Browse code

Merge branch 'master' of https://github.com/vmware/photon

archive authored on 2018/01/12 23:30:16
Showing 30 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,114 @@
0
+From 4ebd0c4191c6073cc8a7c5fdcf1d182c4719bcbb Mon Sep 17 00:00:00 2001
1
+From: Aurelien Jarno <aurelien@aurel32.net>
2
+Date: Sat, 30 Dec 2017 10:54:23 +0100
3
+Subject: [PATCH] elf: Check for empty tokens before dynamic string token
4
+ expansion [BZ #22625]
5
+
6
+The fillin_rpath function in elf/dl-load.c loops over each RPATH or
7
+RUNPATH tokens and interprets empty tokens as the current directory
8
+("./"). In practice the check for empty token is done *after* the
9
+dynamic string token expansion. The expansion process can return an
10
+empty string for the $ORIGIN token if __libc_enable_secure is set
11
+or if the path of the binary can not be determined (/proc not mounted).
12
+
13
+Fix that by moving the check for empty tokens before the dynamic string
14
+token expansion. In addition, check for NULL pointer or empty strings
15
+return by expand_dynamic_string_token.
16
+
17
+The above changes highlighted a bug in decompose_rpath, an empty array
18
+is represented by the first element being NULL at the fillin_rpath
19
+level, but by using a -1 pointer in decompose_rpath and other functions.
20
+
21
+Changelog:
22
+	[BZ #22625]
23
+	* elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
24
+	string token expansion. Check for NULL pointer or empty string possibly
25
+	returned by expand_dynamic_string_token.
26
+	(decompose_rpath): Check for empty path after dynamic string
27
+	token expansion.
28
+(cherry picked from commit 3e3c904daef69b8bf7d5cc07f793c9f07c3553ef)
29
+---
30
+ ChangeLog     | 10 ++++++++++
31
+ NEWS          |  4 ++++
32
+ elf/dl-load.c | 49 +++++++++++++++++++++++++++++++++----------------
33
+ 3 files changed, 47 insertions(+), 16 deletions(-)
34
+
35
+diff --git a/elf/dl-load.c b/elf/dl-load.c
36
+index 50996e2..7397c18 100644
37
+--- a/elf/dl-load.c
38
+@@ -434,31 +434,40 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
39
+ {
40
+   char *cp;
41
+   size_t nelems = 0;
42
+-  char *to_free;
43
+ 
44
+   while ((cp = __strsep (&rpath, sep)) != NULL)
45
+     {
46
+       struct r_search_path_elem *dirp;
47
++      char *to_free = NULL;
48
++      size_t len = 0;
49
+ 
50
+-      to_free = cp = expand_dynamic_string_token (l, cp, 1);
51
++      /* `strsep' can pass an empty string.  */
52
++      if (*cp != '\0')
53
++	{
54
++	  to_free = cp = expand_dynamic_string_token (l, cp, 1);
55
+ 
56
+-      size_t len = strlen (cp);
57
++	  /* expand_dynamic_string_token can return NULL in case of empty
58
++	     path or memory allocation failure.  */
59
++	  if (cp == NULL)
60
++	    continue;
61
+ 
62
+-      /* `strsep' can pass an empty string.  This has to be
63
+-	 interpreted as `use the current directory'. */
64
+-      if (len == 0)
65
+-	{
66
+-	  static const char curwd[] = "./";
67
+-	  cp = (char *) curwd;
68
+-	}
69
++	  /* Compute the length after dynamic string token expansion and
70
++	     ignore empty paths.  */
71
++	  len = strlen (cp);
72
++	  if (len == 0)
73
++	    {
74
++	      free (to_free);
75
++	      continue;
76
++	    }
77
+ 
78
+-      /* Remove trailing slashes (except for "/").  */
79
+-      while (len > 1 && cp[len - 1] == '/')
80
+-	--len;
81
++	  /* Remove trailing slashes (except for "/").  */
82
++	  while (len > 1 && cp[len - 1] == '/')
83
++	    --len;
84
+ 
85
+-      /* Now add one if there is none so far.  */
86
+-      if (len > 0 && cp[len - 1] != '/')
87
+-	cp[len++] = '/';
88
++	  /* Now add one if there is none so far.  */
89
++	  if (len > 0 && cp[len - 1] != '/')
90
++	    cp[len++] = '/';
91
++	}
92
+ 
93
+       /* Make sure we don't use untrusted directories if we run SUID.  */
94
+       if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
95
+@@ -622,6 +631,14 @@ decompose_rpath (struct r_search_path_struct *sps,
96
+      necessary.  */
97
+   free (copy);
98
+ 
99
++  /* There is no path after expansion.  */
100
++  if (result[0] == NULL)
101
++    {
102
++      free (result);
103
++      sps->dirs = (struct r_search_path_elem **) -1;
104
++      return false;
105
++    }
106
++
107
+   sps->dirs = result;
108
+   /* The caller will change this value if we haven't used a real malloc.  */
109
+   sps->malloced = 1;
110
+-- 
111
+2.9.3
112
+
... ...
@@ -4,7 +4,7 @@
4 4
 Summary:        Main C library
5 5
 Name:           glibc
6 6
 Version:        2.26
7
-Release:        8%{?dist}
7
+Release:        9%{?dist}
8 8
 License:        LGPLv2+
9 9
 URL:            http://www.gnu.org/software/libc
10 10
 Group:          Applications/System
... ...
@@ -21,6 +21,7 @@ Patch3:         0002-malloc-arena-fix.patch
21 21
 Patch4:         glibc-fix-CVE-2017-15670.patch
22 22
 Patch5:         glibc-fix-CVE-2017-15804.patch
23 23
 Patch6:         glibc-fix-CVE-2017-17426.patch
24
+Patch7:         glibc-fix-CVE-2017-16997.patch
24 25
 Provides:       rtld(GNU_HASH)
25 26
 Requires:       filesystem
26 27
 %description
... ...
@@ -81,6 +82,7 @@ sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile
81 81
 %patch4 -p1
82 82
 %patch5 -p1
83 83
 %patch6 -p1
84
+%patch7 -p1
84 85
 install -vdm 755 %{_builddir}/%{name}-build
85 86
 # do not try to explicitly provide GLIBC_PRIVATE versioned libraries
86 87
 %define __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh
... ...
@@ -285,6 +287,8 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||:
285 285
 
286 286
 
287 287
 %changelog
288
+*   Mon Jan 08 2018 Xiaolin Li <xiaolinl@vmware.com> 2.26-9
289
+-   Fix CVE-2017-16997
288 290
 *   Thu Dec 21 2017 Xiaolin Li <xiaolinl@vmware.com> 2.26-8
289 291
 -   Fix CVE-2017-17426
290 292
 *   Tue Nov 14 2017 Alexey Makhalov <amakhalov@vmware.com> 2.26-7
291 293
new file mode 100644
... ...
@@ -0,0 +1,65 @@
0
+%{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
1
+
2
+Name:           meson
3
+Summary:        Extremely fast and user friendly build system
4
+Version:        0.44.0
5
+Release:        1%{?dist}
6
+License:        ASL 2.0
7
+URL:            https://mesonbuild.com/
8
+Vendor:         VMware, Inc.
9
+Distribution:   Photon
10
+Source0:        https://github.com/mesonbuild/meson/archive/%{version}/%{name}-%{version}.tar.gz
11
+%define sha1    meson=4a5aa56f81fc1350a5c501ef6046eef8a13467c7
12
+BuildArch:      noarch
13
+BuildRequires:  gcc
14
+BuildRequires:  python3-devel
15
+BuildRequires:  python3-libs
16
+BuildRequires:  python3-setuptools
17
+BuildRequires:  ninja-build
18
+BuildRequires:  gtest-devel
19
+BuildRequires:  gmock-devel
20
+BuildRequires:  gettext
21
+
22
+Requires:       ninja-build
23
+Requires:       python3
24
+
25
+%description
26
+Meson is an open source build system meant to be both extremely fast, 
27
+and, even more importantly, as user friendly as possible.
28
+The main design point of Meson is that every moment a developer spends 
29
+writing or debugging build definitions is a second wasted. 
