diff --git a/0001-selinux-access-fix-broken-ternary-operator.patch b/0001-selinux-access-fix-broken-ternary-operator.patch new file mode 100644 index 0000000..b94de81 --- /dev/null +++ b/0001-selinux-access-fix-broken-ternary-operator.patch @@ -0,0 +1,23 @@ +Based on 1e648011b20c8126412d3cf2699d575d9ba9e0fe Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Fri, 21 Nov 2014 17:02:15 +0100 +Subject: [PATCH] selinux-access: fix broken ternary operator + +it seems to be a typo introduced by ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602 +- _r = selinux_access_check(_b, _m, _u->source_path ?:_u->fragment_path, (permission), &_error); \ ++ ({ Unit *_unit = (unit); selinux_generic_access_check(bus,message, _unit->fragment_path ?: _unit->fragment_path, permission,error); }) +--- + src/core/selinux-access.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- src/core/selinux-access.h ++++ src/core/selinux-access.h 2014-12-15 11:49:54.521518349 +0000 +@@ -34,7 +34,7 @@ int selinux_generic_access_check(sd_bus + #define selinux_access_check(bus, message, permission, error) \ + selinux_generic_access_check(bus, message, NULL, permission, error) + #define selinux_unit_access_check(unit, bus, message, permission, error) \ +- ({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->fragment_path ?: _unit->fragment_path, permission, error); }) ++ ({ Unit *_unit = (unit); selinux_generic_access_check(bus, message, _unit->source_path ?: _unit->fragment_path, permission, error); }) + + #else + diff --git a/0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch b/0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch new file mode 100644 index 0000000..6a9cd2a --- /dev/null +++ b/0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch @@ -0,0 +1,35 @@ +From c469089cf647ac740c7dcf09c463d2907b6d00eb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 22 Nov 2014 20:21:56 -0500 +Subject: [PATCH] systemctl: show BindsTo/BoundBy in list-dependencies + +Suggested-by: Peter Mattern + +http://lists.freedesktop.org/archives/systemd-devel/2014-November/025437.html +--- + src/systemctl/systemctl.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git src/systemctl/systemctl.c src/systemctl/systemctl.c +index 78b7c96..fd69c69 100644 +--- src/systemctl/systemctl.c ++++ src/systemctl/systemctl.c +@@ -1480,11 +1480,13 @@ static int list_dependencies_get_dependencies(sd_bus *bus, const char *name, cha + "RequiresOverridable\0" + "Requisite\0" + "RequisiteOverridable\0" +- "Wants\0", ++ "Wants\0" ++ "BindsTo\0", + [DEPENDENCY_REVERSE] = "RequiredBy\0" + "RequiredByOverridable\0" + "WantedBy\0" +- "PartOf\0", ++ "PartOf\0" ++ "BoundBy\0", + [DEPENDENCY_AFTER] = "After\0", + [DEPENDENCY_BEFORE] = "Before\0", + }; +-- +1.7.9.2 + diff --git a/0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch b/0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch new file mode 100644 index 0000000..5424ff1 --- /dev/null +++ b/0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch @@ -0,0 +1,28 @@ +Based on 8a52210c9392887a31fdb2845f65b4c5869e8e66 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 24 Nov 2014 09:11:12 -0500 +Subject: [PATCH] cryptsetup: default to no hash when keyfile is specified + +For plain dm-crypt devices, the behavior of cryptsetup package is to +ignore the hash algorithm when a key file is provided. It seems wrong +to ignore a hash when it is explicitly specified, but we should default +to no hash if the keyfile is specified. + +https://bugs.freedesktop.org/show_bug.cgi?id=52630 +--- + src/cryptsetup/cryptsetup.