systemd-252-50

Resolves: RHEL-3906,RHEL-56793,RHEL-59088,RHEL-5956,RHEL-70103

1091-journal-again-create-user-journals-for-users-with-hi.patch

@@ -0,0 +1,61 @@
+From abe0be8631e7a07ff542442a4a7433ebdfc85b87 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 9 Jan 2024 11:28:04 +0100
+Subject: [PATCH] journal: again create user journals for users with high uids
+
+This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d
+'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped
+in an additional check of uid_is_container(uid). The problem is that that change
+is not backwards-compatible at all and very hard for users to handle.
+There is no common agreement on mappings of high-range uids. Systemd declares
+ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/,
+but this is only a recent change and various sites allocated those ranges
+in a different way, in particular FreeIPA uses (used?) uids from this range
+for human users. On big sites with lots of users changing uids is obviously a
+hard problem. We generally assume that uids cannot be "freed" and/or changed
+and/or reused safely, so we shouldn't demand the same from others.
+
+This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN /
+SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing
+huge problems for existing systems with were created with a different
+definition and couldn't be easily updated. For that case, we added a
+configuration time switch and we now parse /etc/login.defs to actually use the
+value that is appropriate for the local system.
+
+Unfortunately, login.defs doesn't have a concept of container allocation ranges
+(and we don't have code to parse and use those nonexistent names either), so we
+can't tell users to adjust logind.defs to work around the changed definition.
+
+login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing,
+because they are used to define where the add allocations for subuids, which is
+generally a much smaller range. Maybe we should talk with other folks about
+the appropriate allocation ranges and define some new settings in login.defs.
+But this would require discussion and coordination with other projects first.
+
+Actualy, it seems that this change was needed at all. The code in the container
+does not log to the outside journal. It talks to its own journald, which does
+journal splitting using its internal logic based on shifted uids. So let's
+revert the change to fix user systems.
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
+
+Upstream PR: https://github.com/systemd/systemd/pull/30846
+
+rhel-only: bugfix
+
+Resolves: RHEL-70103
+---
+ src/basic/uid-alloc-range.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c
+index 8b3741e438..507ca8a17e 100644
+--- a/src/basic/uid-alloc-range.c
++++ b/src/basic/uid-alloc-range.c
+@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) {
+ 
+         /* Returns true if the specified UID shall get its data stored in the system journal. */
+ 
+-        return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid);
++        return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY;
+ }

