systemd-249.11-150400.6.8

- Call pam_loginuid when creating user@.service (bsc#1198507)
  It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d.

- Import commit 2bc0b2c447319a9156e7c5a18fe971f946554a6b
  6256b14446 test: adapt install_pam() for openSUSE
  3ea5b7e295 test: add test checking tmpfiles conf file precedence
  e63e641ee8 test tmpfiles: add a test for 'w+'
  b531758614 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
  ea98492c53 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails
- Move coredumpctl completion files into systemd-coredump sub-package.

- Import commit e62acb68de9bccfa272bef98fe5b38effc37528a
  b70267d883 journald: make use of CLAMP() in cache_space_refresh()
  3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
  d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut
  05499d5a30 fs-util: fix typos in comments
  9f77c8fae1 journal-file: port journal_file_open() to openat_report_new()
  4d07c034da fs-util: add openat_report_new() wrapper around openat()
  258c04836d meson: build kernel-install man page when necessary
  23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set
  d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi
  98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093)
  9145684460 build: include status of TPM2 in the feature string show by --version

- spec: make sure /lib exists when installing conf files in /lib/modprobe.d

- spec: enable 'efi' support regardless of whether sd_boot is enabled or not
  We should support EFI systems even if systemd-boot is not enabled.

- Import commit 5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c (merge of v249.11)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/23b6a8633186a2b5b2487621c81ec7e7bb068db1...5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c

- Import commit 23b6a8633186a2b5b2487621c81ec7e7bb068db1
  f19292f18d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
  3349f636dc man: tweak description of auto/noauto (bsc#1191502)

- Fix the default target when it's been incorrectly set to one of the runlevel
  targets (bsc#1196567)
  The script 'upgrade-from-pre-210.sh' used to initialize the default target
  during migration from sysvinit to systemd. However it created symlinks to
  runlevel targets, which are deprecated and might be missing when
  systemd-sysvcompat package is not installed. If such symlinks are found the
  script now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
  let's use the default systemd target, which is the graphical.target one. In
  most cases it will do the right thing anyway.

- systemd.spec: minor simplification by assuming that %{bootstrap} is always
  defined.

- Fix systemd-coredump to not allow user to access coredumps with changed
  uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  Add 5000-coredump-Fix-format-string-type-mismatch.patch
  Add 5001-coredump-drop-an-unused-variable.patch
  Add 5002-coredump-adjust-whitespace.patch
  Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch

- Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e
  4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
  f70647a7b7 udev/net_id: add debug logging for construction of device names
  48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857)
  7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
  2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously
  dba888a4d3 pid1: watch bus name always when we have it
  f524807b89 udev: add one more assertion
  8558101c73 udev: drop assertion which is always false
  566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
  b4c4edaada tests: minor simplification in test-execute
  76d510c625 tests: make test-execute pass on openSUSE
- Drop the following patches which are part of 'SUSE/v246' now:
    6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
    6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch

- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
  Also update the rule files to make use of the "CONST{arch}" syntax (available
  since v244).

- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
  42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
  8a70235d8a core: Add trigger limit for path units
  93e544f3a0 core/mount: also add default before dependency for automount mount units
  5916a7748c logind: fix crash in logind on user-specified message string

- Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)

- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
  To decrease log level of messages about use of KillMode=none from warning to
  debug. SAP still uses this deprecated option and the warnings emitted by PID1
  confuse both SAP customers and support.

- Import commit e7211d27e1bd26b976aa74ff620cc22a0267b5b8
  1300e134a0 tmpfiles: check the directory we were supposed to create, not its parent
  e4bb32dc65 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
  d8d0c083bd logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)

- Import commit 0fb88066f5fa4695467e930559776cc3444773ec
  90740ae2aa string-util: explicitly cast character to unsigned
  ca1455c5b9 string-util: fix build error on aarch64
  c0829f98fc basic/escape: escape control characters, but not utf-8, in shell quoting
  387a2e1fbf basic/string-util: simplify how str_realloc() is used
  cdc4d55d22 basic/string-util: inline iterator variable declarations
  d435514c85 basic/string-util: split out helper function
  bdbc4faff5 basic/escape: always escape newlines in shell_escape()
  3eb13063d1 basic/escape: add mode where empty arguments are still shown as ""
  08fd20d8fb Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
  ec07c1c46c basic/escape: use consistent location for "*" in function declarations
  074e1b622e Allow control characters in environment variable values (bsc#1200170)
  44e419dcb0 Revert "basic/env-util: (mostly) follow POSIX for what variable names are allowed"
  d5756f6f71 test-env-util: Verify that \r is disallowed in env var values
  d02bac33d3 basic/env-util: make function shorter
  c68d5f0ba6 basic/env-util: (mostly) follow POSIX for what variable names are allowed
  887c150a04 test-env-util: print function headers

