.gitignore

@@ -1 +1 @@
-SOURCES/systemtap-4.7.tar.gz
+SOURCES/systemtap-4.9.tar.gz

.systemtap.metadata

@@ -1 +1 @@
-fc943fc3233b111fd80c9cbd063859dc1b699dcb SOURCES/systemtap-4.7.tar.gz
+7ba2ad579a5ba66ccfd36ad6df0896c9e136f9e9 SOURCES/systemtap-4.9.tar.gz

SOURCES/pr30749.patch

@@ -0,0 +1,99 @@
+commit 9839db5514a29cf4f58b3de8cc6155088be6d061
+gpg: Signature made Sat 12 Aug 2023 02:49:26 PM EDT
+gpg:                using RSA key 5D38116FA4D3A7CC77E378D37E83610126DCC2E8
+gpg: Good signature from "Frank Ch. Eigler <fche@elastic.org>" [full]
+Author: Frank Ch. Eigler <fche@redhat.com>
+Date:   Sat Aug 12 14:28:44 2023 -0400
+
+    PR30749: correct stap --sign-module timing
+    
+    Previous code signed the temp directory copy, after it had already
+    been copied into the cache -- so the signature never made it to a
+    permanent artifact.
+    
+    If the module was being fetched from the cache from a previous build
+    run, a sign (re)attempt will still be done.  This may not be
+    necessary, but shouldn't be harmful.
+    
+    Reported-By: Renaud Métrich <rmetrich@redhat.com>
+
+diff --git a/main.cxx b/main.cxx
+index 06adb66ad..9f695cbd8 100644
+--- a/main.cxx
++++ b/main.cxx
+@@ -1190,8 +1190,10 @@ passes_0_4 (systemtap_session &s)
+ 		  s.mok_fingerprints.clear();
+ 		  s.mok_fingerprints.push_back(mok_fingerprint);
+ 		}
+-	      rc =
+-		sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
++              if (s.verbose)
++                clog << _F("Signing %s with mok key %s", s.module_filename().c_str(), mok_path.c_str())
++                     << endl;
++	      rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
+ 	    }
+ #endif
+ 
+@@ -1310,8 +1312,30 @@ passes_0_4 (systemtap_session &s)
+       if (! s.use_script_cache && s.last_pass <= 4)
+         s.save_module = true;
+ 
++#if HAVE_NSS
++      // PR30749
++      if (!rc && s.module_sign_given)
++        {
++          // when run on client as --sign-module, mok fingerprints are result of mokutil -l
++          // when run from server as --sign-module=PATH, mok fingerprint is given by PATH
++          string mok_path;
++          if (!s.module_sign_mok_path.empty())
++            {
++              string mok_fingerprint;
++              split_path (s.module_sign_mok_path, mok_path, mok_fingerprint);
++              s.mok_fingerprints.clear();
++              s.mok_fingerprints.push_back(mok_fingerprint);
++            }
++          
++          if (s.verbose)
++            clog << _F("Signing %s with mok key %s", s.module_filename().c_str(), mok_path.c_str())
++                 << endl;
++          rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
++        }
++#endif
++      
+       // Copy module to the current directory.
+-      if (s.save_module && !pending_interrupts)
++      if (!rc && s.save_module && !pending_interrupts)
+         {
+ 	  string module_src_path = s.tmpdir + "/" + s.module_filename();
+ 	  string module_dest_path = s.module_filename();
+@@ -1327,29 +1351,11 @@ passes_0_4 (systemtap_session &s)
+         }
+     }
+   
+-#if HAVE_NSS
+-  if (s.module_sign_given)
+-    {
+-      // when run on client as --sign-module, mok fingerprints are result of mokutil -l
+-      // when run from server as --sign-module=PATH, mok fingerprint is given by PATH
+-      string mok_path;
+-      if (!s.module_sign_mok_path.empty())
+-	{
+-	  string mok_fingerprint;
+-	  split_path (s.module_sign_mok_path, mok_path, mok_fingerprint);
+-	  s.mok_fingerprints.clear();
+-	  s.mok_fingerprints.push_back(mok_fingerprint);
+-	}
+-
+-      rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
+-    }
+-#endif
+-  
+   PROBE1(stap, pass4__end, &s);
+ 
+   return rc;
+ }
+-
++ 
+ int
+ pass_5 (systemtap_session &s, vector<remote*> targets)
+ {

