Hello community, here is the log from the commit of package systemd for openSUSE:Leap:15.2 checked in at 2020-05-29 15:15:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/systemd (Old) and /work/SRC/openSUSE:Leap:15.2/.systemd.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "systemd" Fri May 29 15:15:43 2020 rev:91 rq:809872 version:234 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/systemd/systemd-mini.changes 2020-02-21 23:49:24.236572710 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.systemd.new.3606/systemd-mini.changes 2020-05-29 15:15:44.598992319 +0200 @@ -2 +2 @@ -Fri Feb 7 16:42:43 UTC 2020 - Franck Bui <[email protected]> +Fri Apr 17 13:15:55 UTC 2020 - Franck Bui <[email protected]> @@ -4 +4 @@ -- Rebase on top of latest SLE15-SP1 +- Import commit ac52edce0f820ffefa5110b6fc4b03e35bf68d61 @@ -6,3 +6,7 @@ - Added 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch - Added 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch - Added 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch + 96a7639970 udev/net-id: Fix check for address to keep interface names stable (#8458) (bsc#1168076) + ce5953a877 login: use free_and_replace() and TAKE_PTR() + e5190b4b51 logind: remove manager_start_slice() + cdeb8d1a48 logind: use free_and_replace in one spot + 109aac4b67 logind: drop unnecessary braces + 9194610e7e systemd-mount: don't check for non-normalized WHAT for network FS (bsc#1165011) + 12b63cb73a systemd-mount: allow to specify an arbitrary string for arg_mount_what when vfs is used (bsc#1165011) @@ -10,2 +14,30 @@ - Dropped 0001-logind-never-elect-a-session-that-is-stopping-as-dis.patch - Dropped 0002-logind-consider-greeter-sessions-suitable-as-display.patch +------------------------------------------------------------------- +Wed Mar 18 17:46:09 UTC 2020 - Franck Bui <[email protected]> + +- Import commit 7c246f16a6358516a586629091375ee5d45739ec + + 2205963ee2 manager: fix job mode when signalled to shutdown etc (bsc#1161262) + e9b76da147 manager: remove fallback for user/exit.target + fa4a1155e7 man: dbus method Manager.Exit() does not start exit.target + dc0ec526f2 units: do not install rescue.target for alt-↑ + e3ba383bf8 Add %j/%J unit specifiers + +------------------------------------------------------------------- +Tue Mar 10 08:13:00 UTC 2020 - Andreas Herrmann <[email protected]> + +- Replace 60-ssd-scheduler.rules with 60-io-scheduler.rules from TW + + This adds support for I/O scheduler selection with blk-mq + (bsc#1165579, bsc#1164717). + +------------------------------------------------------------------- +Thu Mar 5 16:07:32 UTC 2020 - Franck Bui <[email protected]> + +- Add 60-ssd-scheduler.rules + + This rules file which select the default IO scheduler for SSDs is + being moved out from the git repo since this is not related to + systemd or udev at all and is maintained by the kernel team. + +------------------------------------------------------------------- +Thu Mar 5 15:44:16 UTC 2020 - Franck Bui <[email protected]> @@ -13 +45,139 @@ - - Import commit 938b0a2f966d2606cbb20f4bcce7509995aaa7dc (imported from SLE15-SP1) +- Import commit 7e52d0c21a0c895d4f0ae2319f1eb4f2246147ba + + eedd149d6c core: coldplug possible nop_job (bsc#1139459) + 09405f8eee Revert "udev: use 'deadline' IO scheduler for SSD disks" + 57cab4a328 Fix typo in function name + f846231c1a polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712) + f799fd5371 sd-bus: introduce API for re-enqueuing incoming messages + 8a0214f61d polkit: on async pk requests, re-validate action/details + +------------------------------------------------------------------- +Thu Mar 5 14:50:45 UTC 2020 - Franck Bui <[email protected]> + +- Drop 0001-core-coldplug-possible-nop_job.patch + + It's been imported in SUSE/v234 branch. + +------------------------------------------------------------------- +Thu