|
|
|
|
Changelog for systemd-devel-239-82.el8.i686.rpm :
* Thu Mar 07 2024 systemd maintenance team - 239-82- ci: add configuration for regression sniffer GA (RHEL-1087)- coredump: actually store parsed unit in the context (RHEL-18302)- resolved: limit the number of signature validations in a transaction (RHEL-26644)- resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26644) * Mon Feb 26 2024 systemd maintenance team - 239-81- man: update link to RHEL documentation (RHEL-26355) * Thu Feb 15 2024 systemd maintenance team - 239-80- fd-util: rework how we determine highest possible fd (RHEL-18302)- basic/fd-util: refuse \"infinite\" loop in close_all_fds() (RHEL-18302)- fd-util: split out inner fallback loop of close_all_fds() as close_all_fds_without_malloc() (RHEL-18302)- exec-util: use close_all_fds_without_malloc() from freeze() (RHEL-18302)- ci: use source-git-automation composite Action (RHEL-1087)- ci: increase the cron interval to 45 minutes (RHEL-1087)- ci: add all Z-Stream versions to array of allowed versions (RHEL-1087)- tree-wide: always declare bitflag enums the same way (RHEL-2857)- login: Add KEY_RESTART handling (RHEL-2857)- analyze security: fix recursive call of syscall_names_in_filter() (RHEL-5991)- analyze-security: do not assign badness to filtered-out syscalls (RHEL-5991)- analyze-security: include an actual syscall name in the message (RHEL-5991)- udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22426)- doc: add missing `` to `systemd.net-naming-scheme.xml` (RHEL-22426)- service: schedule cleanup of PID hashmaps when we now longer have main_pid and we are in container (RHEL-5863) * Mon Jan 08 2024 systemd maintenance team - 239-79- ci: Extend source-git-automation (RHEL-1087)- ci: add missing configuration for commit linter (RHEL-1087)- ci: add `Red Hat Enterprise Linux 8` to the list of supported products (RHEL-1087)- ci: enable source-git automation to validate reviews and ci results (RHEL-1087)- ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1087)- ci: enable auto-merge GH Action (RHEL-1087)- fstab-generator: allow overriding /etc/fstab with $SYSTEMD_FSTAB (RHEL-1087)- fstab-generator: allow overriding path to /sysroot/etc/fstab too (RHEL-1087)- test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-1087)- resolved: actually check authenticated flag of SOA transaction (RHEL-6213) * Tue Aug 22 2023 systemd maintenance team - 239-78- login: add a missing error check for session_set_leader() (#2158167)- logind: reset session leader if we know for a fact that it is gone (#2158167)- test-login: skip consistency checks when logind is not active (#2223582)- sd-event: remove dead code and use _cleanup_ (#2211358)- sd-event: don\'t destroy inotify data structures from inotify event handler (#2211358)- sd-event: add sd_event_add_inotify_fd() call (#2211358)- test: add test case for self-destroy inotify handler (#2211358)- doc: add downstream CONTRIBUTING document (#2179309)- doc: use link with prefilled Jira issue (#2179309)- docs: link downstream CONTRIBUTING in README (#2179309)- unit drop-in: Fix ordering of special type.d drop-ins (#2156620)- Add failing test to show service.d global drop-in does not get overridden by more specific dropins (#2156620)- test: set indentation to 4 spaces (#2156620)- test/TEST-15: remove all created unit files (#2156620)- test: use quotes where necessary (#2156620)- tree-wide: drop manually-crafted message for missing variables (#2156620)- manager: reformat boolean expression in unit_is_pristine() (#2156620)- manager: allow transient units to have drop-ins (#2156620)- TEST-15: allow helper functions to accept other unit types (#2156620)- TEST-15: also test hierarchical drop-ins for slices (#2156620)- TEST-15: add test for transient units with drop-ins (#2156620)- TEST-15: add one more test for drop-in precedence (#2156620)- udev/net_id: introduce naming scheme for RHEL-8.9 (#2231846)- meson: remove libdw dependency from pstore (#2211416)- pstore: introduce tmpfiles.d/systemd-pstore.conf (#2211416)- tmpfiles: don\'t complain if we can\'t enable pstore in containers (#2211416)- pstore: don\'t enable crash_kexec_post_notifiers by default (#2211416)- core: when Delegate=yes is set for a unit, run ExecStartPre= and friends in a subcgroup of the unit (#2215925)- man: link Delegate= documentation up with the markdown docs (#2215925) * Mon Jul 17 2023 systemd maintenance team - 239-77- ci: update permissions for source-git automation workflows (#2179309)- sulogin: fix control lost of the current terminal when default.target is rescue.target (#2169932)- parse-util: in parse_permille() check negative earlier (#2178179)- tree-wide: increase granularity of percent specifications all over the place to permille (#2178179)- errno-util: introduce ERRNO_IS_TRANSIENT() (#2172846)- tree-wide: use ERRNO_IS_TRANSIENT() (#2172846)- libsystemd: ignore both EINTR and EAGAIN (#2172846)- sd-bus: handle -EINTR return from bus_poll() (#2172846)- stdio-bridge: don\'t be bothered with EINTR (#2172846)- sd-netlink: handle EINTR from poll() gracefully, as success (#2172846)- resolved: handle -EINTR returned from fd_wait_for_event() better (#2172846)- utmp-wtmp: fix error in case isatty() fails (#2172846)- utmp-wtmp: handle EINTR gracefully when waiting to write to tty (#2172846)- journal-vacuum: count size of all journal files (#2180380)- resolved: instead of closing DNS UDP transaction fds right-away, add them to a socket \"graveyard\" (#2156751)- resolved: close UDP socket when we received a network error on it (#2156751)- ci: allow RHEL-only labels to mark downstream-only commits (#2179309)- man: tweak markup in systemd-pstore.service(8) (#2217786)- man: add .service suffix to systemd-pstore(8) (#2217786)- presets: enable systemd-pstore.service by default (#2217786)- logind: simplify code (#2209328)- format-table: add TABLE_TIMESTAMP_UTC and _RELATIVE (#2156786)- loginctl: shorten variable name (#2156786)- loginctl: use bus_map_all_properties (#2156786)- loginctl: show session idle status in list-sessions (#2156786)- loginctl: list-sessions: fix timestamp for idle hint (#2156786)- loginctl: also show idle hint in session-status (#2156786)- core/timer: Always use inactive_exit_timestamp if it is set (#1719364)- timer: Use dual_timestamp_is_set() in one more place (#1719364)- ci: drop systemd-stable from advanced-commit-linter config (#2179309)- core/mount: escape invalid UTF8 char in dbus reply (#2158724) * Thu May 18 2023 systemd maintenance team - 239-76- ci(Mergify): drop requirements on linting workflows (#2179309)- ci: workflow for gathering metadata for source-git automation (#2179309)- ci: first part of the source-git automation - commit linter (#2179309)- pstore: fix crash and forward dummy arguments instead of NULL (#2190151)- test: Disable LUKS devices from initramfs in QEMU tests (#2190151)- pstore: explicitly set the base when converting record ID (#2190151)- pstore: avoid opening the dmesg.txt file if not requested (#2190151)- test: add a couple of tests for systemd-pstore (#2190151) * Tue Apr 18 2023 systemd maintenance team - 239-75- journald-server: always create state file in signal handler (#2176892)- journald-server: move relinquish code into function (#2176892)- journald-server: always touch state file in signal handler (#2176892)- test: make TEST-35-LOGIN stable again (#2179309)- pager: set $LESSSECURE whenver we invoke a pager (#2175624)- test-login: always test sd_pid_get_owner_uid(), modernize (#2175624)- pager: make pager secure when under euid is changed or explicitly requested (#2175624)- ci: trigger differential-shellcheck workflow on push (#2179309)- ci: codeql `master` -> `main` (#2179309)- test: ignore ENOMEDIUM error from sd_pid_get_cgroup() (#2175622) * Tue Mar 14 2023 systemd maintenance team - 239-74- journald-server: always create state file in signal handler (#2174645)- journald-server: move relinquish code into function (#2174645)- journald-server: always touch state file in signal handler (#2174645) * Mon Feb 27 2023 systemd maintenance team - 239-73- journald: add API to move logging from /var to /run again (#1873540)- journalctl: add new --relinquish and --smart-relinquish options (#1873540)- units: automatically revert to /run logging on shutdown if necessary (#1873540)- pstore: Tool to archive contents of pstore (#2158832)- meson: drop redundant line (#2158832)- pstore: drop unnecessary initializations (#2158832)- pstopre: fix return value of list_files() (#2158832)- pstore: remove temporary file on failure (#2158832)- pstore: do not add FILE= journal entry if content_size == 0 (#2158832)- pstore: run only when /sys/fs/pstore is not empty (#2158832)- pstore: fix use after free (#2158832)- pstore: refuse to run if arguments are specified (#2158832)- pstore: allow specifying src and dst dirs are arguments (#2158832)- pstore: rework memory handling for dmesg (#2158832)- pstore: fixes for dmesg.txt reconstruction (#2158832)- pstore: Don\'t start systemd-pstore.service in containers (#2158832)- units: pull in systemd-pstore.service from sysinit.target (#2158832)- units: