "/lib/modules/$KERNEL_VERSION/modules.softdep" \
+            "/lib/modules/$KERNEL_VERSION/modules.weakdep" \
             "/lib/modules/$KERNEL_VERSION/modules.symbols" \
             "/lib/modules/$KERNEL_VERSION/modules.symbols.bin"
         ;;

src/kernel-install/90-loaderentry.install

@@ -155,8 +155,18 @@ mkdir -p "${LOADER_ENTRY%/*}" || {
         have_initrd=yes
     done
 
-    # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied
-    [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd     $ENTRY_DIR/initrd"
+    # Try a few variations that are generated by various initrd generators in their kernel-install hooks if
+    # no initrds were supplied.
+
+    if [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ]; then
+        echo "initrd     $ENTRY_DIR/initrd"
+        have_initrd=yes
+    fi
+
+    if [ -z "$have_initrd" ] && [ -f "$BOOT_ROOT/initramfs-$KERNEL_VERSION.img" ]; then
+        echo "initrd     /initramfs-$KERNEL_VERSION.img"
+        have_initrd=yes
+    fi
     :
 } >"$LOADER_ENTRY" || {
     echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2

src/libsystemd/sd-event/sd-event.c

@@ -3428,7 +3428,8 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i
                 if (_unlikely_(n != sizeof(si)))
                         return -EIO;
 
-                assert(SIGNAL_VALID(si.ssi_signo));
+                if (_unlikely_(!SIGNAL_VALID(si.ssi_signo)))
+                        return -EIO;
 
                 if (e->signal_sources)
                         s = e->signal_sources[si.ssi_signo];

src/network/networkd-link.c

@@ -1569,17 +1569,19 @@ static int link_carrier_gained(Link *link) {
 }
 
 static int link_carrier_lost_impl(Link *link) {
-        int r, ret = 0;
+        int ret = 0, r;
 
         assert(link);
 
         link->previous_ssid = mfree(link->previous_ssid);
 
+        ret = link_handle_bound_by_list(link);
+
         if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
-                return 0;
+                return ret;
 
         if (!link->network)
-                return 0;
+                return ret;
 
         r = link_stop_engines(link, false);
         if (r < 0)
@@ -1608,22 +1610,17 @@ static int link_carrier_lost_handler(sd_event_source *s, uint64_t usec, void *us
 static int link_carrier_lost(Link *link) {
         uint16_t dhcp_mtu;
         usec_t usec;
-        int r;
 
         assert(link);
 
-        r = link_handle_bound_by_list(link);
-        if (r < 0)
-                return r;
-
         if (link->iftype == ARPHRD_CAN)
                 /* let's shortcut things for CAN which doesn't need most of what's done below. */
-                return 0;
+                usec = 0;
 
-        if (!link->network)
-                return 0;
+        else if (!link->network)
+                usec = 0;
 
-        if (link->network->ignore_carrier_loss_set)
+        else if (link->network->ignore_carrier_loss_set)
                 /* If IgnoreCarrierLoss= is explicitly specified, then use the specified value. */
                 usec = link->network->ignore_carrier_loss_usec;
 

src/resolve/resolved-bus.c

@@ -1133,6 +1133,11 @@ static void resolve_service_all_complete(DnsQuery *query) {
         if (r < 0)
                 goto finish;
 
+        if (isempty(type)) {
+                r = reply_method_errorf(q, BUS_ERROR_NO_SUCH_SERVICE, "'%s' does not provide valid service", dns_query_string(q));
+                goto finish;
+        }
+
         r = sd_bus_message_append(
                         reply,
                         "ssst",

src/resolve/resolved-dns-stream.c

@@ -322,6 +322,12 @@ static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *use
                         return dns_stream_complete(s, -r);
         }
 
+        if (revents & EPOLLERR) {
+                socklen_t errlen = sizeof(r);
+                if (getsockopt(s->fd, SOL_SOCKET, SO_ERROR, &r, &errlen) == 0)
+                        return dns_stream_complete(s, r);
+        }
+
         if ((revents & EPOLLOUT) &&
             s->write_packet &&
             s->n_written < sizeof(s->write_size) + s->write_packet->size) {

src/resolve/resolved-dns-transaction.c

@@ -632,7 +632,7 @@ static int on_stream_complete(DnsStream *s, int error) {
         if (ERRNO_IS_DISCONNECT(error) && s->protocol != DNS_PROTOCOL_LLMNR) {
                 log_debug_errno(error, "Connection failure for DNS TCP stream: %m");
 
-                if (s->transactions) {
+                if (error != ECONNRESET && s->transactions) {
                         DnsTransaction *t;
 
