sys-apps/systemd: backport bug fixes

Bug: https://bugs.gentoo.org/625970
Bug: https://bugs.gentoo.org/625480
Package-Manager: Portage-2.3.6_p34, Repoman-2.3.3_p12

4 files changed, 139 insertions, 2 deletions

diff --git a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
index 47e2730a7b37..6912b481f20b 100644
--- a/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
+++ b/sys-apps/systemd/files/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
@@ -1,7 +1,7 @@
 From d9287b10d714175521e3bcd6c53de4819b1357c5 Mon Sep 17 00:00:00 2001
 From: Mike Gilbert <floppym@gentoo.org>
 Date: Mon, 17 Jul 2017 11:21:25 -0400
-Subject: [PATCH] path-lookup: look for generators in
+Subject: [PATCH 1/3] path-lookup: look for generators in
  {,/usr}/lib/systemd/system-generators
 
 Bug: https://bugs.gentoo.org/625402
@@ -23,5 +23,5 @@ index e2b3f8b74..1ee0e1cdb 100644
                                  NULL);
  
 -- 
-2.13.3
+2.14.0
 
diff --git a/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch b/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch
new file mode 100644
index 000000000000..8ea131adfd07
--- /dev/null
+++ b/sys-apps/systemd/files/234-0002-cryptsetup-fix-infinite-timeout-6486.patch
@@ -0,0 +1,43 @@
+From 793c786f470aeedf443686cff30f97acaff23a04 Mon Sep 17 00:00:00 2001
+From: Andrew Soutar <andrew@andrewsoutar.com>
+Date: Mon, 31 Jul 2017 02:19:16 -0400
+Subject: [PATCH 2/3] cryptsetup: fix infinite timeout (#6486)
+
+0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The
+logic here now matches this change.
+
+Fixes #6381
+---
+ src/cryptsetup/cryptsetup.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
+index 3b4c08616..08ed7e53b 100644
+--- a/src/cryptsetup/cryptsetup.c
++++ b/src/cryptsetup/cryptsetup.c
+@@ -56,7 +56,7 @@ static bool arg_tcrypt_veracrypt = false;
+ static char **arg_tcrypt_keyfiles = NULL;
+ static uint64_t arg_offset = 0;
+ static uint64_t arg_skip = 0;
+-static usec_t arg_timeout = 0;
++static usec_t arg_timeout = USEC_INFINITY;
+ 
+ /* Options Debian's crypttab knows we don't:
+ 
+@@ -670,10 +670,10 @@ int main(int argc, char *argv[]) {
+                 if (arg_discards)
+                         flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+ 
+-                if (arg_timeout > 0)
+-                        until = now(CLOCK_MONOTONIC) + arg_timeout;
+-                else
++                if (arg_timeout == USEC_INFINITY)
+                         until = 0;
++                else
++                        until = now(CLOCK_MONOTONIC) + arg_timeout;
+ 
+                 arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
+ 
+-- 
+2.14.0
+
diff --git a/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch b/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch
new file mode 100644
index 000000000000..e083f854107e
--- /dev/null
+++ b/sys-apps/systemd/files/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch
@@ -0,0 +1,92 @@
+From 47d36aeaebc3083795de40c80e75f0fda48c3053 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 21 Jul 2017 07:51:07 -0400
+Subject: [PATCH 3/3] resolved: make sure idn2 conversions are roundtrippable
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+While working on the gateway→_gateway conversion, I noticed that
+libidn2 strips the leading underscore in some names.
+https://gitlab.com/libidn/libidn2/issues/30 was resolved in
+https://gitlab.com/libidn/libidn2/commit/05d753ea69e2308cd02436d0511f4b844071dc79,
+which disabled "STD3 ASCII rules" by default, i.e. disabled stripping
+of underscores. So the situation is that with previously released libidn2
+versions we would get incorrect behaviour, and once new libidn2 is released,
+we should be OK.
+
+Let's implement a simple test which checks that the name survives the
