summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | pretty-print: make tinting a bit less aggressiveLennart Poettering2024-02-261-1/+1
| | | |
| * | | run: use sd_event_set_signal_exit() at one more placeLennart Poettering2024-02-261-3/+3
| | | |
* | | | Merge pull request #31480 from rpigott/dnssec-maxworkLuca Boccassi2024-02-263-8/+41
|\ \ \ \ | | | | | | | | | | resolved: limit the number of signature validations in a transaction
| * | | | resolved: reduce the maximum nsec3 iterations to 100Ronan Pigott2024-02-261-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC9267, the 2500 value is not helpful, and in fact it can be harmful to permit a large number of iterations. Combined with limits on the number of signature validations, I expect this will mitigate the impact of maliciously crafted domains designed to cause excessive cryptographic work.
| * | | | resolved: limit the number of signature validations in a transactionRonan Pigott2024-02-263-6/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It has been demonstrated that tolerating an unbounded number of dnssec signature validations is a bad idea. It is easy for a maliciously crafted DNS reply to contain as many keytag collisions as desired, causing us to iterate every dnskey and signature combination in vain. The solution is to impose a maximum number of validations we will tolerate. While collisions are not hard to craft, I still expect they are unlikely in the wild so it should be safe to pick fairly small values. Here two limits are imposed: one on the maximum number of invalid signatures encountered per rrset, and another on the total number of validations performed per transaction.
* | | | | network: fix use-after-free in {address,route}_remove_and_cancel()Yu Watanabe2024-02-262-2/+4
| |/ / / |/| | | | | | | | | | | Fixes #31485.
* | | | network/ndisc: rename Network.ipv6_accept_ra -> Network.ndiscYu Watanabe2024-02-2612-128/+128
| | | | | | | | | | | | | | | | | | | | These settings are leated to sd-ndisc and Neighbor Discovery protocol. Let's use more suitable name.
* | | | Fix: Chuwi UBook X (CWI535) screen rotation matrixAlexander Zavyalov2024-02-261-1/+1
| | | |
* | | | ukify: Use VERSION_TAG instead of GIT_VERSIONDaan De Meyer2024-02-261-1/+1
| |_|/ |/| | | | | | | | | | | GIT_VERSION isn't actually available so use VERSION_TAG instead which is available.
* | | Merge pull request #31490 from yuwata/network-varlink-cleanupsYu Watanabe2024-02-262-11/+13
|\ \ \ | | | | | | | | network/varlink: several trivial cleanups
| * | | varlink/network: reindent methodsYu Watanabe2024-02-261-10/+12
| | | |
| * | | network/varlink: downgrade log level about failure in getting netns IDYu Watanabe2024-02-261-1/+1
|/ / /
* | | format-table: replace "(size_t) -1" with SIZE_MAXYu Watanabe2024-02-261-1/+1
| | |
* | | Merge pull request #31440 from yuwata/sd-ndisc-sd-radv-cleanupsLuca Boccassi2024-02-256-188/+214
|\ \ \ | | | | | | | | sd-ndisc,sd-radv: several trivial cleanups
| * | | test: split out {dump,verify}_ra_message()Yu Watanabe2024-02-241-54/+65
| | | | | | | | | | | | | | | | Then, let's not modify the global object.
| * | | sd-radv: several cleanupsYu Watanabe2024-02-241-48/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - split out radv_setup_recv_event(), - slightly update log messages, - use DIV_ROUND_UP(), - use structured initializer more. No functional change, just preparation for later commits.
| * | | sd-ndisc: several trivial cleanupsYu Watanabe2024-02-241-32/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - update several log messages, - use event_reset_time_relative(), - split out ndisc_setup_recv_event() and ndisc_setup_timer(). No functional change, just refactoring and preparation for later commits.
| * | | icmp6-util: merge icmp6_bind_router_{solicitation,advertisement}() into ↵Yu Watanabe2024-02-245-56/+31
| | | | | | | | | | | | | | | | | | | | | | | | icmp6_bind() No functional change, just refactoring.
