From 7705ddcef02b5797e7d4f3fc93db849b3ce95c32 Mon Sep 17 00:00:00 2001
From: importbot <releng@rockylinux.org>
Date: Tue, 17 Dec 2024 17:07:33 +0000
Subject: [PATCH] import systemd-239-82.el8_10.3
---
.systemd.checksum | 2 +-
.systemd.metadata | 2 +-
...nd_strndup-and-use-it-in-bus-message.patch | 2 +-
...ee-code-paths-which-free-struct-bus_.patch | 12 +--
...oducer-for-an-infinite-loop-in-ndisc.patch | 2 +-
...oducer-for-another-infinite-loop-in-.patch | 2 +-
...ssage-add-fuzzer-for-message-parsing.patch | 12 +--
...d-an-infinite-loop-on-empty-structur.patch | 12 +--
...s-always-use-EBADMSG-when-the-messag.patch | 2 +-
...age-fix-calculation-of-offsets-table.patch | 2 +-
...calculation-of-offsets-table-for-arr.patch | 2 +-
...skipping-of-array-fields-in-gvariant.patch | 6 +-
...age-add-two-test-cases-that-pass-now.patch | 2 +-
...rn-EBADMSG-not-EINVAL-on-invalid-gva.patch | 8 +-
...d-wrap-around-when-using-length-read.patch | 2 +-
...oducer-for-a-memory-leak-fixed-in-30.patch | 2 +-
...oducer-for-a-heap-buffer-overflow-fi.patch | 4 +-
...update-actions-upload-artifact-to-v4.patch | 29 ++++++
SOURCES/1015-ci-drop-unused-variable.patch | 24 +++++
SOURCES/1016-ci-reduce-ASLR-entropy.patch | 30 +++++++
...mlink-part-of-test_touch_file-in-GH-.patch | 89 +++++++++++++++++++
...lity-to-not-track-certain-unit-types.patch | 53 +++++++++++
...up-idle-session-watch-for-lock-scree.patch | 50 +++++++++++
...or-which-classes-of-sessions-we-do-s.patch | 47 ++++++++++
...ci-point-C8S-containers-to-the-Vault.patch | 27 ++++++
SPECS/systemd.spec | 18 +++-
26 files changed, 404 insertions(+), 39 deletions(-)
create mode 100644 SOURCES/1014-ci-update-actions-upload-artifact-to-v4.patch
create mode 100644 SOURCES/1015-ci-drop-unused-variable.patch
create mode 100644 SOURCES/1016-ci-reduce-ASLR-entropy.patch
create mode 100644 SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch
create mode 100644 SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch
create mode 100644 SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch
create mode 100644 SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch
create mode 100644 SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch
diff --git a/.systemd.checksum b/.systemd.checksum
index 57b726c..54495ba 100644
--- a/.systemd.checksum
+++ b/.systemd.checksum
@@ -1 +1 @@
-b38edfeaaaa3ebc0ad9cdb2f63179ee8223d83feb0744dc21b6065e864d800bb
+Direct Git Import
diff --git a/.systemd.metadata b/.systemd.metadata
index 6d239cc..a82feac 100644
--- a/.systemd.metadata
+++ b/.systemd.metadata
@@ -1,2 +1,2 @@
-92ae3414e2e995d24e78522dfd18d47e839dc4662be331cf1af453990908fd79 SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch
+44f3f211546a895bcec039d45c364577acd469e42564170d3cf04baf0cf98698 SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch
8a11b1b07d620f4c06a16e95bba4dd2a97e90efdf2a5ba47ed0a935085787a14 SOURCES/systemd-239.tar.gz
diff --git a/SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch b/SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch
index 90fedb8..42e7e33 100644
--- a/SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch
+++ b/SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch
@@ -272,7 +272,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..52469650b5498a45d5d95bd9d933c989cfb47ca7
GIT binary patch
literal 32
-ccmd1#|DTBg0(2Mzp)7_%AVVXuuuM|`09r!?!~g&Q
+dcmd1#|DTBg0(2Mzp)7_%1_lO=#KJO70RUP<1jGOU
literal 0
HcmV?d00001
diff --git a/SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch b/SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch
index 920053e..cd06a2c 100644
--- a/SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch
+++ b/SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch
@@ -154,12 +154,12 @@ new file mode 100644
index 0000000000000000000000000000000000000000..c371824ffb604708619fd0713e8fca609bac18f7
GIT binary patch
literal 534
-zcmZ{h!A`?442GSJP20o?A&zJgm*%p<cmZx)c?GB2N~MZabq0zMhzqX`{7ze`LYk$&
-z_LnqH{-ic!J`GWMLG(>T#&`l!4rxq{&>8YmwQrOs;B(}I_m11m8`nFp<MR{a3sX`q
-z!cs!Q@A35`W+B>`#ek1>oQYVSs`!XH?7Y=}3y9Ye+UliL9^x9s66$8wH+TPdOG`n|
-z5Uhx<nM2)KiEdF(J5Ct}Xa*iksL!VNssA<Hq<KDseGAsT^*)9kK$?O39;dyGTv
-zLhpD3X)k6@tX`CzbBVV-7e$fy9()CjJ&n(=^)uJCKFB5Xi}-<1ru7po5XlEJ?uByQ
-MaEPzRhwknF02{PjtN;K2
+zcmZ{h&q~8U5Qo2QZE3}mh({^(l3ZG?FW}9quQ2JKSO_L$Rwany#n(16yNQ%S=d$~o
+z*`1khrf|3~2l*xZ0M3;-U`e#0Q_g^={kAgCz$q8Nt}HXD7w=MRO7o9T_$MxBsVbVQ
+zsLDt4_Sq!9Nt>kcX_KUxB&w-}_VOx;`c0Wyz6l^R_4WQGkDWxj0j5BV%;tATdc{;T
+zNxV;0?Z^1PSGWa+QHL{=ni0@L7-!XS+Pg}s5SN|b)(~pjJo+4FBd2|i(<}!R=Mf{!
