Fix riscv seccomp patch

Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>

0001-Add-riscv-SECCOMP-support.patch

@@ -0,0 +1,250 @@
+From 5231b108f5d5924381e58182f8fd2592d1077caf Mon Sep 17 00:00:00 2001
+From: David Abdurachmanov <davidlt@rivosinc.com>
+Date: Fri, 10 Jun 2022 15:58:34 +0300
+Subject: [PATCH] Add riscv SECCOMP support
+
+Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
+
+diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
+index fc79870..e4daadc 100644
+--- a/src/basic/missing_syscall.h
++++ b/src/basic/missing_syscall.h
+@@ -81,6 +81,8 @@ static inline int missing_pivot_root(const char *new_root, const char *put_old)
+ #      define __NR_memfd_create 356
+ #    elif defined __arc__
+ #      define __NR_memfd_create 279
++#    elif defined __riscv
++#      define __NR_memfd_create 279
+ #    else
+ #      warning "__NR_memfd_create unknown for your architecture"
+ #    endif
+@@ -134,6 +136,8 @@ static inline int missing_memfd_create(const char *name, unsigned int flags) {
+ #      endif
+ #    elif defined(__arc__)
+ #      define __NR_getrandom 278
++#    elif defined(__riscv)
++#      define __NR_getrandom 278
+ #    else
+ #      warning "__NR_getrandom unknown for your architecture"
+ #    endif
+@@ -179,6 +183,8 @@ static inline pid_t missing_gettid(void) {
+ #      define __NR_name_to_handle_at 345
+ #    elif defined(__arc__)
+ #      define __NR_name_to_handle_at 264
++#    elif defined(__riscv)
++#      define __NR_name_to_handle_at 264
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define systemd_NR_name_to_handle_at systemd_SC_arch_bias(339)
+@@ -224,6 +230,8 @@ static inline int missing_name_to_handle_at(int fd, const char *name, struct fil
+ #      define __NR_setns 346
+ #    elif defined(__arc__)
+ #      define __NR_setns 268
++#    elif defined(__riscv)
++#      define __NR_setns 268
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define systemd_NR_setns systemd_SC_arch_bias(344)
+@@ -291,6 +299,8 @@ static inline pid_t raw_getpid(void) {
+ #      define __NR_renameat2 347
+ #    elif defined __arc__
+ #      define __NR_renameat2 276
++#    elif defined __riscv
++#      define __NR_renameat2 276
+ #    else
+ #      warning "__NR_renameat2 unknown for your architecture"
+ #    endif
+@@ -382,6 +392,8 @@ static inline key_serial_t missing_request_key(const char *type, const char *des
+ #      define __NR_copy_file_range 379
+ #    elif defined __arc__
+ #      define __NR_copy_file_range 285
++#    elif defined __riscv
++#      define __NR_copy_file_range 285
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define systemd_NR_copy_file_range systemd_SC_arch_bias(360)
+@@ -432,6 +444,8 @@ static inline ssize_t missing_copy_file_range(int fd_in, loff_t *off_in,
+ #      define __NR_bpf 351
+ #    elif defined __tilegx__
+ #      define __NR_bpf 280
++#    elif defined __riscv
++#      define __NR_bpf 280
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define systemd_NR_bpf systemd_SC_arch_bias(355)
+@@ -479,6 +493,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+ #      define __NR_pkey_mprotect 386
+ #    elif defined __s390__
+ #      define __NR_pkey_mprotect 384
++#    elif defined __riscv
++#      define __NR_pkey_mprotect 288
+ #    elif defined _MIPS_SIM
+ #      if _MIPS_SIM == _MIPS_SIM_ABI32
+ #        define __NR_pkey_mprotect 4363
+@@ -489,6 +505,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+ #      if _MIPS_SIM == _MIPS_SIM_ABI64
+ #        define __NR_pkey_mprotect 5323
+ #      endif
++#    elif defined __riscv
++#      define __NR_pkey_mprotect 288
+ #    else
+ #      warning "__NR_pkey_mprotect not defined for your architecture"
+ #    endif
+@@ -513,6 +531,8 @@ static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+ #      define __NR_statx 383
+ #    elif defined __sparc__
+ #      define __NR_statx 360
++#    elif defined __riscv
++#      define __NR_statx 291
+ #    elif defined __x86_64__
+ #      define __NR_statx systemd_SC_arch_bias(332)
+ #    elif defined _MIPS_SIM
+diff --git a/src/basic/virt.c b/src/basic/virt.c
+index 35acc73..6da76d5 100644
+--- a/src/basic/virt.c
++++ b/src/basic/virt.c
+@@ -84,7 +84,7 @@ static int detect_vm_cpuid(void) {
+ }
+ 
+ static int detect_vm_device_tree(void) {
+-#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__) || defined(__powerpc64__)
++#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__) || defined(__powerpc64__) || defined(__riscv)
+         _cleanup_free_ char *hvtype = NULL;
+         int r;
+ 
+@@ -134,7 +134,7 @@ static int detect_vm_device_tree(void) {
+ }
+ 
+ static int detect_vm_dmi(void) {
+-#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+ 
+         static const char *const dmi_vendors[] = {
+                 "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index 3f91b75..ab61915 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -90,6 +90,8 @@ const uint32_t seccomp_local_archs[] = {
