dongshengyuan [Fri, 12 Jun 2026 05:41:33 +0000 (13:41 +0800)]
journal: fix byte-order conversion in journal_file_append_data()
head_data_offset is declared as le64_t in journal-def.h, so it must be
assigned with htole64(p), not le64toh(p). All other le64_t field
assignments in this file (hash, next_hash_offset) consistently use
htole64().
On little-endian systems this makes no difference, but on big-endian
systems the field->data link would be stored with incorrect byte order,
corrupting journal file traversal.
Ivan Kruglov [Wed, 10 Jun 2026 15:12:50 +0000 (08:12 -0700)]
pcrextend: skip measurement gracefully when the TPM can't be used
So far --graceful only short-circuited when no TPM was present at all (the
!tpm2_is_mostly_supported() check). If a TPM is present but can't actually be
used for the measurement we want, the measurement still failed hard. For
systemd-pcrextend instances ordered before sysinit.target this pushes the
system to degraded and blocks boot, which defeats the purpose of --graceful.
Make the two extend helpers report every "TPM is present-or-absent but cannot
be used for this measurement" condition with a single errno, -EOPNOTSUPP: no
usable PCR bank, no TPM device, missing crypto (e.g. AES-128-CFB), no NvPCR
support, and OpenSSL-less builds. tpm2_context_new_or_warn() reports a missing
device as -ENOENT, so each helper translates that to -EOPNOTSUPP at the call
site, keeping every errno single-meaning.
Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com>
Luke Na [Fri, 12 Jun 2026 09:22:22 +0000 (09:22 +0000)]
po: Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 100.0% (285 of 285 strings)
Co-authored-by: Luke Na <narukeu@outlook.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/zh_CN/
Translation: systemd/main
Luke Na [Fri, 12 Jun 2026 07:36:36 +0000 (07:36 +0000)]
po: Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 100.0% (285 of 285 strings)
Co-authored-by: Luke Na <narukeu@outlook.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/zh_CN/
Translation: systemd/main
Nick Rosbrook [Sun, 10 May 2026 14:49:36 +0000 (10:49 -0400)]
test: fix check for updatectl
The have_updatectl variable is meant to gracefully handle the case where
updatectl is missing. But, because the script runs with -e, it fails
immediately in that case instead. Moreover, expanding $have_updatectl
when it is present actually executes updatectl, rather than simply
checking for its existence.
Re-factor this check so that it does handle a missing updatectl.
Yu Watanabe [Thu, 11 Jun 2026 01:18:33 +0000 (10:18 +0900)]
sd-netlink: fix use-after-free
When a slot is disconnected, previously we tried to remove the slot from
the hashmap with a wrong key. Hence, the pointer to the freed slot object
remained in the hashmap.
Luca Boccassi [Wed, 10 Jun 2026 13:17:11 +0000 (14:17 +0100)]
sd-varlink: disable event source in varlink_server_socket_free()
The cleanup destructor for VarlinkServerSocket only freed ss->address and
the struct, leaking ss->event_source. If sd_varlink_server_listen_address()
hits OOM at free_and_strdup() after the io-source was already armed, the
source stays registered in the event loop with userdata pointing at the
freed socket. Disable it before freeing; the call is a no-op when the
source was never armed, so the other freep sites are unaffected.
Luca Boccassi [Wed, 10 Jun 2026 15:17:02 +0000 (16:17 +0100)]
bus-map-properties: reject wrong variant type
bus_message_map_all_properties() fed the peer-supplied wire signature straight
into the variant dispatch and never compared it against the declared
prop->signature, so map_basic() wrote at the wire type's native width into a
slot sized for the declared type (over-wide numeric writes, peer-controlled
pointers into char** slots later freed by strv_free()). Compare against
prop->signature and skip the variant on mismatch.
This is in practice not a problem as the servers are trusted, and this
only affects clients.
The Bearers and Ports entries in the WWAN modem property maps declared
signatures "a{sv}" and "a{su}", but the callbacks read "ao" and "a(su)".
The mismatch was harmless while the declared signature was never checked,
but becomes a dropped property once it is enforced. Declare the actual
signatures.
