From 0f79ee1691d96302ff1d6ac7ef53cfc130df5048 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 17 Dec 2024 02:43:55 +0000 Subject: [PATCH] import UBI systemd-239-82.el8_10.3 --- ...nd_strndup-and-use-it-in-bus-message.patch | 2 +- ...ee-code-paths-which-free-struct-bus_.patch | 12 +-- ...oducer-for-an-infinite-loop-in-ndisc.patch | 2 +- ...oducer-for-another-infinite-loop-in-.patch | 2 +- ...ssage-add-fuzzer-for-message-parsing.patch | 12 +-- ...d-an-infinite-loop-on-empty-structur.patch | 12 +-- ...s-always-use-EBADMSG-when-the-messag.patch | 2 +- ...age-fix-calculation-of-offsets-table.patch | 2 +- ...calculation-of-offsets-table-for-arr.patch | 2 +- ...skipping-of-array-fields-in-gvariant.patch | 6 +- ...age-add-two-test-cases-that-pass-now.patch | 2 +- ...rn-EBADMSG-not-EINVAL-on-invalid-gva.patch | 8 +- ...d-wrap-around-when-using-length-read.patch | 2 +- ...ram-and-rule-for-FIDO-security-token.patch | 4 +- ...oducer-for-a-memory-leak-fixed-in-30.patch | 2 +- ...oducer-for-a-heap-buffer-overflow-fi.patch | 4 +- ...update-actions-upload-artifact-to-v4.patch | 29 ++++++ SOURCES/1015-ci-drop-unused-variable.patch | 24 +++++ SOURCES/1016-ci-reduce-ASLR-entropy.patch | 30 +++++++ ...mlink-part-of-test_touch_file-in-GH-.patch | 89 +++++++++++++++++++ ...lity-to-not-track-certain-unit-types.patch | 53 +++++++++++ ...up-idle-session-watch-for-lock-scree.patch | 50 +++++++++++ ...or-which-classes-of-sessions-we-do-s.patch | 47 ++++++++++ ...ci-point-C8S-containers-to-the-Vault.patch | 27 ++++++ SPECS/systemd.spec | 18 +++- 25 files changed, 404 insertions(+), 39 deletions(-) create mode 100644 SOURCES/1014-ci-update-actions-upload-artifact-to-v4.patch create mode 100644 SOURCES/1015-ci-drop-unused-variable.patch create mode 100644 SOURCES/1016-ci-reduce-ASLR-entropy.patch create mode 100644 SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch create mode 100644 SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch create mode 100644 SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch create mode 100644 SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch create mode 100644 SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch diff --git a/SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch b/SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch index 90fedb8..42e7e33 100644 --- a/SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch +++ b/SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch @@ -272,7 +272,7 @@ new file mode 100644 index 0000000000000000000000000000000000000000..52469650b5498a45d5d95bd9d933c989cfb47ca7 GIT binary patch literal 32 -ccmd1#|DTBg0(2Mzp)7_%AVVXuuuM|`09r!?!~g&Q +dcmd1#|DTBg0(2Mzp)7_%1_lO=#KJO70RUP<1jGOU literal 0 HcmV?d00001 diff --git a/SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch b/SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch index 920053e..cd06a2c 100644 --- a/SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch +++ b/SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch @@ -154,12 +154,12 @@ new file mode 100644 index 0000000000000000000000000000000000000000..c371824ffb604708619fd0713e8fca609bac18f7 GIT binary patch literal 534 -zcmZ{h!A`?442GSJP20o?A&zJgm*%pT#&`l!4rxq{&>8YmwQrOs;B(}I_m11m8`nFp`#ek1>oQYVSs`!XH?7Y=}3y9Ye+UliL9^x9s66$8wH+TPdOG`n| -z5UhxkcX_KUxB&w-}_VOx;`c0Wyz6l^R_4WQGkDWxj0j5BV%;tATdc{;T +zNxV;0?Z^1PSGWa+QHL{=ni0@L7-!XS+Pg}s5SN|b)(~pjJo+4FBd2|i(<}!R=Mf{! +zc+vGEB0(FA<<7D!