+                 SCMP_ARCH_S390X,      /* native */
+ #elif defined(__s390__)
+                 SCMP_ARCH_S390,
++#elif defined(__riscv) && __riscv_xlen == 64
++                SCMP_ARCH_RISCV64,    /* native */
+ #endif
+                 (uint32_t) -1
+         };
+@@ -135,6 +137,8 @@ const char* seccomp_arch_to_string(uint32_t c) {
+                 return "s390";
+         case SCMP_ARCH_S390X:
+                 return "s390x";
++        case SCMP_ARCH_RISCV64:
++                return "riscv64";
+         default:
+                 return NULL;
+         }
+@@ -180,6 +184,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) {
+                 *ret = SCMP_ARCH_S390;
+         else if (streq(n, "s390x"))
+                 *ret = SCMP_ARCH_S390X;
++        else if (streq(n, "riscv64"))
++                *ret = SCMP_ARCH_RISCV64;
+         else
+                 return -EINVAL;
+ 
+@@ -1339,6 +1345,7 @@ int seccomp_restrict_address_families(Set *address_families, bool allow_list) {
+                 case SCMP_ARCH_MIPS64N32:
+                 case SCMP_ARCH_MIPSEL64:
+                 case SCMP_ARCH_MIPS64:
++                case SCMP_ARCH_RISCV64:
+                         /* These we know we support (i.e. are the ones that do not use socketcall()) */
+                         supported = true;
+                         break;
+@@ -1579,7 +1586,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp,
+ }
+ 
+ /* For known architectures, check that syscalls are indeed defined or not. */
+-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+ assert_cc(SCMP_SYS(shmget) > 0);
+ assert_cc(SCMP_SYS(shmat) > 0);
+ assert_cc(SCMP_SYS(shmdt) > 0);
+@@ -1624,13 +1631,14 @@ int seccomp_memory_deny_write_execute(void) {
+                 case SCMP_ARCH_X86_64:
+                 case SCMP_ARCH_X32:
+                 case SCMP_ARCH_AARCH64:
+-                        filter_syscall = SCMP_SYS(mmap); /* amd64, x32 and arm64 have only mmap */
++				case SCMP_ARCH_RISCV64:
++                        filter_syscall = SCMP_SYS(mmap); /* amd64, x32. arm64 and riscv64 have only mmap */
+                         shmat_syscall = SCMP_SYS(shmat);
+                         break;
+ 
+                 /* Please add more definitions here, if you port systemd to other architectures! */
+ 
+-#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__)
++#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__s390__) && !defined(__s390x__) && !defined(__riscv)
+ #warning "Consider adding the right mmap() syscall definitions here!"
+ #endif
+                 }
+diff --git a/src/test/test-execute.c b/src/test/test-execute.c
+index 9ca0620..e673ea9 100644
+--- a/src/test/test-execute.c
++++ b/src/test/test-execute.c
+@@ -277,6 +277,9 @@ static void test_exec_personality(Manager *m) {
+ #elif defined(__aarch64__)
+         test(__func__, m, "exec-personality-aarch64.service", 0, CLD_EXITED);
+ 
++#elif defined(__riscv__) && __riscv_xlen == 64
++        test(__func__, m, "exec-personality-riscv64.service", 0, CLD_EXITED);
++
+ #elif defined(__i386__)
+         test(__func__, m, "exec-personality-x86.service", 0, CLD_EXITED);
+ #else
+diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
+index b685c2d..8647656 100644
+--- a/src/test/test-seccomp.c
++++ b/src/test/test-seccomp.c
+@@ -74,7 +74,8 @@ static void test_architecture_table(void) {
+                        "ppc64\0"
+                        "ppc64-le\0"
+                        "s390\0"
+-                       "s390x\0") {
++                       "s390x\0"
++                       "riscv64\0") {
+                 uint32_t c;
+ 
+                 assert_se(seccomp_arch_from_string(n, &c) >= 0);
+@@ -538,7 +539,7 @@ static void test_memory_deny_write_execute_mmap(void) {
+                 assert_se(seccomp_memory_deny_write_execute() >= 0);
+ 
+                 p = mmap(NULL, page_size(), PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1,0);
+-#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+                 assert_se(p == MAP_FAILED);
+                 assert_se(errno == EPERM);
+ #endif
+@@ -602,7 +603,7 @@ static void test_memory_deny_write_execute_shmat(void) {
+ 
+                 p = shmat(shmid, NULL, SHM_EXEC);
+                 log_debug_errno(p == MAP_FAILED ? errno : 0, "shmat(SHM_EXEC): %m");
+-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__riscv)
+                 assert_se(p == MAP_FAILED);
+                 assert_se(errno == EPERM);
+ #endif
+diff --git a/test/test-execute/exec-personality-riscv64.service b/test/test-execute/exec-personality-riscv64.service
+new file mode 100644
+index 0000000..ab20396
+--- /dev/null
++++ b/test/test-execute/exec-personality-riscv64.service
+@@ -0,0 +1,7 @@
++[Unit]
++Description=Test for Personality=riscv64
++
++[Service]
++ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "riscv64")'
++Type=oneshot
++Personality=riscv64
+-- 
+2.35.1
+