30
+So is every second spent waiting for the build system to actually start compiling code.
31
+
32
+%prep
33
+%setup 
34
+
35
+%build
36
+
37
+%install
38
+python3 setup.py install --root=%{buildroot}/
39
+install -Dpm0644 data/macros.%{name} %{buildroot}%{_libdir}/rpm/macros.d/macros.%{name}
40
+
41
+%check
42
+export MESON_PRINT_TEST_OUTPUT=1
43
+python3 ./run_tests.py
44
+
45
+%files
46
+%license COPYING
47
+%{_bindir}/%{name}
48
+%{_bindir}/%{name}conf
49
+%{_bindir}/%{name}introspect
50
+%{_bindir}/%{name}test
51
+%{_bindir}/wraptool
52
+%{python3_sitelib}/mesonbuild
53
+%{python3_sitelib}/%{name}-*.egg-info
54
+%{_mandir}/man1/%{name}.1*
55
+%{_mandir}/man1/%{name}conf.1*
56
+%{_mandir}/man1/%{name}introspect.1*
57
+%{_mandir}/man1/%{name}test.1*
58
+%{_mandir}/man1/wraptool.1*
59
+%{_libdir}/rpm/macros.d/macros.%{name}
60
+
61
+%changelog
62
+*   Wed Dec 27 2017 Anish Swaminathan <anishs@vmware.com> 0.44.0-1
63
+-   Initial packaging
64
+
0 65
new file mode 100644
... ...
@@ -0,0 +1,8 @@
0
+%__ninja %{_bindir}/ninja
1
+%__ninja_common_opts -v %{?_smp_mflags}
2
+%ninja_build \
3
+    %{__ninja} %{__ninja_common_opts}
4
+%ninja_install \
5
+    DESTDIR=%{buildroot} %{__ninja} install %{__ninja_common_opts}
6
+%ninja_test \
7
+    %{__ninja} test %{__ninja_common_opts}
0 8
new file mode 100644
... ...
@@ -0,0 +1,48 @@
0
+Name:           ninja-build
1
+Summary:        Small build system with focus on speed
2
+Version:        1.8.2
3
+Release:        1%{?dist}
4
+License:        ASL 2.0
5
+URL:            https://ninja-build.org
6
+Vendor:         VMware, Inc.
7
+Distribution:   Photon
8
+Source0:        https://github.com/ninja-build/ninja/archive/%{name}-%{version}.tar.gz
9
+%define sha1    ninja-build=17219deb34dd816363e37470f77ff7231509143a
10
+Source1:        macros.ninja
11
+BuildRequires:  gcc
12
+BuildRequires:  python3-devel
13
+BuildRequires:  gtest-devel
14
+
15
+%description
16
+Ninja is a small build system with a focus on speed. 
17
+It differs from other build systems in two major respects: 
18
+it is designed to have its input files generated by a higher-level build system, 
19
+and it is designed to run builds as fast as possible.
20
+
21
+%prep
22
+%setup -n ninja-%{version}
23
+
24
+%build
25
+python3 configure.py --bootstrap --verbose
26
+./ninja -v all
27
+
28
+%install
29
+install -Dpm0755 ninja -t %{buildroot}%{_bindir}/
30
+install -Dpm0644 misc/bash-completion %{buildroot}%{_datadir}/bash-completion/completions/ninja
31
+ln -s ninja %{buildroot}%{_bindir}/ninja-build
32
+install -Dpm0644 %{SOURCE1} %{buildroot}%{_libdir}/rpm/macros.d/macros.ninja
33
+
34
+%check
35
+./ninja_test --gtest_filter=-SubprocessTest.SetWithLots
36
+
37
+%files
38
+%license COPYING
39
+%doc HACKING.md README
40
+%{_bindir}/ninja
41
+%{_bindir}/ninja-build
42
+%{_datadir}/bash-completion/completions/ninja
43
+%{_libdir}/rpm/macros.d/macros.ninja
44
+
45
+%changelog
46
+*   Wed Dec 27 2017 Anish Swaminathan <anishs@vmware.com> 1.8.2-1
47
+-   Initial packaging
... ...
@@ -1,14 +1,14 @@
1 1
 Summary:        Ruby
2 2
 Name:           ruby
3
-Version:        2.4.2
3
+Version:        2.4.3
4 4
 Release:        1%{?dist}
5 5
 License:        BSDL
6 6
 URL:            https://www.ruby-lang.org/en/
7 7
 Group:          System Environment/Security
8 8
 Vendor:         VMware, Inc.
9 9
 Distribution:   Photon
10
-Source0:        http://cache.ruby-lang.org/pub/ruby/%{name}-%{version}.tar.xz
11
-%define sha1    ruby=8373e32c63bba2180799da091b572664aa9faf6f
10
+Source0:        http://cache.ruby-lang.org/pub/ruby/2.4/%{name}-%{version}.tar.bz2
11
+%define sha1    ruby=3ca96536320b915762d57fe1ee540df6810bf631
12 12
 Patch0:         ruby-CVE-2017-9224.patch
13 13
 Patch1:         ruby-CVE-2017-9226.patch
14 14
 Patch2:         ruby-CVE-2017-9227.patch
... ...
@@ -63,6 +63,8 @@ rm -rf %{buildroot}/*
63 63
 %{_docdir}/%{name}-%{version}
64 64
 %{_mandir}/man1/*
65 65
 %changelog
66
+*   Wed Jan 03 2018 Xiaolin Li <xiaolinl@vmware.com> 2.4.3-1
67
+-   Update to version 2.4.3, fix CVE-2017-17405
66 68
 *   Fri Sep 29 2017 Xiaolin Li <xiaolinl@vmware.com> 2.4.2-1
67 69
 -   Update to version 2.4.2
68 70
 *   Fri Sep 15 2017 Xiaolin Li <xiaolinl@vmware.com> 2.4.1-5
... ...
@@ -1,28 +1,18 @@
1
-diff -Naur a/Makefile.am b/Makefile.am
2
-+++ b/Makefile.am	2016-08-29 13:42:31.472636829 -0700
3
-@@ -309,7 +309,7 @@
4
- 	set -- $(USER_UNIT_ALIASES) && \
5
- 		dir=$(userunitdir) && $(install-relative-aliases)
6
- 	set -- $(GENERAL_ALIASES) && \
7
--		dir= && $(install-relative-aliases)
8
-+		dir= && $(install-general-aliases)
1
+diff -rup systemd-236/units/meson-add-wants.sh systemd-236-new/units/meson-add-wants.sh
2
+--- systemd-236/units/meson-add-wants.sh	2017-12-14 14:09:57.000000000 -0800
3
+@@ -13,8 +13,6 @@ case "$target" in
4
+                 ;;
5
+ esac
9 6
  
10
- define install-aliases
11
- 	while [ -n "$$1" ]; do \
12
-@@ -328,6 +328,15 @@
13
- 		shift 2 || exit $$?; \
14
- 	done
15
- endef
16
-+
17
-+define install-general-aliases
18
-+	while [ -n "$$1" ]; do \
19
-+		$(MKDIR_P) `dirname $(DESTDIR)$$dir/$$2` && \
20
-+		rm -f $(DESTDIR)$$dir/$$2 && \
21
-+		$(LN_S) /usr$$1 $(DESTDIR)$$dir/$$2 && \
22
-+		shift 2 || exit $$?; \
23
-+	done
24
-+endef
7
+-unitpath="${DESTDIR:-}${unitdir}/${unit}"
8
+-
9
+ case "$target" in
10
+         */)
11
+                 mkdir -p -m 0755 "$dir"
12
+@@ -24,4 +22,4 @@ case "$target" in
13
+                 ;;
14
+ esac
25 15
  
26
- install-touch-usr-hook:
27
- 	touch -c $(DESTDIR)/$(prefix)
16
+-ln -vfs --relative "$unitpath" "$dir"
17
++ln -vfs "${unitdir}/${unit}" "$dir"
28 18
deleted file mode 100644
... ...