=vAlJ>vhog!1WQ+VgGi2mZGqQTmfy{w!dxLT1ngKpsQ^&>=~AJ +L>FxXRA@2SU8?;@l literal 0 HcmV?d00001 diff --git a/SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch b/SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch index 438dee1..4b4f32f 100644 --- a/SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch +++ b/SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch @@ -27,7 +27,7 @@ new file mode 100644 index 0000000000000000000000000000000000000000..410cf38c1ec2156680e80160825b883fb4f12aa9 GIT binary patch literal 53 -ucmZo;U|{$U0h55t23AHOm-#;v2(&S9GpRCgaeXR_WB`f-fhq$7NEHAcu@3A2 +zcmZo;U|{$U0h1UQ7#dg^8UFug{?7ygZ4BH@stjCQpUNT`SQ!}@7#LI;7(l839q&NW6m6ZC#~`RCNGV2*icg27V{4hLEuI -z*Z%6nv6IG-c{fDW8PO*Z8RG~@1*A4LLPziq^|n=>fKTCf&ROnOFWhXL{-6KzKQR>* -zA}kdo{MtXi^_lPUKI=U`x#dhG*Hq0w(L%415E=fPT+(I2*knx96tO2RVnnVP6o! -Yuz#WfEX)Cqd!b_JHzYppZsXhk08nC8%>V!Z +zcmZ{h&q@P9490)c+S-aI5sy;vvU_Q@zJNDRg0GP6pLJnzm(8jyqImJO9m&jAO2J$* +zUouI)FDV`F(?Na)-+*%!4p*j800&HPQub!GAKKk?`eW@cA62YAU; +zGfCPuRke!oA6K{rh7kv!Ny7-(i7=gYuhah3Qir^3+f4&uw(Vor!))Yqug8R`C4plj +z2|PrH7;)gF$F}2n&qqW8HZ4}3Wm&+>9Oto_jmF3zffXT%>V!Z literal 0 HcmV?d00001 diff --git a/SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch b/SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch index e821357..8571e28 100644 --- a/SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch +++ b/SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch @@ -155,7 +155,7 @@ new file mode 100644 index 0000000000000000000000000000000000000000..f1bf3229effc982c8b129182fe60739efe3c5013 GIT binary patch literal 157 -mcmd1#|DTC5gMmSS0SHWtK_neOii>$FgGM4Akdcw0DF6TjSP;el +ncmd1#|DTC5gMmSSfq{X+#27@<0i?K?r!r_H;sF^M8JYqB1XvKp literal 0 HcmV?d00001 @@ -165,11 +165,11 @@ new file mode 100644 index 0000000000000000000000000000000000000000..c975f906eef521a3cfac5627c8b371ee55aa0e6c GIT binary patch literal 534 -zcmcJL!Ab-%42J(Y?m8o$d;nSS(q4Ae_Yi!A47)oFEOwaGU5e<<_x8`!K@h}~fslMn -zn)c7Z!M!`6y9Pc0I2S?0hHh3l#W~|szZ;Ct$XAT}7+V?FCpm1RoiBemuU&_Ys%S@7 -zdCkYS>{AZe=OjL~Ie67zrCwgdYud(O^J==RG>!dpXFS^tlZIX@tK0h@{D4MV@hJsW -zyR)R1zXEs6tHM*H04&I}2-7)y>9oEVCxw(Vn{LBxXmJ)=frMcRdZlJ-~v -b#4gh=OPF@NW^U~wGO=l?@b9nvy +zbyXi6?%hFm2_JxS5eIB2RXODpc<6V7O-`J00qkRJWn90=VH<6}{AFIdj*Y5lr=lva +z`S~sTltcD8i4ScKUNsoi%aeFb+Zar*24tma>>s=0q|_DA0EJmy-~PaNG}?+!DX7|y +z<(F5u0jh$h-pa@VIEJvC!<^IJ4Khr;?9*<9X}8_usA08m`c0#zF%md4lfZpxh#3dY +VXKXiK&wfN?!j`4_|80LCm`{c%O;`W` literal 0 HcmV?d00001 diff --git a/SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch b/SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch index 9567ea9..407ecae 100644 --- a/SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch +++ b/SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch @@ -34,7 +34,7 @@ new file mode 100644 index 0000000000000000000000000000000000000000..2ae1a8715a12c65fba27d8e60216112a99b0ace7 GIT binary patch literal 93 -wcmd1FDP>|PH8L_f3B<@i03SeB2xg~!`?q0o*WZ8t85|PH8L_fX@m*{@Bvh%Mn*PAeqj{pplqVrYQgbfcytC +jcmd1#|DTDG;s1Xo1_lO(c?v8H3=HXv3>t|^Wtsv2fcytC literal 0 HcmV?d00001 diff --git a/SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch b/SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch index c3ccf71..169126a 100644 --- a/SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch +++ b/SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch @@ -80,7 +80,7 @@ new file mode 100644 index 0000000000000000000000000000000000000000..26262e1149825a114a89bf9cee5aeca0be463984 GIT binary patch literal 41 -rcmd1#|DTC5gMmSS0SHWtIT#p03*W&P&W-;Q0Fg|9>Elfq|V9OfmRED27Bi2!jjC2Wn-| -z17hYPAOVtNW-Ml42GVKy`9P9^ffdMS1=8h-IVt%J91NTwNgyEFV4&K>#6$*=MMgl( -r%#fH?l1eMv=;=K=_yi-CK!KUB2_%6r0c0u^mlS2@rGxk|0FGY(dwVLU +zcmchUu?oUK5JcZ{1TU6;fM{uB;eYrM3o%g$ImiX)V?0R#5Vll9?G!