1092-install-don-t-translate-unit-instances-to-paths-when.patch

@@ -0,0 +1,105 @@
+From e60e2e0344001483c85424698546e9465614befb Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 6 Dec 2023 16:24:21 +0100
+Subject: [PATCH] install: don't translate unit instances to paths when
+ reenabling them
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+For unit instances install_info_discover() returns path to the template,
+which then generates confusing errors when passed to
+do_unit_file_enable():
+
+~# build/systemctl --root=/tmp/systemctl-test.N9ysbz reenable templ1@two.service
+Unit name: templ1@two.service; p: /etc/systemd/system/templ1@.service
+Removed "/tmp/systemctl-test.N9ysbz/etc/systemd/system/services.target.wants/templ1@two.service".
+Failed to reenable templ1@.service, destination unit services.target is a non-template unit.
+
+This can also be seen with a different reproducer using getty@.service
+and a simple bind mount to / - there's no error this time, but it tries
+to create a symlink for the default instance (from DefaultInstance=tty1),
+which is also incorrect:
+
+~# SYSTEMD_LOG_LEVEL=debug systemctl --root /mnt/bindroot/ reenable getty@test.service
+Symlink /mnt/bindroot/etc/systemd/system/getty.target.wants/getty@tty1.service → /usr/lib/systemd/system/getty@.service already exists
+
+Follow-up to: 29a7c59abbe
+Resolves upstream issue #24740
+
+(cherry picked from commit fe6e0cfa19dd1de4ac599ae207182fd556adcfa7)
+
+Resolves: RHEL-5956
+---
+ src/shared/install.c          |  2 +-
+ test/test-systemctl-enable.sh | 30 +++++++++++++++++++++++++++++-
+ 2 files changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 8d4aa5ab2c..eaad368d1c 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -2875,7 +2875,7 @@ static int normalize_linked_files(
+                         return log_debug_errno(SYNTHETIC_ERRNO(EISDIR),
+                                                "Unexpected path to a directory \"%s\", refusing.", *a);
+ 
+-                if (!is_path(*a)) {
++                if (!is_path(*a) && !unit_name_is_valid(*a, UNIT_NAME_INSTANCE)) {
+                         r = install_info_discover(&ctx, lp, n, SEARCH_LOAD|SEARCH_FOLLOW_CONFIG_SYMLINKS, &i, NULL, NULL);
+                         if (r < 0)
+                                 log_debug_errno(r, "Failed to discover unit \"%s\", operating on name: %m", n);
+diff --git a/test/test-systemctl-enable.sh b/test/test-systemctl-enable.sh
+index 7d5667f297..a0a183e92b 100644
+--- a/test/test-systemctl-enable.sh
++++ b/test/test-systemctl-enable.sh
+@@ -97,7 +97,7 @@ test ! -e "$root/etc/systemd/system/test1-badalias.target"
+ test ! -e "$root/etc/systemd/system/test1-badalias.socket"
+ test -h "$root/etc/systemd/system/test1-goodalias2.service"
+ 
+-: '-------aliases in reeanble----------------------------------'
++: '-------aliases in reeanable----------------------------------'
+ ( ! "$systemctl" --root="$root" reenable test1 )
+ test -h "$root/etc/systemd/system/default.target.wants/test1.service"
+ test ! -e "$root/etc/systemd/system/test1-goodalias.service"
+@@ -246,6 +246,29 @@ islink "$root/etc/systemd/system/paths.target.wants/link1.path" "/link1.path"
+ islink "$root/etc/systemd/system/link1.path" "/link1.path"
+ islink "$root/etc/systemd/system/paths.target.wants/link1.path" "/link1.path"
+ 
++: '-------link instance and enable-------------------------------------'
++cat >"$root/link-instance@.service" <<EOF
++[Service]
++ExecStart=true
++[Install]
++WantedBy=services.target
++EOF
++
++"$systemctl" --root="$root" link '/link-instance@.service'
++islink "$root/etc/systemd/system/link-instance@.service" "/link-instance@.service"
++
++"$systemctl" --root="$root" enable 'link-instance@first.service'
++islink "$root/etc/systemd/system/link-instance@first.service" "/link-instance@.service"
++islink "$root/etc/systemd/system/services.target.wants/link-instance@first.service" "/link-instance@.service"
++
++SYSTEMD_LOG_LEVEL=debug "$systemctl" --root="$root" reenable 'link-instance@first.service'
++islink "$root/etc/systemd/system/link-instance@first.service" "/link-instance@.service"
++islink "$root/etc/systemd/system/services.target.wants/link-instance@first.service" "/link-instance@.service"
++
++"$systemctl" --root="$root" disable 'link-instance@first.service'
++test ! -h "$root/etc/systemd/system/link-instance@first.service"
++test ! -h "$root/etc/systemd/system/services.target.wants/link-instance@first.service"
++
+ : '-------manual link------------------------------------------'
+ cat >"$root/link3.suffix" <<EOF
+ [Install]
+@@ -314,6 +337,11 @@ test ! -h "$root/etc/systemd/system/services.target.wants/templ1@.service"
+ islink "$root/etc/systemd/system/services.target.wants/templ1@one.service" "/etc/systemd/system/templ1@.service"
+ islink "$root/etc/systemd/system/services.target.wants/templ1@two.service" "/etc/systemd/system/templ1@.service"
+ 
++"$systemctl" --root="$root" reenable 'templ1@two.service'
++test ! -h "$root/etc/systemd/system/services.target.wants/templ1@.service"
++islink "$root/etc/systemd/system/services.target.wants/templ1@one.service" "/etc/systemd/system/templ1@.service"
++islink "$root/etc/systemd/system/services.target.wants/templ1@two.service" "/etc/systemd/system/templ1@.service"
++
+ "$systemctl" --root="$root" disable 'templ1@one.service'
+ test ! -h "$root/etc/systemd/system/services.target.wants/templ1@.service"
+ test ! -h "$root/etc/systemd/system/services.target.wants/templ1@one.service"