+zc+vGEB0(FA<<7D!=vAlJ>vhog!1WQ+VgGi2mZGqQTmfy{w!dxLT1ngKpsQ^&>=~AJ
+L>FxXRA@2SU8?;@l
literal 0
HcmV?d00001
diff --git a/SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch b/SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch
index 438dee1..4b4f32f 100644
--- a/SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch
+++ b/SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch
@@ -27,7 +27,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..410cf38c1ec2156680e80160825b883fb4f12aa9
GIT binary patch
literal 53
-ucmZo;U|{$U0h55t23AHOm-#;v2(&S9GpRCgaeXR_WB`f-fhq$7NEHAcu@3A2
+zcmZo;U|{$U0h1UQ7#dg^8UFug{?7ygZ4BH@stjCQpUNT`SQ!}@7#LI;7(l839<dJW
literal 0
HcmV?d00001
diff --git a/SOURCES/0150-tests-add-a-reproducer-for-another-infinite-loop-in-.patch b/SOURCES/0150-tests-add-a-reproducer-for-another-infinite-loop-in-.patch
index 8ad518f..a32b99c 100644
--- a/SOURCES/0150-tests-add-a-reproducer-for-another-infinite-loop-in-.patch
+++ b/SOURCES/0150-tests-add-a-reproducer-for-another-infinite-loop-in-.patch
@@ -18,7 +18,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..04e871fbcbddfe0642bd6855228bf8da163ad6e3
GIT binary patch
literal 71
-ucmZo;U}$4tu#$oUW@d)Jzy1TkUp6M@U)f7<HZepq{+E)%CJqy1WB>q<fgKkB
+vcmZo;U}$4tu#$oUW@d)JzyAOK|Nk!=6Z5a^r8k=xq8a~7VHJl7GBN-FkAWQ*
literal 0
HcmV?d00001
diff --git a/SOURCES/0160-fuzz-bus-message-add-fuzzer-for-message-parsing.patch b/SOURCES/0160-fuzz-bus-message-add-fuzzer-for-message-parsing.patch
index 57678f6..99570bf 100644
--- a/SOURCES/0160-fuzz-bus-message-add-fuzzer-for-message-parsing.patch
+++ b/SOURCES/0160-fuzz-bus-message-add-fuzzer-for-message-parsing.patch
@@ -90,12 +90,12 @@ new file mode 100644
index 0000000000000000000000000000000000000000..2df70fd7cb6f0e632c4d5c2358091309a5cd3edc
GIT binary patch
literal 534
-zcmZ{h!A`?442GSJjTUi2h$EV`OM6*iyZ|>&NW6m6ZC#~`RCNGV2*icg27V{4hLEuI
-z*Z%6nv6IG-c{fDW8PO*Z8RG~@1*A4LLPziq^|n=>fKTCf&ROnOFWhXL{-6KzKQR>*
-zA}kdo{MtXi^_lPUKI=U`x#dhG*Hq0<i2cUpS}%ckA-=00E9KEH5u{MeESA@QculFG
-zruVss?wLceSE4J#)5yVN0GffvA#~1mm{Zra+=e{w{I&z@*?J#i4Is_HhZ+f`nuHx|
-zld${fh;=jUB)V|NE5y2-nFH%A%GTPz>w(L%415E=fPT+(I2*knx96tO2RVnnVP6o!