                         t = s->transactions;

src/shared/base-filesystem.c

@@ -50,30 +50,25 @@ static const BaseFilesystem table[] = {
         /* aarch64 ELF ABI actually says dynamic loader is in /lib/, but Fedora puts it in /lib64/ anyway and
          * just symlinks /lib/ld-linux-aarch64.so.1 to ../lib64/ld-linux-aarch64.so.1. For this to work
          * correctly, /lib64/ must be symlinked to /usr/lib64/. */
-        { "lib64",    0, "usr/lib/"LIB_ARCH_TUPLE"\0"
-                         "usr/lib64\0",                "ld-linux-aarch64.so.1" },
+        { "lib64",    0, "usr/lib64\0",                "ld-linux-aarch64.so.1" },
 #  define KNOW_LIB64_DIRS 1
 #elif defined(__alpha__)
 #elif defined(__arc__) || defined(__tilegx__)
 #elif defined(__arm__)
         /* No /lib64 on arm. The linker is /lib/ld-linux-armhf.so.3. */
 #  define KNOW_LIB64_DIRS 1
 #elif defined(__i386__) || defined(__x86_64__)
-        { "lib64",    0, "usr/lib/"LIB_ARCH_TUPLE"\0"
-                         "usr/lib64\0",                "ld-linux-x86-64.so.2" },
+        { "lib64",    0, "usr/lib64\0",                "ld-linux-x86-64.so.2" },
 #  define KNOW_LIB64_DIRS 1
 #elif defined(__ia64__)
 #elif defined(__loongarch_lp64)
 #  define KNOW_LIB64_DIRS 1
 #  if defined(__loongarch_double_float)
-        { "lib64",    0, "usr/lib/"LIB_ARCH_TUPLE"\0"
-                         "usr/lib64\0",                "ld-linux-loongarch-lp64d.so.1" },
+        { "lib64",    0, "usr/lib64\0",                "ld-linux-loongarch-lp64d.so.1" },
 #  elif defined(__loongarch_single_float)
-        { "lib64",    0, "usr/lib/"LIB_ARCH_TUPLE"\0"
-                         "usr/lib64\0",                "ld-linux-loongarch-lp64f.so.1" },
+        { "lib64",    0, "usr/lib64\0",                "ld-linux-loongarch-lp64f.so.1" },
 #  elif defined(__loongarch_soft_float)
-        { "lib64",    0, "usr/lib/"LIB_ARCH_TUPLE"\0"
-                         "usr/lib64\0",                "ld-linux-loongarch-lp64s.so.1" },
+        { "lib64",    0, "usr/lib64\0",                "ld-linux-loongarch-lp64s.so.1" },
 #  else
 #    error "Unknown LoongArch ABI"
 #  endif
@@ -89,8 +84,7 @@ static const BaseFilesystem table[] = {
 #  endif
 #elif defined(__powerpc__)
 #  if defined(__PPC64__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
-        { "lib64",    0, "usr/lib/"LIB_ARCH_TUPLE"\0"
-                         "usr/lib64\0",                "ld64.so.2" },
+        { "lib64",    0, "usr/lib64\0",                "ld64.so.2" },
 #    define KNOW_LIB64_DIRS 1
 #  elif defined(__powerpc64__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
         /* powerpc64-linux-gnu */
@@ -101,15 +95,13 @@ static const BaseFilesystem table[] = {
 #  if __riscv_xlen == 32
 #  elif __riscv_xlen == 64
         /* Same situation as for aarch64 */
-        { "lib64",    0, "usr/lib/"LIB_ARCH_TUPLE"\0"
-                         "usr/lib64\0",                "ld-linux-riscv64-lp64d.so.1" },
+        { "lib64",    0, "usr/lib64\0",                "ld-linux-riscv64-lp64d.so.1" },
 #    define KNOW_LIB64_DIRS 1
 #  else
 #    error "Unknown RISC-V ABI"
 #  endif
 #elif defined(__s390x__)
-        { "lib64",    0, "usr/lib/"LIB_ARCH_TUPLE"\0"
-                         "usr/lib64\0",                "ld-lsb-s390x.so.3" },
+        { "lib64",    0, "usr/lib64\0",                "ld-lsb-s390x.so.3" },
 #    define KNOW_LIB64_DIRS 1
 #elif defined(__s390__)
         /* s390-linux-gnu */

src/sysusers/sysusers.c

@@ -1356,9 +1356,15 @@ static int process_item(Item *i) {
         case ADD_USER: {
                 Item *j = NULL;
 
-                if (!i->gid_set)
+                if (!i->gid_set) {
                         j = ordered_hashmap_get(groups, i->group_name ?: i->name);
 
+                        /* If that's not a match, also check if the group name
+                         * matches a user name in the queue. */
+                        if (!j && i->group_name)
+                                j = ordered_hashmap_get(users, i->group_name);
+                }
+
                 if (j && j->todo_group) {
                         /* When a group with the target name is already in queue,
                          * use the information about the group and do not create