- Import commit 0b715187a87907e18edf98eab9d0a50fced4a424
9dbdbc2f10 logind: fix (again) the race that might happen when logind restores VT (bsc#1101591 bsc#1140081)
c848bec110 libblkid: open device in nonblock mode. (bsc#1084671)
b70ad6c927 resolved: check for IP in certificate when using DoT with GnuTLS (bsc#1155539 CVE-2018-21029)
bbedf3d557 resolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS
eb732c2e29 resolved: fix connection failures with TLS 1.3 and GnuTLS
4e45084ac5 shared/install: failing with -ELOOP can be due to the use of an alias in install_error()
2e297f0d87 shared/install: fix error codes returned by install_context_apply()
dd29d70d32 man: alias names can't be used with enable command
- Allow YaST to select Iranian (Persian, Farsi) keyboard layout
(bsc#1092920)
OBS-URL: https://build.opensuse.org/request/show/748020
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1080
- Drop 0001-compat-rules-escape-when-used-for-shell-expansion.patch
It's part of the previous import.
- Import commit b7467b7b553d6d0d6f92758d966b69f1a88b6b42
441f44f371 fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495)
8a1bb5c66b swap: do not make swap units wanted by its device unit anymore
- Import commit 5df9000899ef7d45ddbcacd0fdf73afa07a40f6b
f0ed7237e4 udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)
b37054aa5a compat-rules: escape '$' when used for shell expansion
Changes from the v243-stable:
ef677436aa test: Pass personality test even when i686 userland runs on x86_64 kernel
3f6398c450 docs: fix inadvertent change in uid range
25bb377a73 cgroup: fix typo in BPF firewall support warning message
6d97aca0d5 fix build with compilers with default stack-protector enabled
fbad077cec nspawn: surrender controlling terminal to PID2 when using the PID1 stub
0553c3c668 pid1: fix DefaultTasksMax initialization
f406a691a7 src/core/automount: use DirectoryMode when calling mkdir -p
20438f96c3 udevadm trigger: do not propagate EACCES and ENODEV
6480630bc3 hwdb: Correct WWWW Pattern In Documentation Comment
9d8e889810 nspawn: consistenly fail if parsing the environment fails
40e169b304 nspawn: default to unified hierarchy if --as-pid2 is used
b5df1037a0 cgroup: Mark memory protections as explicitly set in transient units
f14e3e02cc cgroup: Respect DefaultMemoryMin when setting memory.min
ea248e53bf cgroup: Check ancestor memory min for unified memory config
de1d25a506 cgroup: docs: memory.high doc fixups
2ab45f38d8 cgroup: docs: Mention unbounded protection for memory.{low,min}
19a43dc38a Consider smb3 as remote filesystem
5c0224c7bf Handle d_type == DT_UNKNOWN correctly
8282bc61df util-lib: Don't propagate EACCES from find_binary PATH lookup to caller
OBS-URL: https://build.opensuse.org/request/show/744383
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1077
- Import commit 0f9271c1336c5c9055e75389732a44745d796851 (changes from v242-stable)
07f0549ffe network: do not send ipv6 token to kernel
9d34e79ae8 systemd-mount: don't check for non-normalized WHAT for network FS
5af677680c core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX (bsc#1142099)
29dda7597a random-util: eat up bad RDRAND values seen on AMD CPUs
eb6c17c178 util-lib: fix a typo in rdrand
829c20dc8e random-util: rename "err" to "success"
5442366fbf man: rework the description of Aliases and .wants/.requires directories
ae71c6f634 docs: typo in arg name replace-irreversible -> replace-irreversibly
09774a5fcb meson: make nologin path build time configurable
69ffeeb0b1 man: add note about systemctl stop return value
4cf14b5513 shared/conf-parser: say "key name" not "lvalue", add dot
4481ca7f86 shared/conf-parser: emit a nicer warning for something like "======"
46f3db894b shared/conf-parser: be nice and ignore lines without "="
7d928995f7 nspawn: fix memleak in argument parsing
7727e6c0ae resolve: fix memleak
7f32a81976 journal: properly read unaligned le64 integers
fa419099e5 activate: move array allocation to heap
815a9fef2a systemctl: print non-elapsing timers as "n/a" not "(null)"
a4fc3c88f1 factory: include pam_keyinit.so in PAM factory configuration
a453d63315 factory: add comment to PAM file, explaining that the defaults are not useful
d9a5a70a59 factory: tighten PAM configuration
5e2d3bf80b test: make sure colors don't confuse our test
5fe3be1334 wait-online: change log level
c49b6959d5 systemctl: emit warning when we get an invalid process entry from pid1 and continue
3c9f43eb03 systemctl: do not suggest passing --all if the user passed --state=
5964d1474e man: offline-updates: make dependence on system-update.target explicit
a04dd26e03 alloc-util: drop _alloc_ decorator from memdup_suffix0()
7c46a694ca man: add example for setting multiple properties at once
1d72789271 man: CPUShares= is so 2015
OBS-URL: https://build.opensuse.org/request/show/718031
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1065
- Import commit eaa7b8b148927d471609de75e542dffcc1b36df4
7e58b89136 udevd: change the default value of udev.children-max (again) (bsc#1107617)
- Add 0001-rc-local-generator-deprecate-halt.local-support.patch
/etc/init.d/halt.local support will removed from the next systemd
version (v243) so for now on warn (hopefully the few) users who rely
on this script so they have a chance to switch to systemd-shutdown
interface.