-Yuz#WfEX)Cqd!b_JHzYppZsXhk08nC8%>V!Z
+zcmZ{h&q@P9490)c+S-aI5sy;vvU_Q@zJNDRg0GP6pLJnzm(8jyqImJO9m&jAO2J$*
+zUouI)FDV`F(?Na)-+*%!4p<Ov=#(SivDnlW893z>*j800&HPQub!GAKKk<pnS*VKU
+zDys6{y?%5_+ofI7wP}~6nIx*Ir3!hGMB8<hTE7V(Gi{sVIgd=DT>?`eW@cA62YAU;
+zGfCPuRke!oA6K{rh7kv!Ny7-(i7=gYuhah3Qir^3+f4&uw(Vor!))Yqug8R`C4plj
+z2|PrH7;)gF$F}2n&qqW8HZ4}3Wm&+>9<NrbfNz0|15Nw<?foQWX$Lt6y!Zacdv7Cc
+U-k_gtRCXE`J>Oto_jmF3zffXT%>V!Z
literal 0
HcmV?d00001
diff --git a/SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch b/SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch
index e821357..8571e28 100644
--- a/SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch
+++ b/SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch
@@ -155,7 +155,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..f1bf3229effc982c8b129182fe60739efe3c5013
GIT binary patch
literal 157
-mcmd1#|DTC5gMmSS0SHWtK_neOii>$FgGM4Akdcw0DF6TjSP;el
+ncmd1#|DTC5gMmSSfq{X+#27@<0i?K?r!r_H;sF^M8JYqB1XvKp
literal 0
HcmV?d00001
@@ -165,11 +165,11 @@ new file mode 100644
index 0000000000000000000000000000000000000000..c975f906eef521a3cfac5627c8b371ee55aa0e6c
GIT binary patch
literal 534
-zcmcJL!Ab-%42J(Y?m8o$d;nSS(q4Ae_Yi!A47)oFEOwaGU5e<<_x8`!K@h}~fslMn
-zn)c7Z!M!`6y9Pc0I2S?0hHh3l#W~|szZ;Ct$XAT}7+V?FCpm1RoiBemuU&_Ys%S@7
-zdCkYS>{AZe=OjL~Ie67zrCwgdYud(O^J==RG>!dpXFS^tlZIX@tK0h@{D4MV@hJsW
-zyR)R1zXEs6tHM*H04&I}2-7)y>9oE<hN&+5v>VCxw(Vn{LBxXmJ)=frMcRdZlJ-~v
-b#4gh=OPF@NW^U~wGO=l?@b9nvy<mI-hA2%~
+zcmcJL!AitH5JcY?cTL2TA0P`}W-hzxe+d3UhusZ<#R=(A8ANaXw{#{eB8VsZ(p1+>
+zbyXi6?%hFm2_JxS5eIB2RXODpc<6V7O-`J00qkRJWn90=VH<6}{AFIdj*Y5lr=lva
+z`S~sTltcD8i4ScKUNsoi%aeFb+Zar*24tma>>s=0q|_DA0EJmy-~PaNG}?+!DX7|y
+z<(F5u0jh$h-pa@VIEJvC!<^IJ4Khr;?9*<9X}8_usA08m`c0#zF%md4lfZpxh#3dY
+VXKXiK&wfN?!j`4_|80LCm`{c%O;`W`
literal 0
HcmV?d00001
diff --git a/SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch b/SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch
index 9567ea9..407ecae 100644
--- a/SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch
+++ b/SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch
@@ -34,7 +34,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..2ae1a8715a12c65fba27d8e60216112a99b0ace7
GIT binary patch
literal 93
-wcmd1FDP>|PH8L_f3B<@i03SeB2xg~!`?q0o*WZ8t85<aYpp}6^gHcle07aS;y#N3J
+ycmd1FDP>|PH8L_fX@m*{@Bvh%Mn*<y-~Mfw-1Yb0f5rv|1_p*!1_ljAO#uK!niIVM
literal 0
HcmV?d00001
diff --git a/SOURCES/0167-bus-message-fix-calculation-of-offsets-table.patch b/SOURCES/0167-bus-message-fix-calculation-of-offsets-table.patch
index bb77b2b..3884ce5 100644
--- a/SOURCES/0167-bus-message-fix-calculation-of-offsets-table.patch
+++ b/SOURCES/0167-bus-message-fix-calculation-of-offsets-table.patch
@@ -119,7 +119,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..9d3fa0035fd360a37833e8b58cc4aea90df9de83
GIT binary patch
literal 28
-fcmd1#|DTDG0Z1?a!8`>PAeqj{pplqVrYQgbfcytC
+jcmd1#|DTDG;s1Xo1_lO(c?v8H3=HXv3>t|^Wtsv2fcytC
literal 0
HcmV?d00001
diff --git a/SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch b/SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch
index c3ccf71..169126a 100644
--- a/SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch
+++ b/SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch
@@ -80,7 +80,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..26262e1149825a114a89bf9cee5aeca0be463984
GIT binary patch
literal 41
-rcmd1#|DTC5gMmSS0SHWtIT#p03<d^9CI$wL#Kgo*AWlro&=ddwoTCSm
+rcmd1#|DTC5gMmSSfq{X+#F&GD5yW6%U}R!o&`3;7%uED<3{3$5oTCSm
literal 0
HcmV?d00001