@@ -1,36 +0,0 @@
1
-From 9f939335a07085aa9a9663efd1dca06ef6405d62 Mon Sep 17 00:00:00 2001
2
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
3
-Date: Wed, 25 Oct 2017 11:19:19 +0200
4
-Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
5
-
6
-Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
7
-
8
-https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
9
- src/resolve/resolved-dns-packet.c | 6 +-----
10
- 1 file changed, 1 insertion(+), 5 deletions(-)
11
-
12
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
13
-index e2f227bfc6..35f4d0689b 100644
14
-+++ b/src/resolve/resolved-dns-packet.c
15
-@@ -1514,7 +1514,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
16
- 
17
-                 found = true;
18
- 
19
--                while (bitmask) {
20
-+                for (; bitmask; bit++, bitmask >>= 1)
21
-                         if (bitmap[i] & bitmask) {
22
-                                 uint16_t n;
23
- 
24
-@@ -1528,10 +1528,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
25
-                                 if (r < 0)
26
-                                         return r;
27
-                         }
28
--
29
--                        bit++;
30
--                        bitmask >>= 1;
31
--                }
32
-         }
33
- 
34
-         if (!found)
35 1
deleted file mode 100644
... ...
@@ -1,305 +0,0 @@
1
-diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
2
-index 6a6dadda2b..49a5c53f96 100644
3
-+++ b/src/core/load-fragment.c
4
-@@ -636,26 +636,36 @@ int config_parse_exec(
5
- 
6
-                 r = unit_full_printf(u, f, &path);
7
-                 if (r < 0) {
8
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", f);
9
--                        return 0;
10
-+                        log_syntax(unit, LOG_ERR, filename, line, r,
11
-+                                   "Failed to resolve unit specifiers on %s%s: %m",
12
-+                                   f, ignore ? ", ignoring" : "");
13
-+                        return ignore ? 0 : -ENOEXEC;
14
-                 }
15
- 
16
-                 if (isempty(path)) {
17
-                         /* First word is either "-" or "@" with no command. */
18
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Empty path in command line, ignoring: \"%s\"", rvalue);
19
--                        return 0;
20
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
21
-+                                   "Empty path in command line%s: \"%s\"",
22
-+                                   ignore ? ", ignoring" : "", rvalue);
23
-+                        return ignore ? 0 : -ENOEXEC;
24
-                 }
25
-                 if (!string_is_safe(path)) {
26
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path contains special characters, ignoring: %s", rvalue);
27
--                        return 0;
28
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
29
-+                                   "Executable path contains special characters%s: %s",
30
-+                                   ignore ? ", ignoring" : "", rvalue);
31
-+                        return ignore ? 0 : -ENOEXEC;
32
-                 }
33
-                 if (!path_is_absolute(path)) {
34
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path is not absolute, ignoring: %s", rvalue);
35
--                        return 0;
36
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
37
-+                                   "Executable path is not absolute%s: %s",
38
-+                                   ignore ? ", ignoring" : "", rvalue);
39
-+                        return ignore ? 0 : -ENOEXEC;
40
-                 }
41
-                 if (endswith(path, "/")) {
42
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Executable path specifies a directory, ignoring: %s", rvalue);
43
--                        return 0;
44
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
45
-+                                   "Executable path specifies a directory%s: %s",
46
-+                                   ignore ? ", ignoring" : "", rvalue);
47
-+                        return ignore ? 0 : -ENOEXEC;
48
-                 }
49
- 
50
-                 if (!separate_argv0) {
51
-@@ -708,12 +718,14 @@ int config_parse_exec(
52
-                         if (r == 0)
53
-                                 break;
54
-                         if (r < 0)
55
--                                return 0;
56
-+                                return ignore ? 0 : -ENOEXEC;
57
- 
58
-                         r = unit_full_printf(u, word, &resolved);
59
-                         if (r < 0) {
60
--                                log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to resolve unit specifiers on %s, ignoring: %m", word);
61
--                                return 0;
62
-+                                log_syntax(unit, LOG_ERR, filename, line, r,
63
-+                                           "Failed to resolve unit specifiers on %s%s: %m",
64
-+                                           word, ignore ? ", ignoring" : "");
65
-+                                return ignore ? 0 : -ENOEXEC;
66
-                         }
67
- 
68
-                         if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
69
-@@ -724,8 +736,10 @@ int config_parse_exec(
70
-                 }
71
- 
72
-                 if (!n || !n[0]) {
73
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Empty executable name or zeroeth argument, ignoring: %s", rvalue);
74
--                        return 0;
75
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
76
-+                                   "Empty executable name or zeroeth argument%s: %s",
77
-+                                   ignore ? ", ignoring" : "", rvalue);
78
-+                        return ignore ? 0 : -ENOEXEC;
79
-                 }
80
- 
81
-                 nce = new0(ExecCommand, 1);
82
-@@ -1332,8 +1346,10 @@ int config_parse_exec_selinux_context(
83
- 
84
-         r = unit_full_printf(u, rvalue, &k);
85
-         if (r < 0) {
86
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
87
--                return 0;
88
-+                log_syntax(unit, LOG_ERR, filename, line, r,
89
-+                           "Failed to resolve specifiers%s: %m",
90
-+                           ignore ? ", ignoring" : "");
91
-+                return ignore ? 0 : -ENOEXEC;
92
-         }
93
- 
94
-         free(c->selinux_context);
95
-@@ -1380,8 +1396,10 @@ int config_parse_exec_apparmor_profile(
96
- 
97
-         r = unit_full_printf(u, rvalue, &k);
98
-         if (r < 0) {
99
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
100
--                return 0;
101
-+                log_syntax(unit, LOG_ERR, filename, line, r,
102
-+                           "Failed to resolve specifiers%s: %m",
103
-+                           ignore ? ", ignoring" : "");
104
-+                return ignore ? 0 : -ENOEXEC;
105
-         }
106
- 
107
-         free(c->apparmor_profile);
108
-@@ -1428,8 +1446,10 @@ int config_parse_exec_smack_process_label(
109
- 
110
-         r = unit_full_printf(u, rvalue, &k);
111
-         if (r < 0) {
112
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %m");
113
--                return 0;
114
-+                log_syntax(unit, LOG_ERR, filename, line, r,
115
-+                           "Failed to resolve specifiers%s: %m",
116
-+                           ignore ? ", ignoring" : "");
117
-+                return ignore ? 0 : -ENOEXEC;
118
-         }
119
- 
120
-         free(c->smack_process_label);
121
-@@ -1647,19 +1667,19 @@ int config_parse_socket_service(
122
- 
123
-         r = unit_name_printf(UNIT(s), rvalue, &p);
124
-         if (r < 0) {
125
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers, ignoring: %s", rvalue);
126
--                return 0;
127
-+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve specifiers: %s", rvalue);
128
-+                return -ENOEXEC;
129
-         }
130
- 
131
-         if (!endswith(p, ".service")) {
132
--                log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service, ignoring: %s", rvalue);
133
--                return 0;
134
-+                log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service: %s", rvalue);
135
-+                return -ENOEXEC;
136
-         }
137
- 
138
-         r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
139
-         if (r < 0) {
140
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
141
--                return 0;
142
-+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s: %s", rvalue, bus_error_message(&error, r));
143
-+                return -ENOEXEC;
144
-         }
145
- 
146
-         unit_ref_set(&s->service, x);
147
-@@ -1907,13 +1927,13 @@ int config_parse_user_group(
148
- 
149
-                 r = unit_full_printf(u, rvalue, &k);
150
-                 if (r < 0) {
151
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
152
--                        return 0;
153
-+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
