diff --git a/backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch b/backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch new file mode 100644 index 0000000..163e60d --- /dev/null +++ b/backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch @@ -0,0 +1,39 @@ +From f470dafddcd688c3ea6031d4bbcbf934fd094711 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 25 Aug 2023 13:55:36 +0200 +Subject: [PATCH] Limit rlim_max in rlimit_nofile_safe() to nr_open + +We might inherit a max rlim value that's larger than the kernel's +maximum (nr_open). This will cause setrlimit() to fail as the given +maximum is larger than the kernel's maximum. To get around this, +let's limit the max rlim we pass to rlimit() to the value of nr_open. + +Should fix #28965 + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/f470dafddcd688c3ea6031d4bbcbf934fd094711 + +--- + src/basic/rlimit-util.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c +index 91424cd3cc..a0ffb24626 100644 +--- a/src/basic/rlimit-util.c ++++ b/src/basic/rlimit-util.c +@@ -401,7 +401,11 @@ int rlimit_nofile_safe(void) { + if (rl.rlim_cur <= FD_SETSIZE) + return 0; + +- rl.rlim_cur = FD_SETSIZE; ++ /* So we might have inherited a hard limit that's larger than the kernel's maximum limit as stored in ++ * /proc/sys/fs/nr_open. If we pass this hard limit unmodified to setrlimit(), we'll get EPERM. To ++ * make sure that doesn't happen, let's limit our hard limit to the value from nr_open. */ ++ rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open()); ++ rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max); + if (setrlimit(RLIMIT_NOFILE, &rl) < 0) + return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur); + +-- +2.39.1 + diff --git a/backport-bus-add-some-minimal-bounds-check-on-signatures.patch b/backport-bus-add-some-minimal-bounds-check-on-signatures.patch new file mode 100644 index 0000000..b50584b --- /dev/null +++ b/backport-bus-add-some-minimal-bounds-check-on-signatures.patch @@ -0,0 +1,73 @@ +From d80cc39558ec7e596d594d1aadc4df81262611f8 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Sun, 16 Jul 2023 01:10:47 +0100 +Subject: [PATCH] bus: add some minimal bounds check on signatures + +CID#1491292 +CID#1491291 +CID#1491290 +CID#1491289 +CID#1491284 +CID#1491281 +CID#1491280 +CID#1491278 + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/d80cc39558ec7e596d594d1aadc4df81262611f8 + +--- + src/busctl/busctl.c | 5 ++++- + src/libsystemd/sd-bus/bus-message.c | 6 ++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c +index 72eed36335..c1a0479015 100644 +--- a/src/busctl/busctl.c ++++ b/src/busctl/busctl.c +@@ -1627,8 +1627,11 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char + p--; + + r = signature_element_length(signature, &k); +- if (r < 0) ++ if (r < 0 || k < 2) { ++ if (r >= 0 && k < 2) ++ r = -ERANGE; + return log_error_errno(r, "Invalid struct/dict entry signature: %m"); ++ } + + { + char s[k-1]; +diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c +index 3cf1419a14..f1cf6a8cc4 100644 +--- a/src/libsystemd/sd-bus/bus-message.c ++++ b/src/libsystemd/sd-bus/bus-message.c +@@ -2027,6 +2027,8 @@ _public_ int sd_bus_message_appendv( + r = signature_element_length(t, &k); + if (r < 0) + return r; ++ if (k < 2) ++ return -ERANGE; + + { + char s[k - 1]; +@@ -3470,6 +3472,8 @@ _public_ int sd_bus_message_readv( + r = signature_element_length(t, &k); + if (r < 0) + return r; ++ if (k < 2) ++ return -ERANGE; + + { + char s[k - 1]; +@@ -3650,6 +3654,8 @@ _public_ int sd_bus_message_skip(sd_bus_message *m, const char *types) { + r = signature_element_length(types, &k); + if (r < 0) + return r; ++ if (k < 2) ++ return -ERANGE; + + { + char s[k-1]; +-- +2.39.1 + diff --git a/backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch b/backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch new file mode 100644 index 0000000..1286b56 --- /dev/null +++ b/backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch @@ -0,0 +1,152 @@ +From bc6377762c210d1bdd7fd2465930731d87dda576 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 29 Apr 2023 04:31:53 +0900 +Subject: [PATCH] core/path: do not enqueue new job in .trigger_notify callback + +Otherwise, +1. X.path triggered X.service, and the service has waiting start job, +2. systemctl stop X.service +3. the waiting start job is cancelled to install new stop job, +4. path_trigger_notify() is called, and may reinstall new start job, +5. the stop job cannot be installed, and triggeres assertion. + +So, instead, let's add a defer event source, then enqueue the new start +job after the stop (or any other type) job finished. + +Fixes https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/bc6377762c210d1bdd7fd2465930731d87dda576 + +--- + src/core/path.c | 68 +++++++++++++++++++++++++++++++++++++++++++++---- + src/core/path.h | 2 ++ + 2 files changed, 65 insertions(+), 5 deletions(-) + +diff --git a/src/core/path.c b/src/core/path.c +index 9f6a246ab0..c95663c3aa 100644 +--- a/src/core/path.c ++++ b/src/core/path.c +@@ -10,6 +10,7 @@ + #include "dbus-path.h" + #include "dbus-unit.h" + #include "escape.h" ++#include "event-util.h" + #include "fd-util.h" + #include "glob-util.h" + #include "inotify-util.h" +@@ -300,6 +301,7 @@ static void path_done(Unit *u) { + + assert(p); + ++ p->trigger_notify_event_source = sd_event_source_disable_unref(p->trigger_notify_event_source); + path_free_specs(p); + } + +@@ -575,6 +577,9 @@ static void path_enter_waiting(Path *p, bool initial, bool from_trigger_notify) + Unit *trigger; + int r; + ++ if (p->trigger_notify_event_source) ++ (void) event_source_disable(p->trigger_notify_event_source); ++ + /* If the triggered unit is already running, so are we */ + trigger = UNIT_TRIGGER(UNIT(p)); + if (trigger && !UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(trigger))) { +@@ -799,8 +804,28 @@ fail: + return 0; + } + +-static void path_trigger_notify(Unit *u, Unit *other) { ++static void path_trigger_notify_impl(Unit *u, Unit *other, bool on_defer); ++ ++static int path_trigger_notify_on_defer(sd_event_source *s, void *userdata) { ++ Path *p = ASSERT_PTR(userdata); ++ Unit *trigger; ++ ++ assert(s); ++ ++ trigger = UNIT_TRIGGER(UNIT(p)); ++ if (!trigger) { ++ log_unit_error(UNIT(p), "Unit to trigger vanished."); ++ path_enter_dead(p, PATH_FAILURE_RESOURCES); ++ return 0; ++ } ++ ++ path_trigger_notify_impl(UNIT(p), trigger, /* on_defer = */ true); ++ return 0; ++} ++ ++static void path_trigger_notify_impl(Unit *u, Unit *other, bool on_defer) { + Path *p = PATH(u); ++ int r; + + assert(u); + assert(other); +@@ -826,13 +851,46 @@ static void path_trigger_notify(Unit *u, Unit *other) { + + if (p->state == PATH_RUNNING && + UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { +- log_unit_debug(UNIT(p), "Got notified about unit deactivation."); +- path_enter_waiting(p, false, true); ++ if (!on_defer) ++ log_unit_debug(u, "Got notified about unit deactivation."); + } else if (p->state == PATH_WAITING && + !UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { +- log_unit_debug(UNIT(p), "Got notified about unit activation."); +- path_enter_waiting(p, false, true); ++ if (!on_defer) ++ log_unit_debug(u, "Got notified about unit activation."); ++ } else ++ return; ++ ++ if (on_defer) { ++ path_enter_waiting(p, /* initial = */ false, /* from_trigger_notify = */ true); ++ return; + } ++ ++ /* Do not call path_enter_waiting() directly from path_trigger_notify(), as this may be called by ++ * job_install() -> job_finish_and_invalidate() -> unit_trigger_notify(), and path_enter_waiting() ++ * may install another job and will trigger assertion in job_install(). ++ * https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906 ++ * Hence, first setup defer event source here, and call path_enter_waiting() slightly later. */ ++ if (p->trigger_notify_event_source) { ++ r = sd_event_source_set_enabled(p->trigger_notify_event_source, SD_EVENT_ONESHOT); ++ if (r < 0) { ++ log_unit_warning_errno(u, r, "Failed to enable event source for triggering notify: %m"); ++ path_enter_dead(p, PATH_FAILURE_RESOURCES); ++ return; ++ } ++ } else { ++ r = sd_event_add_defer(u->manager->event, &p->trigger_notify_event_source, path_trigger_notify_on_defer, p); ++ if (r < 0) { ++ log_unit_warning_errno(u, r, "Failed to allocate event source for triggering notify: %m"); ++ path_enter_dead(p, PATH_FAILURE_RESOURCES); ++ return; ++ } ++ ++ (void) sd_event_source_set_description(p->trigger_notify_event_source, "path-trigger-notify"); ++ } ++} ++ ++static void path_trigger_notify(Unit *u, Unit *other) { ++ path_trigger_notify_impl(u, other, /* on_defer = */ false); + } + + static void path_reset_failed(Unit *u) { +diff --git a/src/core/path.h b/src/core/path.h +index c76103cc12..cb5b662911 100644 +--- a/src/core/path.h ++++ b/src/core/path.h +@@ -65,6 +65,8 @@ struct Path { + PathResult result; + + RateLimit trigger_limit; ++ ++ sd_event_source *trigger_notify_event_source; + }; + + struct ActivationDetailsPath { +-- +2.39.1 + diff --git a/backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch b/backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch new file mode 100644 index 0000000..ce8e710 --- /dev/null +++ b/backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch @@ -0,0 +1,44 @@ +From b56ee692334231f0312c2fd142b9f2a84da14ac9 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 24 Aug 2023 09:00:04 +0200 +Subject: [PATCH] hostname: Make sure we pass error to + bus_verify_polkit_async() + +Fixes #28943 + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/b56ee692334231f0312c2fd142b9f2a84da14ac9 + +--- + src/hostname/hostnamed.c | 2 +- + src/shared/bus-polkit.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index 9ef45f8e75..85904aabe9 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -1318,7 +1318,7 @@ static int method_describe(sd_bus_message *m, void *userdata, sd_bus_error *erro + false, + UID_INVALID, + &c->polkit_registry, +- NULL); ++ error); + if (r == 0) + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ + +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +index 3ff2726d4a..904b897984 100644 +--- a/src/shared/bus-polkit.c ++++ b/src/shared/bus-polkit.c +@@ -480,6 +480,7 @@ int bus_verify_polkit_async( + assert(call); + assert(action); + assert(registry); ++ assert(ret_error); + + r = check_good_user(call, good_user); + if (r != 0) +-- +2.39.1 + diff --git a/backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch b/backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch new file mode 100644 index 0000000..43e8040 --- /dev/null +++ b/backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch @@ -0,0 +1,66 @@ +From 0bdea17c0aa37c4cdf586c072a7b35f8d0598cc3 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Fri, 7 Jul 2023 08:00:00 +0000 +Subject: [PATCH] resolved: fix use of ERRNO_IS_DISCONNECT() + +Given that ERRNO_IS_DISCONNECT() also matches positive values, +make sure this macro is not called with arguments that do not have +errno semantics. + +In this case the argument passed to ERRNO_IS_DISCONNECT() is the value +returned by manager_recv() which can legitimately return 1 without errno +semantics, so fix this by moving ERRNO_IS_DISCONNECT() invocation to the +branch where the return value is known to be negative. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/0bdea17c0aa37c4cdf586c072a7b35f8d0598cc3 + +--- + src/resolve/resolved-dns-transaction.c | 27 ++++++++++++-------------- + 1 file changed, 12 insertions(+), 15 deletions(-) + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index a5293357c0..323786896b 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -1367,25 +1367,22 @@ static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *use + assert(t->scope); + + r = manager_recv(t->scope->manager, fd, DNS_PROTOCOL_DNS, &p); +- if (ERRNO_IS_DISCONNECT(r)) { +- usec_t usec; +- +- /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the +- * next recvmsg(). Treat this like a lost packet. */ ++ if (r < 0) { ++ if (ERRNO_IS_DISCONNECT(r)) { ++ usec_t usec; + +- log_debug_errno(r, "Connection failure for DNS UDP packet: %m"); +- assert_se(sd_event_now(t->scope->manager->event, CLOCK_BOOTTIME, &usec) >= 0); +- dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level); ++ /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the ++ * next recvmsg(). Treat this like a lost packet. */ + +- dns_transaction_close_connection(t, /* use_graveyard = */ false); ++ log_debug_errno(r, "Connection failure for DNS UDP packet: %m"); ++ assert_se(sd_event_now(t->scope->manager->event, CLOCK_BOOTTIME, &usec) >= 0); ++ dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level); + +- if (dns_transaction_limited_retry(t)) /* Try a different server */ +- return 0; ++ dns_transaction_close_connection(t, /* use_graveyard = */ false); + +- dns_transaction_complete_errno(t, r); +- return 0; +- } +- if (r < 0) { ++ if (dns_transaction_limited_retry(t)) /* Try a