diff --git a/SOURCES/0172-bus-message-fix-skipping-of-array-fields-in-gvariant.patch b/SOURCES/0172-bus-message-fix-skipping-of-array-fields-in-gvariant.patch
index 5f7774b..ddf10eb 100644
--- a/SOURCES/0172-bus-message-fix-skipping-of-array-fields-in-gvariant.patch
+++ b/SOURCES/0172-bus-message-fix-skipping-of-array-fields-in-gvariant.patch
@@ -50,9 +50,9 @@ new file mode 100644
index 0000000000000000000000000000000000000000..6a20265a39e1b4a318b50aee2b13727ddc4113bf
GIT binary patch
literal 534
-zcmc~{WMHggWMD`aVqj=xU|>*W&P&W-;Q0Fg|9>Elfq|V9OfmRED27Bi2!jjC2Wn-|
-z17hYPAOVtNW-Ml42GVKy`9P9^ffdMS1=8h-IVt%J91NTwNgyEFV4&K>#6$*=MMgl(
-r%#fH?l1eMv=;=K=_yi-CK!KUB2_%6r0c0u^mlS2@rGxk|0FGY(dwVLU
+zcmchUu?oUK5JcZ{1TU6;fM{uB;eYrM3o%g$ImiX<?DEOhCwrI9%ED|jv+T0V%=Ci1
+z1iBr}z|jqQ$G=lbSZ(SITnnK4LbgjUz!`8OU^6EX2ecvNl}aKN@YKEucxoH|au`t6
+m{ODr$(RRB1>)V?0R#5Vll9?G!=D#<3h|~BOx{^q#obLyFdn%^@
literal 0
HcmV?d00001
diff --git a/SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch b/SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch
index cd69663..0a389c5 100644
--- a/SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch
+++ b/SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch
@@ -21,7 +21,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..aa0c6ff7f7b6d2e3fa4358716ee1d05ba74cefc0
GIT binary patch
literal 89
-scmc~<lEK8lpj!w8nPr*`8k%Jc8Xy{kL4pX;d}L9u6jlOkN|~kr0GQ+)G5`Po
+scmc~<lEK8lpj%j2SeRL+$)KTG#-IVBK^P>65Y0yx#SOrwlxYe80GQ+)G5`Po
literal 0
HcmV?d00001
diff --git a/SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch b/SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch
index 0cd8d72..6153663 100644
--- a/SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch
+++ b/SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch
@@ -31,10 +31,10 @@ new file mode 100644
index 0000000000000000000000000000000000000000..5faf3308e7ac9c14d66422169e74ba8c05ad7319
GIT binary patch
literal 534
-zcmd5(y$ZrW3{L#Rf|Cy*1sA)t;uE+zxcCZJw53qIqj#v2xH$UGez{(yI63-3NWO$5
-zU+!uqzB5rdCwdYQvnEi=V1glA8o?i`lMy}upTQSe=c-Assy=GTr+lHv=4$0!Vy$EX
-z_LzYX&1*Ob(W(=vPGKsxuBpzYaDn6&un5*x;uk`Xz?Yk^O%qgGJ(zd<Eb+@AlE$ca
-sLgf|{Zt3X?n*AhyXRr3JnuD(2&Q!)fgDPC^-?wYdB<S$iZQH+p1AQA$o&W#<
+zcmd6ku?oU46h+UoDhf`1fCw&jsp1#7Ik@->DcVvfrZh#J#KqBnmZV7$7gz6+mv?!&
+z_r8>Z+y(L}JOL4n04rKVV(0^h;#ApAPYe?v(>hgka#iI~+kPS!#wJzEriqR5!xnpp
+zfC|>MWu~=`Ej0qv+%$D@&clT5&44k`GV@p9{C%<cQW|!CK;1eKr<<yp0T7JZES1ml
+o;mdn=FS(o_oGt&+v-joBpD|VC)}XQ`b^8s&D_aCScH8#v-+dcTo&W#<
literal 0
HcmV?d00001
diff --git a/SOURCES/0176-bus-message-avoid-wrap-around-when-using-length-read.patch b/SOURCES/0176-bus-message-avoid-wrap-around-when-using-length-read.patch
index 3b352a2..1cf1cbc 100644
--- a/SOURCES/0176-bus-message-avoid-wrap-around-when-using-length-read.patch
+++ b/SOURCES/0176-bus-message-avoid-wrap-around-when-using-length-read.patch
@@ -94,7 +94,7 @@ new file mode 100644
index 0000000000000000000000000000000000000000..b3fee9e07af4f925697a549bbc8ffc03a277fac0
GIT binary patch
literal 40
-mcmc~{Vqjzdg7laF|BC@>cE)0c{}2$`*K@IKT2AZ~5ElR}@e}O;
+pcmc~{Vqj!oU|>jp`TxHd0|Ns)V==>j2ng-#xmY$WCw2;m3ji$f6YT&1
literal 0
HcmV?d00001
diff --git a/SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch b/SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch
index 14c1223..4ead262 100644
--- a/SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch
+++ b/SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch
@@ -18,7 +18,7 @@ index 0000000000000000000000000000000000000000..424ae5cb010aa519758e6af90cc98179
GIT binary patch