154
-+                        return -ENOEXEC;
155
-                 }
156
- 
157
-                 if (!valid_user_group_name_or_id(k)) {
158
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID, ignoring: %s", k);
159
--                        return 0;
160
-+                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
161
-+                        return -ENOEXEC;
162
-                 }
163
- 
164
-                 n = k;
165
-@@ -1971,19 +1991,19 @@ int config_parse_user_group_strv(
166
-                 if (r == -ENOMEM)
167
-                         return log_oom();
168
-                 if (r < 0) {
169
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
170
--                        break;
171
-+                        log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
172
-+                        return -ENOEXEC;
173
-                 }
174
- 
175
-                 r = unit_full_printf(u, word, &k);
176
-                 if (r < 0) {
177
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
178
--                        continue;
179
-+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
180
-+                        return -ENOEXEC;
181
-                 }
182
- 
183
-                 if (!valid_user_group_name_or_id(k)) {
184
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID, ignoring: %s", k);
185
--                        continue;
186
-+                        log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
187
-+                        return -ENOEXEC;
188
-                 }
189
- 
190
-                 r = strv_push(users, k);
191
-@@ -2142,25 +2162,28 @@ int config_parse_working_directory(
192
- 
193
-                 r = unit_full_printf(u, rvalue, &k);
194
-                 if (r < 0) {
195
--                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in working directory path '%s', ignoring: %m", rvalue);
196
--                        return 0;
197
-+                        log_syntax(unit, LOG_ERR, filename, line, r,
198
-+                                   "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
199
-+                                   rvalue, missing_ok ? ", ignoring" : "");
200
-+                        return missing_ok ? 0 : -ENOEXEC;
201
-                 }
202
- 
203
-                 path_kill_slashes(k);
204
- 
205
-                 if (!utf8_is_valid(k)) {
206
-                         log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue);
207
--                        return 0;
208
-+                        return missing_ok ? 0 : -ENOEXEC;
209
-                 }
210
- 
211
-                 if (!path_is_absolute(k)) {
212
--                        log_syntax(unit, LOG_ERR, filename, line, 0, "Working directory path '%s' is not absolute, ignoring.", rvalue);
213
--                        return 0;
214
-+                        log_syntax(unit, LOG_ERR, filename, line, 0,
215
-+                                   "Working directory path '%s' is not absolute%s.",
216
-+                                   rvalue, missing_ok ? ", ignoring" : "");
217
-+                        return missing_ok ? 0 : -ENOEXEC;
218
-                 }
219
- 
220
--                free_and_replace(c->working_directory, k);
221
--
222
-                 c->working_directory_home = false;
223
-+                free_and_replace(c->working_directory, k);
224
-         }
225
- 
226
-         c->working_directory_missing_ok = missing_ok;
227
-@@ -4456,8 +4479,11 @@ int unit_load_fragment(Unit *u) {
228
-                         return r;
229
- 
230
-                 r = load_from_path(u, k);
231
--                if (r < 0)
232
-+                if (r < 0) {
233
-+                        if (r == -ENOEXEC)
234
-+                                log_unit_notice(u, "Unit configuration has fatal error, unit will not be started.");
235
-                         return r;
236
-+                }
237
- 
238
-                 if (u->load_state == UNIT_STUB) {
239
-                         SET_FOREACH(t, u->names, i) {
240
-diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
241
-index 12f48bf435..fd797b587e 100644
242
-+++ b/src/test/test-unit-file.c
243
-@@ -146,7 +146,7 @@ static void test_config_parse_exec(void) {
244
-         r = config_parse_exec(NULL, "fake", 4, "section", 1,
245
-                               "LValue", 0, "/RValue/ argv0 r1",
246
-                               &c, u);
247
--        assert_se(r == 0);
248
-+        assert_se(r == -ENOEXEC);
249
-         assert_se(c1->command_next == NULL);
250
- 
251
-         log_info("/* honour_argv0 */");
252
-@@ -161,7 +161,7 @@ static void test_config_parse_exec(void) {
253
-         r = config_parse_exec(NULL, "fake", 3, "section", 1,
254
-                               "LValue", 0, "@/RValue",
255
-                               &c, u);
256
--        assert_se(r == 0);
257
-+        assert_se(r == -ENOEXEC);
258
-         assert_se(c1->command_next == NULL);
259
- 
260
-         log_info("/* no command, whitespace only, reset */");
261
-@@ -220,7 +220,7 @@ static void test_config_parse_exec(void) {
262
-                               "-@/RValue argv0 r1 ; ; "
263
-                               "/goo/goo boo",
264
-                               &c, u);
265
--        assert_se(r >= 0);
266
-+        assert_se(r == -ENOEXEC);
267
-         c1 = c1->command_next;
268
-         check_execcommand(c1, "/RValue", "argv0", "r1", NULL, true);
269
- 
270
-@@ -374,7 +374,7 @@ static void test_config_parse_exec(void) {
271
-                 r = config_parse_exec(NULL, "fake", 4, "section", 1,
272
-                                       "LValue", 0, path,
273
-                                       &c, u);
274
--                assert_se(r == 0);
275
-+                assert_se(r == -ENOEXEC);
276
-                 assert_se(c1->command_next == NULL);
277
-         }
278
- 
279
-@@ -401,21 +401,21 @@ static void test_config_parse_exec(void) {
280
-         r = config_parse_exec(NULL, "fake", 4, "section", 1,
281
-                               "LValue", 0, "/path\\",
282
-                               &c, u);
283
--        assert_se(r == 0);
284
-+        assert_se(r == -ENOEXEC);
285
-         assert_se(c1->command_next == NULL);
286
- 
287
-         log_info("/* missing ending ' */");
288
-         r = config_parse_exec(NULL, "fake", 4, "section", 1,
289
-                               "LValue", 0, "/path 'foo",
290
-                               &c, u);
291
--        assert_se(r == 0);
292
-+        assert_se(r == -ENOEXEC);
293
-         assert_se(c1->command_next == NULL);
294
- 
295
-         log_info("/* missing ending ' with trailing backslash */");
296
-         r = config_parse_exec(NULL, "fake", 4, "section", 1,
297
-                               "LValue", 0, "/path 'foo\\",
298
-                               &c, u);
299
--        assert_se(r == 0);
300
-+        assert_se(r == -ENOEXEC);
301
-         assert_se(c1->command_next == NULL);
302
- 
303
-         log_info("/* invalid space between modifiers */");
304 1
deleted file mode 100644
... ...
@@ -1,100 +0,0 @@
1
-diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
2
-index c43b7885be..5b5a86250e 100644
3
-+++ b/src/core/load-fragment-gperf.gperf.m4
4
-@@ -18,8 +18,8 @@ struct ConfigPerfItem;
5
- m4_dnl Define the context options only once
6
- m4_define(`EXEC_CONTEXT_CONFIG_ITEMS',
7
- `$1.WorkingDirectory,            config_parse_working_directory,     0,                             offsetof($1, exec_context)
8
--$1.RootDirectory,                config_parse_unit_path_printf,      0,                             offsetof($1, exec_context.root_directory)
9
--$1.RootImage,                    config_parse_unit_path_printf,      0,                             offsetof($1, exec_context.root_image)
10
-+$1.RootDirectory,                config_parse_unit_path_printf,      true,                          offsetof($1, exec_context.root_directory)
11
-+$1.RootImage,                    config_parse_unit_path_printf,      true,                          offsetof($1, exec_context.root_image)
12
- $1.User,                         config_parse_user_group,            0,                             offsetof($1, exec_context.user)
13
- $1.Group,                        config_parse_user_group,            0,                             offsetof($1, exec_context.group)
14
- $1.SupplementaryGroups,          config_parse_user_group_strv,       0,                             offsetof($1, exec_context.supplementary_groups)
15
-@@ -35,7 +35,7 @@ $1.UMask,                        config_parse_mode,                  0,
16
- $1.Environment,                  config_parse_environ,               0,                             offsetof($1, exec_context.environment)
17
- $1.EnvironmentFile,              config_parse_unit_env_file,         0,                             offsetof($1, exec_context.environment_files)
18
- $1.PassEnvironment,              config_parse_pass_environ,          0,                             offsetof($1, exec_context.pass_environment)