=D#<3h|~BOx{^q#obLyFdn%^@ literal 0 HcmV?d00001 diff --git a/SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch b/SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch index cd69663..0a389c5 100644 --- a/SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch +++ b/SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch @@ -21,7 +21,7 @@ new file mode 100644 index 0000000000000000000000000000000000000000..aa0c6ff7f7b6d2e3fa4358716ee1d05ba74cefc0 GIT binary patch literal 89 -scmc~65Y0yx#SOrwlxYe80GQ+)G5`Po literal 0 HcmV?d00001 diff --git a/SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch b/SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch index 0cd8d72..6153663 100644 --- a/SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch +++ b/SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch @@ -31,10 +31,10 @@ new file mode 100644 index 0000000000000000000000000000000000000000..5faf3308e7ac9c14d66422169e74ba8c05ad7319 GIT binary patch literal 534 -zcmd5(y$ZrW3{L#Rf|Cy*1sA)t;uE+zxcCZJw53qIqj#v2xH$UGez{(yI63-3NWO$5 -zU+!uqzB5rdCwdYQvnEi=V1glA8o?i`lMy}upTQSe=c-Assy=GTr+lHv=4$0!Vy$EX -z_LzYX&1*Ob(W(=vPGKsxuBpzYaDn6&un5*x;uk`Xz?Yk^O%qgGJ(zdDcVvfrZh#J#KqBnmZV7$7gz6+mv?!& +z_r8>Z+y(L}JOL4n04rKVV(0^h;#ApAPYe?v(>hgka#iI~+kPS!#wJzEriqR5!xnpp +zfC|>MWu~=`Ej0qv+%$D@&clT5&44k`GV@p9{C%cE)0c{}2$`*K@IKT2AZ~5ElR}@e}O; +pcmc~{Vqj!oU|>jp`TxHd0|Ns)V==>j2ng-#xmY$WCw2;m3ji$f6YT&1 literal 0 HcmV?d00001 diff --git a/SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch b/SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch index 0d32c08..19129cf 100644 --- a/SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch +++ b/SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch @@ -487,8 +487,8 @@ new file mode 100644 index 0000000000000000000000000000000000000000..48757cba682ffddd5a1ddd8988bb8bcdc7db0a7a GIT binary patch literal 71 -zcmZQ&~H%CV8@000zh4^IF9 literal 0 HcmV?d00001 diff --git a/SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch b/SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch index 14c1223..4ead262 100644 --- a/SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch +++ b/SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch @@ -18,7 +18,7 @@ index 0000000000000000000000000000000000000000..424ae5cb010aa519758e6af90cc98179 GIT binary patch literal 1847 zcmXps(lIeJ&@nVNGBPkSGqo_&(Y4MjX0aSiiycD2<{NiEaQE6vG)izFLb8I!RBU7XSc|I~Vl; literal 0 HcmV?d00001 diff --git a/SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch b/SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch index ee63a32..ed6b67d 100644 --- a/SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch +++ b/SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch @@ -17,8 +17,8 @@ new file mode 100644 index 0000000000000000000000000000000000000000..19887a1fec9fc29b1f7da8a2d1c5ea5054f2bc02 GIT binary patch literal 112 -zcmXpq)Zrxx80r}680lCOP-~&{)k?wIfGehgOM!tQroxI#0Z63Aa4DF?03ibx03hxS -A82|tP +zcmXpq)Zrxx80r}680lCOP-~&{)k?wIfGehgOM!tQroxI#A*RAAHHJ&UB*rAhgn +Date: Thu, 25 Apr 2024 15:00:33 +0200 +Subject: [PATCH] ci: update actions/upload-artifact to `v4` + +`v3` will be deprecated soon, so update to `v4`. + +https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/ + +rhel-only + +Related: RHEL-32494 +--- + .github/workflows/gather-metadata.