Mar 5 14:42:53 UTC 2020 - Franck Bui <[email protected]> + +- Drop 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch + Drop 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch + Drop 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch + + They have been imported in SUSE/v234 branch. + +------------------------------------------------------------------- +Tue Feb 18 09:13:34 UTC 2020 - Franck Bui <[email protected]> + +- Remove TasksMax limit for both user and system slices (jsc#SLE-10123) + +------------------------------------------------------------------- +Mon Feb 17 21:06:38 UTC 2020 - Franck Bui <[email protected]> + +- Import commit 4695ebe0b91ec6a23ba9ea238e61a7348474fbc5 + + Backport support of dash-truncated dropins. + + The new mechanism is used (since v239) to configure TasksMax limit + for user slices and therefore is used to replace UserTasksMax= + option in logind.conf as it's more flexible. + + The old option is still supported thanks to a generator that creates + a dash-truncated dropin at boot. It also warns about the use of the + old option. This will hopefully allow us to remove the support of + UserTasksMax option in the next major version of SLE. + + ec0bddf1f4 logind: keep backward compatibility with UserTasksMax= in logind.conf + 7804fb95bd logind: move two functions to logind_core utility lib + fb99d7bc4c login: fix typo in log message + 15a8ffa5cc Use a dash-truncated drop-in for user-%j.slice configuration + c5bf60565e man: document the new dash truncation drop-in directories + 38fb5d11cb test: add test for prefix unit loading + 7669c783e8 dropin: when looking for dropins for a unit, also look within "-" prefix unit dirs + de1d19b8fb systemctl: fix indentation in output of "systemcl status" if there are multiple drop-in dirs + 5da4984f6f unit-name: add new unit_name_build_from_type() helper + 278643dc78 tests: skip tests when cg_pid_get_path fails (#7033) + a77203d893 shared/dropin: improve error message + +------------------------------------------------------------------- +Mon Feb 17 16:41:44 UTC 2020 - Franck Bui <[email protected]> + +- Import commit d2826c2ca2eab2b9f6fc08ff2010faafd4c1b9f9 + + Backport IP filtering feature (jsc#SLE-7743) + + e6b00a63dc main: when bumping RLIMIT_MEMLOCK, save the previous value to pass to children (bsc#1160595) + b7b5a3ba5d main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE + 61d77e2bda def: add a "high" limit for RLIMIT_NOFILE + 51a8b7fe9b core: bump mlock ulimit to 64Mb + 4a53ff678c Move warning about unsupported BPF firewall right before the firewall would be created + f26201d72c core: refactor bpf firewall support into a pseudo-controller + 3c6af31da6 core: rename cgroup_queue → cgroup_realize_queue + 12ac94d9d4 cgroup: improve cg_mask_to_string a bit, and add tests for it + 6e049a2f46 unit: initialize bpf cgroup realization state properly + cfbb2dfb1b cgroup: always invalidate "cpu" and "cpuacct" together + 55a0d5a690 main: bump RLIMIT_MEMLOCK for the root user substantially + 3c0ec7c460 bpf-firewall: always use log_unit_xyz() insteadof log_xyz() + f8e7b8530a core: fix the check if CONFIG_CGROUP_BPF is on + a3950086e4 tree-wide: avoid assignment of r just to use in a comparison + 92ad831159 Fix three uses of bogus errno value in logs (and returned value in one case) + 8f9b4436fa bpf: reset "extra" IP accounting counters when turning off IP accounting for a unit + 4edd970f68 bpf: rework how we keep track and attach cgroup bpf programs + b6152deaa1 bpf-program: make bpf_program_load_kernel() idempotent + 49fa5c4f73 bpf: use BPF_F_ALLOW_MULTI flag if it is available + 089bac557e bpf-program: optionally take fd of program to detach + aed6959d28 bpf: beef up bpf detection, check if BPF_F_ALLOW_MULTI is supported + c548f48cb2 bpf: add new bpf.h header copy from 4.15 kernel + 