0001-Do-not-assert-in-test_add_acls_for_user.patch

@@ -0,0 +1,42 @@
+From b177b0ef92d226a9f303aecbff0cf2e7293667b3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 8 Aug 2020 09:21:37 +0200
+Subject: [PATCH] Do not assert in test_add_acls_for_user()
+
+This is failing on s390x with:
+/* test_add_acls_for_user */
+add_acls_for_user(3, 1000): Invalid argument
+Assertion 'r >= 0' failed at src/test/test-acl-util.c:46, function test_add_acls_for_user(). Aborting.
+---
+ src/test/test-acl-util.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/src/test/test-acl-util.c b/src/test/test-acl-util.c
+index 9f0e594e67..a91d64ab0c 100644
+--- a/src/test/test-acl-util.c
++++ b/src/test/test-acl-util.c
+@@ -43,24 +43,20 @@ static void test_add_acls_for_user(void) {
+ 
+         r = add_acls_for_user(fd, uid);
+         log_info_errno(r, "add_acls_for_user(%d, "UID_FMT"): %m", fd, uid);
+-        assert_se(r >= 0);
+ 
+         cmd = strjoina("ls -l ", fn);
+         assert_se(system(cmd) == 0);
+ 
+         cmd = strjoina("getfacl -p ", fn);
+-        assert_se(system(cmd) == 0);
+ 
+         /* set the acls again */
+ 
+         r = add_acls_for_user(fd, uid);
+-        assert_se(r >= 0);
+ 
+         cmd = strjoina("ls -l ", fn);
+         assert_se(system(cmd) == 0);
+ 
+         cmd = strjoina("getfacl -p ", fn);
+-        assert_se(system(cmd) == 0);
+ 
+         unlink(fn);
+ }

0001-Revert-test-path-increase-timeout.patch

@@ -0,0 +1,30 @@
+From a73d30081a13eaeffce87f997726a179ec44d817 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 31 Jul 2020 10:50:37 +0200
+Subject: [PATCH 1/4] Revert "test-path: increase timeout"
+
+This partially reverts commit 500727c220354b81b68ed6667d9a6f0fafe3ba19.
+
+I was confused by the error message: the test says it timed out, but that's
+because it's waiting for a failed unit to come back to life. There is no actual
+timeout.
+
+So let's keep the minor refactoring that was done, but revert to the old short
+timeout.
+---
+ src/test/test-path.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/test/test-path.c b/src/test/test-path.c
+index 1075f31bc6..63b709c8da 100644
+--- a/src/test/test-path.c
++++ b/src/test/test-path.c
+@@ -82,7 +82,7 @@ static void check_states(Manager *m, Path *path, Service *service, PathState pat
+         assert_se(m);
+         assert_se(service);
+ 
+-        usec_t end = now(CLOCK_MONOTONIC) + 30 * USEC_PER_SEC;
++        usec_t end = now(CLOCK_MONOTONIC) + 2 * USEC_PER_SEC;
+ 
+         while (path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS ||
+                path->state != path_state || service->state != service_state) {

0001-test-acl-util-output-more-debug-info.patch

@@ -0,0 +1,46 @@
+From 8cad57ed62a642515670ba79dddb30193456e803 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 7 Aug 2020 18:54:37 +0200
+Subject: [PATCH] test-acl-util: output more debug info
+
+For some reason this failed in koji build on s390x:
+--- command ---
+16:12:46 PATH='/builddir/build/BUILD/systemd-stable-246.1/s390x-redhat-linux-gnu:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin' SYSTEMD_LANGUAGE_FALLBACK_MAP='/builddir/build/BUILD/systemd-stable-246.1/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/builddir/build/BUILD/systemd-stable-246.1/src/locale/kbd-model-map' /builddir/build/BUILD/systemd-stable-246.1/s390x-redhat-linux-gnu/test-acl-util
+--- stdout ---
+-rw-r-----. 1 mockbuild mock 0 Aug  7 16:12 /tmp/test-empty.7RzmEc
+other::---
+--- stderr ---
+Assertion 'r >= 0' failed at src/test/test-acl-util.c:42, function test_add_acls_for_user(). Aborting.
+---
+ src/test/test-acl-util.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/test/test-acl-util.c b/src/test/test-acl-util.c
+index df879747f5..9f0e594e67 100644
+--- a/src/test/test-acl-util.c
++++ b/src/test/test-acl-util.c
+@@ -7,6 +7,7 @@
+ 
+ #include "acl-util.h"
+ #include "fd-util.h"
++#include "format-util.h"
+ #include "string-util.h"
+ #include "tmpfile-util.h"
+ #include "user-util.h"
+@@ -18,6 +19,8 @@ static void test_add_acls_for_user(void) {
+         uid_t uid;
+         int r;
+ 
++        log_info("/* %s */", __func__);
++
+         fd = mkostemp_safe(fn);
+         assert_se(fd >= 0);
+ 
+@@ -39,6 +42,7 @@ static void test_add_acls_for_user(void) {
+                 uid = getuid();
+ 
+         r = add_acls_for_user(fd, uid);
++        log_info_errno(r, "add_acls_for_user(%d, "UID_FMT"): %m", fd, uid);
+         assert_se(r >= 0);
+ 
+         cmd = strjoina("ls -l ", fn);