- Import commit 40960e1ccb15071355fd3ee922877ef51f34bdbc
  e6354ebb34 core/device: device_coldplug(): don't set DEVICE_DEAD
  b593249c00 core/device: do not downgrade device state if it is already enumerated
  7b47b3c306 core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570)
  912c07c281 core/device: drop unnecessary condition

- fix parsing error in s390 udev rules conversion script (bsc#1198732)

- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE

- Fix the default target when it's been incorrectly set to one of the runlevel
  targets (bsc#1196567)
  The script 'upgrade-from-pre-210.sh' used to initialize the default target
  during migration from sysvinit to systemd. However it created symlinks to
  runlevel targets, which are deprecated. If such symlinks are found the script
  now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
  let's use the default systemd target, which is the graphical.target one. In
  most cases it will do the right thing anyway.

- Import commit 117e7b96f8e8c63a9eec3459147f5352015a6d08
  3a395b156d Don't open /var journals in volatile mode when runtime_journal==NULL
  1cd65c15e4 udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
  3ee9953dd4 man: tweak description of auto/noauto (bsc#1191502)
  6cfeacbf86 shared/install: ignore failures for auxiliary files
  37083278ed install: make UnitFileChangeType enum anonymous
  0a02185526 shared/install: reduce scope of iterator variables
  86c55bde7f systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)

- update s390 udev rules conversion script to include the case when
  the legacy rule was also 41-* (bsc#1195247)
  * change scripts-udev-convert-rules.sh

- Import commit 773652879446a81689c39aea23a486627992409b
  a76263ced9 meson: allow extra net naming schemes to be defined during configuration
  301bf4f1bf meson: drop the list of valid net naming schemes
  b89924793d netif-naming: inline one iterator variable
  da4a4df29c udev: fix potential memleak
  d60486bf1b udev: allow onboard index up to 65535
  ac2baecc84 udev: use snprintf_ok()
  8aad315c7c udev: fix potential infinite loop
  471ea73eb0 udev: make dev_pci_slot() return earlier when PCI bridge is found
  69b7c9a6bd udev: use uint32_t for hotplug_slot
  cdd0e89c0e udev: split out logic of parsing s390 PCI slots
  84e1a91baa udev: it is not necessary that the path is readable
  03548e8d0e udev: add missing initialization to fix freeing invalid address
  772f964bf6 udev: fix slot based network names on s390
  c5071cf699 tree-wide: fix typo
  06640d06df net_id: fix newly added naming scheme name
  58f9592f1f udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637)
  df9e240c92 udev/net_id: parse _SUN ACPI index as a signed integer
  cfcaddfa74 localectl: don't omit keymaps files that are symlinks (bsc#1191826)
- Add in quarantine 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
  Add in quarantine 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch

- Import commit 6a96632f26f20a68578f9d620a593ceab2a0e3b6
  c4aa40982c shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178)
  ae13ea6511 shared/rm_rf: refactor rm_rf() to shorten code a bit
  3266d7f5c8 shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
- Drop 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
  Drop 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
  Drop 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
  They have been merged into 'SUSE/v246' branch.

- resolved: disable DNSSEC until the following issue is solved:
  https://github.com/systemd/systemd/issues/10579
- resolved: disable fallback DNS servers and fail when no DNS server info could
  be obtained from the links. It's better to let the sysadmin know that
  something is likely misconfigured rather than silently handing over the DNS
  queries to Google or Cloudflare.
- resolved: DNSSEC support (build) requires openssl therefore document this
  build dependency in systemd-network sub-package.

- Add 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (bsc#1193086)

- Added patches to fix CVE-2021-3997 (bsc#1194178)
  5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
  5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
  5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
  These patches will be moved to the git repo once the bug will become
  public.

- Import commit 3850086c6580291188fe574ad37c8026012894fb
  c0505cbb8d tmpfiles: 'st' may have been used uninitialized
  d3f7c9e806 macro: add new helper RET_NERRNO()
  4a95baa5de rm-rf: optionally fsync() after removing directory tree
  dd8137a589 rm-rf: refactor rm_rf_children(), split out body of directory iteration loop
  3f8765ed2c rm-rf: fstatat() might fail if containing dir has limited access mode, patch that too
  87d39407b7 btrfs-util: add helper that abstracts "might be btrfs subvol?" check
  71ed335c7a rm-rf: add new flag REMOVE_CHMOD
  611376f830 rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
  All these commits except the last one (611376f830) are preparation for
  CVE-2021-3997.
- Drop 0001-rules-don-t-ignore-Xen-interfaces-anymore.patch
  It's been merged in the git repo (commit 611376f830).