Version 253~rc1

- See https://raw.githubusercontent.com/systemd/systemd/v253-rc1/NEWS - New subpackages: systemd-repart-standalone, systemd-shutdown-standalone, and systemd-ukify.
2023-01-25 00:16:28 +01:00 · 2023-01-25 00:16:28 +01:00 · 903ce887fd
commit 903ce887fd
parent a142c87042
11 changed files with 69 additions and 418 deletions
--- a/0001-pam-align-second-and-third-columns.patch
+++ b/0001-pam-align-second-and-third-columns.patch
@ -1,48 +0,0 @@
 From 9efb224443d819b7d64ec76cb94c8aa625a8abf2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 23 Nov 2022 16:05:48 +0100
 Subject: [PATCH 1/2] pam: align second and third columns
 In our template file, we have jinja2 template markers, so the file
 looks fairly messy. But once it's rendered, it looks pretty clean, except
 that the columns are unaligned becuase of "-" in some lines in the first
 column. Let's make them aligned.
 ---
 src/login/systemd-user.in | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)
 diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
 index 39bcbd71fe..d5597d28cb 100644
 --- a/src/login/systemd-user.in
 +++ b/src/login/systemd-user.in
@@ -4,18 +4,18 @@
 # Used by systemd --user instances.
 {% if ENABLE_HOMED %}
 --account sufficient pam_systemd_home.so
 +-account  sufficient pam_systemd_home.so
 {% endif %}
 -account sufficient pam_unix.so no_pass_expiry
 -account required pam_permit.so
 +account  sufficient pam_unix.so no_pass_expiry
 +account  required pam_permit.so
 {% if HAVE_SELINUX %}
 -session required pam_selinux.so close
 -session required pam_selinux.so nottys open
 +session  required pam_selinux.so close
 +session  required pam_selinux.so nottys open
 {% endif %}
 -session required pam_loginuid.so
 -session optional pam_keyinit.so force revoke
 +session  required pam_loginuid.so
 +session  optional pam_keyinit.so force revoke
 {% if ENABLE_HOMED %}
 --session optional pam_systemd_home.so
 +-session  optional pam_systemd_home.so
 {% endif %}
 -session optional pam_systemd.so
 +session  optional pam_systemd.so
 -- 
 2.38.1
--- a/0001-shared-install-Use-InstallChangeType-consistently.patch
+++ b/0001-shared-install-Use-InstallChangeType-consistently.patch
@ -1,37 +0,0 @@
 From 2fdd12acd5c69bc952d9ca4d5ad796e6e830d21b Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crodriguez@owncloud.com>
 Date: Fri, 11 Nov 2022 15:34:32 +0000
 Subject: [PATCH 1/5] shared|install: Use InstallChangeType consistently
 gcc 13 -Wenum-int-mismatch, enabled by default, reminds us enum ! = int
 (cherry picked from commit 9264db1a0ac6034ab5b40ef3f5914d8dc7d77aba)
 ---
 src/shared/install.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/shared/install.h b/src/shared/install.h
 index 9bb412ba06..0abc73897e 100644
 --- a/src/shared/install.h
 +++ b/src/shared/install.h
@@ -197,7 +197,7 @@ int unit_file_exists(LookupScope scope, const LookupPaths *paths, const char *na
 int unit_file_get_list(LookupScope scope, const char *root_dir, Hashmap *h, char **states, char **patterns);
 Hashmap* unit_file_list_free(Hashmap *h);
 -InstallChangeType install_changes_add(InstallChange **changes, size_t *n_changes, int type, const char *path, const char *source);
 +InstallChangeType install_changes_add(InstallChange **changes, size_t *n_changes, InstallChangeType type, const char *path, const char *source);
 void install_changes_free(InstallChange *changes, size_t n_changes);
 void install_changes_dump(int r, const char *verb, const InstallChange *changes, size_t n_changes, bool quiet);
@@ -224,7 +224,7 @@ UnitFileState unit_file_state_from_string(const char *s) _pure_;
 /* from_string conversion is unreliable because of the overlap between -EPERM and -1 for error. */
 const char *install_change_type_to_string(InstallChangeType t) _const_;
 -int install_change_type_from_string(const char *s) _pure_;
 +InstallChangeType install_change_type_from_string(const char *s) _pure_;
 const char *unit_file_preset_mode_to_string(UnitFilePresetMode m) _const_;
 UnitFilePresetMode unit_file_preset_mode_from_string(const char *s) _pure_;
 -- 
 2.39.1
--- a/0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch
+++ b/0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch
@ -1,34 +0,0 @@
 From b1b7667a44c4e8635b6d8dc070fb2446187fcdc5 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crodriguez@owncloud.com>
 Date: Fri, 11 Nov 2022 15:28:51 +0000
 Subject: [PATCH 2/5] journal-remote: code is of type enum
 MHD_RequestTerminationCode
 Fixes gcc 13 -Wenum-int-mismatch which are enabled by default.
