Hello community, here is the log from the commit of package systemd for openSUSE:Factory checked in at 2014-05-17 21:46:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/systemd (Old) and /work/SRC/openSUSE:Factory/.systemd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "systemd" Changes: -------- --- /work/SRC/openSUSE:Factory/systemd/systemd-mini.changes 2014-05-13 20:46:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.systemd.new/systemd-mini.changes 2014-05-17 21:46:47.000000000 +0200 @@ -1,0 +2,22 @@ +Fri May 16 12:00:12 UTC 2014 - [email protected] + +- Make baselibs.conf aware to use the appropiate %post and %postun + scriptlets which includes pam-config (bnc#877674) + +------------------------------------------------------------------- +Fri May 16 11:47:06 UTC 2014 - [email protected] + +- Add upstram patches + 0001-core-close-socket-fds-asynchronously.patch + 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch + 0003-core-make-sure-to-serialize-jobs-for-all-units.patch + +------------------------------------------------------------------- +Wed May 14 07:37:08 UTC 2014 - [email protected] + +- Add upstram patches + 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch + 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch + to avoid that in pam session unwanted file descriptors are inherited + +------------------------------------------------------------------- systemd.changes: same change New: ---- 0001-core-close-socket-fds-asynchronously.patch 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch 0003-core-make-sure-to-serialize-jobs-for-all-units.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ systemd-mini.spec ++++++ --- /var/tmp/diff_new_pack.jmQuKq/_old 2014-05-17 21:46:50.000000000 +0200 +++ /var/tmp/diff_new_pack.jmQuKq/_new 2014-05-17 21:46:50.000000000 +0200 @@ -429,6 +429,16 @@ Patch218: 0005-backlight-handle-saved-brightness-exceeding-max-brig.patch # PATCH-FIX-SUSE Do not poison kmsg ring buffer with systemd/udev messages (bnc#877021) Patch219: log-target-null-instead-kmsg.patch +# PATCH-FIX-UPSTREAM added at 2014/05/14 +Patch220: 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch +# PATCH-FIX-UPSTREAM added at 2014/05/14 +Patch221: 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch +# PATCH-FIX-UPSTREAM added at 2014/05/16 +Patch222: 0001-core-close-socket-fds-asynchronously.patch +# PATCH-FIX-UPSTREAM added at 2014/05/16 +Patch223: 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch +# PATCH-FIX-UPSTREAM added at 2014/05/16 +Patch224: 0003-core-make-sure-to-serialize-jobs-for-all-units.patch # UDEV PATCHES # ============ @@ -833,6 +843,11 @@ %patch217 -p0 %patch218 -p0 %patch219 -p1 +%patch220 -p0 +%patch221 -p0 +%patch222 -p0 +%patch223 -p0 +%patch224 -p0 # udev patches %patch1001 -p1 ++++++ systemd.spec ++++++ --- /var/tmp/diff_new_pack.jmQuKq/_old 2014-05-17 21:46:50.000000000 +0200 +++ /var/tmp/diff_new_pack.jmQuKq/_new 2014-05-17 21:46:50.000000000 +0200 @@ -424,6 +424,16 @@ Patch218: 0005-backlight-handle-saved-brightness-exceeding-max-brig.patch # PATCH-FIX-SUSE Do not poison kmsg ring buffer with systemd/udev messages (bnc#877021) Patch219: log-target-null-instead-kmsg.patch +# PATCH-FIX-UPSTREAM added at 2014/05/14 +Patch220: 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch +# PATCH-FIX-UPSTREAM added at 2014/05/14 +Patch221: 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch +# PATCH-FIX-UPSTREAM added at 2014/05/16 +Patch222: 0001-core-close-socket-fds-asynchronously.patch +# PATCH-FIX-UPSTREAM added at 2014/05/16 +Patch223: 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch +# PATCH-FIX-UPSTREAM added at 2014/05/16 +Patch224: 0003-core-make-sure-to-serialize-jobs-for-all-units.patch # UDEV PATCHES # ============ @@ -828,6 +838,11 @@ %patch217 -p0 %patch218 -p0 %patch219 -p1 +%patch220 -p0 +%patch221 -p0 +%patch222 -p0 +%patch223 -p0 +%patch224 -p0 # udev patches %patch1001 -p1 ++++++ 0001-core-close-socket-fds-asynchronously.patch ++++++ Based on 574634bcacb01efe15ca2742effd461a5b7afb5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <[email protected]> Date: Tue, 13 May 2014 23:22:13 +0200 Subject: [PATCH] core: close socket fds asynchronously http://lists.freedesktop.org/archives/systemd-devel/2014-April/018928.html --- src/core/async.c | 22 ++++++++++++++++++++++ src/core/service.c | 5 +++-- 2 files changed, 25 insertions(+), 2 deletions(-) --- src/core/service.c +++ src/core/service.c 2014-05-16 11:41:50.150735247 +0000 @@ -25,6 +25,7 @@ #include <unistd.h> #include <sys/reboot.h> +#include "async.h" #include "manager.h" #include "unit.h" #include "service.h" @@ -240,7 +241,7 @@ static void service_close_socket_fd(Serv if (s->socket_fd < 0) return; - close_nointr_nofail(s->socket_fd); + asynchronous_close(s->socket_fd); s->socket_fd = -1; } @@ -2767,7 +2768,7 @@ static int service_deserialize_item(Unit else { if (s->socket_fd >= 0) - close_nointr_nofail(s->socket_fd); + asynchronous_close(s->socket_fd); s->socket_fd = fdset_remove(fds, fd); } } else if (streq(key, "main-exec-status-pid")) { --- src/core/async.c +++ src/core/async.c 2014-05-07 09:40:35.000000000 +0000 @@ -24,6 +24,7 @@ #include "async.h" #include "log.h" +#include "util.h" int asynchronous_job(void* (*func)(void *p), void *arg) { pthread_attr_t a; @@ -70,3 +71,24 @@ int asynchronous_sync(void) { return asynchronous_job(sync_thread, NULL); } + +static void *close_thread(void *p) { + close_nointr_nofail(PTR_TO_INT(p)); + return NULL; +} + +int asynchronous_close(int fd) { + int r; + + /* This is supposed to behave similar to safe_close(), but + * actually invoke close() asynchronously, so that it will + * never block. Ideally the kernel would have an API for this, + * but it doesn't, so we work around it, and hide this as a + * far away as we can. */ + + r = asynchronous_job(close_thread, INT_TO_PTR(fd)); + if (r < 0) + close_nointr_nofail(fd); + + return -1; +} ++++++ 0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch ++++++ >From ead349509e325aad720bb0349521a9e56e2ac7c0 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Tue, 13 May 2014 16:40:53 +0200 Subject: [PATCH] replace more dup() by F_DUPFD_CLOEXEC --- src/login/inhibit.c | 2 +- src/shared/install.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git src/login/inhibit.c src/login/inhibit.c index 48c2ec4..ae3afdf 100644 --- src/login/inhibit.c +++ src/login/inhibit.c @@ -64,7 +64,7 @@ static int inhibit(sd_bus *bus, sd_bus_error *error) { if (r < 0) return r; - r = dup(fd); + r = fcntl(fd, F_DUPFD_CLOEXEC, 3); if (r < 0) return -errno; diff --git src/shared/install.c src/shared/install.c index acfba25..9ce9403 100644 --- src/shared/install.c +++ src/shared/install.c @@ -332,7 +332,7 @@ static int remove_marked_symlinks( int q, cfd; deleted = false; - cfd = dup(fd); + cfd = fcntl(fd, F_DUPFD_CLOEXEC, 3); if (cfd < 0) { r = -errno; break; -- 1.7.9.2 ++++++ 0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch ++++++ >From 301f9684e6465df5d0590f6c571fe3229ded966d Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Thu, 15 May 2014 18:30:07 +0200 Subject: [PATCH] logind: bring polkit policy for hibernate in line with suspend/poweroff/reboot THere's no reason why hibernate should be better protected then suspendor poweroff, so sync the policies. --- src/login/org.freedesktop.login1.policy.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git src/login/org.freedesktop.login1.policy.in src/login/org.freedesktop.login1.policy.in index b96d32d..b8e90f1 100644 --- src/login/org.freedesktop.login1.policy.in +++ src/login/org.freedesktop.login1.policy.in @@ -254,7 +254,7 @@ <defaults> <allow_any>auth_admin_keep</allow_any> <allow_inactive>auth_admin_keep</allow_inactive> - <allow_active>auth_admin_keep</allow_active> + <allow_active>yes</allow_active> </defaults> <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.hibernate</annotate> </action> -- 1.7.9.2 ++++++ 0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch ++++++ >From 85c08dc013f9f99b58bc9b79284af0b35304237b Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Tue, 13 May 2014 16:35:34 +0200 Subject: [PATCH] pam_systemd: use F_DUPFD_CLOEXEC when dupping session fds http://lists.freedesktop.org/archives/systemd-devel/2014-May/019034.html --- src/login/pam-module.