different server */ ++ return 0; ++ } + dns_transaction_complete_errno(t, r); + return 0; + } +-- +2.39.1 + diff --git a/backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch b/backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch new file mode 100644 index 0000000..84f3e9b --- /dev/null +++ b/backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch @@ -0,0 +1,49 @@ +From bb228f0ebc9b691ee2a871bffbf949936568f3ea Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Fri, 7 Jul 2023 08:00:00 +0000 +Subject: [PATCH] sd-bus: fix use of ERRNO_IS_DISCONNECT() + +Given that ERRNO_IS_DISCONNECT() also matches positive values, +make sure this macro is not called with arguments that do not have +errno semantics. + +In this case the argument passed to ERRNO_IS_DISCONNECT() is the value +returned by bus_socket_process_watch_bind(), bus_socket_process_opening(), +and bus_socket_process_authenticating() which can legitimately return +positive values without errno semantics, so fix this by moving the +ERRNO_IS_DISCONNECT() invocation to the branch where the return value +is known to be negative. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/bb228f0ebc9b691ee2a871bffbf949936568f3ea + +--- + src/libsystemd/sd-bus/sd-bus.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 2758309ac5..a250e7b81a 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -3284,11 +3284,13 @@ static int bus_process_internal(sd_bus *bus, sd_bus_message **ret) { + assert_not_reached(); + } + +- if (ERRNO_IS_DISCONNECT(r)) { +- bus_enter_closing(bus); +- r = 1; +- } else if (r < 0) +- return r; ++ if (r < 0) { ++ if (ERRNO_IS_DISCONNECT(r)) { ++ bus_enter_closing(bus); ++ r = 1; ++ } else ++ return r; ++ } + + if (ret) + *ret = NULL; +-- +2.39.1 + diff --git a/backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch b/backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch new file mode 100644 index 0000000..7d3ba41 --- /dev/null +++ b/backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch @@ -0,0 +1,44 @@ +From d5f8890bbf375075c7042b31ff6e79ad491df04c Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Fri, 7 Jul 2023 08:00:00 +0000 +Subject: [PATCH] socket: fix use of ERRNO_IS_DISCONNECT() + +Given that ERRNO_IS_DISCONNECT() also matches positive values, +make sure this macro is not called with arguments that do not have +errno semantics. + +In this case the argument passed to ERRNO_IS_DISCONNECT() is the value +returned by socket_acquire_peer() which can legitimately return 1 +without errno semantics, so fix this by moving ERRNO_IS_DISCONNECT() +invocation to the branch where the return value is known to be negative. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/d5f8890bbf375075c7042b31ff6e79ad491df04c + +--- + src/core/socket.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/core/socket.c b/src/core/socket.c +index d72194f20b..03b8cbd164 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -2358,10 +2358,12 @@ static void socket_enter_running(Socket *s, int cfd_in) { + + if (s->max_connections_per_source > 0) { + r = socket_acquire_peer(s, cfd, &p); +- if (ERRNO_IS_DISCONNECT(r)) +- return; +- if (r < 0) /* We didn't have enough resources to acquire peer information, let's fail. */ ++ if (r < 0) { ++ if (ERRNO_IS_DISCONNECT(r)) ++ return; ++ /* We didn't have enough resources to acquire peer information, let's fail. */ + goto fail; ++ } + if (r > 0 && p->n_ref > s->max_connections_per_source) { + _cleanup_free_ char *t = NULL; + +-- +2.39.1 + diff --git a/backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch b/backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch new file mode 100644 index 0000000..cb9e581 --- /dev/null +++ b/backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch @@ -0,0 +1,33 @@ +From 5660e68d651545b43e13a51b068e64022637a6c6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 28 Sep 2022 18:09:29 +0900 +Subject: [PATCH] udev-builtin-net_id: fix potential buffer overflow + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/5660e68d651545b43e13a51b068e64022637a6c6 + +--- + src/udev/udev-builtin-net_id.