literal 1847
zcmXps(lIeJ&@nVNGBPkSGqo_&(Y4M<t>jX0aSiiycD2<{NiEaQE6vG)izFLb8I!<a
-b7zLvtFd70lLcjrs_^9w`2#kin;0*x)kUJOk
+W7zLwX6yN|3IK)T6C>RBU7XSc|I~Vl;
literal 0
HcmV?d00001
diff --git a/SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch b/SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch
index ee63a32..ed6b67d 100644
--- a/SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch
+++ b/SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch
@@ -17,8 +17,8 @@ new file mode 100644
index 0000000000000000000000000000000000000000..19887a1fec9fc29b1f7da8a2d1c5ea5054f2bc02
GIT binary patch
literal 112
-zcmXpq)Zrxx80r}680lCOP-~&{)k?wIfGehgOM!tQroxI#0Z63Aa4DF?03ibx03hxS
-A82|tP
+zcmXpq)Zrxx80r}680lCOP-~&{)k?wIfGehgOM!tQroxI#A*RAAHHJ&UB*rAhgn<hH
+DAnpwr
literal 0
HcmV?d00001
diff --git a/SOURCES/1014-ci-update-actions-upload-artifact-to-v4.patch b/SOURCES/1014-ci-update-actions-upload-artifact-to-v4.patch
new file mode 100644
index 0000000..b92e750
--- /dev/null
+++ b/SOURCES/1014-ci-update-actions-upload-artifact-to-v4.patch
@@ -0,0 +1,29 @@
+From 0e66d8f81574b13402b7356bf8261739c4b8b90e Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Thu, 25 Apr 2024 15:00:33 +0200
+Subject: [PATCH] ci: update actions/upload-artifact to `v4`
+
+`v3` will be deprecated soon, so update to `v4`.
+
+https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
+
+rhel-only
+
+Related: RHEL-32494
+---
+ .github/workflows/gather-metadata.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml
+index f432f41811..08ad813971 100644
+--- a/.github/workflows/gather-metadata.yml
++++ b/.github/workflows/gather-metadata.yml
+@@ -22,7 +22,7 @@ jobs:
+ uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
+
+ - name: Upload artifact with gathered metadata
+- uses: actions/upload-artifact@v3
++ uses: actions/upload-artifact@v4
+ with:
+ name: pr-metadata
+ path: ${{ steps.Metadata.outputs.metadata-file }}
diff --git a/SOURCES/1015-ci-drop-unused-variable.patch b/SOURCES/1015-ci-drop-unused-variable.patch
new file mode 100644
index 0000000..9e5d909
--- /dev/null
+++ b/SOURCES/1015-ci-drop-unused-variable.patch
@@ -0,0 +1,24 @@
+From 72040693da79d7ef3d1f210866ee1f651b720247 Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Thu, 25 Apr 2024 16:31:18 +0200
+Subject: [PATCH] ci: drop unused variable
+
+rhel-only
+
+Related: RHEL-32494
+---
+ .github/workflows/deploy-man-pages.yml | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml
+index 9da38a1687..c65c9b62ee 100644
+--- a/.github/workflows/deploy-man-pages.yml
++++ b/.github/workflows/deploy-man-pages.yml
+@@ -37,7 +37,6 @@ jobs:
+
+ - name: Install dependencies
+ run: |
+- RELEASE="$(lsb_release -cs)"
+ sudo add-apt-repository -y --no-update --enable-source
+ sudo apt-get -y update
+ sudo apt-get -y build-dep systemd
diff --git a/SOURCES/1016-ci-reduce-ASLR-entropy.patch b/SOURCES/1016-ci-reduce-ASLR-entropy.patch
new file mode 100644
index 0000000..70a2091
--- /dev/null
+++ b/SOURCES/1016-ci-reduce-ASLR-entropy.patch
@@ -0,0 +1,30 @@
+From df87420725157953268ed099c3c97989288db1fa Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Wed, 13 Mar 2024 12:13:23 +0100
+Subject: [PATCH] ci: reduce ASLR entropy
+
+The latest GH Action runners started using 32-bit entropy for ASLR,
+which makes it incompatible with llvm-14. This was fixed in later llvm
+releases, but these aren't available on Ubuntu Jammy (22.04). Let's
+reduce the ASLR entropy to 28-bit, which should make llvm happy again,
+until the issue is resolved.