19
--$1.DynamicUser,                  config_parse_bool,                  0,                             offsetof($1, exec_context.dynamic_user)
20
-+$1.DynamicUser,                  config_parse_bool,                  true,                          offsetof($1, exec_context.dynamic_user)
21
- $1.StandardInput,                config_parse_exec_input,            0,                             offsetof($1, exec_context)
22
- $1.StandardOutput,               config_parse_exec_output,           0,                             offsetof($1, exec_context)
23
- $1.StandardError,                config_parse_exec_output,           0,                             offsetof($1, exec_context)
24
-diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
25
-index 49a5c53f96..9d5c39b3dd 100644
26
-+++ b/src/core/load-fragment.c
27
-@@ -242,6 +242,7 @@ int config_parse_unit_path_printf(
28
-         _cleanup_free_ char *k = NULL;
29
-         Unit *u = userdata;
30
-         int r;
31
-+        bool fatal = ltype;
32
- 
33
-         assert(filename);
34
-         assert(lvalue);
35
-@@ -250,8 +251,10 @@ int config_parse_unit_path_printf(
36
- 
37
-         r = unit_full_printf(u, rvalue, &k);
38
-         if (r < 0) {
39
--                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", rvalue);
40
--                return 0;
41
-+                log_syntax(unit, LOG_ERR, filename, line, r,
42
-+                           "Failed to resolve unit specifiers on %s%s: %m",
43
-+                           fatal ? "" : ", ignoring", rvalue);
44
-+                return fatal ? -ENOEXEC : 0;
45
-         }
46
- 
47
-         return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
48
-diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
49
-index 44df7493e2..e08402e3d2 100644
50
-+++ b/src/shared/conf-parser.c
51
-@@ -615,6 +615,7 @@ int config_parse_bool(const char* unit,
52
- 
53
-         int k;
54
-         bool *b = data;
55
-+        bool fatal = ltype;
56
- 
57
-         assert(filename);
58
-         assert(lvalue);
59
-@@ -623,8 +624,10 @@ int config_parse_bool(const char* unit,
60
- 
61
-         k = parse_boolean(rvalue);
62
-         if (k < 0) {
63
--                log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse boolean value, ignoring: %s", rvalue);
64
--                return 0;
65
-+                log_syntax(unit, LOG_ERR, filename, line, k,
66
-+                           "Failed to parse boolean value%s: %s",
67
-+                           fatal ? "" : ", ignoring", rvalue);
68
-+                return fatal ? -ENOEXEC : 0;
69
-         }
70
- 
71
-         *b = !!k;
72
-@@ -715,6 +718,7 @@ int config_parse_path(
73
-                 void *userdata) {
74
- 
75
-         char **s = data, *n;
76
-+        bool fatal = ltype;
77
- 
78
-         assert(filename);
79
-         assert(lvalue);
80
-@@ -723,12 +727,14 @@ int config_parse_path(
81
- 
82
-         if (!utf8_is_valid(rvalue)) {
83
-                 log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue);
84
--                return 0;
85
-+                return fatal ? -ENOEXEC : 0;
86
-         }
87
- 
88
-         if (!path_is_absolute(rvalue)) {
89
--                log_syntax(unit, LOG_ERR, filename, line, 0, "Not an absolute path, ignoring: %s", rvalue);
90
--                return 0;
91
-+                log_syntax(unit, LOG_ERR, filename, line, 0,
92
-+                           "Not an absolute path%s: %s",
93
-+                           fatal ? "" : ", ignoring", rvalue);
94
-+                return fatal ? -ENOEXEC : 0;
95
-         }
96
- 
97
-         n = strdup(rvalue);
98 1
deleted file mode 100644
... ...
@@ -1,25 +0,0 @@
1
-From a924f43f30f9c4acaf70618dd2a055f8b0f166be Mon Sep 17 00:00:00 2001
2
-From: Evgeny Vereshchagin <evvers@ya.ru>
3
-Date: Wed, 24 May 2017 08:56:48 +0300
4
-Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
5
- (#6020)
6
-
7
-See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
8
- src/resolve/resolved-dns-packet.c | 3 +++
9
- 1 file changed, 3 insertions(+)
10
-
11
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
12
-index 652970284e..240ee448f4 100644
13
-+++ b/src/resolve/resolved-dns-packet.c
14
-@@ -2269,6 +2269,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
15
-         if (r < 0)
16
-                 return r;
17
- 
18
-+        if (!p->question)
19
-+                return 0;
20
-+
21
-         if (p->question->n_keys != 1)
22
-                 return 0;
23
- 
24 1
deleted file mode 100644
... ...
@@ -1,48 +0,0 @@
1
-From 8587c3351003b1613ad2e439cebbb20fbae07e70 Mon Sep 17 00:00:00 2001
2
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek () in waw pl>
3
-Date: Sun, 18 Jun 2017 16:07:57 -0400
4
-Subject: [PATCH 2/2] resolved: simplify alloc size calculation
5
-
6
-The allocation size was calculated in a complicated way, and for values
7
-close to the page size we would actually allocate less than requested.
8
-
9
-Reported by Chris Coulson <chris.coulson () canonical com>.
10
- src/resolve/resolved-dns-packet.c | 8 +-------
11
- src/resolve/resolved-dns-packet.h | 2 --
12
- 2 files changed, 1 insertion(+), 9 deletions(-)
13
-
14
-diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
15
-index 240ee448f4..821b66e266 100644
16
-+++ b/src/resolve/resolved-dns-packet.c
17
-@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
18
- 
19
-         assert(ret);
20
- 
21
--        if (mtu <= UDP_PACKET_HEADER_SIZE)
22
--                a = DNS_PACKET_SIZE_START;
23
--        else
24
--                a = mtu - UDP_PACKET_HEADER_SIZE;
25
--
26
--        if (a < DNS_PACKET_HEADER_SIZE)
27
--                a = DNS_PACKET_HEADER_SIZE;
28
-+        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
29
- 
30
-         /* round up to next page size */
31
-         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
32
-diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
33
-index 2c92392e4d..3abcaf8cf3 100644
34
-+++ b/src/resolve/resolved-dns-packet.h
35
-@@ -66,8 +66,6 @@ struct DnsPacketHeader {
36
- /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
37
- #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
38
- 
39
--#define DNS_PACKET_SIZE_START 512
40
--
41
- struct DnsPacket {
42
-         int n_ref;
43
-         DnsProtocol protocol;
44
-2.13.0
45 1
deleted file mode 100644
... ...
@@ -1,23 +0,0 @@
1
-diff -uNr systemd-233/src/resolve/resolved-conf.c systemd-233-new/src/resolve/resolved-conf.c
2
-+++ systemd-233-new/src/resolve/resolved-conf.c	2017-07-07 03:29:00.130502439 +0000
3
-@@ -229,6 +229,7 @@
4
- 
5
- int manager_parse_config_file(Manager *m) {
6
-         int r;
7
-+        char *default_dns_servers;
8
- 
9
-         assert(m);
10
- 
11
-@@ -241,7 +242,10 @@
12
-                 return r;
13
- 
14
-         if (m->need_builtin_fallbacks) {
15
--                r = manager_parse_dns_server_string_and_warn(m, DNS_SERVER_FALLBACK, DNS_SERVERS);
16
-+                default_dns_servers = secure_getenv("DEFAULT_DNS_SERVERS");
17
-+                if (default_dns_servers == NULL)
18
-+                        default_dns_servers = DNS_SERVERS;
19
-+                r = manager_parse_dns_server_string_and_warn(m, DNS_SERVER_FALLBACK, default_dns_servers);
20
-                 if (r < 0)
21
-                         return r;
22
-         }
23 1
deleted file mode 100644
... ...
@@ -1,39 +0,0 @@
1
-diff -rup systemd-232/src/network/networkd-link.c systemd-232-new/src/network/networkd-link.c
2
-+++ systemd-232-new/src/network/networkd-link.c	2016-11-18 11:19:04.687209642 -0800
3
-@@ -199,6 +199,26 @@ static bool link_proxy_arp_enabled(Link
4
-         return true;
5
- }
6
- 
7
-+static bool link_ipv6_disabled(Link *link) {
8
-+        const char *p = NULL;
9
-+        int r;
10
-+        if (link->flags & IFF_LOOPBACK)
11
-+                return true;
12
-+        /* Make this a NOP if IPv6 is not available */
13
-+        if (!socket_ipv6_is_supported())
14
-+                return true;
15
-+
16
-+        p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/disable_ipv6");
17
-+        _cleanup_free_ char *val = NULL;
18
-+        r = read_one_line_file(p, &val);
19
-+        if (r < 0)
20
-+                log_link_warning_errno(link, r, "Cannot read ipv6 state for interface: %m");
21
-+	if (streq(val, "0"))
22
-+                return false;
23
-+        
24
-+        return true;
25
-+}
26
-+
27
- static bool link_ipv6_accept_ra_enabled(Link *link) {
28
-         assert(link);
29
- 
30
-@@ -720,7 +740,7 @@ void link_check_ready(Link *link) {
31
-                     !link->ipv4ll_route)
32
-                         return;
33
- 
34
--        if (link_ipv6ll_enabled(link))
35
-+        if (!link_ipv6_disabled(link) && link_ipv6ll_enabled(link))
36
-                 if (in_addr_is_null(AF_INET6, (const union in_addr_union*) &link->ipv6ll_address) > 0)
37
-                         return;
38
- 
39 1
deleted file mode 100644
... ...