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- src/cryptsetup/cryptsetup.c ++++ src/cryptsetup/cryptsetup.c 2014-12-15 12:00:17.554019752 +0000 +@@ -386,7 +386,9 @@ static int attach_luks_or_plain(struct c + /* plain isn't a real hash type. it just means "use no hash" */ + if (!streq(opt_hash, "plain")) + params.hash = opt_hash; +- } else ++ } else if (!key_file) ++ /* for CRYPT_PLAIN, the behaviour of cryptsetup ++ * package is to not hash when a key file is provided */ + params.hash = "ripemd160"; + + if (opt_cipher) { diff --git a/0004-core-fix-transaction-destructiveness-check-once-more.patch b/0004-core-fix-transaction-destructiveness-check-once-more.patch new file mode 100644 index 0000000..843200c --- /dev/null +++ b/0004-core-fix-transaction-destructiveness-check-once-more.patch @@ -0,0 +1,32 @@ +Based on e0312f4db08c7100bd00299614e87bedc759b366 Mon Sep 17 00:00:00 2001 +Based on c21b92ffe7ef939dd32502ac912cf8ad1c5638fd Mon Sep 17 00:00:00 2001 +From: Michal Schmidt +Date: Thu, 27 Nov 2014 15:23:58 +0100 +Subject: [PATCH] core: fix transaction destructiveness check once more + +The previous fix e0312f4db "core: fix check for transaction +destructiveness" broke test-engine (noticed by Zbyszek). +Apparently I had a wrong idea of the intended semantics of --fail. + +The manpage says the operation should fail if it "conflicts with a +pending job (more specifically: causes an already pending start job to +be reversed into a stop job or vice versa)". + +So let's check job_type_is_conflicting, instead of !is_superset. + +This makes both test-engine and TEST-03-JOBS pass again. +--- + src/core/transaction.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- src/core/transaction.c ++++ src/core/transaction.c 2014-12-15 12:06:11.721518136 +0000 +@@ -510,7 +510,7 @@ static int transaction_is_destructive(Tr + assert(!j->transaction_next); + + if (j->unit->job && (mode == JOB_FAIL || j->unit->job->irreversible) && +- !job_type_is_superset(j->type, j->unit->job->type)) { ++ job_type_is_conflicting(j->unit->job->type, j->type)) { + + sd_bus_error_setf(e, BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE, "Transaction is destructive."); + return -EEXIST; diff --git a/systemd-mini.changes b/systemd-mini.changes index 500446d..6251169 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Dec 15 15:02:22 UTC 2014 - werner@suse.de + +- Add upstream patches + 0001-selinux-access-fix-broken-ternary-operator.patch + 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch + 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch + 0004-core-fix-transaction-destructiveness-check-once-more.patch +- Avoid old net devices naming scheme on openSUSE 13.2 and less + maybe caused by patch + 1098-udev-link_setup-respect-kernel-name-assign-policy.patch + ------------------------------------------------------------------- Thu Dec 11 09:32:31 UTC 2014 - thomas.blume@suse.com @@ -8,8 +20,8 @@ Thu Dec 11 09:32:31 UTC 2014 - thomas.blume@suse.com Fri Dec 5 12:51:15 UTC 2014 - werner@suse.de - Add upstream patch - 1098-udev-link_setup-respect-kernel-name-assign-policy.patch - which may solve bsc#907318 + 1098-udev-link_setup-respect-kernel-name-assign-policy.patch + which may solve bsc#907318 ------------------------------------------------------------------- Fri Dec 5 12:13:02 UTC 2014 - werner@suse.de @@ -17,7 +29,6 @@ Fri Dec 5 12:13:02 UTC 2014 - werner@suse.de - Add upstream patches 0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch - 1097-udev-link_setup-respect-kernel-name-assign-policy.patch ------------------------------------------------------------------- Fri Nov 28 13:26:21 UTC 2014 - rmilasan@suse.com diff --git a/systemd-mini.spec b/systemd-mini.spec index 865c971..427e74c 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -1050,6 +1050,14 @@ Patch511: 0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch Patch512: 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch # PATCH-FIX-SUSE 513-nspawn-veth.patch (bnc#906709) Patch513: 513-nspawn-veth.