OBS-URL: https://build.opensuse.org/request/show/705895
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1064
- Add 0001-Revert-insserv.conf-generator.patch (bsc#1052837)
All remaining packages have been fixed so they don't rely on the
insser-generator to generate proper deps. So let's drop it as all
services should carry the proper dependencies itself.
- Drop debug-only-remove-new-policies.patch
The new DBUS methods have been reviewed by the security team.
OBS-URL: https://build.opensuse.org/request/show/705662
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1063
- Import commit 9984a86d0d2259d54c7060f9c09f214202b4efa7
f2459bf373 random-util: eat up bad RDRAND values seen on AMD CPUs
c90a2e9793 util-lib: fix a typo in rdrand
4db1cc9d46 random-util: rename "err" to "success"
981a62a102 random-util: hash AT_RANDOM getauxval() value before using it
64a9c3d918 random-util: use gcc's bit_RDRND definition if it exists
c5d6ecfdca random-util: rename RANDOM_DONT_DRAIN → RANDOM_MAY_FAIL
298d13df7e network: remove redunant link name in message
77cbde31f2 hwdb: Align airplane mode toggle key mapping for all Acer series
460f03794e Revert "hwdb: Apply Acer mappings to all Gateway and Packard Bell models"
fe9271ad84 test: return a non-zero return code when 'nobody' user doesn't exist
29d355e755 fstab-generator: Prevent double free of reused FILE*
f30f1adc11 meson: make source files including nspawn-settings.h depend on libseccomp
84bab914b8 alloc-util: don't use malloc_usable_size() to determine allocated size
5240972d8d units: drop reference to sushell man page
0a26de5e33 codespell: fix spelling errors
582de105c8 nspawn-expose-ports: fix a typo in error message
OBS-URL: https://build.opensuse.org/request/show/702859
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1062
- Add debug-only-remove-new-policies.patch
A temporary patch to suppress the new DBUS methods introduced by
v242 until they are reviewed and whitelisted by the secteam.
- Add a comment explaining why static enablement symlinks in /etc are suppressed
Also remove any /etc/systemd/system/*.requires/ symlinks for the
same reason.
- preset remote-cryptsetup.target during package installation
This target is supposed to be part of the targets that should be
enabled (or not depending on the presets) at package installation.
OBS-URL: https://build.opensuse.org/request/show/701727
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1060
- Import commit 4e6e66ea94cf5125f9044f0869939a86801ed2d8
430877e794 pam-systemd: use secure_getenv() rather than getenv() (bsc#1132348 CVE-2019-3842)
3cff2e6514 man: document that if the main process exits after SIGTERM we go directly to SIGKILL
26c4f7191c bus: fix memleak on invalid message
- systemd-coredump: generate a stack trace of all core dumps (bsc#1128832)
This stack trace is logged to the journal.