0001-test-path-util-do-not-fail-if-the-fd_is_mount_point-.patch

@@ -1,70 +0,0 @@
-From 2e9d763e7cbeb33954bbe3f96fd94de2cd62edf7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 12 Nov 2020 14:28:24 +0100
-Subject: [PATCH] test-path-util: do not fail if the fd_is_mount_point check
- fails
-
-This test fails on i686 and ppc64le in koji:
-/* test_path */
-Assertion 'fd_is_mount_point(fd, "/", 0) > 0' failed at src/test/test-path-util.c:85, function test_path(). Aborting.
-
-I guess some permission error is the most likely.
----
- src/test/test-path-util.c | 23 +++++++++++++++++------
- 1 file changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
-index f4f8d0550b..be428334f3 100644
---- a/src/test/test-path-util.c
-+++ b/src/test/test-path-util.c
-@@ -40,8 +40,6 @@ static void test_path_simplify(const char *in, const char *out, const char *out_
- }
- 
- static void test_path(void) {
--        _cleanup_close_ int fd = -1;
--
-         log_info("/* %s */", __func__);
- 
-         test_path_compare("/goo", "/goo", 0);
-@@ -80,10 +78,6 @@ static void test_path(void) {
-         assert_se(streq(basename("/aa///file..."), "file..."));
-         assert_se(streq(basename("file.../"), ""));
- 
--        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
--        assert_se(fd >= 0);
--        assert_se(fd_is_mount_point(fd, "/", 0) > 0);
--
-         test_path_simplify("aaa/bbb////ccc", "aaa/bbb/ccc", "aaa/bbb/ccc");
-         test_path_simplify("//aaa/.////ccc", "/aaa/./ccc", "/aaa/ccc");
-         test_path_simplify("///", "/", "/");
-@@ -120,6 +114,22 @@ static void test_path(void) {
-         assert_se(!path_equal_ptr(NULL, "/a"));
- }
- 
-+static void test_path_is_mountpoint(void) {
-+        _cleanup_close_ int fd = -1;
-+        int r;
-+
-+        log_info("/* %s */", __func__);
-+
-+        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
-+        assert_se(fd >= 0);
-+
-+        r = fd_is_mount_point(fd, "/", 0);
-+        if (r < 0)
-+                log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
-+        else
-+                assert_se(r == 1);
-+}
-+
- static void test_path_equal_root(void) {
-         /* Nail down the details of how path_equal("/", ...) works. */
- 
-@@ -714,6 +724,7 @@ int main(int argc, char **argv) {
- 
-         test_print_paths();
-         test_path();
-+        test_path_is_mountpoint();
-         test_path_equal_root();
-         test_find_executable_full();
-         test_find_executable(argv[0]);

0001-test-path-util-ignore-test-failure.patch

@@ -1,33 +0,0 @@
-From e8bca4ba55f855260eda684a16e8feb5f20b1deb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 12 Nov 2020 15:06:12 +0100
-Subject: [PATCH] test-path-util: ignore test failure
-
----
- src/test/test-path-util.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
-index be428334f3..207c659b8b 100644
---- a/src/test/test-path-util.c
-+++ b/src/test/test-path-util.c
-@@ -120,14 +120,17 @@ static void test_path_is_mountpoint(void) {
- 
-         log_info("/* %s */", __func__);
- 
-+        (void) system("uname -a");
-+        (void) system("mountpoint /");
-+
-         fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
-         assert_se(fd >= 0);
- 
-         r = fd_is_mount_point(fd, "/", 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
--        else
--                assert_se(r == 1);
-+        else if (r == 0)
-+                log_warning("/ is not a mountpoint?");
- }
- 
- static void test_path_equal_root(void) {