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch514: 0001-selinux-access-fix-broken-ternary-operator.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch515: 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch516: 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch517: 0004-core-fix-transaction-destructiveness-check-once-more.patch # UDEV PATCHES # ============ @@ -1925,6 +1933,10 @@ cp %{SOURCE7} m4/ %patch511 -p0 %patch512 -p0 %patch513 -p1 +%patch514 -p0 +%patch515 -p0 +%patch516 -p0 +%patch517 -p0 # udev patches %patch1001 -p1 @@ -2142,6 +2154,12 @@ export LDFLAGS do sed -ri '/^ENV\{net.ifnames\}=="1", GOTO="[^"]*"$/{ s/=="1"/!="0"/ }' src/udev/rule_generator/${rules}.rules done +%if 0%{?suse_version} <= 1320 + for link in 99-default + do + sed -ri '/^NamePolicy=/{ s/kernel[[:blank:]]+// }' network/${link}.link + done +%endif %endif cflags -pipe CFLAGS cflags -Wl,-O2 LDFLAGS diff --git a/systemd.changes b/systemd.changes index 500446d..6251169 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Dec 15 15:02:22 UTC 2014 - werner@suse.de + +- Add upstream patches + 0001-selinux-access-fix-broken-ternary-operator.patch + 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch + 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch + 0004-core-fix-transaction-destructiveness-check-once-more.patch +- Avoid old net devices naming scheme on openSUSE 13.2 and less + maybe caused by patch + 1098-udev-link_setup-respect-kernel-name-assign-policy.patch + ------------------------------------------------------------------- Thu Dec 11 09:32:31 UTC 2014 - thomas.blume@suse.com @@ -8,8 +20,8 @@ Thu Dec 11 09:32:31 UTC 2014 - thomas.blume@suse.com Fri Dec 5 12:51:15 UTC 2014 - werner@suse.de - Add upstream patch - 1098-udev-link_setup-respect-kernel-name-assign-policy.patch - which may solve bsc#907318 + 1098-udev-link_setup-respect-kernel-name-assign-policy.patch + which may solve bsc#907318 ------------------------------------------------------------------- Fri Dec 5 12:13:02 UTC 2014 - werner@suse.de @@ -17,7 +29,6 @@ Fri Dec 5 12:13:02 UTC 2014 - werner@suse.de - Add upstream patches 0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch - 1097-udev-link_setup-respect-kernel-name-assign-policy.patch ------------------------------------------------------------------- Fri Nov 28 13:26:21 UTC 2014 - rmilasan@suse.com diff --git a/systemd.spec b/systemd.spec index 09e739d..ac10eb0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1045,6 +1045,14 @@ Patch511: 0001-units-make-sure-rfkill-service-is-bount-to-the-actua.patch Patch512: 0002-rfkill-rework-how-we-generate-file-names-from-rfkill.patch # PATCH-FIX-SUSE 513-nspawn-veth.patch (bnc#906709) Patch513: 513-nspawn-veth.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch514: 0001-selinux-access-fix-broken-ternary-operator.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch515: 0002-systemctl-show-BindsTo-BoundBy-in-list-dependencies.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch516: 0003-cryptsetup-default-to-no-hash-when-keyfile-is-specif.patch +# PATCH-FIX-UPSTREAM added at 2014/12/15 +Patch517: 0004-core-fix-transaction-destructiveness-check-once-more.patch # UDEV PATCHES # ============ @@ -1920,6 +1928,10 @@ cp %{SOURCE7} m4/ %patch511 -p0 %patch512 -p0 %patch513 -p1 +%patch514 -p0 +%patch515 -p0 +%patch516 -p0 +%patch517 -p0 # udev patches %patch1001 -p1 @@ -2137,6 +2149,12 @@ export LDFLAGS do sed -ri '/^ENV\{net.ifnames\}=="1", GOTO="[^"]*"$/{ s/=="1"/!="0"/ }' src/udev/rule_generator/${rules}.rules done +%if 0%{?suse_version} <= 1320 + for link in 99-default + do + sed -ri '/^NamePolicy=/{ s/kernel[[:blank:]]+// }' network/${link}.link + done +%endif %endif cflags -pipe CFLAGS cflags -Wl,-O2 LDFLAGS