ubuntu/sulogin-fallback-static-sh.patch
Description: Add support for /bin/static-sh as fallback if the regular shell fails to execute
Author: Michael Vogt <michael.vogt@ubuntu.com>
ubuntu/sulogin-lockedpwd.patch
Description: Make sure file systems can be fixed on machines with locked root accounts (as Ubuntu does by default). Don't require --force for sulogin.
Author: Martin Pitt <martin.pitt@ubuntu.com>
scripts uses either a free-standing "file" argument, or the value
passed as --log-out "file". Additional filenames are ignored.
They are also ignored if --log-in "file" is given, as it turns off
output logging by default (can still be overriden by adding --log-out).
Avoid surprises when passing multiple filenames by writing usage
message instead.
[kzak@redhat.com: - use errtryhelp() rather than usage()]
Signed-off-by: Chris Hofstaedtler <zeha@debian.org>
Reported-by: наб <nabijaczleweli@nabijaczleweli.xyz>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016193
Signed-off-by: Karel Zak <kzak@redhat.com>
If we filled the script->child buffer before the child had a chance to read any
input, we'd sleep forever in write_all(pty->master), and the child would sleep
forever in write(1<pty->slave>)
By putting the master PTY in non-blocking mode, we can poll(pty->master,
POLLOUT) and keep supplying more data as the child reads from the buffer
Fixes Debian bug #1003095
Signed-off-by: Karel Zak <kzak@redhat.com>
When merge_utf16be_ascii() encounters high-codepoint surrogate pairs it
emits four bytes of output for one byte of ascii input.
In addition with the remaining ascii characters from the second loop we
need up to 5 * sizeof(input) / 2 bytes as output buffer.
As we decode up to 128 ascii characters with merge_utf16be_ascii() we
need 320 bytes of buffer available.
Furthermore adapt merge_utf16be_ascii() to not write paste the output
buffer end.
Fix OSS-Fuzz issue 53149 ( #1887 )
A error in disk-utils/fsck.c, if run the fsck -N command, processes
don't execute, just show what would be done. However, the pid whose
value is -1 is added to the instance_list list in the execute
function,if the kill_all function is called later, kill(-1, signum)
is executed, Signals are sent to all processes except the number one
process and itself. Other processes will be killed if they use the
default signal processing function.
Signed-off-by: zhanchengbin <zhanchengbin1@huawei.com>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Arm has published further MIDR/part numbers on
https://developer.arm.com/ip-products/processors/cortex-a.
Some of the new ones have already been merged, so lets
fill in the gaps with A34, A65AE and X1C.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
The internal Apple model numbers for the SoCs are somewhat
confusing given that they are mostly similar and differ by only
one or two digits. Instead, use the public nomenclature for these
chips to avoid ambiguity and beautify the output.
Signed-off-by: James Calligeros <jcalligeros99@gmail.com>
QC updated the kernel cputype.h to include the Kyro 4xx and 3xx Silver
part numbers's. Lets sync that commit and naming.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organistion experiencing this:
in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -r/--require-handler flag, which checks
if a userspace handler is present for the signal being sent. If it is
not, the process will be skipped.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
The clock value from the LIBUUID_CLOCK_FILE must be checked in
case of an update of libuuid. If clock==CLOCK_SEQ_CONT it must
be set to a new value.
Signed-off-by: Karel Zak <kzak@redhat.com>
Commit f27876f introduces copy & past bug and replaces
__uuid_generate_random() with __uuid_generate_time().
Fixes: https://github.com/util-linux/util-linux/issues/1837
Signed-off-by: Karel Zak <kzak@redhat.com>
In a uuidd setup, the daemon is a singleton and can maintain it's own
resources for time based UUID generation. This requires a dedicated
'clock sequence range' but does not need any further lock/update of
the LIBUUID_CLOCK_FILE from uuidd. The range of available clock values
is extended by a continuous handling of the clock updates - instead of
updating the value to the current timestamp, it is incremented by
the number of requested UUIDs.
Kernel 5.15 returns empty content for topology/thread_siblings on
aarch64 platform, which in conjunction of uninitialized `buf` memory
buffer results in the garbage:
(gdb) p buf
$14 = " @\377\367\177\000\000\000\275\000\347j\032\236"
This garbage is then being later consumed by underlying helper functions
like for example cpumask_parse() and this leads to the following crash
later:
in __libc_free (p=0x7ff7f67c00) at src/malloc/mallocng/free.c:105
in free (p=<optimized out>) at src/malloc/free.c:5
in add_cpuset_to_array (setsize=<optimized out>, set=<optimized out>, items=<optimized out>, ary=<optimized out>) at ../sys-utils/lscpu-topology.c:29
in cputype_read_topology (cxt=cxt@entry=0x7ff7fffe70, ct=0x4298a0) at ../sys-utils/lscpu-topology.c:153
in lscpu_read_topology (cxt=cxt@entry=0x7ff7fffe70) at ../sys-utils/lscpu-topology.c:629
in main (argc=1, argv=0x7ffffffdb8) at ../sys-utils/lscpu.c:1341
It looks like the problem is that current logic expects fgets() to set
errno on failure, but fgets() is not documented to do so and and neither
glibc nor musl set errno. So if errno was set to 0 before fgets() call,
the failure from fgets() is ignored and then invalid buffer is being
parsed.
Fixes: #1810
Suggested-by: Thomas Weißschuh <thomas@t-8ch.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Yue-Lan