54cc371347 bpf-firewall: fix warning text + c08bb273ac ip-address-access: let's exit the loop after invalidating our entry a (#7803) + 3dc5591f72 bpf-firewall: actually invoke BPF_PROG_ATTACH to check whether cgroup/bpf is available + c5f34b169e cgroup: drop unused parameter from function + b519973b49 core: only warn about BPF/cgroup missing once per runtime (#7319) + cbeb2f95ac run: also show IP traffic accounting data on "systemd-run --wait" + 3ff2299ccb core: improve dbus-cgroup error message + 2f0c48782e bpf-firewall: properly handle kernels where BPF cgroup is disabled but TRIE maps are enabled (#7298) + 867a8bf0d7 fix compile error on musl + 8d3314daf3 bpf: set BPF_F_ALLOW_OVERRIDE when attaching a cgroup program if Delegate=yes is set + c6a029bcc0 cgroup: refuse to return accounting data if accounting isn't turned on + 33ef892f4b core: when coming back from reload/reexec, reapply all cgroup properties + 4bb809e720 core: serialize/deserialize IP accounting across daemon reload/reexec + ec63d2a10c core: when creating the socket fds for a socket unit, join socket's cgroup first + 5efe9d8b24 socket-label: let's use IN_SET, so that we have to call socket_address_family() only once + 35bf6b235f core: warn loudly if IP firewalling is configured but not in effect + e62a2ae266 Add test for eBPF firewall code + d936dbdb8c ip-address-access: minimize IP address lists + df69bcd8d5 core: support IP firewalling to be configured for transient units + c03104bf21 cgroup: dump the newly added IP settings in the cgroup context + 693934ae53 man: document the new ip accounting and filting directives + 7a7b7f97d8 systemctl: report accounted network traffic in "systemctl status" + 3079fcd21c manager: hook up IP accounting defaults + 44e2578544 cgroup, unit, fragment parser: make use of new firewall functions + 61cff5ed0c Add firewall eBPF compiler + 3fabe4de90 cgroup: add fields to accommodate eBPF related details + 031f1b27f4 Add IP address address ACL representation and parser + 7f9545d053 Add abstraction model for BPF programs + d44583412a build-sys: add new kernel bpf.h drop-in + 80842fbc20 in-addr-util: add new helper call in_addr_prefix_from_string_auto() + f5909b1007 in-addr-util: prefix return parameters with ret_ + 4de91e22b7 in-addr-util: be more systematic with naming our functions + 877cc03ac4 tests: when running a manager object in a test, migrate to private cgroup subroot first (#6576) + +------------------------------------------------------------------- +Tue Feb 4 14:02:16 UTC 2020 - Franck Bui <[email protected]> + +- Fix bsc#1162108 CVE-2020-1712 + + Add 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch + Add 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch + Add 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch + +------------------------------------------------------------------- +Mon Feb 3 15:11:37 UTC 2020 - Franck Bui <[email protected]> + +- Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) + +------------------------------------------------------------------- +Mon Feb 3 14:56:05 UTC 2020 - Franck Bui <[email protected]> + +- Import commit 938b0a2f966d2606cbb20f4bcce7509995aaa7dc @@ -23,120 +192,0 @@ - -------------------------------------------------------------------- -Fri Feb 7 16:09:15 UTC 2020 - Franck Bui <[email protected]> - -- Fix for bsc#1160595 - ++++ 114 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/systemd/systemd-mini.