Age | Commit message (Collapse) | Author |
|
core: only skip setup of "special" signals in test mode
|
|
Add GPT partition type GUID for Itanium root partition
|
|
Fixes:
$ systemd-analyze verify ...
Failed to open /dev/tty0: Permission denied
|
|
|
|
udev: Fix touch screen detection
|
|
This reverts commit 5aa1054521596c3d268db5f4aff9f2b69647ffc9.
Fixes test-execute
$ sudo make check TESTS=test-execute
...
$ cat test-execute.log
+ test /tmp/test-exec_workingdirectory = /tmp/test-exec_workingdirectory
Test timeout when testing exec-workingdirectory.service
exec-workingdirectory.service
UMask: 0022
WorkingDirectory: /tmp/test-exec_workingdirectory
RootDirectory: /
NonBlocking: no
PrivateTmp: no
PrivateNetwork: no
PrivateDevices: no
ProtectHome: no
ProtectSystem: no
IgnoreSIGPIPE: yes
RuntimeDirectoryMode: 0755
StandardInput: null
StandardOutput: inherit
StandardError: inherit
FAIL test-execute (exit status: 1)
|
|
core: socket options fix SCTP_NODELAY
|
|
Updated Hungarian translations
|
|
Fixes to NSEC3 proof v2
|
|
Tenth DNSSEC patch set
|
|
|
|
configuration files
This adds negative trust anchor support and allows reading trust anchor
data from disk, from files
/etc/systemd/dnssec-trust-anchors.d/*.positive and
/etc/systemd/dnssec-trust-anchros.d/*.negative, as well as the matching
counterparts in /usr/lib and /run.
The positive trust anchor files are more or less compatible to normal
DNS zone files containing DNSKEY and DS RRs. The negative trust anchor
files contain only new-line separated hostnames for which to require no
signing.
By default no trust anchor files are installed, in which case the
compiled-in root domain DS RR is used, as before. As soon as at least
one positive root anchor for the root is defined via trust anchor files
this buil-in DS RR is not added though.
|
|
For NXDOMAIN, it is not sufficient to prove that the next-closest
enclosure does not exist, we must also prove that there is no
wildcard domain directly below the closest enclosure which would
synthesise the name that has been requested.
For positive responses, in addition to exact matches, we should
accept wildcard ones. In that case we must first prove that
there is no precise match (i.e., that the closest encounter
is not the record itself) and secondly that the source of
synthesis exists.
|
|
|
|
Instead introduce the new return-code DNSSEC_NSEC_CNAME to indicate
this condition. See RFC 6840, Section 4.3.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
traffic
|
|
|
|
|
|
All hashed names consist of the hashed label prepended to the zone name, not to the
closest enclosure.
|
|
Makes the NSEC3 proof somewhat simpler to follow.
|
|
Let VERIFY_RRS_MAX be about the max number of RRs in an RRSet that we
actually try to verify, not about the total number of RRs in the RRSet.
|
|
If the first byte of the key is zero, the key-length is stored in
the second and third byte (not first and second).
|
|
Use BTN_TOUCH or INPUT_PROP_DIRECT to detect touch screens.
Signed-off-by: Andreas Pokorny <andreas.pokorny@canonical.com>
|
|
Ninth DNSSEC patch set
|
|
SCTP_NODELAY is diffrent to TCP_NODELAY.
Apply proper options in case of SCTP.
|
|
hwdb: move Logitech M-U0007 [M500] to 1000dpi
|
|
resolved
|
|
|
|
Previously, we'd use the same set of identifiers for both, but that's
actually incorrect. It didn't matter much since the only NSEC3 hash
algorithm defined (SHA-1) is mapped to code 1 which is also what it is
encoded as in DS digests, but we really should make sure to use two
distinct enumerations.
|
|
|
|
|
|
We don't implement it, and we have no intention to, but at least mention
that it exists.
(This also adds a couple of other algorithms to the algorithm string
list, where these strings were missing previously.)
|
|
|
|
|
|
|
|
RFC 2181, Section 8 suggests to treat an RR TTL with the MSB set as 0.
Implement this.
|
|
|
|
This was missing when the error type was added in
ac720200b7e5b80cc4985087e38f3452e5b3b080.
|
|
EIO is really too generic, and indicates transmission problems.
|
|
build-sys: fix valgrind-tests
|
|
tests: fix memory leak in test-bus-marshal
|
|
Fixes:
```
$ ./configure ... --enable-dbus
$ make
$ make valgrind-tests TESTS=test-bus-marshal
...
==25301== 51 bytes in 1 blocks are definitely lost in loss record 7 of 18
==25301== at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==25301== by 0x5496B8C: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x54973E3: _dbus_string_append_printf_valist (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x547E5C2: _dbus_set_error_valist (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x547E73E: dbus_set_error (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x548969A: dbus_message_demarshal (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3)
==25301== by 0x115C1A: main (test-bus-marshal.c:244)
==25301==
```
|
|
nspawn: userns and unified cgroup: chown cgroup.events
|
|
Fixes:
```
$ make valgrind-tests TESTS=test-acl-util
GEN valgrind-tests
Running test-acl-util
/bin/bash: line 4: libtool: command not found
```
|