1093-test-systemctl-enable-fix-typo.patch

@@ -0,0 +1,27 @@
+From ac5e85a76bd19211db88b7d924d9fe210fee4faf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 15 Dec 2023 16:01:35 +0100
+Subject: [PATCH] test-systemctl-enable: fix typo
+
+Follow-up for fe6e0cfa19dd1de4ac599ae207182fd556adcfa7.
+
+(cherry picked from commit 88cc9cc7bc0d12b2a424cc8e88fc8699efc3ed04)
+
+Related: RHEL-5956
+---
+ test/test-systemctl-enable.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/test-systemctl-enable.sh b/test/test-systemctl-enable.sh
+index a0a183e92b..7d82c38613 100644
+--- a/test/test-systemctl-enable.sh
++++ b/test/test-systemctl-enable.sh
+@@ -97,7 +97,7 @@ test ! -e "$root/etc/systemd/system/test1-badalias.target"
+ test ! -e "$root/etc/systemd/system/test1-badalias.socket"
+ test -h "$root/etc/systemd/system/test1-goodalias2.service"
+ 
+-: '-------aliases in reeanable----------------------------------'
++: '-------aliases in reenable----------------------------------'
+ ( ! "$systemctl" --root="$root" reenable test1 )
+ test -h "$root/etc/systemd/system/default.target.wants/test1.service"
+ test ! -e "$root/etc/systemd/system/test1-goodalias.service"

1094-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch

@@ -0,0 +1,44 @@
+From b29215773c179d29cbd009fa5dbe608537842eee Mon Sep 17 00:00:00 2001
+From: Chengen Du <chengen.du@canonical.com>
+Date: Mon, 12 Aug 2024 11:41:52 +0800
+Subject: [PATCH] udev: Handle PTP device symlink properly on udev action
+ 'change'
+
+PTP device symlink creation rules are currently executed only when the
+udev action is 'add'. If a user reloads the rules and runs the udevadm
+trigger command to reapply changes, the symlink may be deleted, which
+can prevent the chronyd service from restarting properly.
+
+Signed-off-by: Chengen Du <chengen.du@canonical.com>
+(cherry picked from commit 6bd12be3fa7761f190e17efdbdbff4440da7528b)
+
+Resolves: RHEL-59088
+---
+ rules.d/50-udev-default.rules.in | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
+index ab29f6a17f..3543a0ee0d 100644
+--- a/rules.d/50-udev-default.rules.in
++++ b/rules.d/50-udev-default.rules.in
+@@ -21,6 +21,9 @@ ENV{MODALIAS}!="", IMPORT{builtin}="hwdb --subsystem=$env{SUBSYSTEM}"
+ 
+ SUBSYSTEM=="net", IMPORT{builtin}="net_driver"
+ 
++SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
++SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
++
+ ACTION!="add", GOTO="default_end"
+ 
+ SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
+@@ -109,10 +112,6 @@ KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node
+ 
+ KERNEL=="udmabuf", GROUP="kvm"
+ 
+-SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK += "ptp_kvm"
+-
+-SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
+-
+ SUBSYSTEM!="dmi", GOTO="dmi_end"
+ ENV{ID_SYS_VENDOR_IS_RUBBISH}!="1", ENV{ID_VENDOR}="$attr{sys_vendor}"
+ ENV{ID_SYSFS_ATTRIBUTE_MODEL}=="", ENV{ID_PRODUCT_NAME_IS_RUBBISH}!="1", ENV{ID_MODEL}="$attr{product_name}"

1095-systemctl-print-warning-about-missing-proc-only-as-d.patch

@@ -0,0 +1,26 @@
+From 79d0bc06110b46171990990afb5e1cdd56920324 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 6 Jan 2025 10:44:25 +0100
+Subject: [PATCH] systemctl: print warning about missing /proc only as debug
+ message
+
+rhel-only: bugfix
+
+Resolves: RHEL-3906
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 3f2b0029ca..883a5b75f4 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -1156,7 +1156,7 @@ static int run(int argc, char *argv[]) {
+                 goto finish;
+ 
+         if (proc_mounted() == 0)
+-                log_full(arg_no_warn ? LOG_DEBUG : LOG_WARNING,
++                log_full(LOG_DEBUG,
+                          "%s%s/proc/ is not mounted. This is not a supported mode of operation. Please fix\n"
+                          "your invocation environment to mount /proc/ and /sys/ properly. Proceeding anyway.\n"
+                          "Your mileage may vary.",