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml +index f432f41811..08ad813971 100644 +--- a/.github/workflows/gather-metadata.yml ++++ b/.github/workflows/gather-metadata.yml +@@ -22,7 +22,7 @@ jobs: + uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1 + + - name: Upload artifact with gathered metadata +- uses: actions/upload-artifact@v3 ++ uses: actions/upload-artifact@v4 + with: + name: pr-metadata + path: ${{ steps.Metadata.outputs.metadata-file }} diff --git a/SOURCES/1015-ci-drop-unused-variable.patch b/SOURCES/1015-ci-drop-unused-variable.patch new file mode 100644 index 0000000..9e5d909 --- /dev/null +++ b/SOURCES/1015-ci-drop-unused-variable.patch @@ -0,0 +1,24 @@ +From 72040693da79d7ef3d1f210866ee1f651b720247 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 25 Apr 2024 16:31:18 +0200 +Subject: [PATCH] ci: drop unused variable + +rhel-only + +Related: RHEL-32494 +--- + .github/workflows/deploy-man-pages.yml | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml +index 9da38a1687..c65c9b62ee 100644 +--- a/.github/workflows/deploy-man-pages.yml ++++ b/.github/workflows/deploy-man-pages.yml +@@ -37,7 +37,6 @@ jobs: + + - name: Install dependencies + run: | +- RELEASE="$(lsb_release -cs)" + sudo add-apt-repository -y --no-update --enable-source + sudo apt-get -y update + sudo apt-get -y build-dep systemd diff --git a/SOURCES/1016-ci-reduce-ASLR-entropy.patch b/SOURCES/1016-ci-reduce-ASLR-entropy.patch new file mode 100644 index 0000000..70a2091 --- /dev/null +++ b/SOURCES/1016-ci-reduce-ASLR-entropy.patch @@ -0,0 +1,30 @@ +From df87420725157953268ed099c3c97989288db1fa Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 13 Mar 2024 12:13:23 +0100 +Subject: [PATCH] ci: reduce ASLR entropy + +The latest GH Action runners started using 32-bit entropy for ASLR, +which makes it incompatible with llvm-14. This was fixed in later llvm +releases, but these aren't available on Ubuntu Jammy (22.04). Let's +reduce the ASLR entropy to 28-bit, which should make llvm happy again, +until the issue is resolved. + +See: actions/runner-images#9491 +--- + .github/workflows/unit_tests.yml | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml +index f397e8ed6e..814e17b6bf 100644 +--- a/.github/workflows/unit_tests.yml ++++ b/.github/workflows/unit_tests.yml +@@ -18,6 +18,9 @@ jobs: + steps: + - name: Repository checkout + uses: actions/checkout@v1 ++ # FIXME: drop once https://github.com/actions/runner-images/issues/9491 is resolved ++ - name: Reduce ASLR entropy ++ run: sudo sysctl -w vm.mmap_rnd_bits=28 + - name: Install build dependencies + run: sudo -E .github/workflows/unit_tests.sh SETUP + - name: Build & test (${{ env.CENTOS_RELEASE }} / ${{ matrix.phase }}) diff --git a/SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch b/SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch new file mode 100644 index 0000000..62c80c8 --- /dev/null +++ b/SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch @@ -0,0 +1,89 @@ +From a4e0b7ab90c8bc6ecb7bd883f19e5a5834ae9058 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 13 Mar 2024 12:41:17 +0100 +Subject: [PATCH] test: skip the symlink part of test_touch_file() in GH + Actions + +Our (RHEL 8) touch_file() is not clever enough and does chmod() on a +symlink, which fails with EOPNOTSUPP on newer kernels. This is not an +issue on the RHEL 8 kernel, where doing chmod() on a symlink works +(albeit only on tmpfs) but in GH Actions we run in a container, and with +the underlying kernel doing chmod() on a symlink fails even on tmpfs: + +RHEL 8: +~# mount -t tmpfs tmpfs /tmp +~# (cd /tmp; ln -s symlink dangling; ln -s /etc/os-release symlink) +~# (cd /var/tmp; ln -s symlink dangling; ln -s /etc/os-release symlink) +~# gcc -o main main.c -D_GNU_SOURCE +~# ./main /tmp/dangling +chmod(/proc/self/fd/3)=0 (0) +~# ./main /tmp/symlink +chmod(/proc/self/fd/3)=0 (0) +~# ./main /var/tmp/dangling +chmod(/proc/self/fd/3)=-1 (95) +~# ./main /var/tmp/symlink +chmod(/proc/self/fd/3)=-1 (95) + +Newer kernel: +~# uname -r +6.7.4-200.fc39.x86_64 +~# ./main /tmp/dangling +chmod(/proc/self/fd/3)=-1 (95) +~# ./main /tmp/symlink +chmod(/proc/self/fd/3)=-1 (95) +~# ./main /var/tmp/dangling +chmod(/proc/self/fd/3)=-1 (95) +~# ./main /var/tmp/symlink +chmod(/proc/self/fd/3)=-1 (95) + +Backporting the necessary patches would be way too risky so late in the +RHEL 8 cycle, so let's just skip the offending test when running in GH +Actions. To do that we have to jump through a couple of hoops, since +RHEL 8 systemd can't detect docker. Oh well. + +See: #434 + +RHEL-only +--- + src/test/test-fs-util.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index aa32629f62..a3428f8c0d 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -15,6 +15,7 @@ + #include "stdio-util.h" + #include "string-util.h" + #include "strv.h" ++#include "tests.h" + #include "user-util.h" + #include "util.h" + #include "virt.h" +@@ -544,15 +545,17 @@ static void test_touch_file(void) { + assert_se(timespec_load(&st.st_mtim) == test_mtime); + } + +- a = strjoina(p, "/lnk"); +- assert_se(symlink("target", a) >= 0); +- assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0); +- assert_se(lstat(a, &st) >= 0); +- assert_se(st.st_uid == test_uid); +- assert_se(st.st_gid == test_gid); +- assert_se(S_ISLNK(st.st_mode)); +- assert_se((st.st_mode & 0777) == 0640); +- assert_se(timespec_load(&st.st_mtim) == test_mtime); ++ if (!streq_ptr(ci_environment(), "github-actions")) { ++ a = strjoina(p, "/lnk"); ++ assert_se(symlink("target", a) >= 0); ++ assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0); ++ assert_se(lstat(a, &st) >= 0); ++ assert_se(st.st_uid == test_uid); ++ assert_se(st.st_gid == test_gid); ++ assert_se(S_ISLNK(st.st_mode)); ++ assert_se((st.st_mode & 0777) == 0640); ++ assert_se(timespec_load(&st.st_mtim) == test_mtime); ++ } + } + + static void test_unlinkat_deallocate(void) { diff --git a/SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch b/SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch new file mode 100644 index 0000000..79df883 --- /dev/null +++ b/SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch @@ -0,0 +1,53 @@ +From dd794489f97baf760d03b32e4e3188b5af799436 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 7 Sep 2022 17:37:34 +0200 +Subject: [PATCH] core: add possibility to not track certain unit types + +(cherry picked from commit 88e4bfa62bd2561e04a90dc009e7a3865e0878fb) + +Related: RHEL-5877 +--- + src/core/unit.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/core/unit.c b/src/core/unit.c +index d3459dcdd0..ac960ef0c8 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -18,6 +18,7 @@ + #include "dbus-unit.h" + #include "dbus.h" + #include "dropin.h" ++#include "env-util.h" + #include "escape.h" + #include "execute.h" + #include "fd-util.h" +@@ -4786,11 +4787,28 @@ int unit_setup_dynamic_creds(Unit *u) { + } + + bool unit_type_supported(UnitType t) { ++ static int8_t cache[_UNIT_TYPE_MAX] = {}; /* -1: disabled, 1: enabled: 0: don't know */ ++ int r; ++ + if (_unlikely_(t < 0)) + return false; + if (_unlikely_(t >= _UNIT_TYPE_MAX)) + return false; + ++ if (cache[t] == 0) { ++ char *e; ++ ++ e = strjoina("SYSTEMD_SUPPORT_", unit_type_to_string(t)); ++ ++ r = getenv_bool(ascii_strupper(e)); ++ if (r < 0 && r != -ENXIO) ++ log_debug_errno(r, "Failed to parse $%s, ignoring: %m", e); ++ ++ cache[t] = r == 0 ? -1 : 1; ++ } ++ if (cache[t] < 0) ++ return false; ++ + if (!unit_vtable[t]->supported) + return true; + diff --git a/SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch b/SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch new file mode 100644 index 0000000..6178f71 --- /dev/null +++ b/SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch @@ -0,0 +1,50 @@ +From c87954f7ee7859524c60e6ca724c68b0a35e26ce Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 12 Dec 2023 19:03:39 +0100 +Subject: [PATCH] logind: don't setup idle session watch for lock-screen and + greeter + +Reason to skip the idle session logic for these session classes is that +they are idle by default. + +(cherry picked from commit 508b4786e8592e82eb4832549f74aaa54335d14c) + +Resolves: RHEL-19215 +--- + man/logind.conf.xml | 9 +++++---- + src/login/logind-session.c | 2 +- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/man/logind.conf.xml b/man/logind.conf.xml +index 56981c1837..6cb41b6955 100644 +--- a/man/logind.conf.xml ++++ b/man/logind.conf.xml +@@ -343,10 +343,11 @@ + StopIdleSessionSec= + + Specifies a timeout in seconds, or a time span value after which +- systemd-logind checks the idle state of all sessions. Every session that is idle for +- longer then the timeout will be stopped. Defaults to infinity +- (systemd-logind is not checking the idle state of sessions). For details about the syntax +- of time spans, see ++ systemd-logind checks the idle state of all sessions. Every session that is idle ++ for longer than the timeout will be stopped. Note that this option doesn't apply to ++ greeter or lock-screen sessions. Defaults to ++ infinity (systemd-logind is not checking the idle state ++ of sessions). For details about the syntax of time spans, see + systemd.time7. + + +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index 4edc4b9b88..57b9696d1d 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -713,7 +713,7 @@ static int session_setup_stop_on_idle_timer(Session *s) { + + assert(s); + +- if (s->manager->stop_idle_session_usec == USEC_INFINITY) ++ if (s->manager->stop_idle_session_usec == USEC_INFINITY || IN_SET(s->class, SESSION_GREETER, SESSION_LOCK_SCREEN)) + return 0; + + r = sd_event_add_time_relative( diff --git a/SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch b/SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch new file mode 100644 index 0000000..815b32c --- /dev/null +++ b/SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch @@ -0,0 +1,47 @@ +From 77a215ecaca4e927a3465ac5f502d5873ef942ef Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 4 Jan 2024 13:40:00 +0100 +Subject: [PATCH] logind: tighten for which classes of sessions we do + stop-on-idle + +We only want to do this for fully set up, interactive sessions, i.e. +user and user-early, but not for any others, hence restrict the rules a +bit. + +Follow-up for: 508b4786e8592e82eb4832549f74aaa54335d14c + +(cherry picked from commit ad23439eae718ac3634f260be0d29e01445983a8) + +Related: RHEL-19215 +--- + src/login/logind-session.c | 2 +- + src/login/logind-session.h | 3 +++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index 57b9696d1d..9ec7bd3344 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -713,7 +713,7 @@ static int session_setup_stop_on_idle_timer(Session *s) { + + assert(s); + +- if (s->manager->stop_idle_session_usec == USEC_INFINITY || IN_SET(s->class, SESSION_GREETER, SESSION_LOCK_SCREEN)) ++ if (s->manager->stop_idle_session_usec == USEC_INFINITY || !SESSION_CLASS_CAN_STOP_ON_IDLE(s->class)) + return 