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.systemd.new.3606/systemd-mini.changes systemd.changes: same change Old: ---- 0001-core-coldplug-possible-nop_job.patch 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch 0001-seccomp-shm-get-at-dt-now-have-their-own-numbers-eve.patch 0001-shared-dropin-improve-error-message.patch 0001-tests-when-running-a-manager-object-in-a-test-migrat.patch 0002-in-addr-util-be-more-systematic-with-naming-our-func.patch 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch 0002-tests-skip-tests-when-cg_pid_get_path-fails-7033.patch 0003-in-addr-util-prefix-return-parameters-with-ret_.patch 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch 0003-unit-name-add-new-unit_name_build_from_type-helper.patch 0004-in-addr-util-add-new-helper-call-in_addr_prefix_from.patch 0004-systemctl-fix-indentation-in-output-of-systemcl-stat.patch 0005-build-sys-add-new-kernel-bpf.h-drop-in.patch 0005-dropin-when-looking-for-dropins-for-a-unit-also-look.patch 0006-Add-abstraction-model-for-BPF-programs.patch 0006-test-add-test-for-prefix-unit-loading.patch 0007-Add-IP-address-address-ACL-representation-and-parser.patch 0007-man-document-the-new-dash-truncation-drop-in-directo.patch 0008-Use-a-dash-truncated-drop-in-for-user-j.slice-config.patch 0008-cgroup-add-fields-to-accommodate-eBPF-related-detail.patch 0009-Add-firewall-eBPF-compiler.patch 0009-login-fix-typo-in-log-message.patch 0010-cgroup-unit-fragment-parser-make-use-of-new-firewall.patch 0010-logind-move-two-functions-to-logind_core-utility-lib.patch 0011-logind-keep-backward-compatibility-with-UserTasksMax.patch 0011-manager-hook-up-IP-accounting-defaults.patch 0012-systemctl-report-accounted-network-traffic-in-system.patch 0013-man-document-the-new-ip-accounting-and-filting-direc.patch 0014-cgroup-dump-the-newly-added-IP-settings-in-the-cgrou.patch 0015-core-support-IP-firewalling-to-be-configured-for-tra.patch 0016-ip-address-access-minimize-IP-address-lists.patch 0017-Add-test-for-eBPF-firewall-code.patch 0018-core-warn-loudly-if-IP-firewalling-is-configured-but.patch 0019-socket-label-let-s-use-IN_SET-so-that-we-have-to-cal.patch 0020-core-when-creating-the-socket-fds-for-a-socket-unit-.patch 0021-core-serialize-deserialize-IP-accounting-across-daem.patch 0022-core-when-coming-back-from-reload-reexec-reapply-all.patch 0023-cgroup-refuse-to-return-accounting-data-if-accountin.patch 0024-bpf-set-BPF_F_ALLOW_OVERRIDE-when-attaching-a-cgroup.patch 0025-fix-compile-error-on-musl.patch 0026-bpf-firewall-properly-handle-kernels-where-BPF-cgrou.patch 0027-core-improve-dbus-cgroup-error-message.patch 0028-run-also-show-IP-traffic-accounting-data-on-systemd-.patch 0029-core-only-warn-about-BPF-cgroup-missing-once-per-run.patch 0030-cgroup-drop-unused-parameter-from-function.patch 0031-bpf-firewall-actually-invoke-BPF_PROG_ATTACH-to-chec.patch 0032-ip-address-access-let-s-exit-the-loop-after-invalida.patch 0033-bpf-firewall-fix-warning-text.patch 0034-bpf-add-new-bpf.h-header-copy-from-4.15-kernel.patch 0035-bpf-beef-up-bpf-detection-check-if-BPF_F_ALLOW_MULTI.patch 0036-bpf-program-optionally-take-fd-of-program-to-detach.patch 0037-bpf-use-BPF_F_ALLOW_MULTI-flag-if-it-is-available.patch 0038-bpf-program-make-bpf_program_load_kernel-idempotent.patch 0039-bpf-rework-how-we-keep-track-and-attach-cgroup-bpf-p.patch 0040-bpf-reset-extra-IP-accounting-counters-when-turning-.patch 0041-Fix-three-uses-of-bogus-errno-value-in-logs-and-retu.patch 0042-tree-wide-avoid-assignment-of-r-just-to-use-in-a-com.patch 0043-core-fix-the-check-if-CONFIG_CGROUP_BPF-is-on.patch 0044-bpf-firewall-always-use-log_unit_xyz-insteadof-log_x.patch 0045-main-bump-RLIMIT_MEMLOCK-for-the-root-user-substanti.patch 0046-cgroup-always-invalidate-cpu-and-cpuacct-together.patch 0047-unit-initialize-bpf-cgroup-realization-state-properl.patch 0048-cgroup-improve-cg_mask_to_string-a-bit-and-add-tests.patch 0049-core-rename-cgroup_queue-cgroup_realize_queue.patch 0050-core-refactor-bpf-firewall-support-into-a-pseudo-con.patch 0051-Move-warning-about-unsupported-BPF-firewall-right-be.patch 0052-core-bump-mlock-ulimit-to-64Mb.patch 0053-def-add-a-high-limit-for-RLIMIT_NOFILE.patch 0054-main-introduce-a-define-HIGH_RLIMIT_MEMLOCK-similar-.patch 0055-main-when-bumping-RLIMIT_MEMLOCK-save-the-previous-v.patch systemd-v234+suse.463.g938b0a2f96.tar.xz New: ---- 60-io-scheduler.rules systemd-v234+suse.552.gac52edce0f.