@@ -1,15 +0,0 @@
1
-diff -uNr systemd-233/src/network/networkd-link.c systemd-233-new/src/network/networkd-link.c
2
-+++ systemd-233-new/src/network/networkd-link.c	2017-11-07 21:02:26.532914705 +0000
3
-@@ -213,8 +213,10 @@
4
-         p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/disable_ipv6");
5
-         _cleanup_free_ char *val = NULL;
6
-         r = read_one_line_file(p, &val);
7
--        if (r < 0)
8
-+        if (r < 0) {
9
-                 log_link_warning_errno(link, r, "Cannot read ipv6 state for interface: %m");
10
-+                return false;
11
-+        }
12
- 	if (streq(val, "0"))
13
-                 return false;
14
-         
15 1
deleted file mode 100644
... ...
@@ -1,1452 +0,0 @@
1
-Backports the following commits from systemd 234:
2
-
3
-ce905cb44620e979862e63743133d354c90d28df icmp6-util: Bind Router Advertisement socket
4
-9dab3e066bb5dfeefa28854ab7f95648eaf0d75d sd-radv: Receive Router Solicitations
5
-d0d6045f658ac3e043235aee68a540650e0f98e0 sd-radv: Send Router Advertisments
6
-dd39628ac19c691917aeeb01babaef411f146039 sd-radv: Implement Router Advertisement timeout handling
7
-938c9ff7d374086b996d6a9a484f88ebd94731a3 sd-radv: Add Router Advertisement functionality
8
-b076a89bb331b91a7cafcd77fb3c13484805b24f sd-radv: Add Router Advertisement prefix handling
9
-1e4a54de3a79a0ba764e482122e381398eaf3e25 icmp6-util: Move multicast address definitions
10
-42a7accc3dec5350f0e88ffa145a55293b6fd0e9 sd-ndisc.c: Move Router Solicitation sending after timer computaion
11
-7b72b034e7c406209dfc55643b79ec0cb2636e4f sd-ndisc: Implement Router Solicitation backoff method
12
-33261358b2a16d895d7beb5b34ebdacadb56cb56 sd-ndisc: Reset counter for sent Router Solicitations (#5874)
13
-b40e6a51d55531314666e866d7f9813fce385023 networkd: RFC compliant autonomous prefix handling (#5636)
14
-
15
- Makefile.am                             |   3 +
16
- src/libsystemd-network/icmp6-util.c     | 117 ++++++++++-
17
- src/libsystemd-network/icmp6-util.h     |  13 ++
18
- src/libsystemd-network/ndisc-internal.h |   7 +-
19
- src/libsystemd-network/radv-internal.h  |  88 +++++++++
20
- src/libsystemd-network/sd-ndisc.c       | 184 ++++++++---------
21
- src/libsystemd-network/sd-radv.c        | 653 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
22
- src/libsystemd-network/test-ndisc-rs.c  |  15 ++
23
- src/network/networkd-ndisc.c            |  30 ++-
24
- src/systemd/sd-radv.h                   |  81 ++++++++
25
- 10 files changed, 1086 insertions(+), 105 deletions(-)
26
- create mode 100644 src/libsystemd-network/radv-internal.h
27
- create mode 100644 src/libsystemd-network/sd-radv.c
28
- create mode 100644 src/systemd/sd-radv.h
29
-
30
-diff -rupN systemd-base/Makefile.am systemd/Makefile.am
31
-+++ systemd/Makefile.am	2017-09-18 14:58:25.561666434 -0700
32
-@@ -3629,6 +3629,7 @@ libsystemd_network_la_SOURCES = \
33
- 	src/systemd/sd-ipv4ll.h \
34
- 	src/systemd/sd-ipv4acd.h \
35
- 	src/systemd/sd-ndisc.h \
36
-+	src/systemd/sd-radv.h \
37
- 	src/systemd/sd-dhcp6-client.h \
38
- 	src/systemd/sd-dhcp6-lease.h \
39
- 	src/systemd/sd-lldp.h \
40
-@@ -3652,6 +3653,8 @@ libsystemd_network_la_SOURCES = \
41
- 	src/libsystemd-network/ndisc-internal.h \
42
- 	src/libsystemd-network/ndisc-router.h \
43
- 	src/libsystemd-network/ndisc-router.c \
44
-+	src/libsystemd-network/sd-radv.c \
45
-+	src/libsystemd-network/radv-internal.h \
46
- 	src/libsystemd-network/icmp6-util.h \
47
- 	src/libsystemd-network/icmp6-util.c \
48
- 	src/libsystemd-network/sd-dhcp6-client.c \
49
-diff -rupN systemd-base/src/libsystemd-network/icmp6-util.c systemd/src/libsystemd-network/icmp6-util.c
50
-+++ systemd/src/libsystemd-network/icmp6-util.c	2017-09-18 15:06:31.020575497 -0700
51
-@@ -32,6 +32,7 @@
52
- #include "fd-util.h"
53
- #include "icmp6-util.h"
54
- #include "socket-util.h"
55
-+#include "in-addr-util.h"
56
- 
57
- #define IN6ADDR_ALL_ROUTERS_MULTICAST_INIT \
58
-         { { { 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
59
-@@ -41,12 +42,9 @@
60
-         { { { 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
61
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } } }
62
- 
63
--int icmp6_bind_router_solicitation(int index) {
64
--        struct icmp6_filter filter = { };
65
--        struct ipv6_mreq mreq = {
66
--                .ipv6mr_multiaddr = IN6ADDR_ALL_NODES_MULTICAST_INIT,
67
--                .ipv6mr_interface = index,
68
--        };
69
-+static int icmp6_bind_router_message(const struct icmp6_filter *filter,
70
-+                                     const struct ipv6_mreq *mreq) {
71
-+        int index = mreq->ipv6mr_interface;
72
-         _cleanup_close_ int s = -1;
73
-         char ifname[IF_NAMESIZE] = "";
74
-         static const int zero = 0, one = 1, hops = 255;
75
-@@ -56,9 +54,11 @@ int icmp6_bind_router_solicitation(int i
76
-         if (s < 0)
77
-                 return -errno;
78
- 
79
--        ICMP6_FILTER_SETBLOCKALL(&filter);
80
--        ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filter);
81
--        r = setsockopt(s, IPPROTO_ICMPV6, ICMP6_FILTER, &filter, sizeof(filter));
82
-+        r = setsockopt(s, IPPROTO_ICMPV6, ICMP6_FILTER, filter, sizeof(*filter));
83
-+        if (r < 0)
84
-+                return -errno;
85
-+
86
-+        r = setsockopt(s, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, mreq, sizeof(*mreq));
87
-         if (r < 0)
88
-                 return -errno;
89
- 
90
-@@ -78,7 +78,7 @@ int icmp6_bind_router_solicitation(int i
91
-         if (r < 0)
92
-                 return -errno;
93
- 
94
--        r = setsockopt(s, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
95
-+        r = setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &hops, sizeof(hops));
96
-         if (r < 0)
97
-                 return -errno;
98
- 
99
-@@ -102,6 +102,32 @@ int icmp6_bind_router_solicitation(int i
100
-         return r;
101
- }
102
- 
103
-+int icmp6_bind_router_solicitation(int index) {
104
-+        struct icmp6_filter filter = {};
105
-+        struct ipv6_mreq mreq = {
106
-+                .ipv6mr_multiaddr = IN6ADDR_ALL_NODES_MULTICAST_INIT,
107
-+                .ipv6mr_interface = index,
108
-+        };
109
-+
110
-+        ICMP6_FILTER_SETBLOCKALL(&filter);
111
-+        ICMP6_FILTER_SETPASS(ND_ROUTER_ADVERT, &filter);
112
-+
113
-+        return icmp6_bind_router_message(&filter, &mreq);
114
-+}
115
-+
116