OBS-URL: https://build.opensuse.org/request/show/693791
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1058
- Import commit 01b4746d3c6f6cbf969fa2176c77ac3f616a7eda
7af53e005b sd-bus: if we receive an invalid dbus message, ignore and proceeed
92dcbfdd7f bus: move BUS_DONT_DESTROY calls after asserts
a83e7b3b43 automount: don't pass non-blocking pipe to kernel.
726127ea1d units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333)
a6347a3cb6 core: Fix use after free case in load_from_path() (bsc#1121563)
22e2550222 strv: rework FOREACH_STRING() macro (bsc#1121563)
2ddd38f41a test,systemctl,nspawn: use "const char*" instead of "char*" as iterator for FOREACH_STRING()
c2c8333e0b strv: add new macro STARTSWITH_SET()
1db243a601 Update systemd-system.conf.xml (bsc#1122000)
OBS-URL: https://build.opensuse.org/request/show/676380
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1051
- Import commit ad34cc45f63720ced69960dc66b47bddb146176d
Import a bunch of fixes from stable/v239-stable:
c8293f5af4 Revert "network: set DynamicUser= to systemd-networkd.service"
7f605592e6 Revert "resolve: enable DynamicUser= for systemd-resolved.service"
5a48e92e06 test: Fix networkd test for an already running service
36eae1688b Revert "timesyncd: enable DynamicUser="
3a11f24cf0 Revert "unit: drop After=systemd-sysusers.service from timesyncd"
23cfd15ce9 machinectl: fix verbosity of import-raw or friends
ba037daf29 Make bzip2 an optional dependency for systemd-importd
fb609d2721 pull: initialize libgcrypt before calling any functions provided by libgcrypt
c50857bc6b hwdb: remove stray 'i' in hwdb match string for the HP Spectre (#9571)
9a12fd17f5 man: Mention that paths in unit files must be fully normalized.
76fc2ab4a6 tree-wide: use instead of #ifdef for HAVE_*
fcc699c093 network: update log message
a4f497b2cd Use #if instead of #ifdef for ENABLE_GSHADOW
121c662eb8 man: add missing option for system.conf
564341146e core: add missing option and drop nonexistent option in system.conf
7082a3599f journal: add missing option in journald.conf
3c15efa9c1 basic: add missing comma in raw_clone assembly for sparc
4c210b6dce cryptsetup: Add dependency on loopback setup to generated units
c777fbbe3e journal-gateway: use localStorage["cursor"] only when it has valid value
c5b1bef639 journal-gateway: explicitly declare local variables
2361522ca6 analyze: actually select longest activated-time of services
3e810d92d9 sd-bus: fix implicit downcast of bitfield reported by LGTM
aef660a4cf resolvconf: fixes for the compatibility interface
06b3f54f50 install: fix error handling in is_symlink_with_known_name()
f70ab9a468 portable: fix error handling
d2c40d4e80 resolve: fix return value type of dns_answer_has_dname_for_cname()
6f684e0670 resolve: dns_scope_network_good() does not returns negative errno
15d83e1138 bus-util: fix error handling
OBS-URL: https://build.opensuse.org/request/show/666162
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1050
- Import commit 3bece8a25ae11e8ec132cdecc7e72a00ee790994
89a9721a47 Revert "logind: become the controlling terminal process before restoring VT" (bsc#1120836)
c3a8dc821b pam_systemd: reword message about not creating a session
0ba0f5b3ef pam_systemd: suppress LOG_DEBUG log messages if debugging is off
- Import commit a3b059a8c60622e4ec30aabda93c6b41d0953dc4
9dbe9f12ec journal-remote: set a limit on the number of fields in a message (CVE-2018-16865 bsc#1120323)
61d569ab1b journal-remote: verify entry length from header
a08760b26c µhttpd: use a cleanup function to call MHD_destroy_response
43f46a1a3d journal-gateway: use _cleanup_ attribute to stop microhttpd daemon
437b0b2d01 journald: lower the maximum entry size limit to ½ for non-sealed fds
ac9e209710 journald: when processing a native message, bail more quickly on overbig messages
ce103705b9 journald: set a limit on the number of fields (1k) (CVE-2018-16865 bsc#1120323)
35538171c2 coredump: fix message when we fail to save a journald coredump
cfe247b555 basic/process-util: limit command line lengths to _SC_ARG_MAX
9d59e6f6ee journald: do not store the iovec entry for process commandline on stack (CVE-2018-16864 bsc#1120323)
8d650a68d4 journald: remove unnecessary {}