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git src/login/pam-module.c src/login/pam-module.c index 9873dd5..1259457 100644 --- src/login/pam-module.c +++ src/login/pam-module.c @@ -475,7 +475,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( } if (session_fd >= 0) { - session_fd = dup(session_fd); + session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3); if (session_fd < 0) { pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m"); return PAM_SESSION_ERR; -- 1.7.9.2 ++++++ 0003-core-make-sure-to-serialize-jobs-for-all-units.patch ++++++ >From 9bdb98c59451ed090f8d35d470a54710f389ce71 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Fri, 16 May 2014 01:15:03 +0200 Subject: [PATCH] core: make sure to serialize jobs for all units Previously we wouldn't serialize jobs for units that themselves have nothing to serialize. http://lists.freedesktop.org/archives/systemd-devel/2014-May/019051.html --- src/core/manager.c | 3 --- src/core/unit.c | 43 +++++++++++++++++++++---------------------- 2 files changed, 21 insertions(+), 25 deletions(-) diff --git src/core/manager.c src/core/manager.c index 1e3e127..d0af674 100644 --- src/core/manager.c +++ src/core/manager.c @@ -2131,9 +2131,6 @@ int manager_serialize(Manager *m, FILE *f, FDSet *fds, bool switching_root) { if (u->id != t) continue; - if (!unit_can_serialize(u)) - continue; - /* Start marker */ fputs(u->id, f); fputc('\n', f); diff --git src/core/unit.c src/core/unit.c index c4ed923..41651ba 100644 --- src/core/unit.c +++ src/core/unit.c @@ -2288,25 +2288,25 @@ bool unit_can_serialize(Unit *u) { } int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs) { - ExecRuntime *rt; int r; assert(u); assert(f); assert(fds); - if (!unit_can_serialize(u)) - return 0; - - r = UNIT_VTABLE(u)->serialize(u, f, fds); - if (r < 0) - return r; + if (unit_can_serialize(u)) { + ExecRuntime *rt; - rt = unit_get_exec_runtime(u); - if (rt) { - r = exec_runtime_serialize(rt, u, f, fds); + r = UNIT_VTABLE(u)->serialize(u, f, fds); if (r < 0) return r; + + rt = unit_get_exec_runtime(u); + if (rt) { + r = exec_runtime_serialize(rt, u, f, fds); + if (r < 0) + return r; + } } dual_timestamp_serialize(f, "inactive-exit-timestamp", &u->inactive_exit_timestamp); @@ -2368,17 +2368,14 @@ void unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value) { } int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { - size_t offset; ExecRuntime **rt = NULL; + size_t offset; int r; assert(u); assert(f); assert(fds); - if (!unit_can_serialize(u)) - return 0; - offset = UNIT_VTABLE(u)->exec_runtime_offset; if (offset > 0) rt = (ExecRuntime**) ((uint8_t*) u + offset); @@ -2503,17 +2500,19 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { continue; } - if (rt) { - r = exec_runtime_deserialize_item(rt, u, l, v, fds); + if (unit_can_serialize(u)) { + if (rt) { + r = exec_runtime_deserialize_item(rt, u, l, v, fds); + if (r < 0) + return r; + if (r > 0) + continue; + } + + r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); if (r < 0) return r; - if (r > 0) - continue; } - - r = UNIT_VTABLE(u)->deserialize_item(u, l, v, fds); - if (r < 0) - return r; } } -- 1.7.9.2 ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.jmQuKq/_old 2014-05-17 21:46:50.000000000 +0200 +++ /var/tmp/diff_new_pack.jmQuKq/_new 2014-05-17 21:46:50.000000000 +0200 @@ -1,6 +1,10 @@ systemd supplements "packageand(systemd:pam-<targettype>)" -/lib/systemd/system/ + post "<prefix>%{_sbindir}/pam-config -a --systemd || :" +# postun "if [ "$1" == "0" ]; then" +# postun "<prefix>%{_sbindir}/pam-config -d --systemd || :" +# postun "fi" libudev0 libgudev-1_0-0 libudev1 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