-+int icmp6_bind_router_advertisement(int index) {
117
-+        struct icmp6_filter filter = {};
118
-+        struct ipv6_mreq mreq = {
119
-+                .ipv6mr_multiaddr = IN6ADDR_ALL_ROUTERS_MULTICAST_INIT,
120
-+                .ipv6mr_interface = index,
121
-+        };
122
-+
123
-+        ICMP6_FILTER_SETBLOCKALL(&filter);
124
-+        ICMP6_FILTER_SETPASS(ND_ROUTER_SOLICIT, &filter);
125
-+
126
-+        return icmp6_bind_router_message(&filter, &mreq);
127
-+}
128
-+
129
- int icmp6_send_router_solicitation(int s, const struct ether_addr *ether_addr) {
130
-         struct sockaddr_in6 dst = {
131
-                 .sin6_family = AF_INET6,
132
-@@ -139,3 +165,74 @@ int icmp6_send_router_solicitation(int s
133
- 
134
-         return 0;
135
- }
136
-+
137
-+int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *dst,
138
-+                  triple_timestamp *timestamp) {
139
-+        union {
140
-+                struct cmsghdr cmsghdr;
141
-+                uint8_t buf[CMSG_SPACE(sizeof(int)) + /* ttl */
142
-+                            CMSG_SPACE(sizeof(struct timeval))];
143
-+        } control = {};
144
-+        struct iovec iov = {};
145
-+        union sockaddr_union sa = {};
146
-+        struct msghdr msg = {
147
-+                .msg_name = &sa.sa,
148
-+                .msg_namelen = sizeof(sa),
149
-+                .msg_iov = &iov,
150
-+                .msg_iovlen = 1,
151
-+                .msg_control = &control,
152
-+                .msg_controllen = sizeof(control),
153
-+        };
154
-+        struct cmsghdr *cmsg;
155
-+        ssize_t len;
156
-+
157
-+        iov.iov_base = buffer;
158
-+        iov.iov_len = size;
159
-+
160
-+        len = recvmsg(fd, &msg, MSG_DONTWAIT);
161
-+        if (len < 0) {
162
-+                if (errno == EAGAIN || errno == EINTR)
163
-+                        return 0;
164
-+
165
-+                return -errno;
166
-+        }
167
-+
168
-+        if ((size_t) len != size)
169
-+                return -EINVAL;
170
-+
171
-+        if (msg.msg_namelen == sizeof(struct sockaddr_in6) &&
172
-+            sa.in6.sin6_family == AF_INET6)  {
173
-+
174
-+                *dst = sa.in6.sin6_addr;
175
-+                if (in_addr_is_link_local(AF_INET6, (union in_addr_union*) dst) <= 0)
176
-+                        return -EADDRNOTAVAIL;
177
-+
178
-+        } else if (msg.msg_namelen > 0)
179
-+                return -EPFNOSUPPORT;
180
-+
181
-+        /* namelen == 0 only happens when running the test-suite over a socketpair */
182
-+
183
-+        assert(!(msg.msg_flags & MSG_CTRUNC));
184
-+        assert(!(msg.msg_flags & MSG_TRUNC));
185
-+
186
-+        CMSG_FOREACH(cmsg, &msg) {
187
-+                if (cmsg->cmsg_level == SOL_IPV6 &&
188
-+                    cmsg->cmsg_type == IPV6_HOPLIMIT &&
189
-+                    cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
190
-+                        int hops = *(int*) CMSG_DATA(cmsg);
191
-+
192
-+                        if (hops != 255)
193
-+                                return -EMULTIHOP;
194
-+                }
195
-+
196
-+                if (cmsg->cmsg_level == SOL_SOCKET &&
197
-+                    cmsg->cmsg_type == SO_TIMESTAMP &&
198
-+                    cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval)))
199
-+                        triple_timestamp_from_realtime(timestamp, timeval_load((struct timeval*) CMSG_DATA(cmsg)));
200
-+        }
201
-+
202
-+        if (!triple_timestamp_is_set(timestamp))
203
-+                triple_timestamp_get(timestamp);
204
-+
205
-+        return 0;
206
-+}
207
-diff -rupN systemd-base/src/libsystemd-network/icmp6-util.h systemd/src/libsystemd-network/icmp6-util.h
208
-+++ systemd/src/libsystemd-network/icmp6-util.h	2017-09-18 15:06:31.020575497 -0700
209
-@@ -21,5 +21,18 @@
210
- 
211
- #include <net/ethernet.h>
212
- 
213
-+#include "time-util.h"
214
-+
215
-+#define IN6ADDR_ALL_ROUTERS_MULTICAST_INIT \
216
-+        { { { 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
217
-+              0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 } } }
218
-+
219
-+#define IN6ADDR_ALL_NODES_MULTICAST_INIT \
220
-+        { { { 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
221
-+              0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } } }
222
-+
223
- int icmp6_bind_router_solicitation(int index);
224
-+int icmp6_bind_router_advertisement(int index);
225
- int icmp6_send_router_solicitation(int s, const struct ether_addr *ether_addr);
226
-+int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *dst,
227
-+                  triple_timestamp *timestamp);
228
-diff -rupN systemd-base/src/libsystemd-network/ndisc-internal.h systemd/src/libsystemd-network/ndisc-internal.h
229
-+++ systemd/src/libsystemd-network/ndisc-internal.h	2017-09-18 14:55:04.905317356 -0700
230
-@@ -23,6 +23,10 @@
231
- 
232
- #include "sd-ndisc.h"
233
- 
234
-+#define NDISC_ROUTER_SOLICITATION_INTERVAL (4U * USEC_PER_SEC)
235
-+#define NDISC_MAX_ROUTER_SOLICITATION_INTERVAL (3600U * USEC_PER_SEC)
236
-+#define NDISC_MAX_ROUTER_SOLICITATIONS 3U
237
-+
238
- struct sd_ndisc {
239
-         unsigned n_ref;
240
- 
241
-@@ -38,8 +42,9 @@ struct sd_ndisc {
242
- 
243
-         sd_event_source *recv_event_source;
244
-         sd_event_source *timeout_event_source;
245
-+        sd_event_source *timeout_no_ra;
246
- 
247
--        unsigned nd_sent;
248
-+        usec_t retransmit_time;
249
- 
250
-         sd_ndisc_callback_t callback;
251
-         void *userdata;
252
-diff -rupN systemd-base/src/libsystemd-network/radv-internal.h systemd/src/libsystemd-network/radv-internal.h
253
-+++ systemd/src/libsystemd-network/radv-internal.h	2017-09-18 15:00:40.022354604 -0700
254
-@@ -0,0 +1,88 @@
255
-+#pragma once
256
-+
257
-+/***
258
-+  This file is part of systemd.
259
-+
260
-+  Copyright (C) 2017 Intel Corporation. All rights reserved.
261
-+
262
-+  systemd is free software; you can redistribute it and/or modify it
263
-+  under the terms of the GNU Lesser General Public License as published by
264
-+  the Free Software Foundation; either version 2.1 of the License, or
265
-+  (at your option) any later version.
266
-+
267
-+  systemd is distributed in the hope that it will be useful, but
268
-+  WITHOUT ANY WARRANTY; without even the implied warranty of
269
-+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
270
-+  Lesser General Public License for more details.