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ systemd-mini.spec ++++++ --- /var/tmp/diff_new_pack.WS8c6C/_old 2020-05-29 15:15:45.826996325 +0200 +++ /var/tmp/diff_new_pack.WS8c6C/_new 2020-05-29 15:15:45.830996338 +0200 @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.463.g938b0a2f96 +%define suse_version +suse.552.gac52edce0f %bcond_with gnuefi %if 0%{?bootstrap} @@ -162,6 +162,7 @@ Source2000: 80-acpi-container-hotplug.rules Source2001: 99-wakeup-from-idle.rules Source2002: 80-hotplug-cpu-mem.rules +Source2003: 60-io-scheduler.rules # Patches listed in here are put in quarantine. Normally all # changes must go to upstream first and then are cherry-picked in the @@ -171,93 +172,7 @@ # merged by upstream. Patch1: 0001-udev-don-t-create-by-partlabel-primary-and-.-logical.patch Patch2: 0002-udev-optionally-disable-the-generation-of-the-partla.patch -Patch3: 0001-core-coldplug-possible-nop_job.patch -Patch4: 0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch - -# Temporary patch due to SLE15-SP2 having a more recent kernel -Patch50: 0001-seccomp-shm-get-at-dt-now-have-their-own-numbers-eve.patch - -# jsc#SLE-7743 -Patch100: 0001-tests-when-running-a-manager-object-in-a-test-migrat.patch -Patch101: 0002-in-addr-util-be-more-systematic-with-naming-our-func.patch -Patch102: 0003-in-addr-util-prefix-return-parameters-with-ret_.patch -Patch103: 0004-in-addr-util-add-new-helper-call-in_addr_prefix_from.patch -Patch104: 0005-build-sys-add-new-kernel-bpf.h-drop-in.patch -Patch105: 0006-Add-abstraction-model-for-BPF-programs.patch -Patch106: 0007-Add-IP-address-address-ACL-representation-and-parser.patch -Patch107: 0008-cgroup-add-fields-to-accommodate-eBPF-related-detail.patch -Patch108: 0009-Add-firewall-eBPF-compiler.patch -Patch109: 0010-cgroup-unit-fragment-parser-make-use-of-new-firewall.patch -Patch110: 0011-manager-hook-up-IP-accounting-defaults.patch -Patch111: 0012-systemctl-report-accounted-network-traffic-in-system.patch -Patch112: 0013-man-document-the-new-ip-accounting-and-filting-direc.patch -Patch113: 0014-cgroup-dump-the-newly-added-IP-settings-in-the-cgrou.patch -Patch114: 0015-core-support-IP-firewalling-to-be-configured-for-tra.patch -Patch115: 0016-ip-address-access-minimize-IP-address-lists.patch -Patch116: 0017-Add-test-for-eBPF-firewall-code.patch -Patch117: 0018-core-warn-loudly-if-IP-firewalling-is-configured-but.patch -Patch118: 0019-socket-label-let-s-use-IN_SET-so-that-we-have-to-cal.patch -Patch119: 0020-core-when-creating-the-socket-fds-for-a-socket-unit-.patch -Patch120: 0021-core-serialize-deserialize-IP-accounting-across-daem.patch -Patch121: 0022-core-when-coming-back-from-reload-reexec-reapply-all.patch -Patch122: 0023-cgroup-refuse-to-return-accounting-data-if-accountin.patch -Patch123: 0024-bpf-set-BPF_F_ALLOW_OVERRIDE-when-attaching-a-cgroup.patch -Patch124: 0025-fix-compile-error-on-musl.patch -Patch125: 0026-bpf-firewall-properly-handle-kernels-where-BPF-cgrou.patch -Patch126: 0027-core-improve-dbus-cgroup-error-message.patch -Patch127: 0028-run-also-show-IP-traffic-accounting-data-on-systemd-.patch -Patch128: 0029-core-only-warn-about-BPF-cgroup-missing-once-per-run.patch -Patch129: 0030-cgroup-drop-unused-parameter-from-function.patch -Patch130: 0031-bpf-firewall-actually-invoke-BPF_PROG_ATTACH-to-chec.patch -Patch131: 0032-ip-address-access-let-s-exit-the-loop-after-invalida.patch -Patch132: 0033-bpf-firewall-fix-warning-text.patch -Patch133: 0034-bpf-add-new-bpf.h-header-copy-from-4.15-kernel.patch -Patch134: 0035-bpf-beef-up-bpf-detection-check-if-BPF_F_ALLOW_MULTI.patch -Patch135: 0036-bpf-program-optionally-take-fd-of-program-to-detach.patch -Patch136: 