It includes the following fixes:
9b75a3d050 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
For a complete list of changes, visit:
bf3fef9988...5a506d73bd
Additionally, it also includes the following backports:
- 20ca3155c5 localed: reload PID1 configuration after modifying /etc/locale.conf
- 3538c202fd test: update TEST-73-LOCALE to define several locale settings in initial PID1 environment
- Drop 5000-coredump-adjust-whitespace.patch
5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
They are part of v252.4.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1338
6372fb0cc4 btrfs-util: convert O_PATH if necessary, in btrfs quota call (bsc#1205560)
12e68eb0e5 blockdev-util: move O_PATH fd conversion into btrfs_get_block_device_fd() to shorten things
bb2bafdc9d btrfs-util: convert to fd_reopen_condition()
1323232948 fd-util: add new helper fd_reopen_conditional()
- Drop 6000-Revert-tmpfiles-whenever-creating-an-inode-immediate.patch
It's no more needed as a fix for bsc#1205560 has been queued, see above.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1334
d28e81d65c test: fix the default timeout values described in README.testsuite
d921c83f53 meson: install test-kernel-install only when -Dkernel-install=true
c3b6c4b584 tests: update install_suse_systemd()
3c77335b19 tests: install dmi-sysfs module on openSUSE
df632130cd tests: install systemd-resolved on openSUSE
- Add 6000-Revert-tmpfiles-whenever-creating-an-inode-immediate.patch until
upstream issue #25468 is fixed.
- Drop 0001-meson-build-kernel-install-man-page-when-necessary.patch, the patch
has been merged in the SUSE git repo.
This includes the following bug fixes:
- upstream commit 67c3e1f63a5221b47a8fea85ae421671f29f3b7e (bsc#1200723)
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1329
To make sure that the same seed is not replicated when installing from a
'golden' image.
For regular installations the random seed file is initialized by the installer
itself (bsc#1174964). Even if it didn't, the random seed file would be created
on first boot anyway.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1318
So `machinectl import-tar` always works flawlessly. systemd-container already
is an optional package and both tar and gpg are rather basic anyway so no harm
should be done by requiring them.
- Move the systemd sysupdate stuff from the main package to the experimental
sub-package while it's still time. The method used (currently) for updating
openSUSE distro is rpm, not systemd-sysupdate.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1295
98bc28d824 tmpfiles: constify item_compatible() parameters
3faf1a2648 test: adapt install_pam() for openSUSE
b7ca34fa28 test: add test checking tmpfiles conf file precedence
2713693d93 test tmpfiles: add a test for 'w+'
ce2cbefe38 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
769f5a0cbe Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1277
1c229f8fc1 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails
8881f21539 cryptsetup: fix typo
5882148902 journald: make use of CLAMP() in cache_space_refresh()
6ee0601f73 journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
fe928f3d49 fs-util: make sure openat_report_new() initializes return param also on shortcut
3881af1806 fs-util: fix typos in comments
96060b73ba journal-file: port journal_file_open() to openat_report_new()
611d9955bb fs-util: add openat_report_new() wrapper around openat()
f16edb41d4 network: ignore all errors in loading .network files (bsc#1197968)
5422730a7b meson: build kernel-install man page when necessary
45c627cfc2 build: include status of TPM2 in the feature string show by --version
- Drop 0001-meson-build-kernel-install-man-page-when-necessary.patch
It's been merged in the SUSE git repo.
This includes the following bug fixes:
- upstream commit 34357545590d4791d1acbbeb07ae8f7636e187cb (bsc#1198093)
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1274
sub-package: they may deserve a dedicated sub-package in the future but for
now move them to udev so they aren't installed in systemd based containers.
- Move a bunch of components operating on (mainly block) devices into udev as
without udev they're most likely useless.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1268
37b683c832 journal: preserve acls when rotating user journals with NOCOW attribute set
d043fabebc journal: when copying journal file to undo NOCOW flag, go via fd
78c2766689 journal-file: explicitly handle file systems that do not support hole punching
7ecfb4b098 journal-file: fix error handling of pread() in journald_file_punch_holes()
c4946a412c journal-file: don't use pread() when determining where to append, use mmap as before
d3fbd20628 journal: various fixes to journal_file_read_object()
5897a8e8d4 shared: Handle filesystems that don't support hole punching in COPY_HOLES
27746408e2 journal: Truncate file instead of punching hole in final object
59b6130030 shared: Ensure COPY_HOLES copies trailing holes
ac9ccba73f journal: stat journal file after truncating
0257283444 journal: Copy holes when archiving BTRFS journal files
26c2a9952d shared: Copy holes in sparse files in copy_bytes_full()
6c7191dece copy: fix wrong argument passed to S_ISREG() in copy_file_fd_full()
af0a43024d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1263
targets (bsc#1196567)
The script 'upgrade-from-pre-210.sh' used to initialize the default target
during migration from sysvinit to systemd. However it created symlinks to
runlevel targets, which are deprecated and might be missing when
systemd-sysvcompat package is not installed. If such symlinks are found the
script now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one. In
most cases it will do the right thing anyway.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1258
Make sure that all mini variants won't be installed in real systems and won't
be involved when building medias with kiwi. Note that sub-packages that
requires systemd (such as udev) don't need any special treatment since the
specific deps are inherited from the main (mini) package.
- spec: simplify systemd-mini-doc dependencies by assuming that the doc
sub-package can't be a build requirement for other packages.
- spec: libsystemd-mini and libudev-mini need to provide libsystemd and libudev
respectively
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1251
systemd-sysvinit was probably provided to allow systems to switch from
sysvinit to systemd by overwriting /sbin/init with a link to systemd. But this
isn't very useful anymore due to the fact that sysvinit is not supported since
several years. Therefore the subpackage contains now the files needed to keep
backward compatibility with SysV init scripts (most notably sysv-generator)
and has been renamed accordingly. The few files that are not specific to
sysvinit (such as /bin/init) have been moved to the main package.
Normally this new subpackage shouldn't be needed (since all packages use
systemd unit files) unless a 3rd party application is installed and still
relies on SysV init scripts.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1250
actually installed when %{with machined} is true.
- Call ldconfig when container subpackage is installed since it ships
nss-mymachines NSS plug-in module.
- Drop 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1243
41334be59e meson: minor cleanup
3db0c28462 sysusers: split up systemd.conf
- Drop 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch (bsc#1195153)
Since v241, the patch isn't useful anymore because resolved is no more able to
create /etc/resolv.conf symlink by itself,it runs as 'systemd-resolve'
user. The symlink is now handled by a tmpfiles config file which is only
installed when systemd-resolved is. The tmpfiles config file has currently a
lower priority than the one shipped by netconfig.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1240
and systemd-container respectively.
These modules are plug-in modules hence the shared library packaging policy
doesn't apply for them. Moreover they're pretty useless alone without their
respective systemd services, Hence let's reduce the number of sub-packages as
the list keeps increasing.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1238