0002-test-path-more-debugging-information.patch

@@ -0,0 +1,78 @@
+From 4c38dcdc8d8f22dddc521faedad6a4f45fa81d63 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 14 Sep 2020 08:56:28 +0200
+Subject: [PATCH 2/4] test-path: more debugging information
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Just to make it easier to grok what happens when test-path fails.
+Change printf→log_info so that output is interleaved and not split in two
+independent parts in log files.
+---
+ src/test/test-path.c | 31 ++++++++++++++++++-------------
+ 1 file changed, 18 insertions(+), 13 deletions(-)
+
+diff --git a/src/test/test-path.c b/src/test/test-path.c
+index 63b709c8da..84dcf5e37d 100644
+--- a/src/test/test-path.c
++++ b/src/test/test-path.c
+@@ -1,7 +1,6 @@
+ /* SPDX-License-Identifier: LGPL-2.1+ */
+ 
+ #include <stdbool.h>
+-#include <stdio.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ 
+@@ -78,32 +77,38 @@ static Service *service_for_path(Manager *m, Path *path, const char *service_nam
+         return SERVICE(service_unit);
+ }
+ 
+-static void check_states(Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
++static void _check_states(unsigned line,
++                          Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
+         assert_se(m);
+         assert_se(service);
+ 
+         usec_t end = now(CLOCK_MONOTONIC) + 2 * USEC_PER_SEC;
+ 
+-        while (path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS ||
+-               path->state != path_state || service->state != service_state) {
++        while (path->state != path_state || service->state != service_state ||
++               path->result != PATH_SUCCESS || service->result != SERVICE_SUCCESS) {
+ 
+                 assert_se(sd_event_run(m->event, 100 * USEC_PER_MSEC) >= 0);
+ 
+-                printf("%s: state = %s; result = %s \n",
+-                                UNIT(path)->id,
+-                                path_state_to_string(path->state),
+-                                path_result_to_string(path->result));
+-                printf("%s: state = %s; result = %s \n",
+-                                UNIT(service)->id,
+-                                service_state_to_string(service->state),
+-                                service_result_to_string(service->result));
++                usec_t n = now(CLOCK_MONOTONIC);
++                log_info("line %d: %s: state = %s; result = %s (left: %" PRIi64 ")",
++                         line,
++                         UNIT(path)->id,
++                         path_state_to_string(path->state),
++                         path_result_to_string(path->result),
++                         end - n);
++                log_info("line %d: %s: state = %s; result = %s",
++                         line,
++                         UNIT(service)->id,
++                         service_state_to_string(service->state),
++                         service_result_to_string(service->result));
+ 
+-                if (now(CLOCK_MONOTONIC) >= end) {
++                if (n >= end) {
+                         log_error("Test timeout when testing %s", UNIT(path)->id);
+                         exit(EXIT_FAILURE);
+                 }
+         }
+ }
++#define check_states(...) _check_states(__LINE__, __VA_ARGS__)
+ 
+ static void test_path_exists(Manager *m) {
+         const char *test_path = "/tmp/test-path_exists";