* | | | in-addr-util: introduce in{4,6}_addr_is_multicast()Yu Watanabe2024-02-252-2/+16
| | | |
* | | | icmp6-util: make icmp6_receive() refuse packets without IPv6 sender addressYu Watanabe2024-02-251-11/+4
| | | | | | | | | | | | | | | | | | | | | | | | Previously, the function supports packets without IPv6 sender address for unit tests. However, now unit tests use their own version of icmp6_receive(). Hence, let's make the check more strict.
* | | | sd-ndisc: make callback takes arbitrary type of messageYu Watanabe2024-02-254-7/+10
| | | | | | | | | | | | | | | | | | | | No functional change. Preparation for supporting Neighbor Advertisement message.
* | | | network/ndisc: drop all configurations without lifetime on stopYu Watanabe2024-02-251-6/+6
| | | | | | | | | | | | | | | | As we call ndisc_drop_outdated() with USEC_INFINITY on stop.
* | | | docs: update link for Arch Linux bugtrackerMike Yuan2024-02-251-1/+1
| | | |
* | | | Merge pull request #31472 from YHNdnzj/systemctl-pidrefMike Yuan2024-02-244-238/+173
|\ \ \ \ | | | | | | | | | | systemctl: generalize GetUnitByPIDFD handling
| * | | | systemctl-show: use lookup_unit_by_pidref tooMike Yuan2024-02-241-92/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow-up for e0e7bc8223c3f28fcb48db9f0f003d9f03ca46d7 This allows us to pin the process locally when GetUnitByPIDFD is not available, just like what we have been doing for 'systemctl whoami'. Also, fix looking up remote pid. We can't use pidfd for those.
| * | | | systemctl: generalize GetUnitByPIDFD handlingMike Yuan2024-02-243-143/+170
| | | | |
| * | | | systemctl-util: use strv_free_and_replace at one more placeMike Yuan2024-02-241-3/+1
| | | | |
* | | | | network: use FOREACH_STRING()Yu Watanabe2024-02-241-11/+9
| | | | |
* | | | | docs/CODING_STYLE: fix typo (CLONE_VORK -> VFORK)Mike Yuan2024-02-241-1/+1
|/ / / /
* / / / Fallback from pidfd_open on permission errors tooLuca Boccassi2024-02-242-2/+2
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Skip using pidfds if we get a permission denied error. This can happen with an old policy and a new kernel that uses the new pidfs filesystem to back pidfds, instead of anonymous inodes, as the existing policy denies access. This is already the case for most uses of pidfd_open, like pidref, but not on these two. Fix them.
* | | hwdb: Add support for Elgato Stream Deck PlusGeorges Basile Stavracas Neto2024-02-241-0/+4
| | | | | | | | | | | | | | | | | | Add support for the following device: - ID 0fd9:0084 Elgato Systems GmbH Stream Deck Plus
* | | docs: fix typoYu Watanabe2024-02-244-5/+5
| | |
* | | efi: de-inline xmalloc to fix build failure with gcc 12.2 and -O2Luca Boccassi2024-02-242-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With meson build --werror --buildtype=plain -Dc_args=" -O2" the build fails: ../src/boot/efi/stub.c: In function ‘load_addons.constprop’:03:06 ../src/boot/efi/stub.c:475:40: error: using a dangling pointer to ‘p’ [-Werror=dangling-pointer=]03:06 475 | dt_bases[n_dt] = xmemdup((uint8_t*)loaded_addon->ImageBase + addrs[UNIFIED_SECTION_DTB],03:06 | ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~03:06 476 | dt_sizes[n_dt]);03:06 | ~~~~~~~~~~~~~~~03:06 In file included from ../src/boot/efi/stub.c:20:03:06 ../src/boot/efi/util.h:33:15: note: ‘p’ declared here03:06 33 | void *p;03:06 | ^ De-inline the function and initialize p to make gcc happy.