+
+See: actions/runner-images#9491
+---
+ .github/workflows/unit_tests.yml | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
+index f397e8ed6e..814e17b6bf 100644
+--- a/.github/workflows/unit_tests.yml
++++ b/.github/workflows/unit_tests.yml
+@@ -18,6 +18,9 @@ jobs:
+ steps:
+ - name: Repository checkout
+ uses: actions/checkout@v1
++ # FIXME: drop once https://github.com/actions/runner-images/issues/9491 is resolved
++ - name: Reduce ASLR entropy
++ run: sudo sysctl -w vm.mmap_rnd_bits=28
+ - name: Install build dependencies
+ run: sudo -E .github/workflows/unit_tests.sh SETUP
+ - name: Build & test (${{ env.CENTOS_RELEASE }} / ${{ matrix.phase }})
diff --git a/SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch b/SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch
new file mode 100644
index 0000000..62c80c8
--- /dev/null
+++ b/SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch
@@ -0,0 +1,89 @@
+From a4e0b7ab90c8bc6ecb7bd883f19e5a5834ae9058 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Wed, 13 Mar 2024 12:41:17 +0100
+Subject: [PATCH] test: skip the symlink part of test_touch_file() in GH
+ Actions
+
+Our (RHEL 8) touch_file() is not clever enough and does chmod() on a
+symlink, which fails with EOPNOTSUPP on newer kernels. This is not an
+issue on the RHEL 8 kernel, where doing chmod() on a symlink works
+(albeit only on tmpfs) but in GH Actions we run in a container, and with
+the underlying kernel doing chmod() on a symlink fails even on tmpfs:
+
+RHEL 8:
+~# mount -t tmpfs tmpfs /tmp
+~# (cd /tmp; ln -s symlink dangling; ln -s /etc/os-release symlink)
+~# (cd /var/tmp; ln -s symlink dangling; ln -s /etc/os-release symlink)
+~# gcc -o main main.c -D_GNU_SOURCE
+~# ./main /tmp/dangling
+chmod(/proc/self/fd/3)=0 (0)
+~# ./main /tmp/symlink
+chmod(/proc/self/fd/3)=0 (0)
+~# ./main /var/tmp/dangling
+chmod(/proc/self/fd/3)=-1 (95)
+~# ./main /var/tmp/symlink
+chmod(/proc/self/fd/3)=-1 (95)
+
+Newer kernel:
+~# uname -r
+6.7.4-200.fc39.x86_64
+~# ./main /tmp/dangling
+chmod(/proc/self/fd/3)=-1 (95)
+~# ./main /tmp/symlink
+chmod(/proc/self/fd/3)=-1 (95)
+~# ./main /var/tmp/dangling
+chmod(/proc/self/fd/3)=-1 (95)
+~# ./main /var/tmp/symlink
+chmod(/proc/self/fd/3)=-1 (95)
+
+Backporting the necessary patches would be way too risky so late in the
+RHEL 8 cycle, so let's just skip the offending test when running in GH
+Actions. To do that we have to jump through a couple of hoops, since
+RHEL 8 systemd can't detect docker. Oh well.
+
+See: #434
+
+RHEL-only
+---
+ src/test/test-fs-util.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
+index aa32629f62..a3428f8c0d 100644
+--- a/src/test/test-fs-util.c
++++ b/src/test/test-fs-util.c
+@@ -15,6 +15,7 @@
+ #include "stdio-util.h"
+ #include "string-util.h"
+ #include "strv.h"
++#include "tests.h"
+ #include "user-util.h"
+ #include "util.h"
+ #include "virt.h"
+@@ -544,15 +545,17 @@ static void test_touch_file(void) {
+ assert_se(timespec_load(&st.st_mtim) == test_mtime);
+ }
+
+- a = strjoina(p, "/lnk");
+- assert_se(symlink("target", a) >= 0);
+- assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
+- assert_se(lstat(a, &st) >= 0);
+- assert_se(st.st_uid == test_uid);
+- assert_se(st.st_gid == test_gid);
+- assert_se(S_ISLNK(st.st_mode));
+- assert_se((st.st_mode & 0777) == 0640);
+- assert_se(timespec_load(&st.st_mtim) == test_mtime);
++ if (!streq_ptr(ci_environment(), "github-actions")) {
++ a = strjoina(p, "/lnk");
++ assert_se(symlink("target", a) >= 0);
++ assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
++ assert_se(lstat(a, &st) >= 0);
++ assert_se(st.st_uid == test_uid);
++ assert_se(st.st_gid == test_gid);
++ assert_se(S_ISLNK(st.st_mode));
++ assert_se((st.st_mode & 0777) == 0640);
++ assert_se(timespec_load(&st.st_mtim) == test_mtime);
++ }
+ }
+
+ static void test_unlinkat_deallocate(void) {
diff --git a/SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch b/SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch
new file mode 100644
index 0000000..79df883
--- /dev/null
+++ b/SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch
@@ -0,0 +1,53 @@
+From dd794489f97baf760d03b32e4e3188b5af799436 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 7 Sep 2022 17:37:34 +0200
