Version 254.20

- Various small fixes in multiple components
- Hardware database update

0001-journal-again-create-user-journals-for-users-with-hi.patch

@@ -0,0 +1,58 @@
+From 87d4f23ce4f82c39890e094bee05098d3a99d8f0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 9 Jan 2024 11:28:04 +0100
+Subject: [PATCH] journal: again create user journals for users with high uids
+
+This effectively reverts a change in 115d5145a257c1a27330acf9f063b5f4d910ca4d
+'journald: move uid_for_system_journal() to uid-alloc-range.h', which slipped
+in an additional check of uid_is_container(uid). The problem is that that change
+is not backwards-compatible at all and very hard for users to handle.
+There is no common agreement on mappings of high-range uids. Systemd declares
+ownership of a large range for container uids in https://systemd.io/UIDS-GIDS/,
+but this is only a recent change and various sites allocated those ranges
+in a different way, in particular FreeIPA uses (used?) uids from this range
+for human users. On big sites with lots of users changing uids is obviously a
+hard problem. We generally assume that uids cannot be "freed" and/or changed
+and/or reused safely, so we shouldn't demand the same from others.
+
+This is somewhat similar to the situation with SYSTEM_ALLOC_UID_MIN /
+SYSTEM_UID_MAX, which we tried to define to a fixed value in our code, causing
+huge problems for existing systems with were created with a different
+definition and couldn't be easily updated. For that case, we added a
+configuration time switch and we now parse /etc/login.defs to actually use the
+value that is appropriate for the local system.
+
+Unfortunately, login.defs doesn't have a concept of container allocation ranges
+(and we don't have code to parse and use those nonexistent names either), so we
+can't tell users to adjust logind.defs to work around the changed definition.
+
+login.defs has SUB_UID_{MIN,MAX}, but those aren't really the same thing,
+because they are used to define where the add allocations for subuids, which is
+generally a much smaller range. Maybe we should talk with other folks about
+the appropriate allocation ranges and define some new settings in login.defs.
+But this would require discussion and coordination with other projects first.
+
+Actualy, it seems that this change was needed at all. The code in the container
+does not log to the outside journal. It talks to its own journald, which does
+journal splitting using its internal logic based on shifted uids. So let's
+revert the change to fix user systems.
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2251843.
+---
+ src/basic/uid-alloc-range.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/basic/uid-alloc-range.c b/src/basic/uid-alloc-range.c
+index 669cb6d56f..7b724b7959 100644
+--- a/src/basic/uid-alloc-range.c
++++ b/src/basic/uid-alloc-range.c
+@@ -127,5 +127,5 @@ bool uid_for_system_journal(uid_t uid) {
+ 
+         /* Returns true if the specified UID shall get its data stored in the system journal. */
+ 
+-        return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY || uid_is_container(uid);
++        return uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY;
+ }
+-- 
+2.46.0
+

sources

@@ -1 +1 @@
-SHA512 (systemd-254.5.tar.gz) = 8e9b4f802c4da2a0dea6028df78d20de5d96802d8f614d0392e89dea605cdd8d9c1724ce3ea382378d582402646f8bea2ffcd55a84262461721ee3f691105b7a
+SHA512 (systemd-254.20.tar.gz) = 072a5b516c74e7d53c459f22fee9efbf11bf4a9504ee6e60a9ae7075623487a0764b49d770205413c8662cdb9a467dabc3dae2ed07ccf313f24355e1edc3090c

systemd.spec

@@ -35,7 +35,7 @@
 Name:           systemd
 Url:            https://systemd.io
 %if %{without inplace}
-Version:        254.5
+Version:        254.20
 %else
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
@@ -124,8 +124,12 @@ Patch0012:      0003-ci-add-test-for-poll-limit.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
 Patch0490:      use-bfq-scheduler.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2251843
+# https://github.com/systemd/systemd/pull/30846
+Patch0491:      0001-journal-again-create-user-journals-for-users-with-hi.patch
+
 # Adjust upstream config to use our shared stack
-Patch0491:      fedora-use-system-auth-in-pam-systemd-user.patch
+Patch0492:      fedora-use-system-auth-in-pam-systemd-user.patch
 
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
@@ -1070,6 +1074,24 @@ fi
 %preun networkd
 %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service
 
+%postun networkd
+%systemd_postun_with_restart systemd-networkd.service
+%systemd_postun systemd-networkd-wait-online.service
+
+%post resolved
+[ $1 -eq 1 ] || exit 0
+# Initial installation
+
+touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
+
+# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263
+if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then
+    echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd."
+    exit 0
+fi
+
+%systemd_post systemd-resolved.service
+
 %preun resolved
 if [ $1 -eq 0 ] ; then
         systemctl disable --quiet \
@@ -1085,19 +1107,8 @@ if [ $1 -eq 0 ] ; then
         fi
 fi
 
-%post resolved
-[ $1 -eq 1 ] || exit 0
-# Initial installation
-
-touch %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation
-
-# Related to https://bugzilla.redhat.com/show_bug.cgi?id=1943263
-if ls /usr/lib/systemd/libsystemd-shared-24[0-8].so &>/dev/null; then
-    echo "Skipping presets for systemd-resolved.service, seems we are upgrading from old systemd."
-    exit 0
-fi
-
-%systemd_post systemd-resolved.service
+%postun resolved
+%systemd_postun_with_restart systemd-resolved.service
 
 %posttrans resolved
 [ -e %{_localstatedir}/lib/rpm-state/systemd-resolved.initial-installation ] || exit 0