* | | Merge pull request #31464 from poettering/vmspawn-limit-bankLuca Boccassi2024-02-234-9/+28
|\ \ \ | | | | | | | | vmspawn: disable all TPM PCR banks, except for SHA256
| * | | update TODOLennart Poettering2024-02-231-4/+0
| | | |
| * | | vmspawn: disable all PCR banks but SHA256Lennart Poettering2024-02-233-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default swtpm runs with four banks: SHA1, SHA256, SHA384, SHA512. This means all data that is part of the boot will be hashed four times, which slows everything down. Let's restrict things to SHA256 only, which is the one that really matters. SHA1 is no up to today's standards anyway, and noone really consumes the other two, hence no point in enabling this. To disable the banks we need to call swtpm_setup with --pcr-banks. Do so.
| * | | vmspawn: drop "const" from string we freeLennart Poettering2024-02-231-5/+9
| | | | | | | | | | | | | | | | I am a bit surprised this compiled at all...
* | | | ptyfwd: optionally prefix window title with colored dotLennart Poettering2024-02-234-3/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in uid0/systemd-run/nspawn we already set a window title with a colorful unicode dot indicating the changed privileges/execution context. This typically gets overriden by the shell inside the environment however. Let's tweak this a bit: when we see the window title OSC ANSI sequence passing through, let's patch in the unicode dot as a prefix to the title. This is super pretty, since it makes sure root sessions via 0ad are really easily recognizable as such, because the window title carries an 🔴 red dot as prefix then.
* | | | Merge pull request #31465 from xypron/detect-virtLuca Boccassi2024-02-231-2/+2
|\ \ \ \ | | | | | | | | | | Detect virtualization on RISC-V
| * | | | detect-virt: allow detection via SMBIOS on RISC-VHeinrich Schuchardt2024-02-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SMBIOS support in QEMU for RISC-V is merged upstream. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| * | | | detect-virt: allow detection via device-tree on RISC-VHeinrich Schuchardt2024-02-231-1/+1
| |/ / / | | | | | | | | | | | | Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* | | | signal-util: imply sentinel -1 in sigprocmask_many() + sigset_add_many() ↵Lennart Poettering2024-02-2333-44/+47
| | | | | | | | | | | | | | | | args list
* | | | signal-util: use RET_NERRNO() + RET_GATHER() moreLennart Poettering2024-02-231-15/+9
|/ / /
* | | Merge pull request #31455 from keszybz/restore-docs-urlsLennart Poettering2024-02-2384-112/+66
|\ \ \ | | | | | | | | Restore docs urls
| * | | docs: drop .md suffixes againZbigniew Jędrzejewski-Szmek2024-02-2320-49/+49
| | | |
| * | | Revert "docs: use collections to structure the data"Zbigniew Jędrzejewski-Szmek2024-02-2383-153/+107
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | This reverts commit 5e8ff010a1436d33bbf3c108335af6e0b4ff7a2a. This broke all the URLs, we can't have that. (And actually, we probably don't _want_ to make the change either. It's nicer to have all the pages in one directory, so one doesn't have to figure out to which collection the page belongs.)
* | | Merge pull request #31456 from poettering/tpm1.2-no-moreLennart Poettering2024-02-234-116/+16
|\ \ \ | | | | | | | | sd-stub: drop any support for TPM 1.2
| * | | update TODOLennart Poettering2024-02-231-2/+0
| | | |
| * | | sd-stub: drop any support for TPM 1.2Lennart Poettering2024-02-233-114/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TPM 1.2 is obsolete, and doesn't really provide much security guarantees given it's build around SHA1 which is not up to today's standards. The rest of systemd's TPM codebase never supported TPM 1.2 hence let's drop this partial support in sd-stub too. It has created problems after all (sd-stub reported the measuements and userspace assumed these were for TPM2), without bringing any benefits (given that the measurements we make are not consumed by us anyway, unlike those for TPM 2.0) let's cut off this old support.
* | | | ssh-generator: add mention of ssh.authorized_keys.root to man pageSam Leonard2024-02-231-0/+5
| | | |