+roundtrip, and if it doesn't, skip IDN resolution. Under old libidn2 this will
+fail in more cases, and under new libidn2 in fewer, but should be the right
+thing to do also under new libidn2.
+---
+ src/shared/dns-domain.c    | 29 ++++++++++++++++++++++++++---
+ src/test/test-dns-domain.c |  6 ++++++
+ 2 files changed, 32 insertions(+), 3 deletions(-)
+
+diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
+index 12c4d65dd..139d286af 100644
+--- a/src/shared/dns-domain.c
++++ b/src/shared/dns-domain.c
+@@ -1274,15 +1274,38 @@ int dns_name_apply_idna(const char *name, char **ret) {
+ 
+ #if defined(HAVE_LIBIDN2)
+         int r;
++        _cleanup_free_ char *t = NULL;
+ 
+         assert(name);
+         assert(ret);
+ 
+-        r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) ret,
++        r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t,
+                            IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL);
+-        if (r == IDN2_OK)
++        log_debug("idn2_lookup_u8: %s → %s", name, t);
++        if (r == IDN2_OK) {
++                if (!startswith(name, "xn--")) {
++                        _cleanup_free_ char *s = NULL;
++
++                        r = idn2_to_unicode_8z8z(t, &s, 0);
++                        if (r != IDN2_OK) {
++                                log_debug("idn2_to_unicode_8z8z(\"%s\") failed: %d/%s",
++                                          t, r, idn2_strerror(r));
++                                return 0;
++                        }
++
++                        if (!streq_ptr(name, s)) {
++                                log_debug("idn2 roundtrip failed: \"%s\" → \"%s\" → \"%s\", ignoring.",
++                                          name, t, s);
++                                return 0;
++                        }
++                }
++
++                *ret = t;
++                t = NULL;
+                 return 1; /* *ret has been written */
+-        log_debug("idn2_lookup_u8(\"%s\") failed: %s", name, idn2_strerror(r));
++        }
++
++        log_debug("idn2_lookup_u8(\"%s\") failed: %d/%s", name, r, idn2_strerror(r));
+         if (r == IDN2_2HYPHEN)
+                 /* The name has two hypens — forbidden by IDNA2008 in some cases */
+                 return 0;
+diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c
+index 11cf0b1f0..cbd2d1e65 100644
+--- a/src/test/test-dns-domain.c
++++ b/src/test/test-dns-domain.c
+@@ -652,6 +652,12 @@ static void test_dns_name_apply_idna(void) {
+         test_dns_name_apply_idna_one("föö.bär.", ret, "xn--f-1gaa.xn--br-via");
+         test_dns_name_apply_idna_one("xn--f-1gaa.xn--br-via", ret, "xn--f-1gaa.xn--br-via");
+ 
++        test_dns_name_apply_idna_one("_443._tcp.fedoraproject.org", ret2,
++                                     "_443._tcp.fedoraproject.org");
++        test_dns_name_apply_idna_one("_443", ret2, "_443");
++        test_dns_name_apply_idna_one("gateway", ret, "gateway");
++        test_dns_name_apply_idna_one("_gateway", ret2, "_gateway");
++
+         test_dns_name_apply_idna_one("r3---sn-ab5l6ne7.googlevideo.com", ret2,
+                                      ret2 ? "r3---sn-ab5l6ne7.googlevideo.com" : "");
+ }
+-- 
+2.14.0
+
diff --git a/sys-apps/systemd/systemd-234-r2.ebuild b/sys-apps/systemd/systemd-234-r3.ebuild
index dceb9eda7110..d5be135d8491 100644
--- a/sys-apps/systemd/systemd-234-r2.ebuild
+++ b/sys-apps/systemd/systemd-234-r3.ebuild
@@ -149,6 +149,8 @@ src_unpack() {
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}"/234-0001-path-lookup-look-for-generators-in-usr-lib-systemd-s.patch
+		"${FILESDIR}"/234-0002-cryptsetup-fix-infinite-timeout-6486.patch
+		"${FILESDIR}"/234-0003-resolved-make-sure-idn2-conversions-are-roundtrippab.patch
 	)
 
 	if ! use vanilla; then