| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
No longer needed since ade99252e2cdd9eeff78566789008996d27e4dc0
|
| |
|
|
|
| |
Fixes issues pointed out by the `cpp/inconsistent-null-check` LGTM
query.
|
| | |
|
| |\
| |
| | |
network: IPoIB support
|
| | | |
|
| | |
| |
| |
| | |
MTU is updated when IB mode is changed.
|
| | | |
|
| | | |
|
| | | |
|
| |/
|
|
| |
Preparation for later commits.
|
| |
|
|
|
|
|
| |
otherwise we end up with more than one job with the same identifier in
one run, causing some of them to get cancelled unexpectedly.
A quick follow-up to 85bd394df57fe45c2873605e2c1d1d79e83e853d.
|
| |\
| |
| | |
ci: run build test with BPF-related stuff as well
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| |/
|/| |
lgtm: enable more queries
|
| | |
| |
| |
| |
| |
| | |
Not all available queries on LGTM are enabled by default, but some of
the excluded ones might come in handy, hence let's enable them
explicitly.
|
| | |
| |
| |
| | |
Just a cosmetic change.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a slightly modified version of the original
`cpp/uninitialized-local` CodeQL query which focuses only on variables
using the cleanup macros. Since this has proven to cause issues in the
past, let's panic on every uninitialized variable using any of the
cleanup macros (as long as they're written using the __cleanup__
attribute).
Some test results from a test I used when writing the query:
```
#define _cleanup_foo_ __attribute__((__cleanup__(foo)))
#define _cleanup_(x) __attribute__((__cleanup__(x)))
static inline void freep(void *p) {
*(void**)p = mfree(*(void**) p);
}
#define _cleanup_free_ _cleanup_(freep)
static inline void foo(char **p) {
if (*p)
*p = free(*p);
}
int main(void) {
__attribute__((__cleanup__(foo))) char *a;
char *b;
_cleanup_foo_ char *c;
char **d;
_cleanup_free_ char *e;
int r;
r = fun(&e);
if (r < 0)
return 1;
puts(a);
puts(b);
puts(c);
puts(*d);
puts(e);
return 0;
}
```
```
+| test.c:23:14:23:14 | e | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:20:26:20:26 | e | e |
+| test.c:27:10:27:10 | a | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:16:45:16:45 | a | a |
+| test.c:29:10:29:10 | c | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:18:25:18:25 | c | c |
```
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow-up for 7d85383edbab73274dc81cc888d884bb01070bc2.
Apparently the previous limit set on the max number of inodes for /dev was too
small as a system with 4096 LUNs attached can consume up to 95k inodes for
symlinks:
# /bin/df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
devtmpfs 49274377 95075 49179302 1% /dev
Hence this patch bumps the limit from 64k to 128k although the new limit is
still pretty arbitrary (that said, not sure if it really makes sense to put
such absolute limit number).
|
| |\ \
| | |
| | | |
Allow systemd-resolved and systemd-importd to use libgcrypt or libopenssl
|
| | | |
| | |
| | |
| | |
| | |
| | | |
It could work, but it doesn't make much sense. If we already have openssl as
the cryptolib that provides the necessary support, let's not bring in another
library. Disallowing this simplifies things and reduces our support matrix.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
to suppress OpenSSL 3.0 deprecation warnings (until a proper solution is
deployed): RSA_free, EC_KEY_free, RSA_set0_key, RSA_size, EVP_PKEY_assign,
EC_KEY_set_group, and others are deprecated.
|
| | | |
| | |
| | |
| | | |
Suggested in https://github.com/systemd/systemd/pull/21170#discussion_r738696794
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows resolved and importd to be built without libgcrypt.
Note that we now say either 'cryptographic library' or 'cryptolib'.
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
| | | |
| | |
| | |
| | | |
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
| | | |
| | |
| | |
| | | |
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
| | | |
| | |
| | |
| | | |
dnssec_verify_rrset() is just too long.
|
| | | |
| | |
| | |
| | | |
dnssec_verify_rrset() is just too long.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is heavily based on Kevin Kuehler's work, but the logic is also
significantly changed: instead of a straighforward port to openssl, both
versions of the code are kept, and at compile time we pick one or the other.
The code is purposefully kept "dumb" — the idea is that the libgcrypt codepaths
are only temporary and will be removed after everybody upgrades to openssl 3.
Thus, a separate abstraction layer is not introduced. Instead, very simple
ifdefs are used to select one or the other. If we added an abstraction layer,
we'd have to remove it again afterwards, and it don't think it makes sense to
do that for a temporary solution.
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
# Conflicts:
# meson.build
|
| | | |
| | |
| | |
| | | |
This is not pretty, but it is supposed to be only a temporary measure.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reduces dependencies. The speed of the code here is uimportant, because we
hash only a tiny amount of input data.
Debian and Ubuntu currently build without repart, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976959
> repart requires openssl and so far I tried to avoid linking against
> both gnutls and openssl.
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
| | | |
| | |
| | |
| | | |
PKCS#11 -> FIDO2 in cryptenroll-fido2.c
|
| |\ \ \
| | | |
| | | | |
Add LoongArch 64bit syscalls
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In 9cf75222f20 the conf.get() statements for `bpf-framework` and
`valgrind` were dropped, which causes the respective features to always
show as disabled (since they don't follow the "standard" naming scheme
with HAVE_/ENABLE_ prefixes).
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Get the cgroup root path from the current PID, so that when
ran by the user manager we can get to the right path.
Eg: foo.slice:10% will check under:
/sys/fs/cgroup/user.slice/user-1000.slice/user@1000.service/foo.slice/cpu.pressure
Follow-up for 81513b382b24a7f3602987f71042d075ca27d1a5
|
| |\ \ \ \
| | | | |
| | | | | |
network: cleanups for wireguard
|
| | | | | |
| | | | |
| | | | |
| | | | | |
addrinfo entries
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This makes
- drop peers_with_unresolved_endpoint and peers_with_failed_endpoint,
- drop destroy handler for sd_resolve_query, and manage each query by peer,
- add random fluctuation to the timeout for retry handler,
- retry timer event source is now managed by peer,
- use sd_event_source_disable_unref().
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Also verify the domain name and port.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When parse_ip_port() is directly used in a conf parser, then that's
fine, as the rvalue is already truncated.
When parse_ip_port() is used when e.g. parsing IP address with port,
then we should really refuse white space after colon.
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 528da64a0c734bd45e953b5c57d82e2a727435ef.
The commit is a bad way to fix #19838, and introduces #21593.
Fixes #21593.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
yuwata/network-radv-uplink-interface-auto-with-dhcp6-pd
network: cleanups for uplink interface handling for RADV and DHCP6-PD
|