drop dependency on systemd-remount-fs.service from systemd-pstore.service (#2158832)- units: make sure systemd-pstore stops at shutdown (#2158832)- pstore: Run after modules are loaded (#2158832)- pstore: do not try to load all known pstore modules (#2158832)- logind-session: make stopping of idle session visible to admins (#2156780)- journald: Increase stdout buffer size sooner, when almost full (#2029426)- journald: rework end of line marker handling to use a field table (#2029426)- journald: use the fact that client_context_release() returns NULL (#2029426)- journald: rework pid change handling (#2029426)- test: Add a test case for #15654 (#2029426)- test: Stricter test case for #15654 (Add more checks) (#2029426)- man: document the new _LINE_BREAK= type (#2029426) * Fri Feb 17 2023 systemd maintenance team - 239-72- test: import logind test from debian/ubuntu test suite (#1866955)- test: introduce inst_recursive() helper function (#1866955)- tests: verify that Lock D-Bus signal is sent when IdleAction=lock (#1866955)- systemctl: simplify halt_main() (#2053273)- systemctl: shutdown don\'t fallback on auth fail (#2053273)- systemctl: reintroduce the original halt_main() (#2053273)- systemctl: preserve old behavior unless requested (#2053273)- pam_systemd: suppress LOG_DEBUG log messages if debugging is off (#2170084)- udev/net_id: introduce naming scheme for RHEL-8.8 (#2170499)- pam: add a call to pam_namespace (#1861836) * Tue Jan 31 2023 systemd maintenance team - 239-71- manager: limit access to private dbus socket (#2119405)- journalctl: do not treat EINTR as an error when waiting for events (#2161683)- core: bring manager_startup() and manager_reload() more inline (#2059633)- pam: add a call to pam_namespace (#1861836)- virt: Support detection for ARM64 Hyper-V guests (#2158307)- virt: Fix the detection for Hyper-V VMs (#2158307)- basic: add STRERROR() wrapper for strerror_r() (#2155520)- coredump: put context array into a struct (#2155520)- coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155520) * Mon Jan 16 2023 systemd maintenance team - 239-70- basic: recognize pdfs filesystem as a network filesystem (#2094661)- core: move reset_arguments() to the end of main\'s finish (#2127131)- manager: move inc. of n_reloading into a function (#2136869)- core: Add new DBUS properties UnitsReloadStartTimestamp and UnitsLoadTimestampMontonic (#2136869)- core: Indicate the time when the manager started loading units the last time (#2136869)- core: do not touch /run/systemd/systemd-units-load from user session instances (#2136869)- sysctl: downgrade message when we have no permission (#2158160)- core: respect SELinuxContext= for socket creation (#2136738)- manager: use target process context to set socket context (#2136738)- virt: detect Amazon EC2 Nitro instance (#2117948)- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 (#2117948)- virt: use string table to detect VM or container (#2117948)- fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (#2117948)- Use BIOS characteristics to distinguish EC2 bare-metal from VMs (#2117948)- device: drop refuse_after (#2043524) * Tue Nov 08 2022 systemd maintenance team - 239-69- logind: optionally watch utmp for login data (#2122288)- logind: add hashtable for finding session by leader PID (#2122288)- core/load-fragment: move config_parse_sec_fix_0 to src/shared (#2122288)- sd-event: add relative timer calls (#2122288)- logind: add option to stop idle sessions after specified timeout (#2122288)- logind: schedule idle check full interval from now if we couldn\'t figure out atime timestamp (#2122288)- ci(lint): add shell linter - Differential ShellCheck (#2122499)- meson: do not compare objects of different types (#2122499)- journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74 (#2122499)- Fix build with µhttpd 0.9.71 (#2122499)- ci: replace LGTM with CodeQL (#2122499)- ci(mergify): Update policy - Drop LGTM checks (#2122499)- time-util: fix buffer-over-run (#2139391) * Fri Aug 26 2022 systemd maintenance team - 239-67- resolved: pin stream while calling callbacks for it (#2110549)- ci(functions): Add `useradd` and `userdel` (#2110549) * Thu Aug 25 2022 systemd maintenance team - 239-66- Try stopping MD RAID devices in shutdown too (#1817706)- shutdown: get only active md arrays. (#1817706)- scope: allow unprivileged delegation on scopes (#2068575) * Fri Aug 19 2022 systemd maintenance team - 239-65- test-procfs-util: skip test on certain errors (#2087152) * Thu Aug 18 2022 systemd maintenance team - 239-64- ci: bump the worker Ubuntu version to Jammy (#2087152)- test: make test-execute pass on Linux 5.15 (#2087152)- ci: install iputils (#2087152)- ci(Mergify): Add `ci-waived` logic (#2087152)- sd-event: don\'t invalidate source type on disconnect (#2115396)- tests: make sure we delay running mount start jobs when /p/s/mountinfo is rate limited (#2095744)- core: drop references to \'StandardOutputFileToCreate\' (#2093479)- dbus-execute: fix indentation (#2093479)- dbus-execute: generate the correct transient unit setting (#2093479)- bus-unit-util: properly accept StandardOutput=append:… settings (#2093479)- core: be more careful when inheriting stdout fds to stderr (#2093479)- test: add a test for StandardError=file:… (#2093479)- tree-wide: allow ASCII fallback for → in logs (#2093479)- tree-wide: allow ASCII fallback for … in logs (#2093479)- core: allow to set default timeout for devices (#1967245)- man: document DefaultDeviceTimeoutSec= (#1967245)- Revert \"core: Propagate condition failed state to triggering units.\" (#2114005)- core: Check unit start rate limiting earlier (#2114005)- core: Add trigger limit for path units (#2114005)- meson: add syscall-names-update target (#2040247)- syscall-names: add process_madvise which is planned for 5.10 (#2040247)- shared: add AATTknown syscall list (#2040247)- generate-syscall-list: require python3 (#2040247)- shared/seccomp: reduce scope of indexing variables (#2040247)- shared/syscall-list: filter out some obviously platform-specific syscalls (#2040247)- seccomp: tighten checking of seccomp filter creation (#2040247)- shared/seccomp-util: added functionality to make list of filtred syscalls (#2040247)- nspawn: return ENOSYS by default, EPERM for \"known\" calls (#2040247)- revert: resolved: pin stream while calling callbacks for it (#2110549) * Wed Aug 03 2022 systemd maintenance team - 239-63- resolved: pin stream while calling callbacks for it (#2110549) * Mon Jul 18 2022 systemd maintenance team - 239-62- spec: Remove dependency on timedatex (#2066946) * Thu Jul 14 2022 systemd maintenance team - 239-61- mkosi: Add gnutls package (#2101227)- unit-name: tighten checks for building valid unit names (#1940973)- core: shorten long unit names that are based on paths and append path hash at the end (#1940973)- test: add extended test for triggering mount rate limit (#1940973)- tests: add test case for long unit names (#1940973)- core: unset HOME=/ that the kernel gives us (#2056527)- journal-remote: check return value from MHD_add_response_header (#2051981)- journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit (#2003236)- sd-bus: make BUS_DEFAULT_TIMEOUT configurable (#2039461)- fstab-generator: fix debug log (#2101433)- logind-session-dbus: allow to set display name via dbus (#1857969)- Allow restart for oneshot units (#2042896)- test: correct TEST-41 StartLimitBurst test (#2042896)- core: fix assert() about number of built environment variables (#2049788)- core: add one more assert() (#2049788)- strv: introduce strv_join_prefix() (#2049788)- test: add tests for strv_join_prefix() (#2049788)- test: replace swear words by \'hoge\' (#2049788)- core: add new environment variable $RUNTIME_DIRECTORY= or friends (#2049788)- test-execute: add tests for $RUNTIME_DIRECTORY= or friends (#2049788)- man: document RUNTIME_DIRECTORY= or friends (#2049788) * Thu Jun 23 2022 systemd maintenance team - 239-60- unit: don\'t emit PropertiesChanged signal if adding a dependency to a unit is a no-op (#1948480)- tests: make inverted tests actually count (#2087152)- TEST- *: make failure tests actually fail on failure (#2087152)- ci(Mergify): configuration update (#2087152)- core: propagate triggered unit in more load states (#2065322)- core: propagate unit start limit hit state to triggering path unit (#2065322)- core: Move \'r\' variable declaration to start of unit_start() (#2065322)- core: Delay start rate limit check when starting a unit (#2065322)- core: Propagate condition failed state to triggering units. (#2065322)- unit: check for mount rate limiting before checking active state (#2095744) * Wed May 18 2022 systemd maintenance team - 239-59- core: disallow using \'-.service\' as a service name (#2051520)- shared/dropin: support -.service.d/ top level drop-in for service units (#2051520)- core: change top-level drop-in from -.service.d to service.d (#2051520)- shared/dropin: fix assert for invalid drop-in (#2051520)- udev: fix slot based network names on s390 (#1939914)- udev: it is not necessary that the path is readable (#1939914)- udev: allow onboard index up to 65535 (#1939914)- Revert \"basic: use comma as separator in cpuset cgroup cpu ranges\" (#1858220)- acpi-fpdt: mark structures as packed (#2047373)- core/slice: make slice_freezer_action() return 0 if freezing state is unchanged (#2047373)- core/unit: fix use-after-free (#2047373)- sd-bus: fix reference counter to be incremented (#2047373)- sd-bus: do not read unused value (#2047373)- sd-bus: do not return negative errno when unknown name is specified (#2047373)- sd-bus: switch to a manual overflow check in sd_bus_track_add_name() (#2047373)- spec: Add dependency on timedatex (#2066946) * Tue Feb 08 2022 systemd maintenance team - 239-58- ci: drop CentOS 8 CI (#2017033)- test: adapt to the new capsh format (#2017033)- test: ignore IAB capabilities in `test-execute` (#2017033) * Mon Feb 07 2022 systemd maintenance team - 239-57- udev/net_id: introduce naming scheme for RHEL-8.5 (#2039797)- udev/net_id: remove extraneous bracket (#2039797)- udev/net_id: introduce naming scheme for RHEL-8.6 (#2039797)- define newly needed constants (#2005008)- sd-netlink: support IFLA_PROP_LIST and IFLA_ALT_IFNAME attributes (#2005008)- sd-netlink: introduce sd_netlink_message_read_strv() (#2005008)- sd-netlink: introduce sd_netlink_message_append_strv() (#2005008)- test: add a test for sd_netlink_message_{append,read}_strv() (#2005008)- util: introduce ifname_valid_full() (#2005008)- rename function (#2005008)- udev: support AlternativeName= setting in .link file (#2005008)- network: make Name= in [Match] support alternative names of interfaces (#2005008)- udev: extend the length of ID_NET_NAME_XXX= to ALTIFNAMSIZ (#2005008)- udev: do not fail if kernel does not support alternative names (#2005008)- udev: introduce AlternativeNamesPolicy= setting (#2005008)- network: set AlternativeNamesPolicy= in 99-default.link (#2005008)- random-util: call initialize_srand() after fork() (#2005008)- sd-netlink: introduce rtnl_resolve_link_alternative_names() (#2005008)- udev: sort alternative names (#2005008)- netlink: introduce rtnl_get/delete_link_alternative_names() (#2005008)- netlink: do not fail when new interface name is already used as an alternative name (#2005008)- udev: do not try to reassign alternative names (#2005008)- Do not fail if the same alt. name is set again (#2005008)- mount: do not update exec deps on mountinfo changes (#2008825)- core/mount: add implicit unit dependencies even if when mount unit is generated from /proc/self/mountinfo (#2008825)- core: fix unfortunate typo in unit_is_unneeded() (#2040147)- core: make destructive transaction error a bit more useful (#2040147)- tmpfiles: use a entry in hashmap as ItemArray in read_config_file() (#1944468)- tmpfiles: rework condition check (#1944468)- TEST-22-TMPFILES: add reproducer for bug with X (#1944468)- core: make sure we don\'t get confused when setting TERM for a tty fd (#2045307)- hash-funcs: introduce macro to create typesafe hash_ops (#2037807)- hash-func: add destructors for key and value (#2037807)- util: define free_func_t (#2037807)- hash-funcs: make basic hash_ops typesafe (#2037807)- test: add tests for destructors of hashmap or set (#2037807)- man: document the new sysctl.d/ - prefix (#2037807)- sysctl: if options are prefixed with \"-\" ignore write errors (#2037807)- sysctl: fix segfault (#2037807) * Tue Jan 25 2022 systemd maintenance team - 239-56- Take ghost ownership of /var/log/lastlog (#1798685) * Mon Jan 10 2022 systemd maintenance team - 239-55- lgtm: detect uninitialized variables using the __cleanup__ attribute (#2017033)- lgtm: replace the query used for looking for fgets with a more general query (#2017033)- lgtm: beef up list of dangerous/questionnable API calls not to make (#2017033)- lgtm: warn about strerror() use (#2017033)- lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC] (#2017033)- lgtm: don\'t treat the custom note as a list of tags (#2017033)- lgtm: ignore certain cleanup functions (#2017033)- lgtm: detect more possible problematic scenarios (#2017033)- lgtm: enable more (and potentially useful) queries (#2017033)- test: make TEST-47 less racy (#2017033)- core: rename unit_{start_limit|condition|assert}_test() to unit_test_xyz() (#2036608)- core: Check unit start rate limiting earlier (#2036608)- sd-event: introduce callback invoked when event source ratelimit expires (#2036608)- core: rename/generalize UNIT(u)->test_start_limit() hook (#2036608)- mount: make mount units start jobs not runnable if /p/s/mountinfo ratelimit is in effect (#2036608)- mount: retrigger run queue after ratelimit expired to run delayed mount start jobs (#2036608)- pid1: add a manager_trigger_run_queue() helper (#2036608)- unit: add jobs that were skipped because of ratelimit back to run_queue (#2036608)- Revert \"Revert \"sysctl: Enable ping(8) inside rootless Podman containers\"\" (#2037807)- sysctl: prefix ping port range setting with a dash (#2037807)- mount: don\'t propagate errors from mount_setup_unit() further up (#2036853) * Wed Dec 01 2021 systemd maintenance team - 239-54- core: consider service with no start command immediately started (#1860899)- man: move description of *Action= modes to FailureAction=/SuccessAction= (#1860899)- core: define \"exit\" and \"exit-force\" actions for user units and only accept that (#1860899)- core: accept system mode emergency action specifiers with a warning (#1860899)- core: allow services with no commands but SuccessAction set (#1860899)- core: limit service-watchdogs=no to actual \"watchdog\" commands (#1860899)- units: use SuccessAction=exit-force in systemd-exit.service (#1860899)- units: use SuccessAction=reboot-force in systemd-reboot.service (#1860899)- units: use SuccessAction=poweroff-force in systemd-poweroff.service (#1860899)- units: allow and use SuccessAction=exit-force in system systemd-exit.service (#1860899)- core: do not \"warn\" about mundane emergency actions (#1860899)- core: return true from cg_is_empty * on ENOENT (#1860899)- macro: define HAS_FEATURE_ADDRESS_SANITIZER also on gcc (#2017033)- tests: add helper function to autodetect CI environments (#2017033)- strv: rework FOREACH_STRING() macro (#2017033)- test,systemctl: use \"const char *\" instead of \"char *\" (#2017033)- ci: pass the $GITHUB_ACTIONS variable to the CentOS container (#2017033) * Wed Nov 24 2021 systemd maintenance team - 239-53- sd-hwdb: allow empty properties (#2005009)- Update hwdb (#2005009)- Disable libpitc to fix CentOS Stream CI (#2017033)- rpm: Fix typo in /usr/lib/environment.d (#2018024)- rpm: Add misspelled /usr/lib/environment.d macro for temporary compatibility (#2018024)- rpm: emit warning when macro with typo is used (#2018024)- Remove unintended additions to systemd-analyze man page (#2004765)- core: fix SIGABRT on empty exec command argv (#2020239)- core/service: also check path in exec commands (#2020239)- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (#2015057)- basic: add vmware hypervisor detection from device-tree (#1959150)- pam: do not require a non-expired password for userAATT.service (#1961746)- udev rules: add rule to create /dev/ptp_hyperv (#1991834)- process-util: explicitly handle processes lacking parents in get_process_ppid() (#1977569)- errno-util: add ERRNO_IS_PRIVILEGE() helper (#1977569)- procfs-util: fix confusion wrt. quantity limit and maximum value (#1977569)- test-process-util: also add EROFS to the list of \"good\" errors (#1977569)- journal: refresh cached credentials of stdout streams (#1931806)- util-lib: introduce HAS_FEATURE_ADDRESS_SANITIZER (#2017033)- ci: skip test-execute on GH Actions under ASan (#2017033)- test-seccomp: accept ENOSYS from sysctl(2) too (#2017033)- test: accept that char device 0/0 can now be created witout privileges (#2017033)- meson: do not fail if rsync is not installed with meson 0.57.2 (#2017033)- pid1: fix free of uninitialized pointer in unit_fail_if_noncanonical() (#1970945)- sd-event: take ref on event loop object before dispatching event sources (#1970945) * Fri Aug 27 2021 systemd maintenance team - 239-50- Added option --check-inhibitors for non-tty usage (#1269726)- logind: Introduce RebootWithFlags and others (#1269726)- logind: add …WithFlags methods to policy (#1269726)- logind: simplify flags handling a bit (#1269726)- Update link to RHEL documentation (#1982584)- Set default core ulimit to 0, but keep the hard limit ulimited (#1905582)- shared/seccomp-util: address family filtering is broken on ppc (#1982650)- logind: rework Seat/Session/User object allocation and freeing a bit (#1642460)- logind: fix serialization/deserialization of user\'s \"display session\" (#1642460)- logind: turn of stdio locking when writing session files too (#1642460)- units: set StopWhenUnneeded= for the user slice units too (#1642460)- units: improve Description= string a bit (#1642460)- logind: improve logging in manager_connect_console() (#1642460)- logind: save/restore User object\'s \"stopping\" field during restarts (#1642460)- logind: correct bad clean-up path (#1642460)- logind: fix bad error propagation (#1642460)- logind: never elect a