- Added patches to fix CVE-2021-3997 (bsc#1194178)
5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
These patches will be dropped and cherry-picked from upstream once upstream
will commit them in their main branch.
- Import commit a54f80116ccf105dff11aef5d18dd110ebd3e8ee
30cbebc56f tmpfiles: 'st' may have been used uninitialized
5443654ec0 macro: add new helper RET_NERRNO()
8d90ecc435 rm-rf: optionally fsync() after removing directory tree
591344010d rm-rf: refactor rm_rf_children(), split out body of directory iteration loop
8c7762c4f1 Bump the max number of inodes for /dev to a million (bsc#1192858)
dc9476c881 journal: don't remove the flushed flag when journald is stopped
29efc29efd TEST-10: don't attempt to write a byte to the socket
773fb785b6 Bump the max number of inodes for /dev to 128k (bsc#1192858)
OBS-URL: https://build.opensuse.org/request/show/945520
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=343
- Update systemd-user PAM service again
Change the default implementation of pam_setcred() again, previously
customized to run the full "auth" PAM stack and only call pam_deny.so which is
basically the SUSE default behavior without pam_warn.so.
This is considered safer, especially on SLE where a regression was spotted by
QA.
- move files related to static nodes to udev
- Replace S:$n references with SOURCE$n. Makes vim * search work.
OBS-URL: https://build.opensuse.org/request/show/943712
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=342
- Add 0001-Revert-core-Check-unit-start-rate-limiting-earlier.patch
Temporarly revert commit ed8fbbf1745c6a2dc0b8cd560ac8a3353f72e979
until the regression it introduced [1] is addressed by upstream and
a fix is released via the stable tree.
[1] https://github.com/systemd/systemd/issues/21025
- Disable nss-systemd and translations features for the mini flavour
- Really enable libiptc for masquerading support (bsc#1191651)
Currently used by systemd-nspawn and systemd-networkd.
- Convert systemd package to multibuild
8de173ff93 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
[...]
OBS-URL: https://build.opensuse.org/request/show/928747
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=339
- Import commit 8521f8d22fd44400289fcea03493ebd7f8b1487d (merge of v249.5)
For a complete list of changes, visit:
355e113ce1...8521f8d22f
- Import commit 355e113ce193e5e2d195278c57d47f9a1b00ae46
3b4a005095 meson: add missing include directory when using xkbcommon
4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514)
78466e4464 meson: drop the list of valid net naming schemes
b9a2098f9d netif-naming: inline one iterator variable
d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme
- Rename %{gnu-efi} into %{sd_boot}
Build conditionals (%bcond_with and %bcond_without) are used to
define a specific feature of systemd. "gnu-efi" is rather an
implemenation detail. Also not really sure what "efi" option alone
is useful for since systemd-boot & co depends on "gnu-efi".
- Enable sd_boot support for aarch64
- Ghost own directories /var/log/journal and /var/log/journal/remote again
rpmlint no more complain about the setgid bit, see sr#923496.
- Overwriting rootprefix= is only required when split-usr is enabled
- Rename %usrmerged into %split_usr
- Suppress PAM warning when the credentials for user@.service service
are established (bsc#1190515)
systemd-user PAM service needs to define a default implementation of
pam_setcred() otherwise the fallback (defined by /etc/pam.d/other)
is used, which consists of pam_warn.so + pam_deny.so, and will throw
OBS-URL: https://build.opensuse.org/request/show/925519
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=338
- Work around rpmlint complaining about /var/log/journal shipped with setgid bit
This setgid bit has been already reviewed in the past and wasn't a
concern. However we want the mode/ownership adjusted by tmpfiles and
avoid the duplication of these info in rpm.
- Don't ghost own any directories created dynamically by tmpfiles
Again rpmlint complains but it doesn't seem to make sense to try to
track all paths (including theirs perms, ownerships...) created
dynamically. And 'rpm -V' is likely to report issues later with
these paths anyway.
This effectively partially reverts the two previous commits.
- Make sure the build process won't create /var/log/journal
- /var/log/journal/remote is owned by systemd-journal-remote
- systemd.spec: fix a bunch of rpmlint errors/warnings
- Drop systemd-logger
This sub package was introduced in order to configure persistent
journal and also to make sure that another syslog provider (such as
rsyslog) couldn't be installed at the same time: each syslog
provider conflicts with each others.
However this mechanism didn't work since uninstalling systemd-logger
wasn't magically turning off persistent logging because
/var/log/journal is likely to be populated hence not removed.