 (cherry picked from commit aa70dd624bff6280ab6f2871f62d313bdb1e1bcc)
 ---
 src/journal-remote/microhttpd-util.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
 index 7e7d1b56b1..df18335469 100644
 --- a/src/journal-remote/microhttpd-util.h
 +++ b/src/journal-remote/microhttpd-util.h
@@ -64,11 +64,11 @@ void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0);
 int mhd_respondf(struct MHD_Connection *connection,
                  int error,
 -                 unsigned code,
 +                 enum MHD_RequestTerminationCode code,
                  const char *format, ...) _printf_(4,5);
 int mhd_respond(struct MHD_Connection *connection,
 -                unsigned code,
 +                enum MHD_RequestTerminationCode code,
                 const char *message);
 int mhd_respond_oom(struct MHD_Connection *connection);
 -- 
 2.39.1
--- a/0002-pam-add-a-call-to-pam_namespace.patch
+++ b/0002-pam-add-a-call-to-pam_namespace.patch
@ -1,41 +0,0 @@
 From 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 23 Nov 2022 16:09:56 +0100
 Subject: [PATCH 2/2] pam: add a call to pam_namespace
 A call to pam_namespace is required so that children of user@.service end up in
 a namespace as expected. pam_namespace gets called as part of the stack that
 creates a session (login, sshd, gdm, etc.) and those processes end up in a
 namespace, but it also needs to be called from our stack which is parallel and
 descends from pid1 itself.
 The call to pam_namespace is similar to the call to pam_keyinit that was added
 in ab79099d1684457d040ee7c28b2012e8c1ea9a4f. The pam stack for user@.service
 creates a new session which is disconnected from the parent environment. Both
 calls are not suitable for inclusion in the shared part of the stack (e.g.
@system-auth on Fedora/RHEL systems), because for example su/sudo/runuser
 should not include them.
 Fixes #17043 (Allow to execute user service into dedicated namespace
              if pam_namespace enabled)
 Related to https://bugzilla.redhat.com/show_bug.cgi?id=1861836
 (Polyinstantiation is ignored/bypassed in GNOME sessions)
 ---
 src/login/systemd-user.in | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
 index d5597d28cb..06f7e36458 100644
 --- a/src/login/systemd-user.in
 +++ b/src/login/systemd-user.in
@@ -15,6 +15,7 @@ session  required pam_selinux.so nottys open
 {% endif %}
 session  required pam_loginuid.so
 session  optional pam_keyinit.so force revoke
 +session  required pam_namespace.so
 {% if ENABLE_HOMED %}
 -session  optional pam_systemd_home.so
 {% endif %}
 -- 
 2.38.1
--- a/0003-pam-actually-align-the-columns.patch
+++ b/0003-pam-actually-align-the-columns.patch
@ -1,47 +0,0 @@
 From 369dfbf43a0064b70a774ccdd3dd1c1a09fd95ca Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 14 Dec 2022 22:23:31 +0100
 Subject: [PATCH 3/4] pam: actually align the columns
 In 9efb224443d819b7d64ec76cb94c8aa625a8abf2 was supposed to align
 them, but for some reason I just added a second space everywhere.
 ---
 src/login/systemd-user.in | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)
 diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
 index 06f7e36458..9a665bd959 100644
 --- a/src/login/systemd-user.in
 +++ b/src/login/systemd-user.in
@@ -4,19 +4,19 @@
 # Used by systemd --user instances.
 {% if ENABLE_HOMED %}
 --account  sufficient pam_systemd_home.so
 +-account sufficient pam_systemd_home.so
 {% endif %}
 account  sufficient pam_unix.so no_pass_expiry
 -account  required pam_permit.so
 +account  required   pam_permit.so
 {% if HAVE_SELINUX %}
 -session  required pam_selinux.so close
 -session  required pam_selinux.so nottys open
 +session  required   pam_selinux.so close
 +session  required   pam_selinux.so nottys open
 {% endif %}
 -session  required pam_loginuid.so
 -session  optional pam_keyinit.so force revoke
 -session  required pam_namespace.so
 +session  required   pam_loginuid.so
 +session  optional   pam_keyinit.so force revoke
 +session  required   pam_namespace.so
 {% if ENABLE_HOMED %}
 --session  optional pam_systemd_home.so
 +-session optional   pam_systemd_home.so
 {% endif %}
 -session  optional pam_systemd.so
 +session  optional   pam_systemd.so
 -- 
 2.38.1
--- a/0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch
+++ b/0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch
@ -1,31 +0,0 @@
 From ba5f7915d25a400f0651bc9e8546a3ec6a738eaa Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crodriguez@owncloud.com>
 Date: Fri, 11 Nov 2022 15:31:18 +0000
 Subject: [PATCH 3/5] resolve: dns_server_feature_level_*_string type is
 DnsServerFeatureLevel
 gcc 13 -Wenum-int-mismatch reminds us that enum != int
 (cherry picked from commit e14afe31c3e8380496dc85b57103b2f648bc7d43)
 ---
 src/resolve/resolved-dns-server.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h
 index be9efb0a79..f939b534c3 100644
 --- a/src/resolve/resolved-dns-server.h
 +++ b/src/resolve/resolved-dns-server.h
@@ -44,8 +44,8 @@ typedef enum DnsServerFeatureLevel {
 #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO)
 #define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO)
 -const char* dns_server_feature_level_to_string(int i) _const_;
 -int dns_server_feature_level_from_string(const char *s) _pure_;
 +const char* dns_server_feature_level_to_string(DnsServerFeatureLevel i) _const_;
 +DnsServerFeatureLevel dns_server_feature_level_from_string(const char *s) _pure_;
 struct DnsServer {
         Manager *manager;
 -- 
 2.39.1
--- a/0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch
+++ b/0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch
@ -1,104 +0,0 @@
 From 34b9eddfc12936917fab000b780a451d6277c2b4 Mon Sep 17 00:00:00 2001
 From: Siddhesh Poyarekar <siddhesh@gotplt.org>
 Date: Tue, 13 Dec 2022 16:54:36 -0500
 Subject: [PATCH 4/5] Use dummy allocator to make accesses defined as per
 standard
 systemd uses malloc_usable_size() everywhere to use memory blocks
 obtained through malloc, but that is abuse since the
 malloc_usable_size() interface isn't meant for this kind of use, it is
 for diagnostics only.  This is also why systemd behaviour is flaky when
 built with _FORTIFY_SOURCE.
 One way to make this more standard (and hence safer) is to, at every
 malloc_usable_size() call, also 'reallocate' the block so that the
 compiler can see the larger size.  This is done through a dummy
 reallocator whose only purpose is to tell the compiler about the larger
 usable size, it doesn't do any actual reallocation.
 Florian Weimer pointed out that this doesn't solve the problem of an
 allocator potentially growing usable size at will, which will break the
 implicit assumption in systemd use that the value returned remains
 constant as long as the object is valid.  The safest way to fix that is
 for systemd to step away from using malloc_usable_size() like this.
 Resolves #22801.
 (cherry picked from commit 7929e180aa47a2692ad4f053afac2857d7198758)
 ---
 src/basic/alloc-util.c |  4 ++++
 src/basic/alloc-util.h | 38 ++++++++++++++++++++++++++++----------
 2 files changed, 32 insertions(+), 10 deletions(-)
 diff --git a/src/basic/alloc-util.c b/src/basic/alloc-util.c
 index b030f454b2..6063943c88 100644
 --- a/src/basic/alloc-util.c
 +++ b/src/basic/alloc-util.c
@@ -102,3 +102,7 @@ void* greedy_realloc0(
         return q;
 }
 +
 +void *expand_to_usable(void *ptr, size_t newsize _unused_) {
 +        return ptr;
 +}
 diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
 index b38db7d473..eb53aae6f3 100644
 --- a/src/basic/alloc-util.h
 +++ b/src/basic/alloc-util.h
@@ -2,6 +2,7 @@
 #pragma once
 #include <alloca.h>
 +#include <malloc.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
@@ -184,17 +185,34 @@ void* greedy_realloc0(void **p, size_t need, size_t size);
 #  define msan_unpoison(r, s)
 #endif
 -/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), in a way that
 - * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the
 - * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of
 - * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by
 - * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the
 - * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory,
 - * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
 - * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner
 - * case. */
 +/* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the
 + * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be
 + * a static inline because gcc then loses the attributes on the function.
 + * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */
 +void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_;
 +
 +static inline size_t malloc_sizeof_safe(void **xp) {
 +        if (_unlikely_(!xp || !*xp))
 +                return 0;
 +
 +        size_t sz = malloc_usable_size(*xp);
 +        *xp = expand_to_usable(*xp, sz);
 +        /* GCC doesn't see the _returns_nonnull_ when built with ubsan, so yet another hint to make it doubly
 +         * clear that expand_to_usable won't return NULL.
 +         * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79265 */
 +        if (!*xp)
 +                assert_not_reached();
 +        return sz;
 +}
 +
 +/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), which may
 + * return a value larger than the size that was actually allocated. Access to that additional memory is
 + * discouraged because it violates the C standard; a compiler cannot see that this as valid. To help the
 + * compiler out, the MALLOC_SIZEOF_SAFE macro 'allocates' the usable size using a dummy allocator function
 + * expand_to_usable. There is a possibility of malloc_usable_size() returning different values during the
 + * lifetime of an object, which may cause problems, but the glibc allocator does not do that at the moment. */
 #define MALLOC_SIZEOF_SAFE(x) \
 -        MIN(malloc_usable_size(x), __builtin_object_size(x, 0))
 +        malloc_sizeof_safe((void**) &__builtin_choose_expr(__builtin_constant_p(x), (void*) { NULL }, (x)))
 /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items
  * that fit into the specified memory block */
 -- 
 2.39.1
--- a/0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch
+++ b/0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch
@ -1,48 +0,0 @@
 From e998c9d7c1a52ab02ff6e9c363c1cfe0b76cd6f4 Mon Sep 17 00:00:00 2001
 From: Siddhesh Poyarekar <siddhesh@gotplt.org>
 Date: Sat, 7 Jan 2023 19:30:32 -0500
 Subject: [PATCH 5/5] alloc-util: Disallow inlining of expand_to_usable
 Explicitly set __attribute__ ((noinline)) so that the compiler does not
 attempt to inline expand_to_usable, even with LTO.
 (cherry picked from commit 4f79f545b3c46c358666c9f5f2b384fe50aac4b4)
 ---
 src/basic/alloc-util.h              | 7 ++++---
 src/fundamental/macro-fundamental.h | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)
 diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
 index eb53aae6f3..bf783b15a2 100644
 --- a/src/basic/alloc-util.h
 +++ b/src/basic/alloc-util.h
@@ -186,10 +186,11 @@ void* greedy_realloc0(void **p, size_t need, size_t size);
 #endif
 /* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the
 - * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be
 - * a static inline because gcc then loses the attributes on the function.
 + * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute.  This must not
 + * be inlined (hence a non-static function with _noinline_ because LTO otherwise tries to inline it) because
 + * gcc then loses the attributes on the function.
  * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */
 -void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_;
 +void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_ _noinline_;
 static inline size_t malloc_sizeof_safe(void **xp) {
         if (_unlikely_(!xp || !*xp))
 diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
 index c11a5b15f4..e73174a593 100644
 --- a/src/fundamental/macro-fundamental.h
 +++ b/src/fundamental/macro-fundamental.h
@@ -20,6 +20,7 @@
 #define _hidden_ __attribute__((__visibility__("hidden")))
 #define _likely_(x) (__builtin_expect(!!(x), 1))
 #define _malloc_ __attribute__((__malloc__))
 +#define _noinline_ __attribute__((noinline))
 #define _noreturn_ _Noreturn
 #define _packed_ __attribute__((__packed__))
 #define _printf_(a, b) __attribute__((__format__(printf, a, b)))
 -- 
 2.39.1
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (systemd-252.4.tar.gz) = 007165a6ca0563e2fc9834179d502d3d5497c9d1b93c92a009f31a2e0d4a0b154bfa57eaf52b0c94243e09123b8184036a69c145be6efaa4baaffe687c1fd28e
+SHA512 (systemd-253-rc1.tar.gz) = aaf0a6bf21bbc50a42015c9cb17f69d1aaf6cab6cabfba5140a94212fb864e38d638dace9a70447f62b4d2a817a0d3bd6f4ae8d9b3c2e741cdeb1cb332f70b65
--- a/split-files.py
+++ b/split-files.py