session that is stopping as display (#1642460)- logind: introduce little helper that checks whether a session is ready (#1642460)- logind: propagate session stop errors (#1642460)- logind: rework how we manage the slice and user-runtime-dirAATT.service unit for each user (#1642460)- logind: optionally, keep the userAATT.service instance for eached logged in user around for a while (#1642460)- logind: add a RequiresMountsFor= dependency from the session scope unit to the home directory of the user (#1642460)- logind: improve error propagation of user_check_linger_file() (#1642460)- logind: automatically GC lingering users for who now userAATT.service (nor slice, not runtime dir service) is running anymore (#1642460)- pam_systemd: simplify code which with we set environment variables (#1642460)- logind: validate /run/user/1000 before we set it (#1642460) * Fri Jul 23 2021 systemd maintenance team - 239-49- remove a left-over break (#1970860)- basic/unit-name: do not use strdupa() on a path (#1974700)- sd-event: change ordering of pending/ratelimited events (#1968528)- sd-event: drop unnecessary \"else\" (#1968528)- sd-event: use CMP() macro (#1968528)- sd-event: use usec_add() (#1968528)- sd-event: make event_source_time_prioq_reshuffle() accept all event source type (#1968528)- sd-event: always reshuffle time prioq on changing online/offline state (#1968528)- ci: run unit tests on z-stream branches as well (#1970860)- ci: drop forgotten Travis references (#1934504)- ci: run unit tests on CentOS 8 Stream as well (#1934504)- ci: add missing test dependencies (#1934504)- meson: bump timeout for test-udev to 180s (#1934504) * Thu Jun 24 2021 systemd maintenance team - 239-48- cgroup: Also set io.bfq.weight (#1927290)- seccomp: allow turning off of seccomp filtering via env var (#1916835)- meson: remove strange dep that causes meson to enter infinite loop (#1970860)- copy: handle copy_file_range() weirdness on procfs/sysfs (#1970860)- core: Hide \"Deactivated successfully\" message (#1954802)- util: rework in_initrd() to make use of path_is_temporary_fs() (#1959339)- initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs (#1959339)- initrd: do a debug log if failed to detect rootfs type (#1959339)- initrd: do a debug log if /etc/initrd-release doesn\'t take effect (#1959339)- units: assign user-runtime-dirAATT.service to user-%i.slice (#1946453)- units: order user-runtime-dirAATT.service after systemd-user-sessions.service (#1946453)- units: make sure user-runtime-dirAATT.service is Type=oneshot (#1946453)- user-runtime-dir: downgrade a few log messages to LOG_DEBUG that we ignore (#1946453)- shared/install: Preserve escape characters for escaped unit names (#1952686)- basic/virt: Detect PowerVM hypervisor (#1937989)- man: document differences in clean exit status for Type=oneshot (#1940078)- busctl: add a timestamp to the output of the busctl monitor command (#1909214)- basic/cap-list: parse/print numerical capabilities (#1946943)- shared/mount-util: convert to libmount (#1885143)- mount-util: bind_remount: avoid calling statvfs (#1885143)- mount-util: use UMOUNT_NOFOLLOW in recursive umounter (#1885143)- test-install-root: create referenced targets (#1835351)- install: warn if WantedBy targets don\'t exist (#1835351)- test-install-root: add test for unknown WantedBy= target (#1835351)- ceph is a network filesystem (#1952013)- sysctl: set kernel.core_pipe_limit=16 (#1949729)- core: don\'t drop timer expired but not yet processed when system date is changed (#1899402)- core: Detect initial timer state from serialized data (#1899402)- rc-local: order after network-online.target (#1934028)- set core ulimit to 0 like on RHEL-7 (#1905582)- test-mountpointutil-util: do not assert in test_mnt_id() (#1910425) * Fri Jun 04 2021 Jan Macku - 239-47- systemd-binfmt: Add safeguard in triggers (#1787144)- spec: Requires(post) openssl-libs to fix missing /etc/machine-id (#1947438)- spec: Go back to using systemctl preset-all in post (#1783263, #1647172, #1118740)- spec: Disable libiptc support (#1817265) * Wed May 19 2021 systemd maintenance team - 239-46- Revert \"udev: run link_update() with increased retry count in second invocation\" (#1942299)- Revert \"udev: make algorithm that selects highest priority devlink less susceptible to race conditions\" (#1942299)- test/udev-test.pl: drop test cases that add mutliple devices (#1942299) * Thu Mar 11 2021 systemd maintenance team - 239-45- Revert \"test: add test cases for empty string match\" and \"test: add test case for multi matches when use ||\" (#1935124)- test/sys-script.py: add missing DEVNAME entries to uevents (#1935124)- sd-event: split out helper functions for reshuffling prioqs (#1937315)- sd-event: split out enable and disable codepaths from sd_event_source_set_enabled() (#1937315)- sd-event: mention that two debug logged events are ignored (#1937315)- sd-event: split clock data allocation out of sd_event_add_time() (#1937315)- sd-event: split out code to add/remove timer event sources to earliest/latest prioq (#1937315)- sd-event: fix delays assert brain-o (#17790) (#1937315)- sd-event: let\'s suffix last_run/last_log with \"_usec\" (#1937315)- sd-event: refuse running default event loops in any other thread than the one they are default for (#1937315)- sd-event: ref event loop while in sd_event_prepare() ot sd_event_run() (#1937315)- sd-event: follow coding style with naming return parameter (#1937315)- sd-event: remove earliest_index/latest_index into common part of event source objects (#1937315)- sd-event: update state at the end in event_source_enable (#1937315)- sd-event: increase n_enabled_child_sources just once (#1937315)- sd-event: add ability to ratelimit event sources (#1937315)- test: add ratelimiting test (#1937315)- core: prevent excessive /proc/self/mountinfo parsing (#1937315)- udev: run link_update() with increased retry count in second invocation (#1935124)- pam-systemd: use secure_getenv() rather than getenv() (#1936866) * Thu Jan 28 2021 systemd maintenance team - 239-44- ci: PowerTools repo was renamed to powertools in RHEL 8.3 (#1871827)- ci: use quay.io instead of Docker Hub to avoid rate limits (#1871827)- ci: move jobs from Travis CI to GH Actions (#1871827)- unit: make UNIT() cast function deal with NULL pointers (#1871827)- use link to RHEL-8 docs (#1623116)- cgroup: Also set blkio.bfq.weight (#1657810)- units: make sure initrd-cleanup.service terminates before switching to rootfs (#1657810)- core: reload SELinux label cache on daemon-reload (#1888912)- selinux: introduce mac_selinux_create_file_prepare_at() (#1888912)- selinux: add trigger for policy reload to refresh internal selabel cache (#1888912)- udev/net_id: give RHEL-8.4 naming scheme a name (#1827462)- basic/stat-util: make mtime check stricter and use entire timestamp (#1642728)- udev: make algorithm that selects highest priority devlink less susceptible to race conditions (#1642728)- test: create /dev/null in test-udev.pl (#1642728)- test: missing \"die\" (#1642728)- udev-test: remove a check for whether the test is run in a container (#1642728)- udev-test: skip the test only if it can\'t setup its environment (#1642728)- udev-test: fix test skip condition (#1642728)- udev-test: fix missing directory test/run (#1642728)- udev-test: check if permitted to create block device nodes (#1642728)- test-udev: add a testcase of too long line (#1642728)- test-udev: use proper semantics for too long line with continuation (#1642728)- test-udev: add more tests for line continuations and comments (#1642728)- test-udev: add more tests for line continuation (#1642728)- test-udev: fix alignment and drop unnecessary white spaces (#1642728)- test/udev-test.pl: cleanup if skipping test (#1642728)- test: add test cases for empty string match (#1642728)- test: add test case for multi matches when use \"||\" (#1642728)- udev-test: do not rely on \"mail\" group being defined (#1642728)- test/udev-test.pl: allow multiple devices per test (#1642728)- test/udev-test.pl: create rules only once (#1642728)- test/udev-test.pl: allow concurrent additions and removals (#1642728)- test/udev-test.pl: use computed devnode name (#1642728)- test/udev-test.pl: test correctness of symlink targets (#1642728)- test/udev-test.pl: allow checking multiple symlinks (#1642728)- test/udev-test.pl: fix wrong test descriptions (#1642728)- test/udev-test.pl: last_rule is unsupported (#1642728)- test/udev-test.pl: Make some tests a little harder (#1642728)- test/udev-test.pl: remove bogus rules from magic subsys test (#1642728)- test/udev-test.pl: merge \"space and var with space\" tests (#1642728)- test/udev-test.pl: merge import parent tests into one (#1642728)- test/udev-test.pl: count \"good\" results (#1642728)- tests/udev-test.pl: add multiple device test (#1642728)- test/udev-test.pl: add repeat count (#1642728)- test/udev-test.pl: generator for large list of block devices (#1642728)- test/udev-test.pl: suppress umount error message at startup (#1642728)- test/udev_test.pl: add \"expected good\" count (#1642728)- test/udev-test: gracefully exit