This fixes a typo by dropping off the spurious x in ensure.
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All tests passed in Debian 11 with the following command:
./support/testing/run-tests tests.init.test_systemd
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Acked-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following musl build failure raised since bump to version 5.9.4
in commit 868603755c:
large_fd_set.c: In function 'LFD_SET':
../include/net-snmp/net-snmp-config.h:1614:30: error: unknown type name 'unknown'; did you mean 'union'?
1614 | #define NETSNMP_FD_MASK_TYPE unknown
| ^~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/394ebf93621c33dc2ddf370297268e6de9de7c9a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Force libopenssl to avoid the following build failure with libressl
raised since bump to version 4.8 in commit
525cb6a8fb:
pound.c: In function 'main':
pound.c:971:27: error: 'l_id' undeclared (first use in this function)
971 | CRYPTO_set_id_callback (l_id);
| ^~~~
Fixes:
- http://autobuild.buildroot.org/results/692db714aa8b0dcfb67fd99977fb6f33c5d4810c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 0c82f3f635 (package/gcc: remove powerpc conditional patching
logic), the macro defining the conditional patch was removed, but it was
still referenced and expanded in the apply-patches hook.
Drop that now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-39325: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and immediately
resets them can cause excessive server resource consumption. While the
total number of requests is bounded to the http2.Server.MaxConcurrentStreams
setting, resetting an in-progress request allows the attacker to create a
new request while the existing one is still executing.
go1.21.3 (released 2023-10-10) includes a security fix to the net/http
package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
ZDI-CAN-21443: Heap-based buffer overflow in the RealMedia file demuxer when
handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0004.html
ZDI-CAN-21444: Heap-based buffer overflow in the RealMedia file demuxer when
handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0005.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-37327: Heap-based buffer overflow in the FLAC parser when
handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-37328: Heap-based buffer overflow in the subparse subtitle
parser when handling certain SRT subtitle files in GStreamer versions before
1.22.4 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0002.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update hash of license file (modern MIT license text used since
6d077838f7)
https://c-ares.org/changelog.html#1_20_1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The gpt-auto-generator can generate the boot.mount unit, which reports
an error if this directory can't be created (if / is read-only). There
is no reason not to create this directory, even if the platform doesn't
actually have a boot partition that can be mounted there.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
journald will always have a runtime log in /run/systemd/journal,
and a persistent one in /var/log/journal under certain conditions.
By default it will check for the existence of that directory.
When /var is not backed by mass-storage you typically don't want your
log duplicated and journald should be tuned to account for
having only RAM available.
With this commit, the directory will no longer be created automatically,
but instead it's created only if the root filesystem is writeable.
It is rather easy for users to opt-in by either creating that directory
(e.g. with a tmpfiles fragment) or editing /etc/systemd/journald.conf.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The mode should reflect the mount directory,
and 755 is the default - so drop the mount option.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout:
- use a simple mount unit for
TestInitSystemSystemdRoFullOverlayfsVarBacking;
- change the test of TestInitSystemSystemdRoFullOverlayfsVarBacking to
check that the exact expected mount was performed;
- add a test of var backing with fstab instead of mount unit.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