@ -17,6 +17,7 @@ def files(root):
 o_libs = open('.file-list-libs', 'w')
 o_udev = open('.file-list-udev', 'w')
 o_ukify = open('.file-list-ukify', 'w')
 o_boot = open('.file-list-boot', 'w')
 o_pam = open('.file-list-pam', 'w')
 o_rpm_macros = open('.file-list-rpm-macros', 'w')
@ -27,8 +28,10 @@ o_oomd_defaults = open('.file-list-oomd-defaults', 'w')
 o_remote = open('.file-list-remote', 'w')
 o_resolve = open('.file-list-resolve', 'w')
 o_tests = open('.file-list-tests', 'w')
 o_standalone_repart = open('.file-list-standalone-repart', 'w')
 o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
 o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
 o_standalone_shutdown = open('.file-list-standalone-shutdown', 'w')
 o_main = open('.file-list-main', 'w')
 for file in files(buildroot):
    n = file.path[1:]
@ -53,12 +56,27 @@ for file in files(buildroot):
                    /var(/cache|/log|/lib|/run|)$
    ''', n, re.X):
        continue
-    if '/security/pam_' in n or '/man8/pam_' in n:
+
    if n.endswith('.standalone'):
        if 'repart' in n:
            o = o_standalone_repart
        elif 'tmpfiles' in n:
            o = o_standalone_tmpfiles
        elif 'sysusers' in n:
            o = o_standalone_sysusers
        elif 'shutdown' in n:
            o = o_standalone_shutdown
        else:
            assert False, 'Found .standalone not belonging to known packages'
    elif '/security/pam_' in n or '/man8/pam_' in n:
        o = o_pam
    elif '/rpm/' in n:
        o = o_rpm_macros
    elif '/usr/lib/systemd/tests' in n:
        o = o_tests
    elif 'ukify' in n:
        o = o_ukify
    elif re.search(r'/libsystemd-(shared|core)-.*\.so$', n):
        o = o_main
    elif re.search(r'/libcryptsetup-token-systemd-.*\.so$', n):
@ -160,14 +178,6 @@ for file in files(buildroot):
    elif re.search(r'10-oomd-.*defaults.conf|lib/systemd/oomd.conf.d', n, re.X):
        o = o_oomd_defaults
    elif n.endswith('.standalone'):
        if 'tmpfiles' in n:
            o = o_standalone_tmpfiles
        elif 'sysusers' in n:
            o = o_standalone_sysusers
        else:
            assert False, 'Found .standalone not belonging to known packages'
    else:
        o = o_main
--- a/systemd.spec
+++ b/systemd.spec
@ -1,7 +1,7 @@
 #global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
-%global stable 1
+#global stable 1
 # We ship a .pc file but don't want to have a dep on pkg-config. We
 # strip the automatically generated dep here and instead co-own the
@ -30,7 +30,7 @@
 Name:           systemd
 Url:            https://systemd.io
 %if %{without inplace}
-Version:        252.4
+Version:        253~rc1
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@ -88,15 +88,6 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 # than in the next section. Packit CI will drop any patches in this range before
 # applying upstream pull requests.
 Patch0001:      0001-pam-align-second-and-third-columns.patch
 Patch0002:      0002-pam-add-a-call-to-pam_namespace.patch
 Patch0003:      0003-pam-actually-align-the-columns.patch
 Patch0011:      0001-shared-install-Use-InstallChangeType-consistently.patch
 Patch0012:      0002-journal-remote-code-is-of-type-enum-MHD_RequestTermi.patch
 Patch0013:      0003-resolve-dns_server_feature_level_-_string-type-is-Dn.patch
 Patch0014:      0004-Use-dummy-allocator-to-make-accesses-defined-as-per-.patch
 Patch0015:      0005-alloc-util-Disallow-inlining-of-expand_to_usable.patch
 # Those are downstream-only patches, but we don't want them in packit builds:
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
@ -160,8 +151,13 @@ BuildRequires:  gawk
 BuildRequires:  tree
 BuildRequires:  hostname
 BuildRequires:  python3
-BuildRequires:  python3dist(lxml)
+BuildRequires:  python3-devel
 BuildRequires:  python3dist(jinja2)
 BuildRequires:  python3dist(lxml)
 BuildRequires:  python3dist(pefile)
 BuildRequires:  python3dist(pillow)
 BuildRequires:  python3dist(zstd)
 # gzip and lzma are provided by the stdlib
 BuildRequires:  firewalld-filesystem
 %if 0%{?have_gnu_efi}
 BuildRequires:  gnu-efi gnu-efi-devel
@ -357,6 +353,16 @@ It also contains tools to manage encrypted home areas and secrets bound to the
 machine, and to create or grow partitions and make file systems automatically.