when imports fail (#1642728) * Thu Nov 26 2020 systemd maintenance team - 239-43- man: mention System Administrator\'s Guide in systemctl manpage (#1623116)- udev: introduce udev net_id \"naming schemes\" (#1827462)- meson: make net.naming-scheme= default configurable (#1827462)- man: describe naming schemes in a new man page (#1827462)- udev/net_id: parse _SUN ACPI index as a signed integer (#1827462)- udev/net_id: don\'t generate slot based names if multiple devices might claim the same slot (#1827462)- fix typo in ProtectSystem= option (#1871139)- remove references of non-existent man pages (#1876807)- log: Prefer logging to CLI unless JOURNAL_STREAM is set (#1865840)- locale-util: add new helper locale_is_installed() (#1755287)- test: add test case for locale_is_installed() (#1755287)- tree-wide: port various bits over to locale_is_installed() (#1755287)- install: allow instantiated units to be enabled via presets (#1812972)- install: small refactor to combine two function calls into one function (#1812972)- test: fix a memleak (#1812972)- docs: Add syntax for templated units to systemd.preset man page (#1812972)- shared/install: fix preset operations for non-service instantiated units (#1812972)- introduce setsockopt_int() helper (#1887181)- socket-util: add generic socket_pass_pktinfo() helper (#1887181)- core: add new PassPacketInfo= socket unit property (#1887181)- resolved: tweak cmsg calculation (#1887181) * Tue Nov 03 2020 systemd maintenance team - 239-42- logind: don\'t print warning when userAATT.service template is masked (#1880270)- build: use simple project version in pkgconfig files (#1862714)- basic/virt: try the /proc/1/sched hack also for PID1 (#1868877)- seccomp: rework how the S[UG]ID filter is installed (#1860374)- vconsole-setup: downgrade log message when setting font fails on dummy console (#1889996)- units: fix systemd.special man page reference in system-update-cleanup.service (#1871827)- units: drop reference to sushell man page (#1871827)- sd-bus: break the loop in bus_ensure_running() if the bus is not connecting (#1885553)- core: add new API for enqueing a job with returning the transaction data (#846319)- systemctl: replace switch statement by table of structures (#846319)- systemctl: reindent table (#846319)- systemctl: Only wait when there\'s something to wait for. (#846319)- systemctl: clean up start_unit_one() error handling (#846319)- systemctl: split out extra args generation into helper function of its own (#846319)- systemctl: add new --show-transaction switch (#846319)- test: add some basic testing that \"systemctl start -T\" does something (#846319)- man: document the new systemctl --show-transaction option (#846319)- socket: New option \'FlushPending\' (boolean) to flush socket before entering listening state (#1870638)- core: remove support for API bus \"started outside our own logic\" (#1764282)- mount-setup: fix segfault in mount_cgroup_controllers when using gcc9 compiler (#1868877)- dbus-execute: make transfer of CPUAffinity endian safe (#12711) (#1740657)- core: add support for setting CPUAffinity= to special \"numa\" value (#1740657)- basic/user-util: always use base 10 for user/group numbers (#1848373)- parse-util: sometimes it is useful to check if a string is a valid integer, but not actually parse it (#1848373)- basic/parse-util: add safe_atoux64() (#1848373)- parse-util: allow tweaking how to parse integers (#1848373)- parse-util: allow \'-0\' as alternative to \'0\' and \'+0\' (#1848373)- parse-util: make return parameter optional in safe_atou16_full() (#1848373)- parse-util: rewrite parse_mode() on top of safe_atou_full() (#1848373)- user-util: be stricter in parse_uid() (#1848373)- strv: add new macro STARTSWITH_SET() (#1848373)- parse-util: also parse integers prefixed with 0b and 0o (#1848373)- tests: beef up integer parsing tests (#1848373)- shared/user-util: add compat forms of user name checking functions (#1848373)- shared/user-util: emit a warning on names with dots (#1848373)- user-util: Allow names starting with a digit (#1848373)- shared/user-util: allow usernames with dots in specific fields (#1848373)- user-util: switch order of checks in valid_user_group_name_or_id_full() (#1848373)- user-util: rework how we validate user names (#1848373) * Wed Oct 07 2020 systemd maintenance team - 239-41- cgroup: freezer action must be NOP when cgroup v2 freezer is not available (#1868831) * Fri Aug 28 2020 systemd maintenance team - 239-40- units: add generic boot-complete.target (#1872243)- man: document new \"boot-complete.target\" unit (#1872243)- core: make sure to restore the control command id, too (#1829867) * Thu Aug 06 2020 systemd maintenance team - 239-39- device: make sure we emit PropertiesChanged signal once we set sysfs (#1793533)- device: don\'t emit PropetiesChanged needlessly (#1793533) * Tue Aug 04 2020 systemd maintenance team - 239-38- spec: fix rpm verification (#1702300) * Wed Jul 08 2020 systemd maintenance team - 239-37- spec: don\'t package /etc/systemd/system/dbus-org.freedesktop.resolve1.service (#1844465) * Fri Jun 26 2020 systemd maintenance team - 239-36- core: don\'t consider SERVICE_SKIP_CONDITION for abnormal or failure restarts (#1737283)- selinux: do preprocessor check only in selinux-access.c (#1830861)- basic/cgroup-util: introduce cg_get_keyed_attribute_full() (#1830861)- shared: add generic logic for waiting for a unit to enter some state (#1830861)- shared: fix assert call (#1830861)- shared: Don\'t try calling NULL callback in bus_wait_for_units_clear (#1830861)- shared: add NULL callback check in one more place (#1830861)- core: introduce support for cgroup freezer (#1830861)- core/cgroup: fix return value of unit_cgorup_freezer_action() (#1830861)- core: fix the return value in order to make sure we don\'t dipatch method return too early (#1830861)- test: add test for cgroup v2 freezer support (#1830861)- fix mis-merge (#1848421)- tests: sleep a bit and give kernel time to perform the action after manual freeze/thaw (#1848421) * Fri Jun 26 2020 systemd maintenance team - 239-35- spec: fix rpm verification (#1702300) * Thu Jun 18 2020 systemd maintenance team - 239-34- spec: fix rpm verification (#1702300) * Tue Jun 09 2020 systemd maintenance team - 239-33- tmpfiles: fix crash with NULL in arg_root and other fixes and tests (#1836024)- sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE set (#1625929)- resolvconf: fixes for the compatibility interface (#1835594)- mount: don\'t add Requires for tmp.mount (#1748840)- core: coldplug possible nop_job (#1829798)- core: add IODeviceLatencyTargetSec (#1831519)- time-util: Introduce parse_sec_def_infinity (#1770379)- cgroup: use structured initialization (#1770379)- core: add CPUQuotaPeriodSec= (#1770379)- core: downgrade CPUQuotaPeriodSec= clamping logs to debug (#1770379)- sd-bus: avoid magic number in SASL length calculation (#1838081)- sd-bus: fix SASL reply to empty AUTH (#1838081)- sd-bus: skip sending formatted UIDs via SASL (#1838081)- core: add MemoryMin (#1763435)- core: introduce cgroup_add_device_allow() (#1763435)- test: remove support for suffix in get_testdata_dir() (#1763435)- cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow (#1763435)- cgroup: Create UNIT_DEFINE_ANCESTOR_MEMORY_LOOKUP (#1763435)- unit: Add DefaultMemoryMin (#1763435)- cgroup: Polish hierarchically aware protection docs a bit (#1763435)- cgroup: Readd some plumbing for DefaultMemoryMin (#1763435)- cgroup: Support 0-value for memory protection directives (#1763435)- cgroup: Test that it\'s possible to set memory protection to 0 again (#1763435)- cgroup: Check ancestor memory min for unified memory config (#1763435)- cgroup: Respect DefaultMemoryMin when setting memory.min (#1763435)- cgroup: Mark memory protections as explicitly set in transient units (#1763435)- meson: allow setting the version string during configuration (#1804252) * Thu Jun 04 2020 systemd maintenance team - 239-32- pid1: fix DefaultTasksMax initialization (#1809037)- cgroup: make sure that cpuset is supported on cgroup v2 and disabled with v1 (#1808940)- test: introduce TEST-36-NUMAPOLICY (#1808940)- test: replace `tail -f` with journal cursor which should be... (#1808940)- test: support MPOL_LOCAL matching in unpatched strace versions (#1808940)- test: make sure the strace process is indeed dead (#1808940)- test: skip the test on systems without NUMA support (#1808940)- test: give strace some time to initialize (#1808940)- test: add a simple sanity check for systems without NUMA support (#1808940)- test: drop the missed || exit 1 expression (#1808940)- test: replace cursor file with a plain cursor (#1808940)- cryptsetup: Treat key file errors as a failed password attempt (#1763155)- swap: finish the secondary swap units\' jobs if deactivation of the primary swap unit fails (#1749622)- resolved: Recover missing PrivateTmp=yes and ProtectSystem=strict (#1810869)- bus_open leak sd_event_source when udevadm trigger。 (#1798504)- core: rework StopWhenUnneeded= logic (#1798046)- pid1: fix the names of AllowedCPUs= and AllowedMemoryNodes= (#1818054)- core: fix re-realization of cgroup siblings (#1818054)- basic: use comma as separator in cpuset cgroup cpu ranges (#1818054)- core: transition to FINAL_SIGTERM state after ExecStopPost= (#1766479)- sd-journal: close journal files that were deleted by journald before we\'ve setup inotify watch (#1796128)- sd-journal: remove the dead code and actually fix #14695 (#1796128)- udev: downgrade message when we fail to set inotify watch up (#1808051)- logind: check PolicyKit before allowing VT switch (#1797679)- test: do not use global variable to pass error (#1823767)- test: install libraries required by tests (#1823767)- test: introduce install_zoneinfo() (#1823767)- test: replace duplicated Makefile by symbolic link (#1823767)- test: add paths of keymaps in install_keymaps() (#1823767)- test: make install_keymaps() optionally install more keymaps (#1823767)- test-fs-util: skip some tests when running in unprivileged container (#1823767)- test-process-util: skip several verifications when running in unprivileged container (#1823767)- test-execute: also check python3 is installed or not (#1823767)- test-execute: skip several tests when running in container (#1823767)- test: introduce test_is_running_from_builddir() (#1823767)- test: make test-catalog relocatable (#1823767)- test: parallelize tasks in TEST-24-UNIT-TESTS (#1823767)- test: try to determine QEMU_SMP dynamically (#1823767)- test: store coredumps in journal (#1823767)- pid1: add new kernel cmdline arg systemd.cpu_affinity= (#1812894)- udev-rules: make tape-changers also apprear in /dev/tape/by-path/ (#1820112)- man: be clearer that .timer time expressions need to be reset to override them (#1816908)- Add support for opening files for appending (#1809175)- nspawn: move payload to sub-cgroup first, then sync cgroup trees (#1837094)- core: move unit_status_emit_starting_stopping_reloading() and related calls to job.c (#1737283)- job: when a job was skipped due to a failed condition, log about it (#1737283)- core: split out all logic that updates a Job on a unit\'s unit_notify() invocation (#1737283)- core: make log messages about units entering a \'failed\' state recognizable (#1737283)- core: log a recognizable message when a unit succeeds, too (#1737283)- tests: always use the right vtable wrapper calls (#1737283)- test-execute: allow filtering test cases by pattern (#1737283)- test-execute: provide custom failure message (#1737283)- core: ExecCondition= for services (#1737283)- Drop support for lz4 < 1.3.0 (#1843871)- test-compress: add test for short decompress_startswith calls (#1843871)- journal: adapt for new improved LZ4_decompress_safe_partial() (#1843871)- fuzz-compress: add fuzzer for compression and decompression (#1843871)- seccomp: fix __NR__sysctl usage (#1843871) * Fri Feb 21 2020 systemd maintenance team - 239-27- cgroup: introduce support for cgroup v2 CPUSET controller (#1724617) * Wed Feb 19 2020 systemd maintenance team - 239-26- seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files (#1687512)- test: add test case for restrict_suid_sgid() (#1687512)- core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= (#1687512)- analyze: check for RestrictSUIDSGID= in \"systemd-analyze security\" (#1687512)- man: document the new RestrictSUIDSGID= setting (#1687512)- units: turn on RestrictSUIDSGID= in most of our long-running daemons (#1687512)- core: imply NNP and SUID/SGID restriction for DynamicUser=yes service (#1687512) * Mon Feb 17 2020 systemd maintenance team - 239-25- sd-bus: use \"queue\" message references for managing r/w message queues in connection objects (CVE-2020-1712)- pid1: make sure to restore correct default values for some rlimits (#1789930)- main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE (#1789930) * Thu Feb 13 2020 systemd maintenance team - 239-24- rules: reintroduce 60-alias-kmsg.rules (#1739353)- sd-bus: make rqueue/wqueue sizes of type size_t (CVE-2020-1712)- sd-bus: reorder bus ref and bus message ref handling (CVE-2020-1712)- sd-bus: make sure dispatch_rqueue() initializes return parameter on all types of success (CVE-2020-1712)- sd-bus: drop two inappropriate empty lines (CVE-2020-1712)- sd-bus: initialize mutex after we allocated the wqueue (CVE-2020-1712)- sd-bus: always go through sd_bus_unref() to free messages (CVE-2020-1712)- bus-message: introduce two kinds of references to bus messages (CVE-2020-1712)- sd-bus: introduce API for re-enqueuing incoming messages (CVE-2020-1712)- sd-event: add sd_event_source_disable_unref() helper (CVE-2020-1712)- polkit: when authorizing via PK let\'s re-resolve callback/userdata instead of caching it (CVE-2020-1712)- sysctl: let\'s by default increase the numeric PID range from 2^16 to 2^22 (#1744214)- journal: do not trigger assertion when journal_file_close() get NULL (#1788085)- journal: use cleanup attribute at one more place (#1788085) * Mon Jan 13 2020 systemd maintenance team - 239-23- catalog: fix name of variable (#1677768)- cryptsetup: add keyfile-timeout to allow a keydev timeout and allow to fallback to a password if it fails. (#1763155)- cryptsetup: add documentation for keyfile-timeout (#1763155)- cryptsetup: use unabbrieviated variable names (#1763155)- cryptsetup: don\'t assert on variable which is optional (#1763155)- cryptsetup-generator: guess whether the keyfile argument is two items or one (#1763155)- crypt-util: Translate libcryptsetup log level instead of using log_debug() (#1776408)- cryptsetup: add some commenting about EAGAIN generation (#1776408)- cryptsetup: downgrade a log message we ignore (#1776408)- cryptsetup: rework how we log about activation failures (#1776408) * Tue Dec 17 2019 systemd maintenance team - 239-22- spec: don\'t ship /var/log/README- spec: provide systemd-rpm-macros * Mon Dec 09 2019 systemd maintenance team - 239-21- test-cpu-set-util: fix comparison for allocation size (#1734787)- test-cpu-set-util: fix allocation size check on i386 (#1734787) * Mon Dec 09 2019 systemd maintenance team - 239-20- journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup (#1764560)- basic/user-util: allow dots in user names (#1717603)- sd-bus: bump message queue size again (#1770189)- tests: put fuzz_journald_processing_function in a .c file (#1764560)- tests: add a fuzzer for dev_kmsg_record (#1764560)- basic: remove an assertion from cunescape_one (#1764560)- journal: fix an off-by-one error in dev_kmsg_record (#1764560)- tests: add a reproducer for a memory leak fixed in 30eddcd51b8a472e05d3b8d1 in August (#1764560)- tests: add a reproducer for a heap-buffer-overflow fixed in 937b1171378bc1000a (#1764560)- test: initialize syslog_fd in fuzz-journald-kmsg too (#1764560)- tests: add a fuzzer for process_audit_string (#1764560)- journald: check whether sscanf has changed the value corresponding to %n (#1764560)- tests: introduce dummy_server_init and use it in all journald fuzzers (#1764560)- tests: add a fuzzer for journald streams (#1764560)- tests: add a fuzzer for server_process_native_file (#1764560)- fuzz-journal-stream: avoid assertion failure on samples which don\'t fit in pipe (#1764560)- journald: take leading spaces into account in syslog_parse_identifier (#1764560)- Add a warning about the difference in permissions between existing directories and unit settings. (#1778384)- execute: remove one redundant comparison check (#1778384)- core: change ownership/mode of the execution directories also for static users (#1778384)- core/dbus-execute: remove unnecessary initialization (#1734787)- shared/cpu-set-util: move the part to print cpu-set into a separate function (#1734787)- shared/cpu-set-util: remove now-unused CPU_SIZE_TO_NUM() (#1734787)- Rework cpu affinity parsing (#1734787)- Move cpus_in_affinity_mask() to cpu-set-util.