0037-bpf-use-BPF_F_ALLOW_MULTI-flag-if-it-is-available.patch -Patch137: 0038-bpf-program-make-bpf_program_load_kernel-idempotent.patch -Patch138: 0039-bpf-rework-how-we-keep-track-and-attach-cgroup-bpf-p.patch -Patch139: 0040-bpf-reset-extra-IP-accounting-counters-when-turning-.patch -Patch140: 0041-Fix-three-uses-of-bogus-errno-value-in-logs-and-retu.patch -Patch141: 0042-tree-wide-avoid-assignment-of-r-just-to-use-in-a-com.patch -Patch142: 0043-core-fix-the-check-if-CONFIG_CGROUP_BPF-is-on.patch -Patch143: 0044-bpf-firewall-always-use-log_unit_xyz-insteadof-log_x.patch -Patch144: 0045-main-bump-RLIMIT_MEMLOCK-for-the-root-user-substanti.patch -Patch145: 0046-cgroup-always-invalidate-cpu-and-cpuacct-together.patch -Patch146: 0047-unit-initialize-bpf-cgroup-realization-state-properl.patch -Patch147: 0048-cgroup-improve-cg_mask_to_string-a-bit-and-add-tests.patch -Patch148: 0049-core-rename-cgroup_queue-cgroup_realize_queue.patch -Patch149: 0050-core-refactor-bpf-firewall-support-into-a-pseudo-con.patch -Patch150: 0051-Move-warning-about-unsupported-BPF-firewall-right-be.patch -Patch151: 0052-core-bump-mlock-ulimit-to-64Mb.patch -Patch152: 0053-def-add-a-high-limit-for-RLIMIT_NOFILE.patch -Patch153: 0054-main-introduce-a-define-HIGH_RLIMIT_MEMLOCK-similar-.patch -Patch154: 0055-main-when-bumping-RLIMIT_MEMLOCK-save-the-previous-v.patch - -# A bunch of upstream commits that allow to configure user slices -# using dash-truncated dropins. The new mechanism is used (since v239) -# to replace UserTasksMax= option in logind.conf. This allows to start -# deprecating UserTasksMax usage which could hopefully be removed from -# the next major version of SLE. -Patch200: 0001-shared-dropin-improve-error-message.patch -Patch201: 0002-tests-skip-tests-when-cg_pid_get_path-fails-7033.patch -Patch202: 0003-unit-name-add-new-unit_name_build_from_type-helper.patch -Patch203: 0004-systemctl-fix-indentation-in-output-of-systemcl-stat.patch -Patch204: 0005-dropin-when-looking-for-dropins-for-a-unit-also-look.patch -Patch205: 0006-test-add-test-for-prefix-unit-loading.patch -Patch206: 0007-man-document-the-new-dash-truncation-drop-in-directo.patch -Patch207: 0008-Use-a-dash-truncated-drop-in-for-user-j.slice-config.patch -Patch208: 0009-login-fix-typo-in-log-message.patch -Patch209: 0010-logind-move-two-functions-to-logind_core-utility-lib.patch -# SUSE specific patch to keep backward compatibility when -# UserTasksMax= is used. In this case it converts at runtime the -# option into a dash-truncated dropin and also warn the user about the -# deprecated option and how to permanently migrate to the new setting. -Patch210: 0011-logind-keep-backward-compatibility-with-UserTasksMax.patch - -Patch1000: 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch -Patch1001: 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch -Patch1002: 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch +Patch3: 0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -611,6 +526,7 @@ install -m644 -D %{S:2000} %{buildroot}/%{_prefix}/lib/udev/rules.d/80-acpi-container-hotplug.rules install -m644 -D %{S:2001} %{buildroot}/%{_prefix}/lib/udev/rules.d/99-wakeup-from-idle.rules install -m644 -D %{S:2002} %{buildroot}/%{_prefix}/lib/udev/rules.d/80-hotplug-cpu-mem.rules +install -m644 -D %{S:2003} %{buildroot}/%{_prefix}/lib/udev/rules.d/60-io-scheduler.rules mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/sysv-convert mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/migrated ++++++ systemd.spec ++++++ --- /var/tmp/diff_new_pack.WS8c6C/_old 2020-05-29 15:15:45.878996495 +0200 +++ /var/tmp/diff_new_pack.WS8c6C/_new 2020-05-29 15:15:45.882996507 +0200 @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.463.g938b0a2f96 +%define suse_version +suse.552.gac52edce0f %bcond_with gnuefi %if 0%{?bootstrap} @@ -160,6 +160,7 @@ Source2000: 80-acpi-container-hotplug.rules Source2001: 99-wakeup-from-idle.rules Source2002: 80-hotplug-cpu-mem.rules +Source2003: 60-io-scheduler.rules # Patches listed in here are put in quarantine. Normally all # changes must go to upstream first and then are cherry-picked in the @@ -169,93 +170,7 @@ # merged by upstream. Patch1: 0001-udev-don-t-create-by-partlabel-primary-and-.