Moreover using a subpackage to configure the mode of journald was
overkill and the usual ways (main conf file or drop-ins) should be
preferred.
- Import commit 7a5801342fe2f53e5c2a8578d6db132c0eca2d97
8d65ec4a66 test: wc is needed by test/units/testsuite-50.sh
OBS-URL: https://build.opensuse.org/request/show/922217
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=337
- Don't reexecute user manager instances on package update yet
This can't be done until users have their user instance updated to
the new version that supports reexecuting with SIGRTMIN+25 because
this signal terminates the user managers for the previous versions.
- Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11
3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only
fd46c81922 test: make sure to include all haveged unit files
- systemd.spec: reexec user manager instances on package updates
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Drop dependency on m4 (replaced by Jinja2)
OBS-URL: https://build.opensuse.org/request/show/917666
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=336
- Configure split-usr=true only when %usrmerged is not defined
- Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4)
For a complete list of changes, visit:
7f23815a70...40bda18e34
- Rework the test (sub)package:
- it's been renamed into 'systemd-testsuite'
- it includes the extended tests too
- the relevant commits have been backported to SUSE/v249 so no SUSE
specific patch is needed to run the extended tests (see below)
- the deps needed by the extended tests have been added
- Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427
ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too
088fbb71d0 test: adapt install_pam() for openSUSE
4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE"
ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static"
6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only
278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set
3bba2f876a test: add support for NO_BUILD=1 on openSUSE
d77cbc1b64 test: make busybox TEST-13-only dependency
- Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719)
See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for
details.
- Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
- Configure split-usr=true only when %usrmerged is not defined
OBS-URL: https://build.opensuse.org/request/show/915488
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=335
- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6)
For a complete list of changes, visit:
cb29bcc5ef...73e9e6fb84
- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes
https://github.com/systemd/systemd/issues/19464 which makes the
aforementioned patch not needed anymore.
- Drop 1003-basic-unit-name-adjust-comments.patch
It's been merged in SUSE/v248 branch
- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5)
4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
[...]
For a complete list of changes, visit:
94efce2ee5...cb29bcc5ef
- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it
was merged in v248.5.
- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4)
For a complete list of changes, visit:
c0aecee593...94efce2ee5
- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
as it was merged in v248.4.
- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8
42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag
ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag
a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154)
OBS-URL: https://build.opensuse.org/request/show/908417
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=333
- Added patches to fix CVE-2021-33910 (bsc#1188063)
Added 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
Added 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
Added 1003-basic-unit-name-adjust-comments.patch
These patches will be moved to the git repo once the bug will become
public.
- systemd-hwdb-update.service should be shipped by the udev package
OBS-URL: https://build.opensuse.org/request/show/907311
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=332
- Import commit e9a23d9e064c2e7ac21a1b984d116bcf15327e63
8dd19c6ee3 sd-device: allow to read sysattr which contains embedded NUL
d52409e5fe pid1: only add a Wants= type dependency on /tmp when PrivateTmp=yes (bsc#1181970
- Import commit fcdb8dce591db2f5fc3c1e3eeb7abe9a2090b401
aa2d840a3b compat-rules: fix warning: "label ‘out’ defined but not used" in path_id_compat.c
- Restore 61-persistent-storage-compat.rules that was mistakenly
dropped during the merge of v248.
- Create /run/lock/subsys again (bsc#1187292)
The creation of this directory was mistakenly dropped when
'filesystem' package took the initialization of the generic paths
over.
Paths under /run/lock are still managed by systemd for lack of
better place.
- Drop systemd's dependency on udev (jsc#PM-2677)
In some environments (i.e. containers) udev is usually not necessary
but pulls in unnecessary packages.
- Now that chkconfig/insserv are history, let's implement the strict
minimum in systemd-sysv-install to enable/disable SysV init scripts
(bsc#1186595 bsc#1186359)
Indeed there's no much point in dropping SysV support completely
until upstream will do especially since 3rd party applications such
as vmware still rely on it, see bsc#1186359).
- Allow the sysusers config files shipped by systemd rpms to be
overriden during system installation (bsc#1171962)
- While at it, add a comment to explain why we don't use
OBS-URL: https://build.opensuse.org/request/show/902866
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=330
- systemd.spec: clean some of the build deps up:
- libpcre is redundant with libpcre2 (only required by the full
build) and the mini variant needs none of them. Hence drop the ref
to libpcre.
- normally libidn2 is needed by some optional features in
systemd-network (only). But it's implicitly pulled in by libgnutls
(required by the main package). Let's make sure the related
features won't be disabled inadvertently in the future by making
the dep explicit.