b608f532a4 coredump: remove duplicate MESSAGE= prefix from message
0dbb2dc066 vconsole-setup: fonts copy will fail if the current terminal is in graphical mode (bsc#1114933)
e501d65540 Revert "systemctl: when removing enablement or mask symlinks, cover both /run and /etc"
d3ea69961f fs-util: rename safe_transition() into unsafe_transition()
338470fdc9 tmpfiles: use CHASE_WARN in addition to CHASE_SAFE
d9ae1b30da fs-util: make chase_symlink() returns -ENOLINK when unsafe transitions are met
8b76594d1f fs-util: add new CHASE_WARN flag to chase_symlinks()
OBS-URL: https://build.opensuse.org/request/show/664420
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1049
- Import commit 8ae56af7802ef8f91fac64fa244d62a4468fbbd5
4474878178 udev-builtin-kmod: adjust logging
805534aff5 core: use the generic module_load() function
ac7e902530 shared/module-util: fix preexisting mixup with errno sign
415aa40793 udev-builtin-kmod: use the generic module_load() function
8a36b4bac6 Move module-util.h to src/shared/ and load_module() to libshared
999b910752 core/kmod-setup: restore comments
1f2b822a21 logind: stop managing VT switches if no sessions are registered on that VT
5ad8d374c5 terminal-util: introduce vt_release() helper
145d492490 logind: become the controlling terminal process before restoring VT (bsc#1101591)
d4b5dbc033 terminal-util: introduce vt_restore() helper
2e8af185f0 logind: make session_restore_vt() static
ff3048364f udev: downgrade message when we fail to set inotify watch up (bsc#1005023)
- Fix the test for figuring out if /etc/machine-id is writable in %post (bsc#1117063)
"test -w" always returns true for root user even if the writable
mode bits are not set. Fix this by testing the file mode bit value
instead.
- Move systemd-sysv-convert from /usr/sbin to /usr/lib/systemd
This tool is not supposed to be run by users.
- Import commit 8ae56af7802ef8f91fac64fa244d62a4468fbbd5
4474878178 udev-builtin-kmod: adjust logging
805534aff5 core: use the generic module_load() function
ac7e902530 shared/module-util: fix preexisting mixup with errno sign
415aa40793 udev-builtin-kmod: use the generic module_load() function
8a36b4bac6 Move module-util.h to src/shared/ and load_module() to libshared
999b910752 core/kmod-setup: restore comments
1f2b822a21 logind: stop managing VT switches if no sessions are registered on that VT
OBS-URL: https://build.opensuse.org/request/show/653864
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1048
- Add 0001-logind-keep-backward-compatibility-with-UserTasksMax.patch
We have to keep support for UserTasksMax= for a while before
dropping it. This patch is supposed to do that and also to make
users aware of this change. It also hints how to configure that
differently.
- Import commit f39674d6d114d999c50672c7bea8cad21e1eaed9
7d1e04e85 units: use =yes rather than =true everywhere
185ce0d34 units: assign user-runtime-dir@.service to user-%i.slice
a051f5e41 units: make sure user-runtime-dir@.service is Type=oneshot
30c6842c3 units: set StopWhenUnneeded= for the user slice units too
e74de046e login: fix typo in log message
OBS-URL: https://build.opensuse.org/request/show/646968
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1045
- Own %{_libexecdir}/modules-load.d (again)
This was incorrectly dropped during the split of the SUSE specific
configurations.
- Drop a Conflicts: in systemd-coredump
It not needed anymore since the mini variant of systemd-coredump is
not built anymore.
- Import commit b54f5d7a8b41898ce98f43cd1a6cc92c0071806d
5def29d24 coredump: only install coredump.conf when ENABLED_COREDUMP=true
9133e2d6e dhcp6: make sure we have enough space for the DHCP6 option header (bsc#1113632 CVE-2018-15688)
ebc3fa418 dhcp6: split assert_return() to be more debuggable when hit
51eefb6ac chown-recursive: let's rework the recursive logic to use O_PATH (bsc#1113666 CVE-2018-15687)
e1e1aa237 core: skip unit deserialization and move to the next one when unit_deserialize() fails
1c726c87d core: when deserializing state always use read_line(…, LONG_LINE_MAX, …) (bsc#1113665 CVE-2018-15686)
4cd7d11ac core: don't create Requires for workdir if "missing ok" (bsc#1113083)
- Make systemd-coredump sub-package optional
and don't build the mini variant.