0003-test-path-do-not-fail-the-test-if-we-fail-to-start-s.patch

@@ -0,0 +1,245 @@
+From 67c6ff720796bc97f262ba93c6ea87da93b04a1a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 31 Jul 2020 10:36:57 +0200
+Subject: [PATCH 3/4] test-path: do not fail the test if we fail to start some
+ service
+
+The test was failing because it couldn't start the service:
+
+path-modified.service: state = failed; result = exit-code
+path-modified.path: state = waiting; result = success
+path-modified.service: state = failed; result = exit-code
+path-modified.path: state = waiting; result = success
+path-modified.service: state = failed; result = exit-code
+path-modified.path: state = waiting; result = success
+path-modified.service: state = failed; result = exit-code
+path-modified.path: state = waiting; result = success
+path-modified.service: state = failed; result = exit-code
+path-modified.path: state = waiting; result = success
+path-modified.service: state = failed; result = exit-code
+Failed to connect to system bus: No such file or directory
+-.slice: Failed to enable/disable controllers on cgroup /system.slice/kojid.service, ignoring: Permission denied
+path-modified.service: Failed to create cgroup /system.slice/kojid.service/path-modified.service: Permission denied
+path-modified.service: Failed to attach to cgroup /system.slice/kojid.service/path-modified.service: No such file or directory
+path-modified.service: Failed at step CGROUP spawning /bin/true: No such file or directory
+path-modified.service: Main process exited, code=exited, status=219/CGROUP
+path-modified.service: Failed with result 'exit-code'.
+Test timeout when testing path-modified.path
+
+In fact any of the services that we try to start may fail, especially
+considering that we're doing some rogue cgroup operations. See
+https://github.com/systemd/systemd/pull/16603#issuecomment-679133641.
+---
+ src/test/test-path.c | 88 ++++++++++++++++++++++++++++++--------------
+ 1 file changed, 61 insertions(+), 27 deletions(-)
+
+diff --git a/src/test/test-path.c b/src/test/test-path.c
+index 84dcf5e37d..d6c37b77e6 100644
+--- a/src/test/test-path.c
++++ b/src/test/test-path.c
+@@ -77,8 +77,8 @@ static Service *service_for_path(Manager *m, Path *path, const char *service_nam
+         return SERVICE(service_unit);
+ }
+ 
+-static void _check_states(unsigned line,
+-                          Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
++static int _check_states(unsigned line,
++                         Manager *m, Path *path, Service *service, PathState path_state, ServiceState service_state) {
+         assert_se(m);
+         assert_se(service);
+ 
+@@ -102,11 +102,20 @@ static void _check_states(unsigned line,
+                          service_state_to_string(service->state),
+                          service_result_to_string(service->result));
+ 
++                if (service->state == SERVICE_FAILED)
++                        return log_notice_errno(SYNTHETIC_ERRNO(ECANCELED),
++                                                "Failed to start service %s, aborting test: %s/%s",
++                                                UNIT(service)->id,
++                                                service_state_to_string(service->state),
++                                                service_result_to_string(service->result));
++
+                 if (n >= end) {
+                         log_error("Test timeout when testing %s", UNIT(path)->id);
+                         exit(EXIT_FAILURE);
+                 }
+         }
++
++        return 0;
+ }
+ #define check_states(...) _check_states(__LINE__, __VA_ARGS__)
+ 
+@@ -124,18 +133,22 @@ static void test_path_exists(Manager *m) {
+         service = service_for_path(m, path, NULL);
+ 
+         assert_se(unit_start(unit) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(touch(test_path) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         /* Service restarts if file still exists */
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(unit_stop(unit) >= 0);
+ }
+@@ -154,18 +167,22 @@ static void test_path_existsglob(Manager *m) {
+         service = service_for_path(m, path, NULL);
+ 
+         assert_se(unit_start(unit) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(touch(test_path) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         /* Service restarts if file still exists */
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(unit_stop(unit) >= 0);
+ }
+@@ -185,23 +202,28 @@ static void test_path_changed(Manager *m) {
+         service = service_for_path(m, path, NULL);
+ 
+         assert_se(unit_start(unit) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(touch(test_path) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         /* Service does not restart if file still exists */
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         f = fopen(test_path, "w");
+         assert_se(f);
+         fclose(f);
+ 
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         (void) rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL);
+         assert_se(unit_stop(unit) >= 0);
+@@ -222,23 +244,28 @@ static void test_path_modified(Manager *m) {
+         service = service_for_path(m, path, NULL);
+ 
+         assert_se(unit_start(unit) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(touch(test_path) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         /* Service does not restart if file still exists */
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         f = fopen(test_path, "w");
+         assert_se(f);
+         fputs("test", f);
+ 
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         (void) rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL);
+         assert_se(unit_stop(unit) >= 0);
+@@ -258,14 +285,17 @@ static void test_path_unit(Manager *m) {
+         service = service_for_path(m, path, "path-mycustomunit.service");
+ 
+         assert_se(unit_start(unit) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(touch(test_path) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(unit_stop(unit) >= 0);
+ }
+@@ -286,22 +316,26 @@ static void test_path_directorynotempty(Manager *m) {
+         assert_se(access(test_path, F_OK) < 0);
+ 
+         assert_se(unit_start(unit) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         /* MakeDirectory default to no */
+         assert_se(access(test_path, F_OK) < 0);
+ 
+         assert_se(mkdir_p(test_path, 0755) >= 0);
+         assert_se(touch(strjoina(test_path, "test_file")) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         /* Service restarts if directory is still not empty */
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING);
++        if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0)
++                return;
+ 
+         assert_se(rm_rf(test_path, REMOVE_ROOT|REMOVE_PHYSICAL) == 0);
+         assert_se(unit_stop(UNIT(service)) >= 0);
+-        check_states(m, path, service, PATH_WAITING, SERVICE_DEAD);
++        if (check_states(m, path, service, PATH_WAITING, SERVICE_DEAD) < 0)
++                return;
+ 
+         assert_se(unit_stop(unit) >= 0);
+ }

sources

@@ -1 +1 @@
-SHA512 (systemd-247.1.tar.gz) = 2a737afcee4409c2be073d8cb650c3465a25c101b3c3072ea6e6a0614d06e3ed7ae55c84f9ae60555915ad1480b3a13aa72fef4b9210139afe6b0d7a7629385a
+SHA512 (systemd-246.15.tar.gz) = 71c8afb9de149b9f4b2f63c7a84e2ce2d897e90570692eaa75d8c99c345ad6cfc9717f93844ff1f582f65b7bdbb1166de1d4574cf6f4329edda8920a6c6bf536

systemd.spec

@@ -1,4 +1,4 @@
-#global commit c4b843473a75fb38ed5bf54e9d3cfb1cb3719efa
+#global commit 7f56c26d1041e686efa72b339250a98fb6ee8f00
 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
 
 %global stable 1
@@ -20,8 +20,8 @@
 
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
-Version:        247.1
-Release:        1%{?dist}
+Version:        246.15
+Release:        1.0.riscv64%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -71,11 +71,17 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
 # https://bugzilla.redhat.com/show_bug.cgi?id=1738828
 Patch0001:      use-bfq-scheduler.patch
 
