* Wed Dec 07 2022 fbui@suse.com
- Fix systemd-coredump to not allow user to access coredumps with changed
uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
Add 5000-coredump-Fix-format-string-type-mismatch.patch
Add 5001-coredump-drop-an-unused-variable.patch
Add 5002-coredump-adjust-whitespace.patch
Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
* Mon Dec 05 2022 fbui@suse.com
- Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e
4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
f70647a7b7 udev/net_id: add debug logging for construction of device names
48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857)
7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously
dba888a4d3 pid1: watch bus name always when we have it
f524807b89 udev: add one more assertion
8558101c73 udev: drop assertion which is always false
566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
b4c4edaada tests: minor simplification in test-execute
76d510c625 tests: make test-execute pass on openSUSE
- Drop the following patches which are part of 'SUSE/v246' now:
6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
* Mon Nov 21 2022 mwilck@suse.com
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
Also update the rule files to make use of the "CONST{arch}" syntax (available
since v244).
* Thu Nov 03 2022 fbui@suse.com
- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
8a70235d8a core: Add trigger limit for path units
93e544f3a0 core/mount: also add default before dependency for automount mount units
5916a7748c logind: fix crash in logind on user-specified message string
* Mon Oct 10 2022 fbui@suse.com
- Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)
* Tue Aug 16 2022 fbui@suse.com
- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
To decrease log level of messages about use of KillMode=none from warning to
debug. SAP still uses this deprecated option and the warnings emitted by PID1
confuse both SAP customers and support.
* Wed Jul 20 2022 fbui@suse.com
- Import commit e7211d27e1bd26b976aa74ff620cc22a0267b5b8
1300e134a0 tmpfiles: check the directory we were supposed to create, not its parent
e4bb32dc65 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
d8d0c083bd logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
* Thu Jun 09 2022 fbui@suse.com
- Import commit 0fb88066f5fa4695467e930559776cc3444773ec
90740ae2aa string-util: explicitly cast character to unsigned
ca1455c5b9 string-util: fix build error on aarch64
c0829f98fc basic/escape: escape control characters, but not utf-8, in shell quoting
387a2e1fbf basic/string-util: simplify how str_realloc() is used
cdc4d55d22 basic/string-util: inline iterator variable declarations
d435514c85 basic/string-util: split out helper function
bdbc4faff5 basic/escape: always escape newlines in shell_escape()
3eb13063d1 basic/escape: add mode where empty arguments are still shown as ""
08fd20d8fb Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
ec07c1c46c basic/escape: use consistent location for "*" in function declarations
074e1b622e Allow control characters in environment variable values (bsc#1200170)
44e419dcb0 Revert "basic/env-util: (mostly) follow POSIX for what variable names are allowed"
d5756f6f71 test-env-util: Verify that \r is disallowed in env var values
d02bac33d3 basic/env-util: make function shorter
c68d5f0ba6 basic/env-util: (mostly) follow POSIX for what variable names are allowed
887c150a04 test-env-util: print function headers
* Wed Jun 08 2022 fbui@suse.com
- Import commit 40960e1ccb15071355fd3ee922877ef51f34bdbc
e6354ebb34 core/device: device_coldplug(): don't set DEVICE_DEAD
b593249c00 core/device: do not downgrade device state if it is already enumerated
7b47b3c306 core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570)
912c07c281 core/device: drop unnecessary condition
* Fri May 27 2022 thomas.blume@suse.com
- fix parsing error in s390 udev rules conversion script (bsc#1198732)
Version: 246.16-150300.7.42.1
* Wed Mar 23 2022 fbui@suse.com
- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE
* Thu Mar 17 2022 fbui@suse.com
- Fix the default target when it's been incorrectly set to one of the runlevel
targets (bsc#1196567)
The script 'upgrade-from-pre-210.sh' used to initialize the default target
during migration from sysvinit to systemd. However it created symlinks to
runlevel targets, which are deprecated. If such symlinks are found the script
now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one. In
most cases it will do the right thing anyway.
