Version 246.15

For unknown reasons, sd-bus has trouble connecting to the filtered
D-Bus system proxy exported by Flatpak and the connection to the
bus is closed during authentication. Don't mistake this for a remote
error - that was causing a hard failure rather than a fallback.

0004-test-path-use-Type-exec.patch

@@ -1,94 +0,0 @@
-From 1a83d7234e374e991235f4ef21c56998f93cb875 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 14 Sep 2020 08:58:54 +0200
-Subject: [PATCH 4/4] test-path: use Type=exec
-
-In general, Type=exec is superior to Type=simple. Let's not assume that
-the service is started before it was really started.
----
- test/test-path/path-changed.service           | 2 +-
- test/test-path/path-directorynotempty.service | 2 +-
- test/test-path/path-exists.service            | 2 +-
- test/test-path/path-existsglob.service        | 2 +-
- test/test-path/path-makedirectory.service     | 2 +-
- test/test-path/path-modified.service          | 2 +-
- test/test-path/path-mycustomunit.service      | 2 +-
- 7 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/test/test-path/path-changed.service b/test/test-path/path-changed.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-changed.service
-+++ b/test/test-path/path-changed.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-directorynotempty.service b/test/test-path/path-directorynotempty.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-directorynotempty.service
-+++ b/test/test-path/path-directorynotempty.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-exists.service b/test/test-path/path-exists.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-exists.service
-+++ b/test/test-path/path-exists.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-existsglob.service b/test/test-path/path-existsglob.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-existsglob.service
-+++ b/test/test-path/path-existsglob.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-makedirectory.service b/test/test-path/path-makedirectory.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-makedirectory.service
-+++ b/test/test-path/path-makedirectory.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-modified.service b/test/test-path/path-modified.service
-index fb465d76bb..b75552df4f 100644
---- a/test/test-path/path-modified.service
-+++ b/test/test-path/path-modified.service
-@@ -3,5 +3,5 @@ Description=Service Test for Path units
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true
-diff --git a/test/test-path/path-mycustomunit.service b/test/test-path/path-mycustomunit.service
-index bcdafe4f30..8fbc40d13f 100644
---- a/test/test-path/path-mycustomunit.service
-+++ b/test/test-path/path-mycustomunit.service
-@@ -3,5 +3,5 @@ Description=Service Test Path Unit
- 
- [Service]
- ExecStart=/bin/true
--Type=simple
-+Type=exec
- RemainAfterExit=true

sources

@@ -1 +1 @@
-SHA512 (systemd-246.6.tar.gz) = 1936b291d9831cf61f800fe718a4c2c2fe9b2a11fd817fe32bd48da2087a675dfc91013209a3478ea52e8ada593300ed906e248b8081dcf9141bf1cc17483ea9
+SHA512 (systemd-246.15.tar.gz) = 71c8afb9de149b9f4b2f63c7a84e2ce2d897e90570692eaa75d8c99c345ad6cfc9717f93844ff1f582f65b7bdbb1166de1d4574cf6f4329edda8920a6c6bf536

split-files.py

@@ -72,12 +72,10 @@ for file in files(buildroot):
                        /machine.slice|
                        /machines.target|
                        var-lib-machines.mount|
-                       network/80-container|
-                       network/80-vm|
                        org.freedesktop.(import|machine)1
     ''', n, re.X):
         o = o_container
-    elif re.search(r'''/usr/lib/systemd/network/..-wifi|
+    elif re.search(r'''/usr/lib/systemd/network/80-|
                        networkd|
                        networkctl|
                        org.freedesktop.network1

systemd.spec

@@ -20,8 +20,8 @@
 
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
-Version:        246.6
-Release:        3%{?dist}
+Version:        246.15
+Release:        1%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -74,7 +74,6 @@ Patch0001:      use-bfq-scheduler.patch
 Patch0002:      0001-Revert-test-path-increase-timeout.patch
 Patch0003:      0002-test-path-more-debugging-information.patch
 Patch0004:      0003-test-path-do-not-fail-the-test-if-we-fail-to-start-s.patch
-Patch0005:      0004-test-path-use-Type-exec.patch
 
 Patch0006:      0001-test-acl-util-output-more-debug-info.patch
 Patch0007:      0001-Do-not-assert-in-test_add_acls_for_user.patch
@@ -142,6 +141,8 @@ BuildRequires:  gettext
 # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
 BuildRequires:  valgrind-devel
 BuildRequires:  pkgconfig(bash-completion)
+BuildRequires:  perl
+BuildRequires:  perl(IPC::SysV)
 
 Requires(post): coreutils
 Requires(post): sed
@@ -319,17 +320,16 @@ This package contains systemd-journal-gatewayd,
 systemd-journal-remote, and systemd-journal-upload.
 