-Patch0003:      0001-test-path-util-do-not-fail-if-the-fd_is_mount_point-.patch
-Patch0004:      0001-test-path-util-ignore-test-failure.patch
+Patch0002:      0001-Revert-test-path-increase-timeout.patch
+Patch0003:      0002-test-path-more-debugging-information.patch
+Patch0004:      0003-test-path-do-not-fail-the-test-if-we-fail-to-start-s.patch
+
+Patch0006:      0001-test-acl-util-output-more-debug-info.patch
+Patch0007:      0001-Do-not-assert-in-test_add_acls_for_user.patch
 
 Patch0009:      https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
 
+Patch0040:      0001-Add-riscv-SECCOMP-support.patch
+
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
 %endif
@@ -135,7 +141,9 @@ BuildRequires:  libseccomp-devel
 BuildRequires:  meson >= 0.43
 BuildRequires:  gettext
 # We use RUNNING_ON_VALGRIND in tests, so the headers need to be available
+%ifarch %{valgrind_arches}
 BuildRequires:  valgrind-devel
+%endif
 BuildRequires:  pkgconfig(bash-completion)
 BuildRequires:  perl
 BuildRequires:  perl(IPC::SysV)
@@ -179,16 +187,6 @@ Obsoletes:      %{name}-standalone-tmpfiles < %{version}-%{release}^
 Conflicts:      %{name}-standalone-sysusers < %{version}-%{release}^
 Obsoletes:      %{name}-standalone-sysusers < %{version}-%{release}^
 
-# Recommends to replace normal Requires deps for stuff that is dlopen()ed
-Recommends:     libcryptsetup.so.12()(64bit)
-Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit)
-Recommends:     libidn2.so.0()(64bit)
-Recommends:     libidn2.so.0(IDN2_0.0.0)(64bit)
-Recommends:     libpcre2-8.so.0()(64bit)
-Recommends:     libpwquality.so.1()(64bit)
-Recommends:     libpwquality.so.1(LIBPWQUALITY_1.0)(64bit)
-Recommends:     libqrencode.so.4()(64bit)
-
 %description
 systemd is a system and service manager that runs as PID 1 and starts
 the rest of the system. It provides aggressive parallelization
@@ -282,10 +280,6 @@ Requires:       kbd
 Provides:       u2f-hidraw-policy = 1.0.2-40
 Obsoletes:      u2f-hidraw-policy < 1.0.2-40
 
-# Recommends to replace normal Requires deps for stuff that is dlopen()ed
-Recommends:     libcryptsetup.so.12()(64bit)
-Recommends:     libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit)
-
 %description udev
 This package contains systemd-udev and the rules and hardware database
 needed to manage device nodes. This package is necessary on physical
@@ -376,7 +370,6 @@ systemd package and is meant for use in non-systemd systems.
 %{!?ntpvendor: echo 'NTP vendor zone is not set!'; exit 1}
 
 CONFIGURE_OPTS=(
-        -Dmode=release
         -Dsysvinit-path=/etc/rc.d/init.d
         -Drc-local=/etc/rc.d/rc.local
         -Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
@@ -433,7 +426,6 @@ CONFIGURE_OPTS=(
         -Dusers-gid=100
         -Dnobody-user=nobody
         -Dnobody-group=nobody
-        -Dcompat-mutable-uid-boundaries=true
         -Dsplit-usr=false
         -Dsplit-bin=true
 %if %{with lto}
@@ -449,7 +441,6 @@ CONFIGURE_OPTS=(
         # https://bugzilla.redhat.com/show_bug.cgi?id=1867830
         -Ddefault-mdns=no
         -Ddefault-llmnr=resolve
-        -Doomd=true
 )
 
 %meson "${CONFIGURE_OPTS[@]}"
@@ -840,7 +831,20 @@ getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2
 getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || :
 
 %post networkd
-%systemd_post systemd-networkd.service systemd-networkd-wait-online.service
+# systemd-networkd was split out in systemd-246.6-2.
+# Ideally, we would have a trigger scriptlet to record enablement
+# state when upgrading from systemd <= systemd-246.6-1. But, AFAICS,
+# rpm doesn't allow us to trigger on another package, short of
+# querying the rpm database ourselves, which seems risky. For rpm,
+# systemd and systemd-networkd are completely unrelated.  So let's use
+# a hack to detect if an old systemd version is currently present in
+# the file system.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1943263
+if [ $1 -eq 1 ] && ls /usr/lib/systemd/libsystemd-shared-24[0-6].so &>/dev/null; then
+    echo "Skipping presets for systemd-networkd.service, seems we are upgrading from old systemd."
+else
+    %systemd_post systemd-networkd.service systemd-networkd-wait-online.service
+fi
 
 %preun networkd
 %systemd_preun systemd-networkd.service systemd-networkd-wait-online.service
@@ -892,33 +896,67 @@ getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-net
 %files standalone-sysusers -f .file-list-standalone-sysusers
 
 %changelog
-* Tue Dec  1 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247.1-1
-- Latest stable release
-- Fixes #1902819.
-- Files to configure networking with systemd-networkd in a VM or container are
-  moved to systemd-networkd subpackage. (They were previously in the -container
-  subpackage, which is for container/VM management.)
+* Fri Jun 10 2022 David Abdurachmanov <davidlt@rivosinc.com> - 246.15-1.0.riscv64
+- Add SECCOMP support for RISC-V 64-bit (riscv64)
 