+Subject: [PATCH] core: add possibility to not track certain unit types
+
+(cherry picked from commit 88e4bfa62bd2561e04a90dc009e7a3865e0878fb)
+
+Related: RHEL-5877
+---
+ src/core/unit.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index d3459dcdd0..ac960ef0c8 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -18,6 +18,7 @@
+ #include "dbus-unit.h"
+ #include "dbus.h"
+ #include "dropin.h"
++#include "env-util.h"
+ #include "escape.h"
+ #include "execute.h"
+ #include "fd-util.h"
+@@ -4786,11 +4787,28 @@ int unit_setup_dynamic_creds(Unit *u) {
+ }
+
+ bool unit_type_supported(UnitType t) {
++ static int8_t cache[_UNIT_TYPE_MAX] = {}; /* -1: disabled, 1: enabled: 0: don't know */
++ int r;
++
+ if (_unlikely_(t < 0))
+ return false;
+ if (_unlikely_(t >= _UNIT_TYPE_MAX))
+ return false;
+
++ if (cache[t] == 0) {
++ char *e;
++
++ e = strjoina("SYSTEMD_SUPPORT_", unit_type_to_string(t));
++
++ r = getenv_bool(ascii_strupper(e));
++ if (r < 0 && r != -ENXIO)
++ log_debug_errno(r, "Failed to parse $%s, ignoring: %m", e);
++
++ cache[t] = r == 0 ? -1 : 1;
++ }
++ if (cache[t] < 0)
++ return false;
++
+ if (!unit_vtable[t]->supported)
+ return true;
+
diff --git a/SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch b/SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch
new file mode 100644
index 0000000..6178f71
--- /dev/null
+++ b/SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch
@@ -0,0 +1,50 @@
+From c87954f7ee7859524c60e6ca724c68b0a35e26ce Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 12 Dec 2023 19:03:39 +0100
+Subject: [PATCH] logind: don't setup idle session watch for lock-screen and
+ greeter
+
+Reason to skip the idle session logic for these session classes is that
+they are idle by default.
+
+(cherry picked from commit 508b4786e8592e82eb4832549f74aaa54335d14c)
+
+Resolves: RHEL-19215
+---
+ man/logind.conf.xml | 9 +++++----
+ src/login/logind-session.c | 2 +-
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/man/logind.conf.xml b/man/logind.conf.xml
+index 56981c1837..6cb41b6955 100644
+--- a/man/logind.conf.xml
++++ b/man/logind.conf.xml
+@@ -343,10 +343,11 @@
+ <term><varname>StopIdleSessionSec=</varname></term>
+
+ <listitem><para>Specifies a timeout in seconds, or a time span value after which
+- <filename>systemd-logind</filename> checks the idle state of all sessions. Every session that is idle for
+- longer then the timeout will be stopped. Defaults to <literal>infinity</literal>
+- (<filename>systemd-logind</filename> is not checking the idle state of sessions). For details about the syntax
+- of time spans, see
++ <filename>systemd-logind</filename> checks the idle state of all sessions. Every session that is idle
++ for longer than the timeout will be stopped. Note that this option doesn't apply to
++ <literal>greeter</literal> or <literal>lock-screen</literal> sessions. Defaults to
++ <literal>infinity</literal> (<filename>systemd-logind</filename> is not checking the idle state
++ of sessions). For details about the syntax of time spans, see
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+ </para></listitem>
+ </varlistentry>
+diff --git a/src/login/logind-session.c b/src/login/logind-session.c
+index 4edc4b9b88..57b9696d1d 100644
+--- a/src/login/logind-session.c
++++ b/src/login/logind-session.c
+@@ -713,7 +713,7 @@ static int session_setup_stop_on_idle_timer(Session *s) {
+
+ assert(s);
+
+- if (s->manager->stop_idle_session_usec == USEC_INFINITY)
++ if (s->manager->stop_idle_session_usec == USEC_INFINITY || IN_SET(s->class, SESSION_GREETER, SESSION_LOCK_SCREEN))
+ return 0;
+
+ r = sd_event_add_time_relative(
diff --git a/SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch b/SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch
new file mode 100644
index 0000000..815b32c
--- /dev/null
+++ b/SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch
@@ -0,0 +1,47 @@
+From 77a215ecaca4e927a3465ac5f502d5873ef942ef Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 4 Jan 2024 13:40:00 +0100
+Subject: [PATCH] logind: tighten for which classes of sessions we do
+ stop-on-idle
+
+We only want to do this for fully set up, interactive sessions, i.e.
+user and user-early, but not for any others, hence restrict the rules a
+bit.