- enable libiptc for masquerading support in networkd
- create subpackage systemd-experimental to host pstore, repart,
userdb and homed
OBS-URL: https://build.opensuse.org/request/show/885896
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=329
- Import commit 14581e01203df7aa63c7c8383a12e6ebe258476f (merge of v246.13)
423b1e759c Revert "resolved: gracefully handle with packets with too large RR count" (bsc#1183745)
4723778738 meson.build: make xinitrcdir configurable (bsc#1183408)
[...]
For a complete list of changes, visit:
9753d1c175...14581e0120
- Drop 0001-Revert-resolved-gracefully-handle-with-packets-with-.patch
as it's part of v246.13.
- Make use of the new build option to ship xinitrc in
/usr/etc/X11/xinit/xinitrc.d (bsc#1183408)
- Add 0001-Revert-resolved-gracefully-handle-with-packets-with-.patch
Temporary workaround for bsc#1183745 (upstream issue 18917) until an
actual fix is found.
- Default to the "unified" cgroup hierarchy. At this point, most
users of cgroup (such as docker, libvirt, kubernetes) should be
ready for this change. It's still possible to switch back to the
old "hybrid" hierarchy by passing "systemd.unified_cgroup_hierarchy=0"
option to the kernel command line.
OBS-URL: https://build.opensuse.org/request/show/882182
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=328
- Import commit 9753d1c17545a5d46530696cb14254f5f12024f1 (merge of v246.11)
For a complete list of changes, visit:
134cf1c8bc...9753d1c175
- Rebase 0001-conf-parser-introduce-early-drop-ins.patch
- Import commit 13bc08870147b35f87cefb074aec22e767b7ac04
846d61e0a1 boot: Move console declarations to missing_efi.h
171a37228b boot: Add startswith() and endswith() functions with no_case variants
0fad9f309a boot: Drop unnecessary braces
c38bbb0874 boot: Fix void pointer arithmetic warning
438210924b boot: Replace raw efivar gets with typed variants
e46cb3e4a0 boot: Add efivar_get/set_uint64_le() functions
e16bee35c8 boot: Rename efivar_get/set_int() to efivar_get/set_uint_string()
2808d0e9a3 boot: Tighten scope of variables used in loops
d3f3d57743 boot: Add efivar_get_boolean_u8()
0551ecce71 boot: Make all efivar util functions take the guid as an argument
8376ba3b9f boot: Turn all guid constants into C99 compound initializers
166fc2dad2 boot: Enable C99
c87d66e261 boot: Move Secure Boot logic to new file
da7bba9438 udev: fix memleak
e06139117c nspawn: make rootfs relative to oci bundle path (bsc#1182598)
8ba587d46c PATCH] Always free deserialized_subscribed on reload (bsc#1180020)
- Make sure the udev socket units are reloaded during udev package updates
- fix-machines-btrfs-subvol.sh is only shipped when machined is built
OBS-URL: https://build.opensuse.org/request/show/879358
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=327
- systemd requires aaa_base >= 13.2
This dependency is required because 'systemctl
{is-enabled,enable,disable} <initscript>" ends up calling
systemd-sysv-install which in its turn calls "chkconfig
--no-systemctl".
aaa_base package has a weird versioning but the '--no-systemctl'
option has been introduced starting from SLE12-SP2-GA, which shipped
version "13.2+git20140911.61c1681".
Spotted in bsc#1180083.
OBS-URL: https://build.opensuse.org/request/show/874480
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=326
- Add 0001-conf-parser-introduce-early-drop-ins.patch
Introduce early configuration drop-in file. This type of drop-ins
are reserved for vendor own purposes only and should never been used
by users. It might be removed in the future without any notice.
- Drop use of %systemd_postun in %postun
This macro is supposed to operate on units but it was used without
passing any parameters. This call was probably used for issuing a
daemon-reload but the following calls to
%systemd_postun_with_restart imply that already. So let's simply
drop it.
OBS-URL: https://build.opensuse.org/request/show/873790
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=325
- Explicitly require group(kvm) by udev: the group used to be
created by system-users-hardware, but has been split/moved to
qemu/kvm, where it is more logical. The file
/usr/lib/udev/rules.d/50-udev-default.rules references this
group, thus we should make sure the group exists. Otherwise there
are errors in the journal in the form of:
/usr/lib/udev/rules.d/50-udev-default.rules:86 Unknown group 'kvm', ignoring
OBS-URL: https://build.opensuse.org/request/show/855788
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=322