Luca Boccassi [Wed, 10 Jun 2026 17:56:38 +0000 (18:56 +0100)]
analyze: fix SoftRebootsCount property signature
The SoftRebootsCount entry in the boot-times map declared signature "t" but the
manager exports it as "u". The mismatch was harmless while the declared signature
was never checked, but becomes a dropped property once it is enforced. Declare "u".
Luca Boccassi [Wed, 10 Jun 2026 17:25:33 +0000 (18:25 +0100)]
analyze: fix SystemCallFilter property signature
The SystemCallFilter entry in the security info map declared signature "(as)" but
its property_read_system_call_filter callback reads a "(bas)" (the manager exports
it as "(bas)"), matching the sibling RestrictAddressFamilies entry. The mismatch was
harmless while the declared signature was never checked, but becomes a dropped
property once it is enforced. Declare "(bas)".
Luca Boccassi [Wed, 10 Jun 2026 15:53:21 +0000 (16:53 +0100)]
systemctl: fix InvocationID property signature
The InvocationID entry in status_map declared signature "s" but its bus_map_id128
callback reads an "ay" (the manager exports it as "ay"), matching the other
bus_map_id128 callers. The mismatch was harmless while the declared signature was
never checked, but becomes a dropped property once it is enforced. Declare "ay".
The log message is informational only, same as the count of killed
processes, so we can safely use cgroup.kill when available instead
of manually recursing through the cgroup tree.
Luca Boccassi [Tue, 9 Jun 2026 10:26:16 +0000 (11:26 +0100)]
Translations update from Fedora Weblate (#42525)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
Paul Meyer [Sun, 7 Jun 2026 17:18:33 +0000 (19:18 +0200)]
man: fix systemd-stub .hwids section to be a singleton
Only .dtbauto and .efifw may appear more than once, .hwids is a
singleton per the UKI specification and the stub reads a single .hwids
section (per profile), matching hardware IDs against entries within it.
Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: Paul Meyer <katexochen0@gmail.com>
Liu Zhangjian [Mon, 8 Jun 2026 09:00:03 +0000 (17:00 +0800)]
resolve: use correct hostname for Cloudflare DNS-over-TLS
The Cloudflare DNS-over-TLS service should use 'one.one.one.one'
as the TLS hostname, not 'cloudflare-dns.com' (which is only
correct for DNS-over-HTTPS).
This matches Cloudflare's official documentation:
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-tls/
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
Fixes #42287
Signed-off-by: Liu Zhangjian <liuzhangjian@uniontech.com>
Icenowy Zheng [Wed, 3 Jun 2026 16:35:41 +0000 (00:35 +0800)]
boot: enable only IMAFDCZicsrZifencei for RISC-V
The UEFI specification only defines A/C/I/M/Zicsr/Zifencei as mandatory
extensions in boot services. However, on systems with everything built
with F/D support, its difficult to disable F/D without changing a
toolchain. In addition, both EDK2 and U-Boot enable F/D on boot,
although they neither enable nor disable V. EDK2 comments even claim the
enablement of FPU is "to be compliant with UEFI spec" despite the spec
requires dynamic detection before using F/D.
Add corresponding -march flags to prevent systemd-boot from using other
extensions on RISC-V, and a comment for the temporary enablement of F/D.
Yu Watanabe [Mon, 8 Jun 2026 07:45:56 +0000 (16:45 +0900)]
Translations update from Fedora Weblate (#42503)
Translations update from [Fedora
Weblate](https://translate.fedoraproject.org) for
[systemd/main](https://translate.fedoraproject.org/projects/systemd/main/).
A S Alam [Sun, 7 Jun 2026 14:06:49 +0000 (14:06 +0000)]
po: Translated using Weblate (Punjabi)
Currently translated at 32.6% (93 of 285 strings)
Co-authored-by: A S Alam <aalam@users.noreply.translate.fedoraproject.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/pa/
Translation: systemd/main
Charles Lee [Sun, 7 Jun 2026 14:06:35 +0000 (14:06 +0000)]
po: Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 100.0% (285 of 285 strings)
Co-authored-by: Charles Lee <lchopn@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/zh_CN/
Translation: systemd/main
Currently translated at 100.0% (285 of 285 strings)
Co-authored-by: Fco. Javier F. Serrador <fserrador@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/es/
Translation: systemd/main
projects / thirdparty / systemd.git / log
