diff --git a/changelog b/changelog index fb6584d..2b4d090 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,134 @@ +* Thu May 29 2025 Zbigniew Jędrzejewski-Szmek - 256.15-1 +- Version 256.15 +- Fix for local information disclosure in systemd-coredump (CVE-2025-4598) +- Various other fixes + +* Thu May 15 2025 Zbigniew Jędrzejewski-Szmek - 256.13-1 +- Version 256.13 +- Various small fixes in multiple components + +* Fri Mar 07 2025 Zbigniew Jędrzejewski-Szmek - 256.12-1 +- Version 256.12 +- Fixes for systemd itself, sd-boot, systemd-resolved, systemd-id128, + systemd-networkd, systemd-logind, systemd-tmpfiles, systemd-vmspawn, + systemd-userdb, udev, ukify, systemctl, homectl, fido2 code, + virtualization detection, internal shared library, shell completions, + documentation. +- Hardware database is updated +- Adds new DNSSEC anchor key for systemd-resolved +- Adds new Fedora keys for systemd-importd +- Adds a Georgian mapping to the keymap list + +* Fri Mar 07 2025 Daan De Meyer - 256.11-4 +- Make sure we pull in libbpf >= 2:1.4.7 if libbpf is installed + +* Fri Mar 07 2025 Zbigniew Jędrzejewski-Szmek - 256.11-2 +- Move some files into subpackages +- systemd-ac-power is moved to systemd-udev +- portablectl and importctl are moved to systemd-container (rhbz#2345551) + +* Wed Jan 08 2025 Zbigniew Jędrzejewski-Szmek - 256.11-1 +- Version 256.11 +- Fixes for assertion crashes and memory access issues in pid1 and systemd- + machined, and other fixes for systemd-repart, systemd-resolved, systemd- + stdio-bridge, sd-device, hibernation, and the hardware database. + +* Sat Jan 04 2025 Orion Poplawski - 256.10-2 +- Disable unmerged-bin taint for F41 (rhbz#2334525) + +* Sat Dec 21 2024 Zbigniew Jędrzejewski-Szmek - 256.10-1 +- Version 256.10 +- Fixes for man pages, shell completion, logging, systemd-networkd, + systemd-resolved, systemctl edit. + +* Tue Dec 03 2024 Zbigniew Jędrzejewski-Szmek - 256.9-3 +- Recommend qemu-kvm-core instead of qemu-kvm (rhbz#2329979) + +* Fri Nov 29 2024 David Tardon - 256.9-2 +- Use %%systemd_preun in systemd-resolved + +* Fri Nov 29 2024 Zbigniew Jędrzejewski-Szmek - 256.9-1 +- Version 256.9 +- Resolves rhbz#2329211 + +* Tue Nov 19 2024 Zbigniew Jędrzejewski-Szmek - 256.8-2 +- Pull in qemu from systemd-container + +* Thu Nov 14 2024 Zbigniew Jędrzejewski-Szmek - 256.8-1 +- Version 256.8 +- Improvements to logging, documentation, systemd, systemd-repart, systemd- + networkd, systemd-network-generator, systemd-nspawn, systemd-resolved, + systemd-run, systemd-dissect, systemd-pcrlock, systemd-logind, systemd- + bsod, udev, ukify +- Resolves #2323323: system will boot to cgroup v2 automatically unless + overriden +- Resolves #2321268: freezing of user processes is disabled +- Hardware database is updated + +* Thu Nov 14 2024 Zbigniew Jędrzejewski-Szmek - 256.7-2 +- Disable freezing of user sessions (rhbz#2321268) + +* Fri Oct 11 2024 Zbigniew Jędrzejewski-Szmek - 256.7-1 +- Version 256.7 +- Various small fixes in many components +- Documentation updates + +* Tue Sep 24 2024 Zbigniew Jędrzejewski-Szmek - 256.6-3 +- Move yum/dnf protection removal config file under /usr + +* Thu Sep 12 2024 Matteo Croce - 256.6-1 +- Version 256.6 + +* Thu Aug 29 2024 Daan De Meyer - 256.5-6 +- Always build ukify package + +* Wed Aug 28 2024 Daan De Meyer - 256.5-5 +- Do not use patch to modify systemd-user pam config file + +* Wed Aug 28 2024 Daan De Meyer - 256.5-4 +- Drop %%upstream conditionalization for patches + +* Tue Aug 27 2024 Daan De Meyer - 256.5-3 +- Only make python3-pillow Recommends on Fedora + +* Sat Aug 24 2024 Davide Cavalca - 256.5-2 +- Do not require grubby on CentOS Stream 9 + +* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.5-1 +- Version 256.5 +- Includes the patches for the kernel change with kernel threads in leaf + cgroups (https://github.com/systemd/systemd/pull/33885) +- Various smaller fixes + +* Tue Aug 20 2024 Zbigniew Jędrzejewski-Szmek - 256.4-4 +- Disable integration of userdb in sshd + +* Mon Jul 29 2024 Daan De Meyer - 256.4-3 +- Backport patch to only read /proc/cmdline when not in container + +* Mon Jul 29 2024 Daan De Meyer - 256.4-2 +- Backport upstream patch to try more initrd variants in + 90-loaderentry.install + +* Thu Jul 25 2024 Zbigniew Jędrzejewski-Szmek - 256.4-1 +- Version 256.4 +- Hardware db update +- Minor fixes for systemd-udevd and varlink protocol + +* Tue Jul 23 2024 Daan De Meyer - 256.3-3 +- Update tmpfiles --destroy-data patch + +* Tue Jul 23 2024 Zbigniew Jędrzejewski-Szmek - 256.3-1 +- Version 256.3 +- A bunch of fixes for systemd (pid1) +- Various upgrades related to running tests in mkosi + +* Sat Jul 20 2024 Daan De Meyer - 256.2-17 +- Simplify BFQ scheduler enablement + +* Sat Jul 20 2024 Fedora Release Engineering - 256.2-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Wed Jul 17 2024 Zbigniew Jędrzejewski-Szmek - 256.2-9 - Backport udma buffer access patch (rhbz#2298422) diff --git a/sources b/sources index db248bb..d345cd3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-256.7.tar.gz) = 2ff3805a7d97780a716b23ddeea3722a85aba6326ecee527e53e9d35510a0ffa5ec0bf0cdbf8f3409bb9c6832406916f63eb7e8305db5f67c284e5590c642422 +SHA512 (systemd-256.17.tar.gz) = c0f5d82f1220c69e8dc136e796ed9594bd9357450320c077a4c36151585508dfef58e16452ee64af7c32b90861a22996e9d567d76d71c15ce2136f96194f2be2 diff --git a/split-files.py b/split-files.py index 51400fd..8fe6244 100644 --- a/split-files.py +++ b/split-files.py @@ -137,10 +137,20 @@ for file in files(buildroot): elif re.search(r'''mymachines| machinectl| + importctl| + portablectl| systemd-nspawn| + systemd\.nspawn| systemd-vmspawn| + systemd-dissect| import-pubring.gpg| - systemd-(machined|import|pull)| + systemd-machined| + systemd-import| + systemd-export| + systemd-pull| + systemd-mountfsd| + systemd-mountwork| + systemd-nsresource| /machine.slice| /machines.target| var-lib-machines.mount| @@ -173,6 +183,7 @@ for file in files(buildroot): elif re.search(r'''udev(?!\.pc)| hwdb| + ac-power| bootctl| boot-update| bless-boot| diff --git a/systemd-unmerged-bin.patch b/systemd-unmerged-bin.patch new file mode 100644 index 0000000..01558d9 --- /dev/null +++ b/systemd-unmerged-bin.patch @@ -0,0 +1,16 @@ +diff -up systemd-256.10/src/core/taint.c.unmerged-bin systemd-256.10/src/core/taint.c +--- systemd-256.10/src/core/taint.c.unmerged-bin 2024-12-20 12:47:26.000000000 -0700 ++++ systemd-256.10/src/core/taint.c 2025-01-04 12:12:51.478892350 -0700 +@@ -45,10 +45,10 @@ char* taint_string(void) { + stage[n++] = "unmerged-usr"; + + /* Note that the check is different from default_PATH(), as we want to taint on uncanonical symlinks +- * too. */ ++ * too. + if (readlink_malloc("/usr/sbin", &usr_sbin) < 0 || !PATH_IN_SET(usr_sbin, "bin", "/usr/bin")) + stage[n++] = "unmerged-bin"; +- ++ */ + if (readlink_malloc("/var/run", &var_run) < 0 || !PATH_IN_SET(var_run, "../run", "/run")) + stage[n++] = "var-run-bad"; + diff --git a/systemd.spec b/systemd.spec index b06d182..2e6a0f4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -47,7 +47,7 @@ Name: systemd Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. -Version: %{?version_override}%{!?version_override:256.7} +Version: %{?version_override}%{!?version_override:256.17} Release: %autorelease %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -57,12 +57,14 @@ License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager # download tarballs with "spectool -g systemd.spec" -%if %{defined branch} +# packit will always rewrite the first Source0 it finds, ignoring any conditionals so list +# the fallback source that's used if neither %%branch nor %%commit are defined first. +%if %{undefined branch} && %{undefined commit} +Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz +%elif %{defined branch} Source0: https://github.com/systemd/systemd/archive/refs/heads/%{branch}.tar.gz %elif %{defined commit} Source0: https://github.com/systemd/systemd/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -%else -Source0: https://github.com/systemd/systemd/archive/v%{version_no_tilde}/%{name}-%{version_no_tilde}.tar.gz %endif # This file must be available before %%prep. # It is generated during systemd build and can be found in build/src/core/. @@ -124,6 +126,9 @@ Patch0491: https://github.com/systemd/systemd/pull/30846.patch # Soft-disable tmpfiles --purge until a good use case comes up. Patch0492: 0001-tmpfiles-make-purge-hard-to-mis-use.patch +# Remove the unmerged-bin taint for F41, this will be done in F42 +Patch0500: systemd-unmerged-bin.patch + %ifarch %{ix86} x86_64 aarch64 riscv64 %global want_bootloader 1 %endif @@ -251,6 +256,7 @@ Requires: %{name}-libs%{_isa} = %{version}-%{release} %{?fedora:Recommends: %{name}-resolved = %{version}-%{release}} Recommends: diffutils Requires: (util-linux-core or util-linux) +Requires: (libbpf >= 2:1.4.7 if libbpf) Provides: /bin/systemctl Provides: /sbin/shutdown Provides: syslog @@ -492,7 +498,7 @@ Requires: (systemd-boot if %{shrink:( )}) Requires: python3dist(pefile) %if 0%{?fedora} -Requires: python3dist(zstd) +Requires: python3dist(zstandard) %endif Requires: python3dist(cryptography) %if 0%{?fedora} @@ -543,7 +549,11 @@ Requires: %{name}%{_isa} = %{version}-%{release} Requires(post): systemd%{_isa} = %{version}-%{release} Requires(preun): systemd%{_isa} = %{version}-%{release} Requires(postun): systemd%{_isa} = %{version}-%{release} -# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +# For systemd-vmspawn which uses qemu: +Recommends: qemu-kvm-core +Recommends: qemu-device-display-virtio-gpu +Recommends: qemu-device-display-virtio-vga +# Obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) Obsoletes: %{name} < 229-5 # Bias the system towards libcurl-minimal if nothing pulls in full libcurl (#1997040) Suggests: libcurl-minimal @@ -1022,6 +1032,15 @@ mv %{buildroot}/usr/lib/tmpfiles.d/20-systemd-userdb.conf{,.example} install -m 0644 -t %{buildroot}%{_prefix}/lib/pam.d/ %{SOURCE26} +# Disable freezing of user sessions while we're working out the details. +mkdir -p %{buildroot}/usr/lib/systemd/system/service.d/ +cat >>%{buildroot}/usr/lib/systemd/system/service.d/50-keep-warm.conf </dev/null || : if [ -L /etc/resolv.conf ] && \ realpath /etc/resolv.conf | grep ^/run/systemd/resolve/; then rm -f /etc/resolv.conf # no longer useful