1096-repart-avoid-use-of-uninitialized-TPM2B_PUBLIC-data.patch

@@ -0,0 +1,36 @@
+From 834137e727d27a0fa1247a5233db033a9074265b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 17 Oct 2023 16:45:52 +0100
+Subject: [PATCH] repart: avoid use of uninitialized TPM2B_PUBLIC data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The 'TPM2B public' struct is only initialized if the public key
+is non-NULL, however, it is unconditionally passed to
+tpm2_calculate_sealing_policy, resulting in use of uninitialized
+data. If the uninitialized data is lucky enough to be all zeroes,
+this results eventually results in an error message from
+tpm2_calculate_name about an unsupported nameAlg field value.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit a3ad5c3140b941d3703c63c902e58f4e2d295829)
+
+Resolves: RHEL-56793
+---
+ src/partition/repart.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/partition/repart.c b/src/partition/repart.c
+index eeb31a6160..5db931e7bc 100644
+--- a/src/partition/repart.c
++++ b/src/partition/repart.c
+@@ -3073,7 +3073,7 @@ static int partition_encrypt(
+                 }
+ 
+                 TPM2B_DIGEST policy = TPM2B_DIGEST_MAKE(NULL, TPM2_SHA256_DIGEST_SIZE);
+-                r = tpm2_calculate_sealing_policy(arg_tpm2_hash_pcr_values, arg_tpm2_n_hash_pcr_values, &public, /* use_pin= */ false, &policy);
++                r = tpm2_calculate_sealing_policy(arg_tpm2_hash_pcr_values, arg_tpm2_n_hash_pcr_values, pubkey ? &public : NULL, /* use_pin= */ false, &policy);
+                 if (r < 0)
+                         return log_error_errno(r, "Could not calculate sealing policy digest: %m");
+ 

systemd.spec

@@ -21,7 +21,7 @@
 Name:           systemd
 Url:            https://systemd.io
 Version:        252
-Release:        49%{?dist}
+Release:        50%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -1173,6 +1173,12 @@ Patch1087: 1087-hwdb-comment-out-the-entry-for-Logitech-MX-Keys-for-.patch
 Patch1088: 1088-60-sensor.hwdb-Loosen-model-mask-to-include-entire-s.patch
 Patch1089: 1089-Correct-ACCEL_MOUNT_MATRIX-for-Chuwi-Hi10-Max.patch
 Patch1090: 1090-hwdb-Add-macro-keys-for-HP-430-Programmable-Wireless.patch
+Patch1091: 1091-journal-again-create-user-journals-for-users-with-hi.patch
+Patch1092: 1092-install-don-t-translate-unit-instances-to-paths-when.patch
+Patch1093: 1093-test-systemctl-enable-fix-typo.patch
+Patch1094: 1094-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch
+Patch1095: 1095-systemctl-print-warning-about-missing-proc-only-as-d.patch
+Patch1096: 1096-repart-avoid-use-of-uninitialized-TPM2B_PUBLIC-data.patch
 
 # Downstream-only patches (9000–9999)
 
@@ -2050,6 +2056,14 @@ systemd-hwdb update &>/dev/null || :
 %{_prefix}/lib/dracut/modules.d/70rhel-net-naming-sysattrs/*
 
 %changelog
+* Tue Jan 14 2025 systemd maintenance team <systemd-maint@redhat.com> - 252-50
+- journal: again create user journals for users with high uids (RHEL-70103)
+- install: don't translate unit instances to paths when reenabling them (RHEL-5956)
+- test-systemctl-enable: fix typo (RHEL-5956)
+- udev: Handle PTP device symlink properly on udev action 'change' (RHEL-59088)
+- systemctl: print warning about missing /proc only as debug message (RHEL-3906)
+- repart: avoid use of uninitialized TPM2B_PUBLIC data (RHEL-56793)
+
 * Tue Jan 07 2025 systemd maintenance team <systemd-maint@redhat.com> - 252-49
 - logind: tighten for which classes of sessions we do stop-on-idle (RHEL-24340)
 - Fix configuration for Packit 1.0.0 (RHEL-70884)