 %package networkd
-Summary:        A system service that manages network configurations
+Summary:        System daemon that manages network configurations
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 License:        LGPLv2+
 # https://src.fedoraproject.org/rpms/systemd/pull-request/34
 Obsoletes:      systemd < 246.6-2
 
 %description networkd
-%{summary}.
-
-It detects and configures network devices as they appear,
-as well as creating virtual network devices.
+systemd-networkd is a system service that manages networks. It detects
+and configures network devices as they appear, as well as creating virtual
+network devices.
 
 %package tests
 Summary:       Internal unit tests for systemd
@@ -369,6 +369,7 @@ CONFIGURE_OPTS=(
         -Dsysvinit-path=/etc/rc.d/init.d
         -Drc-local=/etc/rc.d/rc.local
         -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
+        -Ddns-servers=
         -Duser-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
         -Dservice-watchdog=
         -Ddev-kvm-mode=0666
@@ -602,9 +603,6 @@ getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2
 getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || :
 getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || :
 
-getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || :
-getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || :
-
 getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || :
 getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || :
 
@@ -665,7 +663,17 @@ systemctl --global preset-all &>/dev/null || :
 # too before NetworkManager gets a chance. (systemd-tmpfiles invocation above
 # does not do this, because it's marked with ! and we don't specify --boot.)
 # https://bugzilla.redhat.com/show_bug.cgi?id=1873856
-if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
+#
+# If systemd is not running, don't overwrite the symlink because that
+# will immediately break DNS resolution, since systemd-resolved is
+# also not running (https://bugzilla.redhat.com/show_bug.cgi?id=1891847).
+#
+# Also don't creat the symlink to the stub when the stub is disabled (#1891847 again).
+if test -d /run/systemd/system/ &&
+   systemctl -q is-enabled systemd-resolved.service &>/dev/null &&
+   ! mountpoint /etc/resolv.conf &>/dev/null &&
+   ! systemd-analyze cat-config systemd/resolved.conf 2>/dev/null | \
+        grep -qE '^DNSStubListener\s*=\s*([nN][oO]?|[fF]|[fF][aA][lL][sS][eE]|0|[oO][fF][fF])$'; then
   ln -fsv ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
 fi
 
@@ -689,6 +697,7 @@ systemctl --no-reload preset systemd-resolved.service &>/dev/null || :
 if systemctl -q is-enabled systemd-resolved.service &>/dev/null; then
   systemctl -q is-enabled NetworkManager.service 2>/dev/null && \
   ! test -L /etc/resolv.conf 2>/dev/null && \
+  ! mountpoint /etc/resolv.conf &>/dev/null && \
   grep -q 'Generated by NetworkManager' /etc/resolv.conf 2>/dev/null && \
   echo -e '/etc/resolv.conf was generated by NetworkManager.\nRemoving it to let systemd-resolved manage this file.' && \
   mv -v /etc/resolv.conf /etc/resolv.conf.orig-with-nm && \
@@ -813,14 +822,29 @@ fi
 %systemd_postun_with_restart systemd-journal-upload.service
 %firewalld_reload
 
-%preun networkd
-if [ $1 -eq 0 ] ; then
-        systemctl disable --quiet \
-                systemd-networkd.service \
-                systemd-networkd-wait-online.service \
-                >/dev/null || :
+%pre networkd
+getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || :
+getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || :
+
+%post networkd
+# systemd-networkd was split out in systemd-246.6-2.
+# Ideally, we would have a trigger scriptlet to record enablement
+# state when upgrading from systemd <= systemd-246.6-1. But, AFAICS,
+# rpm doesn't allow us to trigger on another package, short of
+# querying the rpm database ourselves, which seems risky. For rpm,
+# systemd and systemd-networkd are completely unrelated.  So let's use
+# a hack to detect if an old systemd version is currently present in
+# the file system.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1943263
+if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then
+    echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd."
+else
+    %systemd_post systemd-networkd.service systemd-networkd-wait-online.service
 fi
 