SOURCES/rhbz2223733.patch

@@ -0,0 +1,24 @@
+commit ead30c04c7157fec194c0f6d81e5c51c99bf25cf
+gpg: Signature made Wed 24 May 2023 10:23:54 AM EDT
+gpg:                using RSA key 5D38116FA4D3A7CC77E378D37E83610126DCC2E8
+gpg: Good signature from "Frank Ch. Eigler <fche@elastic.org>" [full]
+Author: Frank Ch. Eigler <fche@redhat.com>
+Date:   Wed May 24 10:22:08 2023 -0400
+
+    PR30484: stap-report: scrape less of /sys /proc
+    
+    Mainly: avoid process/busy parts like /proc/$pid.
+
+diff --git a/stap-report b/stap-report
+index 217ddf840..3b3a1a258 100755
+--- a/stap-report
++++ b/stap-report
+@@ -105,7 +105,7 @@ elif [ -f /var/log/packages ]; then
+   run "cat /var/log/packages | egrep 'systemtap|elfutils|kernel|gcc|dyninst|java|byteman|avahi|nss|nspr|dejagnu' | sort -k9"
+ fi
+ run "egrep 'PROBE|RANDOMIZE|RELOC|TRACE|MARKER|KALLSYM|_DEBUG_|LOCKDEP|LOCKING|MODULE|FENTRY|_SIG|BPF' /lib/modules/`uname -r`/build/.config | grep -v not.set | sort | fmt -w 80"
+-run "find /debugfs /proc /sys /dev /sys/kernel/debug -type f -path '*kprobe*' -o -path '*yama*' 2>/dev/null | xargs grep -H ."
++run "find /debugfs /proc/sys /sys/kernel /dev -type f -path '*kprobe*' -o -path '*yama*' 2>/dev/null | xargs grep -H ."
+ run "lsmod"
+ run "avahi-browse -r -t _stap._tcp"
+ run "ifconfig -a"

SOURCES/rhbz2223735.patch

@@ -0,0 +1,64 @@
+commit ab0c5c25509600b7c9cecc9e10baebc984082b50
+gpg: Signature made Fri 12 May 2023 11:18:18 AM EDT
+gpg:                using RSA key 5D38116FA4D3A7CC77E378D37E83610126DCC2E8
+gpg: Good signature from "Frank Ch. Eigler <fche@elastic.org>" [full]
+Author: Frank Ch. Eigler <fche@redhat.com>
+Date:   Fri May 12 11:13:45 2023 -0400
+
+    PR30442: failing optional statement probes should not trigger pass2 exceptions
+    
+    In tapsets.cxx, query_cu() and query_module() aggressively caught &
+    sess-print_error'd semantic_errors from subsidiary call sites.  They
+    are unaware of whether the probe in question is being resolved within
+    an optional (? or !) context.  Instead of this, they now simply let
+    the exceptions propagate out to derive_probes() or similar, which does
+    know whether exceptions are errors in that context.  That means
+    exceptions can propagate through elfutils iteration machinery too,
+    perhaps risking C level memory leaks, but so be it.
+    
+    This fix goes well beyond statement probes per se, but hand-testing
+    and the testsuite appear not to show regressions related to this.
+    
+    Added semok/badstmt.exp to test.
+
+diff --git a/tapsets.cxx b/tapsets.cxx
+index 859160bc5..7b7107371 100644
+--- a/tapsets.cxx
++++ b/tapsets.cxx
+@@ -2453,8 +2453,9 @@ query_cu (Dwarf_Die * cudie, dwarf_query * q)
+     }
+   catch (const semantic_error& e)
+     {
+-      q->sess.print_error (e);
+-      return DWARF_CB_ABORT;
++      // q->sess.print_error (e);
++      throw;
++      // return DWARF_CB_ABORT;
+     }
+ }
+ 
+@@ -2696,8 +2697,9 @@ query_module (Dwfl_Module *mod,
+     }
+   catch (const semantic_error& e)
+     {
+-      q->sess.print_error (e);
+-      return DWARF_CB_ABORT;
++      // q->sess.print_error (e);
++      // return DWARF_CB_ABORT;
++      throw;
+     }
+ }
+ 
+diff --git a/testsuite/semok/stmtbad.stp b/testsuite/semok/stmtbad.stp
+new file mode 100755
+index 000000000..06780790a
+--- /dev/null
++++ b/testsuite/semok/stmtbad.stp
+@@ -0,0 +1,7 @@
++#! /bin/sh
++
++exec stap -v -p2 -e 'probe oneshot {log("nothing") }
++                     probe process.statement("main@*:1")? { log("yo") }' -c stap
++
++# The optional misaddressed statement probe should let stap still
++# succeed with the oneshot probe.