-logical.patch Patch2: 0002-udev-optionally-disable-the-generation-of-the-partla.patch -Patch3: 0001-core-coldplug-possible-nop_job.patch -Patch4: 0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch - -# Temporary patch due to SLE15-SP2 having a more recent kernel -Patch50: 0001-seccomp-shm-get-at-dt-now-have-their-own-numbers-eve.patch - -# jsc#SLE-7743 -Patch100: 0001-tests-when-running-a-manager-object-in-a-test-migrat.patch -Patch101: 0002-in-addr-util-be-more-systematic-with-naming-our-func.patch -Patch102: 0003-in-addr-util-prefix-return-parameters-with-ret_.patch -Patch103: 0004-in-addr-util-add-new-helper-call-in_addr_prefix_from.patch -Patch104: 0005-build-sys-add-new-kernel-bpf.h-drop-in.patch -Patch105: 0006-Add-abstraction-model-for-BPF-programs.patch -Patch106: 0007-Add-IP-address-address-ACL-representation-and-parser.patch -Patch107: 0008-cgroup-add-fields-to-accommodate-eBPF-related-detail.patch -Patch108: 0009-Add-firewall-eBPF-compiler.patch -Patch109: 0010-cgroup-unit-fragment-parser-make-use-of-new-firewall.patch -Patch110: 0011-manager-hook-up-IP-accounting-defaults.patch -Patch111: 0012-systemctl-report-accounted-network-traffic-in-system.patch -Patch112: 0013-man-document-the-new-ip-accounting-and-filting-direc.patch -Patch113: 0014-cgroup-dump-the-newly-added-IP-settings-in-the-cgrou.patch -Patch114: 0015-core-support-IP-firewalling-to-be-configured-for-tra.patch -Patch115: 0016-ip-address-access-minimize-IP-address-lists.patch -Patch116: 0017-Add-test-for-eBPF-firewall-code.patch -Patch117: 0018-core-warn-loudly-if-IP-firewalling-is-configured-but.patch -Patch118: 0019-socket-label-let-s-use-IN_SET-so-that-we-have-to-cal.patch -Patch119: 0020-core-when-creating-the-socket-fds-for-a-socket-unit-.patch -Patch120: 0021-core-serialize-deserialize-IP-accounting-across-daem.patch -Patch121: 0022-core-when-coming-back-from-reload-reexec-reapply-all.patch -Patch122: 0023-cgroup-refuse-to-return-accounting-data-if-accountin.patch -Patch123: 0024-bpf-set-BPF_F_ALLOW_OVERRIDE-when-attaching-a-cgroup.patch -Patch124: 0025-fix-compile-error-on-musl.patch -Patch125: 0026-bpf-firewall-properly-handle-kernels-where-BPF-cgrou.patch -Patch126: 0027-core-improve-dbus-cgroup-error-message.patch -Patch127: 0028-run-also-show-IP-traffic-accounting-data-on-systemd-.patch -Patch128: 0029-core-only-warn-about-BPF-cgroup-missing-once-per-run.patch -Patch129: 0030-cgroup-drop-unused-parameter-from-function.patch -Patch130: 0031-bpf-firewall-actually-invoke-BPF_PROG_ATTACH-to-chec.patch -Patch131: 0032-ip-address-access-let-s-exit-the-loop-after-invalida.patch -Patch132: 0033-bpf-firewall-fix-warning-text.patch -Patch133: 0034-bpf-add-new-bpf.h-header-copy-from-4.15-kernel.patch -Patch134: 0035-bpf-beef-up-bpf-detection-check-if-BPF_F_ALLOW_MULTI.patch -Patch135: 0036-bpf-program-optionally-take-fd-of-program-to-detach.patch -Patch136: 0037-bpf-use-BPF_F_ALLOW_MULTI-flag-if-it-is-available.patch -Patch137: 0038-bpf-program-make-bpf_program_load_kernel-idempotent.patch -Patch138: 0039-bpf-rework-how-we-keep-track-and-attach-cgroup-bpf-p.patch -Patch139: 0040-bpf-reset-extra-IP-accounting-counters-when-turning-.patch -Patch140: 0041-Fix-three-uses-of-bogus-errno-value-in-logs-and-retu.patch -Patch141: 0042-tree-wide-avoid-assignment-of-r-just-to-use-in-a-com.patch -Patch142: 0043-core-fix-the-check-if-CONFIG_CGROUP_BPF-is-on.patch -Patch143: 0044-bpf-firewall-always-use-log_unit_xyz-insteadof-log_x.patch -Patch144: 