0; + + r = sd_event_add_time_relative( +diff --git a/src/login/logind-session.h b/src/login/logind-session.h +index 0557696761..955cd7de92 100644 +--- a/src/login/logind-session.h ++++ b/src/login/logind-session.h +@@ -26,6 +26,9 @@ typedef enum SessionClass { + _SESSION_CLASS_INVALID = -1 + } SessionClass; + ++/* Which sessions classes should be subject to stop-in-idle */ ++#define SESSION_CLASS_CAN_STOP_ON_IDLE(class) (IN_SET((class), SESSION_USER)) ++ + typedef enum SessionType { + SESSION_UNSPECIFIED, + SESSION_TTY, diff --git a/SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch b/SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch new file mode 100644 index 0000000..9272957 --- /dev/null +++ b/SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch @@ -0,0 +1,27 @@ +From 3aae10768d08007dc087306431da60f85087ae57 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 26 Jun 2024 13:16:27 +0200 +Subject: [PATCH] ci: point C8S containers to the Vault + +Temporarily point repos in C8S containers to the Vault (since C8S is +EOL), until we figure out a _proper_ solution. + +Related: RHEL-1087 +--- + .github/workflows/unit_tests.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh +index 3859433720..7cc7da164c 100755 +--- a/.github/workflows/unit_tests.sh ++++ b/.github/workflows/unit_tests.sh +@@ -138,6 +138,9 @@ for phase in "${PHASES[@]}"; do + + # Beautiful workaround for Fedora's version of Docker + sleep 1 ++ # FIXME?: Point C8S repos to the Vault, since C8S is EOL ++ $DOCKER_EXEC bash -xec "sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*" ++ $DOCKER_EXEC bash -xec "sed -i 's|#baseurl=http://mirror.centos.org|baseurl=https://vault.centos.org|g' /etc/yum.repos.d/CentOS-*" + $DOCKER_EXEC dnf makecache + # Install and enable EPEL + $DOCKER_EXEC dnf -q -y install epel-release dnf-utils "${ADDITIONAL_DEPS[@]}" diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 200c90d..efe04ca 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 239 -Release: 82%{?dist}.2 +Release: 82%{?dist}.3 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -1063,6 +1063,14 @@ Patch1010: 1010-pid1-by-default-make-user-units-inherit-their-umask-.patch Patch1011: 1011-pam-add-call-to-pam_umask.patch Patch1012: 1012-ci-deploy-systemd-man-to-GitHub-Pages.patch Patch1013: 1013-ci-src-git-update-list-of-supported-products.patch +Patch1014: 1014-ci-update-actions-upload-artifact-to-v4.patch +Patch1015: 1015-ci-drop-unused-variable.patch +Patch1016: 1016-ci-reduce-ASLR-entropy.patch +Patch1017: 1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch +Patch1018: 1018-core-add-possibility-to-not-track-certain-unit-types.patch +Patch1019: 1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch +Patch1020: 1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch +Patch1021: 1021-ci-point-C8S-containers-to-the-Vault.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1689,6 +1697,14 @@ fi %files tests -f .file-list-tests %changelog +* Thu Nov 07 2024 systemd maintenance team - 239-82.3 +- ci: update actions/upload-artifact to `v4` (RHEL-32494) +- ci: drop unused variable (RHEL-32494) +- core: add possibility to not track certain unit types (RHEL-5877) +- logind: don't setup idle session watch for lock-screen and greeter (RHEL-19215) +- logind: tighten for which classes of sessions we do stop-on-idle (RHEL-19215) +- ci: point C8S containers to the Vault (RHEL-1087) + * Tue Jul 23 2024 systemd maintenance team - 239-82.2 - spec: do not create symlink /etc/systemd/system/syslog.service (RHEL-13179)