SPECS/systemtap.spec

@@ -20,7 +20,11 @@
 %{!?with_bpf: %global with_bpf 0%{?fedora} >= 22 || 0%{?rhel} >= 8}
 %{!?with_systemd: %global with_systemd 0%{?fedora} >= 19 || 0%{?rhel} >= 7}
 %{!?with_emacsvim: %global with_emacsvim 0%{?fedora} >= 19 || 0%{?rhel} >= 7}
+%ifarch %{ix86}
+%{!?with_java: %global with_java 0}
+%else
 %{!?with_java: %global with_java 0%{?fedora} >= 19 || 0%{?rhel} >= 7}
+%endif
 %{!?with_debuginfod: %global with_debuginfod 0%{?fedora} >= 25 || 0%{?rhel} >= 7}
 %{!?with_virthost: %global with_virthost 0%{?fedora} >= 19 || 0%{?rhel} >= 7}
 %{!?with_virtguest: %global with_virtguest 1}
@@ -117,8 +121,9 @@ m     stapdev  stapdev
 
 
 Name: systemtap
-Version: 4.7
-Release: 1%{?release_override}%{?dist}
+# PRERELEASE
+Version: 4.9
+Release: 3%{?release_override}%{?dist}
 # for version, see also configure.ac
 
 
@@ -137,6 +142,7 @@ Release: 1%{?release_override}%{?dist}
 # systemtap-runtime-virtguest udev rules, init scripts/systemd service, req:-runtime
 # systemtap-runtime-python2 HelperSDT python2 module, req:-runtime
 # systemtap-runtime-python3 HelperSDT python3 module, req:-runtime
+# systemtap-jupyter      /usr/bin/stap-jupyter-* interactive-notebook req:systemtap
 #
 # Typical scenarios:
 #
@@ -154,6 +160,12 @@ License: GPLv2+
 URL: http://sourceware.org/systemtap/
 Source: ftp://sourceware.org/pub/systemtap/releases/systemtap-%{version}.tar.gz
 
+Patch1: rhbz2223733.patch
+Patch2: rhbz2223735.patch
+Patch3: pr29108.patch
+Patch4: pr30749.patch
+
+
 # Build*
 BuildRequires: make
 BuildRequires: gcc-c++
@@ -232,9 +244,6 @@ BuildRequires: python3
 BuildRequires: python3-devel
 BuildRequires: python3-setuptools
 %endif
-%if %{with_specific_python}
-BuildRequires: /usr/bin/pathfix.py
-%endif
 
 %if %{with_httpd}
 BuildRequires: libmicrohttpd-devel
@@ -569,10 +578,26 @@ This package installs the services necessary on a virtual machine for a
 systemtap-runtime-virthost machine to execute systemtap scripts.
 %endif
 
+%if %{with_python3} && %{with_monitor}
+%package jupyter
+Summary: ISystemtap jupyter kernel and examples
+License: GPLv2+
+URL: http://sourceware.org/systemtap/
+Requires: systemtap = %{version}-%{release}
+
+%description jupyter
+This package includes files needed to build and run
+the interactive systemtap Jupyter kernel, either locally
+or within a container.
+%endif
 # ------------------------------------------------------------------------
 