* Thu Mar 17 2022 fbui@suse.com
- Import commit 117e7b96f8e8c63a9eec3459147f5352015a6d08
3a395b156d Don't open /var journals in volatile mode when runtime_journal==NULL
1cd65c15e4 udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
3ee9953dd4 man: tweak description of auto/noauto (bsc#1191502)
6cfeacbf86 shared/install: ignore failures for auxiliary files
37083278ed install: make UnitFileChangeType enum anonymous
0a02185526 shared/install: reduce scope of iterator variables
86c55bde7f systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
* Thu Mar 17 2022 thomas.blume@suse.com
- update s390 udev rules conversion script to include the case when
the legacy rule was also 41-* (bsc#1195247)
* change scripts-udev-convert-rules.sh
* Thu Feb 03 2022 fbui@suse.com
- Import commit 773652879446a81689c39aea23a486627992409b
a76263ced9 meson: allow extra net naming schemes to be defined during configuration
301bf4f1bf meson: drop the list of valid net naming schemes
b89924793d netif-naming: inline one iterator variable
da4a4df29c udev: fix potential memleak
d60486bf1b udev: allow onboard index up to 65535
ac2baecc84 udev: use snprintf_ok()
8aad315c7c udev: fix potential infinite loop
471ea73eb0 udev: make dev_pci_slot() return earlier when PCI bridge is found
69b7c9a6bd udev: use uint32_t for hotplug_slot
cdd0e89c0e udev: split out logic of parsing s390 PCI slots
84e1a91baa udev: it is not necessary that the path is readable
03548e8d0e udev: add missing initialization to fix freeing invalid address
772f964bf6 udev: fix slot based network names on s390
c5071cf699 tree-wide: fix typo
06640d06df net_id: fix newly added naming scheme name
58f9592f1f udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637)
df9e240c92 udev/net_id: parse _SUN ACPI index as a signed integer
cfcaddfa74 localectl: don't omit keymaps files that are symlinks (bsc#1191826)
- Add in quarantine 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
Add in quarantine 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
* Fri Jan 28 2022 fbui@suse.com
- Import commit 6a96632f26f20a68578f9d620a593ceab2a0e3b6
c4aa40982c shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178)
ae13ea6511 shared/rm_rf: refactor rm_rf() to shorten code a bit
3266d7f5c8 shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
- Drop 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
Drop 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
Drop 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
They have been merged into 'SUSE/v246' branch.
* Wed Jan 26 2022 fbui@suse.com
- resolved: disable DNSSEC until the following issue is solved:
https://github.com/systemd/systemd/issues/10579
- resolved: disable fallback DNS servers and fail when no DNS server info could
be obtained from the links. It's better to let the sysadmin know that
something is likely misconfigured rather than silently handing over the DNS
queries to Google or Cloudflare.
- resolved: DNSSEC support (build) requires openssl therefore document this
build dependency in systemd-network sub-package.
* Mon Jan 10 2022 fbui@suse.com
- Add 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (bsc#1193086)
* Thu Jan 06 2022 fbui@suse.com
- Added patches to fix CVE-2021-3997 (bsc#1194178)
5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
These patches will be moved to the git repo once the bug will become
public.
* Thu Jan 06 2022 fbui@suse.com
- Import commit 3850086c6580291188fe574ad37c8026012894fb
c0505cbb8d tmpfiles: 'st' may have been used uninitialized
d3f7c9e806 macro: add new helper RET_NERRNO()
4a95baa5de rm-rf: optionally fsync() after removing directory tree
dd8137a589 rm-rf: refactor rm_rf_children(), split out body of directory iteration loop
3f8765ed2c rm-rf: fstatat() might fail if containing dir has limited access mode, patch that too
87d39407b7 btrfs-util: add helper that abstracts "might be btrfs subvol?" check
71ed335c7a rm-rf: add new flag REMOVE_CHMOD
611376f830 rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
All these commits except the last one (611376f830) are preparation for
CVE-2021-3997.
- Drop 0001-rules-don-t-ignore-Xen-interfaces-anymore.patch
It's been merged in the git repo (commit 611376f830).