 %if 0%{?have_gnu_efi}
 %package ukify
 Summary:        Tool to build Unified Kernel Images
 Requires:       %{name} = %{version}-%{release}
 BuildArch:      noarch
 %description ukify
 This package provides ukify, a script that combines a kernel image, an initrd,
 with a command line, and possibly PCR measurements and other metadata, into a
 Unified Kernel Image (UKI).
 %package boot-unsigned
 Summary: UEFI boot manager (unsigned version)
@ -458,25 +464,45 @@ License:       LGPLv2+
 "Installed tests" that are usually run as part of the build system. They can be
 useful to test systemd internals.
 %package standalone-repart
 Summary:       Standalone systemd-repart binary for use on systems without systemd
 Provides:      %{name}-tmpfiles = %{version}-%{release}
 RemovePathPostfixes: .standalone
 %description standalone-repart
 Standalone systemd-repart binary with no dependencies on the systemd-shared library or
 other libraries from systemd-libs. This package conflicts with the main systemd
 package and is meant for use on systems without systemd.
 %package standalone-tmpfiles
-Summary:       Standalone tmpfiles binary for use in non-systemd systems
+Summary:       Standalone systemd-tmpfiles binary for use on systems without systemd
 Provides:      %{name}-tmpfiles = %{version}-%{release}
 RemovePathPostfixes: .standalone
 %description standalone-tmpfiles
-Standalone tmpfiles binary with no dependencies on the systemd-shared library or
+Standalone systemd-tmpfiles binary with no dependencies on the systemd-shared library or
 other libraries from systemd-libs. This package conflicts with the main systemd
-package and is meant for use in non-systemd systems.
+package and is meant for use on systems without systemd.
 %package standalone-sysusers
-Summary:       Standalone sysusers binary for use in non-systemd systems
+Summary:       Standalone systemd-sysusers binary for use on systems without systemd
 Provides:      %{name}-sysusers = %{version}-%{release}
 RemovePathPostfixes: .standalone
 %description standalone-sysusers
-Standalone sysusers binary with no dependencies on the systemd-shared library or
+Standalone systemd-sysusers binary with no dependencies on the systemd-shared library or
 other libraries from systemd-libs. This package conflicts with the main systemd
-package and is meant for use in non-systemd systems.
+package and is meant for use on systems without systemd.
 %package standalone-shutdown
 Summary:       Standalone systemd-shutdown binary for use on systems without systemd
 Provides:      %{name}-sysusers = %{version}-%{release}
 RemovePathPostfixes: .standalone
 %description standalone-shutdown
 Standalone systemd-shutdown binary with no dependencies on the systemd-shared library or
 other libraries from systemd-libs. This package conflicts with the main systemd
 package and is meant for use in exitrds.
 %prep
 %autosetup -n %{?commit:%{name}%{?stable:-stable}-%{commit}}%{!?commit:%{name}%{?stable:-stable}-%{version_no_tilde}} -p1
@ -1025,6 +1051,7 @@ fi
 %files udev -f .file-list-udev
 %if 0%{?have_gnu_efi}
 %files ukify -f .file-list-ukify
 %files boot-unsigned -f .file-list-boot
 %endif
@ -1039,9 +1066,13 @@ fi
 %files tests -f .file-list-tests
 %files standalone-repart -f .file-list-standalone-repart
 %files standalone-tmpfiles -f .file-list-standalone-tmpfiles
 %files standalone-sysusers -f .file-list-standalone-sysusers
 %files standalone-shutdown -f .file-list-standalone-shutdown
 %changelog
 %autochangelog
`@ -1 +1 @@`
	`SHA512 (systemd-252.4.tar.gz) = 007165a6ca0563e2fc9834179d502d3d5497c9d1b93c92a009f31a2e0d4a0b154bfa57eaf52b0c94243e09123b8184036a69c145be6efaa4baaffe687c1fd28e`	`SHA512 (systemd-253-rc1.tar.gz) = aaf0a6bf21bbc50a42015c9cb17f69d1aaf6cab6cabfba5140a94212fb864e38d638dace9a70447f62b4d2a817a0d3bd6f4ae8d9b3c2e741cdeb1cb332f70b65`