271
-+
272
-+  You should have received a copy of the GNU Lesser General Public License
273
-+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
274
-+***/
275
-+
276
-+#include "sd-radv.h"
277
-+
278
-+#include "log.h"
279
-+#include "list.h"
280
-+#include "sparse-endian.h"
281
-+
282
-+#define SD_RADV_DEFAULT_MIN_TIMEOUT_USEC        (200*USEC_PER_SEC)
283
-+#define SD_RADV_DEFAULT_MAX_TIMEOUT_USEC        (600*USEC_PER_SEC)
284
-+assert_cc(SD_RADV_DEFAULT_MIN_TIMEOUT_USEC <= SD_RADV_DEFAULT_MAX_TIMEOUT_USEC)
285
-+
286
-+#define SD_RADV_MAX_INITIAL_RTR_ADVERT_INTERVAL_USEC (16*USEC_PER_SEC)
287
-+#define SD_RADV_MAX_INITIAL_RTR_ADVERTISEMENTS  3
288
-+#define SD_RADV_MAX_FINAL_RTR_ADVERTISEMENTS    3
289
-+#define SD_RADV_MIN_DELAY_BETWEEN_RAS           3
290
-+#define SD_RADV_MAX_RA_DELAY_TIME_USEC          (500*USEC_PER_MSEC)
291
-+
292
-+enum RAdvState {
293
-+        SD_RADV_STATE_IDLE                      = 0,
294
-+        SD_RADV_STATE_ADVERTISING               = 1,
295
-+};
296
-+typedef enum RAdvState RAdvState;
297
-+
298
-+struct sd_radv {
299
-+        unsigned n_ref;
300
-+        RAdvState state;
301
-+
302
-+        int ifindex;
303
-+
304
-+        sd_event *event;
305
-+        int event_priority;
306
-+
307
-+        struct ether_addr mac_addr;
308
-+        uint8_t hop_limit;
309
-+        uint8_t flags;
310
-+        uint32_t mtu;
311
-+        uint16_t lifetime;
312
-+
313
-+        int fd;
314
-+        unsigned ra_sent;
315
-+        sd_event_source *recv_event_source;
316
-+        sd_event_source *timeout_event_source;
317
-+
318
-+        unsigned n_prefixes;
319
-+        LIST_HEAD(sd_radv_prefix, prefixes);
320
-+};
321
-+
322
-+struct sd_radv_prefix {
323
-+        unsigned n_ref;
324
-+
325
-+        struct {
326
-+                uint8_t type;
327
-+                uint8_t length;
328
-+                uint8_t prefixlen;
329
-+                uint8_t flags;
330
-+                be32_t valid_lifetime;
331
-+                be32_t preferred_lifetime;
332
-+                uint32_t reserved;
333
-+                struct in6_addr in6_addr;
334
-+        } _packed_ opt;
335
-+
336
-+        LIST_FIELDS(struct sd_radv_prefix, prefix);
337
-+};
338
-+
339
-+#define log_radv_full(level, error, fmt, ...) log_internal(level, error, __FILE__, __LINE__, __func__, "RADV: " fmt, ##__VA_ARGS__)
340
-+#define log_radv_errno(error, fmt, ...) log_radv_full(LOG_DEBUG, error, fmt, ##__VA_ARGS__)
341
-+#define log_radv_warning_errno(error, fmt, ...) log_radv_full(LOG_WARNING, error, fmt, ##__VA_ARGS__)
342
-+#define log_radv(fmt, ...) log_radv_errno(0, fmt, ##__VA_ARGS__)
343
-diff -rupN systemd-base/src/libsystemd-network/sd-ndisc.c systemd/src/libsystemd-network/sd-ndisc.c
344
-+++ systemd/src/libsystemd-network/sd-ndisc.c	2017-09-18 15:00:40.038396204 -0700
345
-@@ -28,12 +28,12 @@
346
- #include "in-addr-util.h"
347
- #include "ndisc-internal.h"
348
- #include "ndisc-router.h"
349
-+#include "random-util.h"
350
- #include "socket-util.h"
351
- #include "string-util.h"
352
- #include "util.h"
353
- 
354
--#define NDISC_ROUTER_SOLICITATION_INTERVAL (4U * USEC_PER_SEC)
355
--#define NDISC_MAX_ROUTER_SOLICITATIONS 3U
356
-+#define NDISC_TIMEOUT_NO_RA_USEC (NDISC_ROUTER_SOLICITATION_INTERVAL * NDISC_MAX_ROUTER_SOLICITATIONS)
357
- 
358
- static void ndisc_callback(sd_ndisc *ndisc, sd_ndisc_event event, sd_ndisc_router *rt) {
359
-         assert(ndisc);
360
-@@ -129,6 +129,8 @@ static int ndisc_reset(sd_ndisc *nd) {
361
-         assert(nd);
362
- 
363
-         nd->timeout_event_source = sd_event_source_unref(nd->timeout_event_source);
364
-+        nd->timeout_no_ra = sd_event_source_unref(nd->timeout_no_ra);
365
-+        nd->retransmit_time = 0;
366
-         nd->recv_event_source = sd_event_source_unref(nd->recv_event_source);
367
-         nd->fd = safe_close(nd->fd);
368
- 
369
-@@ -221,23 +223,9 @@ static int ndisc_handle_datagram(sd_ndis
370
- static int ndisc_recv(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
371
-         _cleanup_(sd_ndisc_router_unrefp) sd_ndisc_router *rt = NULL;
372
-         sd_ndisc *nd = userdata;
373
--        union {
374
--                struct cmsghdr cmsghdr;
375
--                uint8_t buf[CMSG_SPACE(sizeof(int)) + /* ttl */
376
--                            CMSG_SPACE(sizeof(struct timeval))];
377
--        } control = {};
378
--        struct iovec iov = {};
379
--        union sockaddr_union sa = {};
380
--        struct msghdr msg = {
381
--                .msg_name = &sa.sa,
382
--                .msg_namelen = sizeof(sa),
383
--                .msg_iov = &iov,
384
--                .msg_iovlen = 1,
385
--                .msg_control = &control,
386
--                .msg_controllen = sizeof(control),
387
--        };
388
--        struct cmsghdr *cmsg;
389
--        ssize_t len, buflen;
390
-+        ssize_t buflen;
391
-+        int r;
392
-+        _cleanup_free_ char *addr = NULL;
393
- 
394
-         assert(s);
395
-         assert(nd);
396
-@@ -251,110 +239,90 @@ static int ndisc_recv(sd_event_source *s
397
-         if (!rt)
398
-                 return -ENOMEM;
399
- 
400
--        iov.iov_base = NDISC_ROUTER_RAW(rt);
401
--        iov.iov_len = rt->raw_size;
402
--
403
--        len = recvmsg(fd, &msg, MSG_DONTWAIT);
404
--        if (len < 0) {
405
--                if (errno == EAGAIN || errno == EINTR)
406
--                        return 0;
407
--
408
--                return log_ndisc_errno(errno, "Could not receive message from ICMPv6 socket: %m");
409
--        }
410
--
411
--        if ((size_t) len != rt->raw_size) {
412
--                log_ndisc("Packet size mismatch.");
413
--                return -EINVAL;
414
--        }
415
--
416
--        if (msg.msg_namelen == sizeof(struct sockaddr_in6) &&
417
--            sa.in6.sin6_family == AF_INET6)  {
418
--
419
--                if (in_addr_is_link_local(AF_INET6, (union in_addr_union*) &sa.in6.sin6_addr) <= 0) {
420
--                        _cleanup_free_ char *addr = NULL;
421
--
422
--                        (void) in_addr_to_string(AF_INET6, (union in_addr_union*) &sa.in6.sin6_addr, &addr);
423
--                        log_ndisc("Received RA from non-link-local address %s. Ignoring.", strna(addr));
424
--                        return 0;
425
--                }
426
--
427
--                rt->address = sa.in6.sin6_addr;
428
--
429
--        } else if (msg.msg_namelen > 0) {
430
--                log_ndisc("Received invalid source address size from ICMPv6 socket: %zu bytes", (size_t) msg.msg_namelen);
431
--                return -EINVAL;
432
--        }
433
--
434
--        /* namelen == 0 only happens when running the test-suite over a socketpair */
435
--
436
--        assert(!(msg.msg_flags & MSG_CTRUNC));
437
--        assert(!(msg.msg_flags & MSG_TRUNC));
438
--
439
--        CMSG_FOREACH(cmsg, &msg) {
440
--                if (cmsg->cmsg_level == SOL_IPV6 &&
441
--                    cmsg->cmsg_type == IPV6_HOPLIMIT &&
442
--                    cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
443
--                        int hops = *(int*) CMSG_DATA(cmsg);
444
--
445
--                        if (hops != 255) {
446
--                                log_ndisc("Received RA with invalid hop limit %d. Ignoring.", hops);
447