-* Thu Nov 26 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247-1
-- Update to the latest version
-- #1900878 should be fixed
+* Tue Jul 20 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.15-1
+- Various correctness and potential crash fixes (systemd-journald,
+  udev, systemctl, systemd, systemd-tmpfiles, systemd-resolved)
+- Better handling of very long sysfs paths
+- Compilation fixes for updated glibc and kernel headers
+- Addition of new syscalls to seccomp filters
+- Latvian and Spanish/Dvorak keyboard mappings
+- Shell completion fixes
+- Ignore FORCERENEW DHCP messages in systemd-networkd (TALOS-2020-1142,
+  CVE-2020-13529, #1959398)
+- by-uuid symlinks for ubifs volumes are now created
+- CVE-2021-33910, #1984020: an unchecked stack allocation could be used to
+  crash systemd and cause the system to reboot by creating a very long
+  fuse mountpoint path.
 
-* Tue Oct 20 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 247~rc2
-- New upstream pre-release. See
-  https://github.com/systemd/systemd/blob/v247-rc1/NEWS.
-  Many smaller and bigger improvements and features are introduced.
-  (#1885101, #1890632, #1879216)
+* Sat May 15 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.14-1
+- Do not preset systemd-networkd.service and systemd-networkd-wait-online.service
+  on upgrades from before systemd-networkd was split out (#1943263)
+- A bunch of patches for systemd-resolved (#1944171, #1949670)
+- Fix for systemd-tmpfiles (#1944468)
+- Various fixes for systemd, systemd-run, systemd-networkd, bootctl,
+  the shutdown sequence, documentation, logging, libsystemd, and shell
+  completions.
 
-  A backwards-incompatible change affects PCI network devices which
-  are connected through a bridge which is itself associated with a
-  slot. When more than one device was associated with the same slot,
-  one of the devices would pseudo-randomly get named after the slot.
-  That name is now not generated at all. This changed behaviour is
-  causes the net naming scheme to be changed to "v247". To restore
-  previous behaviour, specify net.naming-scheme=v245.
+* Wed Mar 24 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.13-1
+- Revert patch that seems to cause problems with dns resolution
+- A few minor fixes
 
-  systemd-oomd is built, but should not be considered "production
-  ready" at this point. Testing and bug reports are welcome.
+* Tue Mar 23 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.12-1
+- Latest bugfix release (#1941335, some documentation and
+  minor memory-access-correctness fixes).
+- Fix hang when processing timers during DST switch in Europe/Dublin timezone (#1941335)
+
+* Fri Mar 12 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.11-1
+- Latest bugfix release (#1933137, #1935084).
+
+* Tue Feb  2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.10-1
+- Latest bugfix release (#1903106, #1895937).
+- Fixes #1813219.
+
+* Mon Jan  4 2021 Owen Taylor <otaylor@redhat.com> - 246.9-3
+- Fix nss-resolve to properly fallback in a Flatpak sandbox
+
+* Sat Jan  2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.9-2
+- Fix bfq patch again (#1813219)
+
+* Wed Dec 16 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.9-1
+- Minor stable release
+
+* Tue Dec  8 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.7-2
+- Rebuild with fallback hostname change reverted.
+
+* Tue Dec  8 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.7-1
+- Update to latest stable release. Unfortunately this contains
+  a fairly large number of patches for a stable release (180+).
+  Fixes rhbz#1879216, rhbz#1890632, rhbz#1891847, rhbz#1885101.
+- Unset fallback-hostname as plenty of applications expected localhost
+  to mean "default hostname" without ever standardising it (#1892235)
 
 * Wed Sep 30 2020 Dusty Mabe <dusty@dustymabe.com> - 246.6-3
 - Try to make files in subpackages (especially the networkd subpackage)
@@ -941,6 +979,8 @@ getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-net
 - Update to latest stable release (a bunch of small network-related
   fixes in systemd-networkd and socket handling, documentation updates,
   a bunch of fixes for error handling).
+
+* Sun Sep 13 2020 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 246.4-2
 - Also remove existing file when creating /etc/resolv.conf symlink
   upon installation (#1873856 again)
 

use-bfq-scheduler.patch

@@ -20,11 +20,12 @@ new file mode 100644
 index 0000000000..480b941761
 --- /dev/null
 +++ b/rules.d/60-block-scheduler.rules
-@@ -0,0 +1,5 @@
+@@ -0,0 +1,6 @@
 +# do not edit this file, it will be overwritten on update
 +
 +ACTION=="add", SUBSYSTEM=="block", \
 +  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
++  ENV{DEVTYPE}=="disk", \
 +  ATTR{queue/scheduler}="bfq"
 diff --git a/rules.d/meson.build b/rules.d/meson.build
 index ca4445d774..38d6aa6970 100644