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c +index 4936ba518a..d1f343573d 100644 +--- a/src/udev/udev-builtin-net_id.c ++++ b/src/udev/udev-builtin-net_id.c +@@ -948,11 +948,11 @@ static int names_usb(sd_device *dev, NetNames *names) { + + /* append USB config number, suppress the common config == 1 */ + if (!streq(config, "1")) +- l = strpcpyl(&s, sizeof(names->usb_ports), "c", config, NULL); ++ l = strpcpyl(&s, l, "c", config, NULL); + + /* append USB interface number, suppress the interface == 0 */ + if (!streq(interf, "0")) +- l = strpcpyl(&s, sizeof(names->usb_ports), "i", interf, NULL); ++ l = strpcpyl(&s, l, "i", interf, NULL); + if (l == 0) + return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ENAMETOOLONG), + "Generated USB name would be too long."); +-- +2.39.1 + diff --git a/backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch b/backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch new file mode 100644 index 0000000..7bd1282 --- /dev/null +++ b/backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch @@ -0,0 +1,47 @@ +From 1617424ce76d797d081dd6cb1082b954c4d2bf38 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 26 Sep 2023 09:52:05 +0200 +Subject: [PATCH] udev: raise RLIMIT_NOFILE as high as we can + +We might need a lot of fds on large systems, hence raise RLIMIT_NOFILE +to what the service manager allows us, which is quite a lot these days. + +udev already sets FORK_RLIMIT_NOFILE_SAFE when forking of chilren, thus +ensuring that forked off processes get their RLIMIT_NOFILE soft limit +reset to 1K for compat with crappy old select(). + +Replaces: #29298 +Fixes: #28583 + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/1617424ce76d797d081dd6cb1082b954c4d2bf38 + +--- + src/udev/udevd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index 257336aec6..2ed4282253 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -18,6 +18,7 @@ + #include "pretty-print.h" + #include "proc-cmdline.h" + #include "process-util.h" ++#include "rlimit-util.h" + #include "selinux-util.h" + #include "signal-util.h" + #include "socket-util.h" +@@ -365,6 +366,9 @@ int run_udevd(int argc, char *argv[]) { + if (r < 0) + return r; + ++ /* Make sure we can have plenty fds (for example for pidfds) */ ++ (void) rlimit_nofile_bump(-1); ++ + r = RET_NERRNO(mkdir("/run/udev", 0755)); + if (r < 0 && r != -EEXIST) + return log_error_errno(r, "Failed to create /run/udev: %m"); +-- +2.39.1 + diff --git a/systemd.spec b/systemd.spec index 55b654a..e254803 100644 --- a/systemd.spec +++ b/systemd.spec @@ -25,7 +25,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 253 -Release: 7 +Release: 8 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -60,6 +60,15 @@ Patch6006: backport-core-refuse-dbus-activation-if-dbus-is-not-running.patc Patch6007: backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch Patch6008: backport-journalctl-verify-that-old-entries-are-not-sealed-wi.patch Patch6009: backport-units-modprobe-.service-don-t-unescape-instance-name.patch +Patch6010: backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch +Patch6011: backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch +Patch6012: backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch +Patch6013: backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch +Patch6014: backport-bus-add-some-minimal-bounds-check-on-signatures.patch +Patch6015: backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch +Patch6016: backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch +Patch6017: backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch +Patch6018: backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch Patch9008: update-rtc-with-system-clock-when-shutdown.patch Patch9009: udev-add-actions-while-rename-netif-failed.patch @@ -1578,7 +1587,19 @@ fi %{_libdir}/security/pam_systemd.so %changelog -* Tue Dec 12 2023 hongjinghao 253-7 +* Mon Dec 18 2023 huyubiao - 253-8 +- backport: sync patches from systemd community + add backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch + backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-bus-add-some-minimal-bounds-check-on-signatures.patch + backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch + backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch + backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch + backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch + +* Tue Dec 12 2023 hongjinghao - 253-7 - backport: sync patches from systemd community * Thu Nov 30 2023 jiahua.yu - 253-6