+%preun networkd
+%systemd_preun systemd-networkd.service systemd-networkd-wait-online.service
+
 %global _docdir_fmt %{name}
 
 %files -f %{name}.lang -f .file-list-rest
@@ -868,6 +892,65 @@ fi
 %files standalone-sysusers -f .file-list-standalone-sysusers
 
 %changelog
+* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.15-1
+- Various correctness and potential crash fixes (systemd-journald,
+  udev, systemctl, systemd, systemd-tmpfiles, systemd-resolved)
+- Better handling of very long sysfs paths
+- Compilation fixes for updated glibc and kernel headers
+- Addition of new syscalls to seccomp filters
+- Latvian and Spanish/Dvorak keyboard mappings
+- Shell completion fixes
+- Ignore FORCERENEW DHCP messages in systemd-networkd (TALOS-2020-1142,
+  CVE-2020-13529, #1959398)
+- by-uuid symlinks for ubifs volumes are now created
+- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to
+  crash systemd and cause the system to reboot by creating a very long
+  fuse mountpoint path.
+
+* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.14-1
+- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service
+  on upgrades from before systemd-networkd was split out (#1943263)
+- A bunch of patches for systemd-resolved (#1944171, #1949670)
+- Fix for systemd-tmpfiles (#1944468)
+- Various fixes for systemd, systemd-run, systemd-networkd, bootctl,
+  the shutdown sequence, documentation, logging, libsystemd, and shell
+  completions.
+
+* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.13-1
+- Revert patch that seems to cause problems with dns resolution
+- A few minor fixes
+
+* Tue Mar 23 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.12-1
+- Latest bugfix release (#1941335, some documentation and
+  minor memory-access-correctness fixes).
+- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335)
+
+* Fri Mar 12 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.11-1
+- Latest bugfix release (#1933137, #1935084).
+
+* Tue Feb  2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.10-1
+- Latest bugfix release (#1903106, #1895937).
+- Fixes #1813219.
+
+* Mon Jan  4 2021 Owen Taylor <otaylor@redhat.com> - 246.9-3
+- Fix nss-resolve to properly fallback in a Flatpak sandbox
+
+* Sat Jan  2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.9-2
+- Fix bfq patch again (#1813219)
+
+* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.9-1
+- Minor stable release
+
+* Tue Dec  8 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.7-2
+- Rebuild with fallback hostname change reverted.
+
+* Tue Dec  8 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.7-1
+- Update to latest stable release. Unfortunately this contains
+  a fairly large number of patches for a stable release (180+).
+  Fixes rhbz#1879216, rhbz#1890632, rhbz#1891847, rhbz#1885101.
+- Unset fallback-hostname as plenty of applications expected localhost
+  to mean "default hostname" without ever standardising it (#1892235)
+
 * Wed Sep 30 2020 Dusty Mabe <dusty@dustymabe.com> - 246.6-3
 - Try to make files in subpackages (especially the networkd subpackage)
   more appropriate.
@@ -889,6 +972,8 @@ fi
 - Update to latest stable release (a bunch of small network-related
   fixes in systemd-networkd and socket handling, documentation updates,
   a bunch of fixes for error handling).
+
+* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.4-2
 - Also remove existing file when creating /etc/resolv.conf symlink
   upon installation (#1873856 again)
 

use-bfq-scheduler.patch

@@ -20,11 +20,12 @@ new file mode 100644
 index 0000000000..480b941761
 --- /dev/null
 +++ b/rules.d/60-block-scheduler.rules
-@@ -0,0 +1,5 @@
+@@ -0,0 +1,6 @@
 +# do not edit this file, it will be overwritten on update
 +
 +ACTION=="add", SUBSYSTEM=="block", \
 +  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
++  ENV{DEVTYPE}=="disk", \
 +  ATTR{queue/scheduler}="bfq"
 diff --git a/rules.d/meson.build b/rules.d/meson.build
 index ca4445d774..38d6aa6970 100644