0045-main-bump-RLIMIT_MEMLOCK-for-the-root-user-substanti.patch -Patch145: 0046-cgroup-always-invalidate-cpu-and-cpuacct-together.patch -Patch146: 0047-unit-initialize-bpf-cgroup-realization-state-properl.patch -Patch147: 0048-cgroup-improve-cg_mask_to_string-a-bit-and-add-tests.patch -Patch148: 0049-core-rename-cgroup_queue-cgroup_realize_queue.patch -Patch149: 0050-core-refactor-bpf-firewall-support-into-a-pseudo-con.patch -Patch150: 0051-Move-warning-about-unsupported-BPF-firewall-right-be.patch -Patch151: 0052-core-bump-mlock-ulimit-to-64Mb.patch -Patch152: 0053-def-add-a-high-limit-for-RLIMIT_NOFILE.patch -Patch153: 0054-main-introduce-a-define-HIGH_RLIMIT_MEMLOCK-similar-.patch -Patch154: 0055-main-when-bumping-RLIMIT_MEMLOCK-save-the-previous-v.patch - -# A bunch of upstream commits that allow to configure user slices -# using dash-truncated dropins. The new mechanism is used (since v239) -# to replace UserTasksMax= option in logind.conf. This allows to start -# deprecating UserTasksMax usage which could hopefully be removed from -# the next major version of SLE. -Patch200: 0001-shared-dropin-improve-error-message.patch -Patch201: 0002-tests-skip-tests-when-cg_pid_get_path-fails-7033.patch -Patch202: 0003-unit-name-add-new-unit_name_build_from_type-helper.patch -Patch203: 0004-systemctl-fix-indentation-in-output-of-systemcl-stat.patch -Patch204: 0005-dropin-when-looking-for-dropins-for-a-unit-also-look.patch -Patch205: 0006-test-add-test-for-prefix-unit-loading.patch -Patch206: 0007-man-document-the-new-dash-truncation-drop-in-directo.patch -Patch207: 0008-Use-a-dash-truncated-drop-in-for-user-j.slice-config.patch -Patch208: 0009-login-fix-typo-in-log-message.patch -Patch209: 0010-logind-move-two-functions-to-logind_core-utility-lib.patch -# SUSE specific patch to keep backward compatibility when -# UserTasksMax= is used. In this case it converts at runtime the -# option into a dash-truncated dropin and also warn the user about the -# deprecated option and how to permanently migrate to the new setting. -Patch210: 0011-logind-keep-backward-compatibility-with-UserTasksMax.patch - -Patch1000: 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch -Patch1001: 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch -Patch1002: 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch +Patch3: 0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -609,6 +524,7 @@ install -m644 -D %{S:2000} %{buildroot}/%{_prefix}/lib/udev/rules.d/80-acpi-container-hotplug.rules install -m644 -D %{S:2001} %{buildroot}/%{_prefix}/lib/udev/rules.d/99-wakeup-from-idle.rules install -m644 -D %{S:2002} %{buildroot}/%{_prefix}/lib/udev/rules.d/80-hotplug-cpu-mem.rules +install -m644 -D %{S:2003} %{buildroot}/%{_prefix}/lib/udev/rules.d/60-io-scheduler.rules mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/sysv-convert mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/migrated ++++++ 60-io-scheduler.rules ++++++ # Set optimal IO schedulers for HDD and SSD ACTION!="add", GOTO="scheduler_end" SUBSYSTEM!="block", GOTO="scheduler_end" # Do not change scheduler if `elevator` cmdline parameter is set IMPORT{cmdline}="elevator" ENV{elevator}=="?*", GOTO="scheduler_end" # Determine if BLK-MQ is enabled TEST=="%S%p/mq", ENV{.IS_MQ}="1" # MQ: BFQ scheduler for HDD ENV{.IS_MQ}=="1", ATTR{queue/rotational}!="0", ATTR{queue/scheduler}="bfq" # MQ: deadline scheduler for SSD ENV{.IS_MQ}=="1", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline" # Non-MQ: CFQ scheduler for HDD ENV{.IS_MQ}!="1", ATTR{queue/rotational}!="0", ATTR{queue/scheduler}="cfq" # Non-MQ: deadline scheduler for SSD ENV{.IS_MQ}!="1", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline" LABEL="scheduler_end" ++++++ systemd-v234+suse.463.g938b0a2f96.tar.xz -> systemd-v234+suse.552.gac52edce0f.tar.xz ++++++ ++++ 8376 lines of diff (skipped)