+
+Follow-up for: 508b4786e8592e82eb4832549f74aaa54335d14c
+
+(cherry picked from commit ad23439eae718ac3634f260be0d29e01445983a8)
+
+Related: RHEL-19215
+---
+ src/login/logind-session.c | 2 +-
+ src/login/logind-session.h | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/logind-session.c b/src/login/logind-session.c
+index 57b9696d1d..9ec7bd3344 100644
+--- a/src/login/logind-session.c
++++ b/src/login/logind-session.c
+@@ -713,7 +713,7 @@ static int session_setup_stop_on_idle_timer(Session *s) {
+
+ assert(s);
+
+- if (s->manager->stop_idle_session_usec == USEC_INFINITY || IN_SET(s->class, SESSION_GREETER, SESSION_LOCK_SCREEN))
++ if (s->manager->stop_idle_session_usec == USEC_INFINITY || !SESSION_CLASS_CAN_STOP_ON_IDLE(s->class))
+ return 0;
+
+ r = sd_event_add_time_relative(
+diff --git a/src/login/logind-session.h b/src/login/logind-session.h
+index 0557696761..955cd7de92 100644
+--- a/src/login/logind-session.h
++++ b/src/login/logind-session.h
+@@ -26,6 +26,9 @@ typedef enum SessionClass {
+ _SESSION_CLASS_INVALID = -1
+ } SessionClass;
+
++/* Which sessions classes should be subject to stop-in-idle */
++#define SESSION_CLASS_CAN_STOP_ON_IDLE(class) (IN_SET((class), SESSION_USER))
++
+ typedef enum SessionType {
+ SESSION_UNSPECIFIED,
+ SESSION_TTY,
diff --git a/SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch b/SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch
new file mode 100644
index 0000000..9272957
--- /dev/null
+++ b/SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch
@@ -0,0 +1,27 @@
+From 3aae10768d08007dc087306431da60f85087ae57 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 26 Jun 2024 13:16:27 +0200
+Subject: [PATCH] ci: point C8S containers to the Vault
+
+Temporarily point repos in C8S containers to the Vault (since C8S is
+EOL), until we figure out a _proper_ solution.
+
+Related: RHEL-1087
+---
+ .github/workflows/unit_tests.sh | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
+index 3859433720..7cc7da164c 100755
+--- a/.github/workflows/unit_tests.sh
++++ b/.github/workflows/unit_tests.sh
+@@ -138,6 +138,9 @@ for phase in "${PHASES[@]}"; do
+
+ # Beautiful workaround for Fedora's version of Docker
+ sleep 1
++ # FIXME?: Point C8S repos to the Vault, since C8S is EOL
++ $DOCKER_EXEC bash -xec "sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*"
++ $DOCKER_EXEC bash -xec "sed -i 's|#baseurl=http://mirror.centos.org|baseurl=https://vault.centos.org|g' /etc/yum.repos.d/CentOS-*"
+ $DOCKER_EXEC dnf makecache
+ # Install and enable EPEL
+ $DOCKER_EXEC dnf -q -y install epel-release dnf-utils "${ADDITIONAL_DEPS[@]}"
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index 200c90d..efe04ca 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239
-Release: 82%{?dist}.2
+Release: 82%{?dist}.3
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@@ -1063,6 +1063,14 @@ Patch1010: 1010-pid1-by-default-make-user-units-inherit-their-umask-.patch
Patch1011: 1011-pam-add-call-to-pam_umask.patch
Patch1012: 1012-ci-deploy-systemd-man-to-GitHub-Pages.patch
Patch1013: 1013-ci-src-git-update-list-of-supported-products.patch
+Patch1014: 1014-ci-update-actions-upload-artifact-to-v4.patch
+Patch1015: 1015-ci-drop-unused-variable.patch
+Patch1016: 1016-ci-reduce-ASLR-entropy.patch
+Patch1017: 1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch
+Patch1018: 1018-core-add-possibility-to-not-track-certain-unit-types.patch
+Patch1019: 1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch
+Patch1020: 1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch
+Patch1021: 1021-ci-point-C8S-containers-to-the-Vault.patch
%ifarch %{ix86} x86_64 aarch64
%global have_gnu_efi 1
@@ -1689,6 +1697,14 @@ fi
%files tests -f .file-list-tests
%changelog
+* Thu Nov 07 2024 systemd maintenance team <systemd-maint@redhat.com> - 239-82.3
+- ci: update actions/upload-artifact to `v4` (RHEL-32494)
+- ci: drop unused variable (RHEL-32494)
+- core: add possibility to not track certain unit types (RHEL-5877)
+- logind: don't setup idle session watch for lock-screen and greeter (RHEL-19215)
+- logind: tighten for which classes of sessions we do stop-on-idle (RHEL-19215)
+- ci: point C8S containers to the Vault (RHEL-1087)
+
* Tue Jul 23 2024 systemd maintenance team <systemd-maint@redhat.com> - 239-82.2
- spec: do not create symlink /etc/systemd/system/syslog.service (RHEL-13179)
--
GitLab