- Drop duplicated %{?mini} suffix for systemd-{container,coredump} subpackages
"-mini" is already part of the name of the main package so there's
no need to append it again for those sub packages. It's only needed
when the name of a subpackage is completely redefined, IOW when '-n'
option is used with the %package directive.
- Dont ship /usr/sbin/resolvconf symlink for now
It conflicts with the bin shipped by openresolv and provides
limited compat only.
OBS-URL: https://build.opensuse.org/request/show/646424
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1044
- Ship systemd-sysv-install helper via the main package
This script was part of systemd-sysvinit sub-package but it was
wrong since systemd-sysv-install is a script used to redirect
enable/disable operations to chkconfig when the unit targets are
sysv init scripts. Therefore it's never been a SySV init tool.
While at it, don't ship this script (as well as
systemd-sysv-convert) when sysvcompat is not defined.
- Import commit 19b3868d32af20f1ecc86fe3c997144ff456fd65
06c2284d64 core: introduce systemd.early_core_pattern= kernel cmdline option
479b002083 core: add missing 'continue' statement
c7fbccc62e journald: don't ship systemd-journald-audit.socket (bsc#1109252)
f17a6c790c detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)
5a1aa84544 compat-rules: generate more compat by-id symlinks for NVMe devices (bsc#1095096)
OBS-URL: https://build.opensuse.org/request/show/642103
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1041
- Import commit a67b516d49115a5be0f2ac27a2874cee6c59a7ae
f8457adf9d emergency: make sure console password agents don't interfere with the emergency shell
b8bbb50634 man: document that 'nofail' also has an effect on ordering
a5410b2229 journald: take leading spaces into account in syslog_parse_identifier
b793c312c7 journal: do not remove multiple spaces after identifier in syslog message
f9595f0481 syslog: fix segfault in syslog_parse_priority()
d464f06934 journal: fix syslog_parse_identifier()
e70422883a socket-util: attempt SO_RCVBUFFORCE/SO_SNDBUFFORCE only if SO_RCVBUF/SO_SNDBUF fails (bsc#991901)
OBS-URL: https://build.opensuse.org/request/show/638970
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1040
- Import commit cc55f1ea9e1c1ccab5b9fb97e10e08830d02b282
962b38aaf user@.service: don't kill user manager at runlevel switch (bsc#1091677)
3986c4d82 units: make sure user@.service runs with dbus still up
5e68aa0f2 Revert "udevd: increase maximum number of children" (bsc#1107617)
099138fd9 fix race between daemon-reload and other commands (v237) (bsc#1105031)
OBS-URL: https://build.opensuse.org/request/show/635662
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1038
- Import commit 0350f62a8cf7f151951b6b78337fe3c198b8bf6a
fbf43a697 core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944)
4134ba8b6 man: SystemMaxUse= clarification in journald.conf(5) (bnc#1101040)
78bb2a0c4 socket-util: fix getpeergroups() assert(fd) (#8080) (bsc#1096516)
1753d0420 systemctl: mask always reports the same unit names when different unknown units are passed (bsc#1095973)
50ebf79d7 scsi_id: Fixup prefix for pre-SPC inquiry reply (bsc#1039099)
570f7655b locale-util: on overlayfs FTW_MOUNT causes nftw(3) to not list *any* files
OBS-URL: https://build.opensuse.org/request/show/625754
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1034
- Drop runtime dependency on dracut (bsc#1098569)
Otherwise systemd pulls in tools to generate the initrd even in
container/chroot installations that don't have a kernel anyways.
For environments where initrd matters, dracut should be pulled via a
pattern.
- Drop runtime dependency on dracut (bsc#1098569)
Otherwise systemd pulls in tools to generate the initrd even in
container/chroot installations that don't have a kernel anyways.
For environments where initrd matters, dracut should be pulled via a
pattern.
OBS-URL: https://build.opensuse.org/request/show/618913
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1033