 %prep
 %setup -q
+%patch -P1 -p1
+%patch -P2 -p1
+%patch -P3 -p1
+%patch -P4 -p1
 
 %build
 
@@ -676,6 +701,11 @@ make %{?_smp_mflags} V=1
 
 %install
 make DESTDIR=$RPM_BUILD_ROOT install
+
+%if ! (%{with_python3})
+rm -v $RPM_BUILD_ROOT%{_bindir}/stap-profile-annotate
+%endif
+
 %find_lang %{name}
 for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
     dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
@@ -813,7 +843,7 @@ done
 
 %if %{with_specific_python}
 # Some files got ambiguous python shebangs, we fix them after everything else is done
-pathfix.py -pni "%{__python3} %{py3_shbang_opts}" %{buildroot}%{python3_sitearch} %{buildroot}%{_bindir}/*
+%py3_shebang_fix %{buildroot}%{python3_sitearch} %{buildroot}%{_bindir}/*
 %endif
 
 %pre runtime
@@ -868,7 +898,8 @@ if [ ! -f ~stap-server/.systemtap/rc ]; then
   numcpu=`/usr/bin/getconf _NPROCESSORS_ONLN`
   if [ -z "$numcpu" -o "$numcpu" -lt 1 ]; then numcpu=1; fi
   nproc=`expr $numcpu \* 30`
-  echo "--rlimit-as=614400000 --rlimit-cpu=60 --rlimit-nproc=$nproc --rlimit-stack=1024000 --rlimit-fsize=51200000" > ~stap-server/.systemtap/rc
+  # PR29661 -> 4G
+  echo "--rlimit-as=4294967296 --rlimit-cpu=60 --rlimit-nproc=$nproc --rlimit-stack=1024000 --rlimit-fsize=51200000" > ~stap-server/.systemtap/rc
   chown stap-server:stap-server ~stap-server/.systemtap/rc
 fi
 
@@ -1078,7 +1109,9 @@ exit 0
 %files devel -f systemtap.lang
 %{_bindir}/stap
 %{_bindir}/stap-prep
+%if %{with_python3}
 %{_bindir}/stap-profile-annotate
+%endif
 %{_bindir}/stap-report
 %dir %{_datadir}/systemtap
 %{_datadir}/systemtap/runtime
@@ -1266,6 +1299,15 @@ exit 0
 %{_sbindir}/stap-exporter
 %endif
 
+%if %{with_python3} && %{with_monitor}
+%files jupyter
+%{_bindir}/stap-jupyter-container
+%{_bindir}/stap-jupyter-install
+%{_mandir}/man1/stap-jupyter.1*
+%dir %{_datadir}/systemtap
+%{_datadir}/systemtap/interactive-notebook
+%endif
+
 # ------------------------------------------------------------------------
 
 # Future new-release entries should be of the form
@@ -1275,6 +1317,28 @@ exit 0
 
 # PRERELEASE
 %changelog
+* Mon Aug 14 2023 Frank Ch. Eigler <fche@redhat.com> - 4.9-3
+- rhbz2231619
+- rhbz2095359
+
+* Tue Jul 18 2023 Frank Ch. Eigler <fche@redhat.com> - 4.9-2
+- rhbz2223733 = rhbz2211288
+- rhbz2223735 = rhbz2223739
+
+* Fri Apr 28 2023 Frank Ch. Eigler <fche@redhat.com> - 4.9-1
+- Upstream release, see wiki page below for detailed notes.
+  https://sourceware.org/systemtap/wiki/SystemTapReleases
+
+* Fri Dec 23 2022 Frank Ch. Eigler <fche@redhat.com> - 4.8-2
+- rhbz2156092 = rhbz1997192
+- rhbz2145241 = rhbz2145242
+- rhbz2156093 = rhbz2149223
+- rhbz2156095 = rhbz2149666
+- rhbz2156094 = rhbz2154430
+
+* Thu Nov 03 2022 Frank Ch. Eigler <fche@redhat.com> - 4.8-1
+- Upstream release.
+
 * Mon May 02 2022 Stan Cox <scox@redhat.com> - 4.7-1
 - Upstream release, see wiki page below for detailed notes.
   https://sourceware.org/systemtap/wiki/SystemTapReleases