[ch] (#1734787)- test-cpu-set-util: add simple test for cpus_in_affinity_mask() (#1734787)- test-cpu-set-util: add a smoke test for test_parse_cpu_set_extend() (#1734787)- pid1: parse CPUAffinity= in incremental fashion (#1734787)- pid1: don\'t reset setting from /proc/cmdline upon restart (#1734787)- pid1: when reloading configuration, forget old settings (#1734787)- test-execute: use CPUSet too (#1734787)- shared/cpu-set-util: drop now-unused cleanup function (#1734787)- shared/cpu-set-util: make transfer of cpu_set_t over bus endian safe (#1734787)- test-cpu-set-util: add test for dbus conversions (#1734787)- shared/cpu-set-util: introduce cpu_set_to_range() (#1734787)- systemctl: present CPUAffinity mask as a list of CPU index ranges (#1734787)- shared/cpu-set-util: only force range printing one time (#1734787)- execute: dump CPUAffinity as a range string instead of a list of CPUs (#1734787)- cpu-set-util: use %d-%d format in cpu_set_to_range_string() only for actual ranges (#1734787)- core: introduce NUMAPolicy and NUMAMask options (#1734787)- core: disable CPUAccounting by default (#1734787)- set kptr_restrict=1 (#1689346)- cryptsetup: reduce the chance that we will be OOM killed (#1696602)- core, job: fix breakage of ordering dependencies by systemctl reload command (#1766417)- debug-generator: enable custom systemd.debug_shell tty (#1723722) * Thu Oct 24 2019 Lukas Nykryn - 239-19- core: never propagate reload failure to service result (#1735787)- man: document systemd-analyze security (#1750343)- man: reorder and add examples to systemd-analyze(1) (#1750343)- travis: move to CentOS 8 docker images (#1761519)- travis: drop SCL remains (#1761519)- syslog: fix segfault in syslog_parse_priority() (#1761519)- sd-bus: make strict asan shut up (#1761519)- travis: don\'t run slow tests under ASan/UBSan (#1761519)- kernel-install: do not require non-empty kernel cmdline (#1701454)- ask-password: prevent buffer overrow when reading from keyring (#1752050)- core: try to reopen /dev/kmsg again right after mounting /dev (#1749212)- buildsys: don\'t garbage collect sections while linking (#1748258)- udev: introduce CONST key name (#1762679)- Call getgroups() to know size of supplementary groups array to allocate (#1743230256 KB- Consider smb3 as remote filesystem (#1757257)- process-util: introduce pid_is_my_child() helper (#1744972)- core: reduce the number of stalled PIDs from the watched processes list when possible (#1744972)- core: only watch processes when it\'s really necessary (#1744972)- core: implement per unit journal rate limiting (#1719577)- path: stop watching path specs once we triggered the target unit (#1763161)- journald: fixed assertion failure when system journal rotation fails (#9893) (#1763619)- test: use PBKDF2 instead of Argon2 in cryptsetup... (#1761519)- test: mask several unnecessary services (#1761519)- test: bump the second partition\'s size to 50M (#1761519)- shared/sleep-config: exclude zram devices from hibernation candidates (#1763617)- selinux: don\'t log SELINUX_INFO and SELINUX_WARNING messages to audit (#1763612)- sd-device: introduce log_device_ *() macros (#1753369)- udev: Add id program and rule for FIDO security tokens (#1753369)- shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857)- sd-bus: adjust indentation of comments (#1746857)- resolved: do not run loop twice (#1746857)- resolved: allow access to Set *Link and Revert methods through polkit (#1746857)- resolved: query polkit only after parsing the data (#1746857) * Fri Aug 30 2019 Lukas Nykryn - 239-18- shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857)- sd-bus: adjust indentation of comments (#1746857)- resolved: do not run loop twice (#1746857)- resolved: allow access to Set *Link and Revert methods through polkit (#1746857)- resolved: query polkit only after parsing the data (#1746857) * Wed Aug 07 2019 Lukas Nykryn - 239-17- mount: simplify /proc/self/mountinfo handler (#1696178)- mount: rescan /proc/self/mountinfo before processing waitid() results (#1696178)- swap: scan /proc/swaps before processing waitid() results (#1696178)- analyze-security: fix potential division by zero (#1734400) * Fri Jul 26 2019 Lukas Nykryn - 239-16- sd-bus: deal with cookie overruns (#1694999)- journal-remote: do not request Content-Length if Transfer-Encoding is chunked (#1708849)- journal: do not remove multiple spaces after identifier in syslog message (#1691817)- cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails. (#1719153)- cryptsetup: call crypt_load() for LUKS only once (#1719153)- cryptsetup: Add LUKS2 token support. (#1719153)- udev/scsi_id: fix incorrect page length when get device identification VPD page (#1713227)- Change job mode of manager triggered restarts to JOB_REPLACE (#11456- bash-completion: analyze: support \'security\' (#1733395)- man: note that journal does not validate syslog fields (#1707175)- rules: skip memory hotplug on ppc64 (#1713159) * Thu May 23 2019 Lukas Nykryn - 239-15- tree-wide: shorten error logging a bit (#1697893)- nspawn: simplify machine terminate bus call (#1697893)- nspawn: merge two variable declaration lines (#1697893)- nspawn: rework how we allocate/kill scopes (#1697893)- unit: enqueue cgroup empty check event if the last ref on a unit is dropped (#1697893)- Revert \"journal: remove journal audit socket\" (#1699287)- journal: don\'t enable systemd-journald-audit.socket by default (#1699287)- logs-show: use grey color for de-emphasizing journal log output (#1695601)- units: add [Install] section to tmp.mount (#1667065)- nss: do not modify errno when NSS_STATUS_NOTFOUND or NSS_STATUS_SUCCESS (#1691691)- util.h: add new UNPROTECT_ERRNO macro (#1691691)- nss: unportect errno before writing to NSS\' *errnop (#1691691)- seccomp: reduce logging about failure to add syscall to seccomp (#1658691)- format-table: when duplicating a cell, also copy the color (#1689832)- format-table: optionally make specific cells clickable links (#1689832)- format-table: before outputting a color, check if colors are available (#1689832)- format-table: add option to store/format percent and uint64_t values in cells (#1689832)- format-table: optionally allow reversing the sort order for a column (#1689832)- format-table: add table_update() to update existing entries (#1689832)- format-table: add an API for getting the cell at a specific row/column (#1689832)- format-table: always underline header line (#1689832)- format-table: add calls to query the data in a specific cell (#1689832)- format-table: make sure we never call memcmp() with NULL parameters (#1689832)- format-table: use right field for display (#1689832)- format-table: add option to uppercase cells on display (#1689832)- format-table: never try to reuse cells that have color/url/uppercase set (#1689832)- locale-util: add logic to output smiley emojis at various happiness levels (#1689832)- analyze: add new security verb (#1689832)- tests: add a rudimentary fuzzer for server_process_syslog_message (#9979) (#1696224)- journald: make it clear that dev_kmsg_record modifies the string passed to it (#1696224)- journald: free the allocated memory before returning from dev_kmsg_record (#1696224)- tests: rework the code fuzzing journald (#1696224)- journald: make server_process_native_message compatible with fuzz_journald_processing_function (#1696224)- tests: add a fuzzer for server_process_native_message (#1696224)- tests: add a fuzzer for sd-ndisc (#1696224)- ndisc: fix two infinite loops (#1696224)- tests: add reproducers for several issues uncovered with fuzz-journald-syslog (#1696224)- tests: add a reproducer for an infinite loop in ndisc_handle_datagram (#1696224)- tests: add a reproducer for another infinite loop in ndisc_handle_datagram (#1696224)- fuzz: rename \"fuzz-corpus\" directory to just \"fuzz\" (#1696224)- test: add testcase for issue 10007 by oss-fuzz (#1696224)- fuzz: unify the \"fuzz-regressions\" directory with the main corpus (#1696224)- test-bus-marshal: use cescaping instead of hexmem (#1696224)- meson: add -Dlog-trace to set LOG_TRACE (#1696224)- meson: allow building resolved and machined without nss modules (#1696224)- meson: drop duplicated condition (#1696224)- meson: use .source_root() in more places (#1696224)- meson: treat all fuzz cases as unit tests (#1696224)- fuzz-bus-message: add fuzzer for message parsing (#1696224)- bus-message: use structured initialization to avoid use of unitialized memory (#1696224)- bus-message: avoid an infinite loop on empty structures (#1696224)- bus-message: let\'s always use -EBADMSG when the message is bad (#1696224)- bus-message: rename function for clarity (#1696224)- bus-message: use define (#1696224)- bus: do not print (null) if the message has unknown type (#1696224)- bus-message: fix calculation of offsets table (#1696224)- bus-message: remove duplicate assignment (#1696224)- bus-message: fix calculation of offsets table for arrays (#1696224)- bus-message: drop asserts in functions which are wrappers for varargs version (#1696224)- bus-message: output debug information about offset troubles (#1696224)- bus-message: fix skipping of array fields in !gvariant messages (#1696224)- bus-message: also properly copy struct signature when skipping (#1696224)- fuzz-bus-message: add two test cases that pass now (#1696224)- bus-message: return -EBADMSG not -EINVAL on invalid !gvariant messages (#1696224)- bus-message: avoid wrap-around when using length read from message (#1696224)- util: do not use stack frame for parsing arbitrary inputs (#1696224)- travis: enable ASan and UBSan on RHEL8 (#1683319)- tests: keep SYS_PTRACE when running under ASan (#1683319)- tree-wide: various ubsan zero size memory fixes (#1683319)- util: introduce memcmp_safe() (#1683319)- test-socket-util: avoid \"memleak\" reported by valgrind (#1683319)- sd-journal: escape binary data in match_make_string() (#1683319)- capability: introduce CAP_TO_MASK_CORRECTED() macro replacing CAP_TO_MASK() (#1683319)- sd-bus: use size_t when dealing with memory offsets (#1683319)- sd-bus: call cap_last_cap() only once in has_cap() (#1683319)- mount-point: honour AT_SYMLINK_FOLLOW correctly (#1683319)- travis: switch from trusty to xenial (#1683319)- test-socket-util: Add tests for receive_fd_iov() and friends. (#1683319)- socket-util: Introduce send_one_fd_iov() and receive_one_fd_iov() (#1683319)- core: swap order of \"n_storage_fds\" and \"n_socket_fds\" parameters (#1683334)- execute: use our usual syntax for defining bit masks (#1683334)- core: introduce new Type=exec service type (#1683334)- man: document the new Type=exec type (#1683334)- sd-bus: allow connecting to the pseudo-container \".host\" (#1683334)- sd-login: let\'s also make sd-login understand \".host\" (#1683334)- test: add test for Type=exec (#1683334)- journal-gateway: explicitly declare local variables (#1705971)- tools: drop unused variable (#1705971)- journal-gateway: use localStorage[\"cursor\"] only when it has valid value (#1705971) * Tue Apr 30 2019 Lukas Nykryn - 239-14- rules: implement new memory hotplug policy (#1670728)- rules: add the rule that adds elevator= kernel command line parameter (#1670126)- bus-socket: Fix line_begins() to accept word matching full string (#1692991)- Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1678641)- Allocate temporary strings to hold dbus paths on the heap (#1678641)- sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1678641)- Revert \"core: one step back again, for nspawn we actually can\'t wait for cgroups running empty since systemd will get exactly zero notifications about it\" (#1703485) * Tue Feb 26 2019 Lukas Nykryn - 239-13- rules: add the rule that adds elevator= kernel command line parameter (#1670126) * Fri Feb 15 2019 Lukas Nykryn - 239-12- core: when deserializing state always use read_line(…, LONG_LINE_MAX, …) (CVE-2018-15686)- coredump: remove duplicate MESSAGE= prefix from message (#1664976)- journald: remove unnecessary {} (#1664976)- journald: do not store the iovec entry for process commandline on stack (#1664976)- basic/process-util: limit command line lengths to _SC_ARG_MAX (#1664976)- coredump: fix message when we fail to save a journald coredump (#1664976)- procfs-util: expose functionality to query total memory (#1664976)- basic/prioq: add prioq_peek_item() (#1664976)- journal: limit the number of entries in the cache based on available memory (#1664976)- journald: periodically drop cache for all dead PIDs (#1664976)- process-util: don\'t use overly large buffer to store process command line (#1664976)- Revert \"sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 to 2\" (#1653824)- journal: fix syslog_parse_identifier() (#1664978)- journald: set a limit on the number of fields (1k) (#1664977)- journald: when processing a native message, bail more quickly on overbig messages (#1664977)- journald: lower the maximum entry size limit to ½ for non-sealed fds (#1664977)- µhttpd: use a cleanup function to call MHD_destroy_response (#1664977)- journal-remote: verify entry length from header (#1664977)- journal-remote: set a limit on the number of fields in a message (#1664977)- journald: correctly attribute log messages also with cgroupsv1 (#1658115)- rules: add elevator= kernel command line parameter (#1670126) * Mon Jan 14 2019 Lukas Nykryn - 239-11- unit: don\'t add Requires for tmp.mount (#1619292)- remove bootchart dependency (#1660119) * Wed Dec 12 2018 Lukas Nykryn - 239-10- cryptsetup-generator: introduce basic keydev support (#1656869)- cryptsetup: don\'t use %m if there\'s no error to show (#1656869)- cryptsetup-generator: don\'t return error if target directory already exists (#1656869)- cryptsetup-generator: allow whitespace characters in keydev specification (#1656869)- rules: watch metadata changes on DASD devices (#1638676)- sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 to 2 (#1653824) * Thu Dec 06 2018 Lukas Nykryn - 239-9- dissect-image: use right comparison function (#1602706)- login: avoid leak of name returned by uid_to_name() (#1602706)- firewall-util: add an assert that we\'re not overwriting a buffer (#1602706)- journal-file: avoid calling ftruncate with invalid fd (#1602706)- dhcp6: make sure we have enough space for the DHCP6 option header (#1643363)- core: rename queued_message → pending_reload_message (#1647359)- core: when we can\'t send the pending reload message, say we ignore it in the warning we log (#1647359)- core: make sure we don\'t throttle change signal generator when a reload is pending (#1647359)- proc-cmdline: introduce PROC_CMDLINE_RD_STRICT (#1643429)- debug-generator: introduce rd. * version of all options (#1643429)- chown-recursive: let\'s rework the recursive logic to use O_PATH (#1643368)- chown-recursive: also drop ACLs when recursively chown()ing (#1643368)- chown-recursive: TAKE_FD() is your friend (#1643368)- test: add test case for recursive chown()ing (#1643368)- Revert \"sysctl.d: request ECN on both in and outgoing connections\" (#1619790)- detect-virt: do not try to read all of /proc/cpuinfo (#1631532)- sd-bus: unify three code-paths which free struct bus_container (#1635435)- sd-bus: properly initialize containers (#1635435) * Tue Oct 16 2018 Lukas Nykryn - 239-8- revert sd-bus: unify three code-paths which free struct bus_container (#1635435) * Fri Oct 12 2018 Michal Sekletár - 239-7- change default cgroup hierarchy to \"legacy\" (#1638650)- we never added mymachines module to passwd: or group: in RHEL8, hence don\'t try to remove it (#1638450)- bump minimal size of random pool to 1024 bytes (#1619268)- install RHEL-7 compatible rc.local (#1625209)- backport support for sector-size crypttab option (#1572563)- units: don\'t enable per-service IP firewall by default (#1630219)- sd-bus: unify three code-paths which free struct bus_container (#1635435)- bus-message: do not crash on message with a string of zero length (#1635439)- bus-message: stack based buffer overflow in free_and_strdup (#1635428)- journal: change support URL shown in the catalog entries (#1550548) * Mon Sep 10 2018 Michal Sekletár - 239-6- move /etc/yum/protected.d/systemd.conf to /etc/dnf/ (#1626973) * Fri Sep 07 2018 Josh Boyer - 239-5- Fix file conflict between yum and systemd (#1626682) * Tue Aug 14 2018 Michal Sekletár - 239-4- drop the patch for delayed loading of config in net_setup_link and set NAME in prefixdevname udev rules (#1614681)- bus: move BUS_DONT_DESTROY calls after asserts (#1610397) * Fri Aug 10 2018 Michal Sekletár - 239-3- net_setup_link: delay loading configuration, just before we apply it (#1614681) * Thu Aug 09 2018 Michal Sekletár - 239-2- 20-grubby.install: populate symvers.gz file (#1609698)- net_setup_link: allow renaming interfaces that were renamed already- units: drop DynamicUser=yes from systemd-resolved.service- journal: remove journal audit socket * Wed Aug 01 2018 Michal Sekletár - 239-1- rebase to systemd-239- Override systemd-user PAM config in install and not prep (patch by Filipe Brandenburger )- use %autosetup -S git_am to apply patches- revert upstream default for RemoveIPC (#1523233)- bump DefaultTasksMax to 80% of kernel default (#1523236)- avoid /tmp being mounted as tmpfs without the user\'s will (#1578772)- bump maximum number of processes in user slice to 80% of pid.max (#1523236)- forwardport downstream-only udev rules from RHEL-7 (#1523227)- don\'t ship systemd-networkd- don\'t ship systemd-timesyncd- add back support for WAIT_FOR to udev rules (#1523213) * Wed May 16 2018 Jan Synáček - 238-8- do not mount /tmp as tmpfs (#1578772) * Tue May 15 2018 Jan Synáček - 238-7- fix compilation (#1578318) * Fri Apr 27 2018 Michal Sekletar - 238-6- forwardport downstream-only udev rules from RHEL-7 (#1523227)- set RemoveIPC=no by default (#1523233) * Thu Apr 12 2018 Michal Sekletar - 238-5- also drop qrencode-devel from BuildRequires as it is no longer needed (#1566158) * Wed Apr 11 2018 Michal Sekletar - 238-4- disable support for qrencode (#1566158)- bump default journal rate limit to 10000 messages per 30s (#1563729)- fix unit reloads (#1560549)- don\'t create /var/log/journal during package installation (#1523188) * Fri Mar 09 2018 Troy Dawson - 238-3.1- Rebuild with cryptsetup-2 * Wed Mar 07 2018 Zbigniew Jędrzejewski-Szmek - 238-3- Revert the patches for GRUB BootLoaderSpec support- Add patch for /etc/machine-id creation (#1552843) * Tue Mar 06 2018 Yu Watanabe - 238-2- Fix transfiletrigger script (#1551793) * Mon Mar 05 2018 Zbigniew Jędrzejewski-Szmek - 238-1- Update to latest version- This fixes a hard-to-trigger potential vulnerability (CVE-2018-6954)- New transfiletriggers are installed for udev hwdb and rules, the journal catalog, sysctl.d, binfmt.d, sysusers.d, tmpfiles.d. * Tue Feb 27 2018 Javier Martinez Canillas - 237-7.git84c8da5- Add patch to install kernel images for GRUB BootLoaderSpec support * Sat Feb 24 2018 Zbigniew Jędrzejewski-Szmek - 237-6.git84c8da5- Create /etc/systemd in %post libs if necessary (#1548607) * Fri Feb 23 2018 Adam Williamson - 237-5.git84c8da5- Use : not touch to create file in -libs %post * Thu Feb 22 2018 Patrick Uiterwijk - 237-4.git84c8da5- Add coreutils dep for systemd-libs %post- Add patch to typecast USB IDs to avoid compile failure * Wed Feb 21 2018 Zbigniew Jędrzejewski-Szmek - 237-3.git84c8da5- Update some patches for test skipping that were updated upstream before merging- Add /usr/lib/systemd/purge-nobody-user — a script to check if nobody is defined correctly and possibly replace existing mappings * Tue Feb 20 2018 Zbigniew Jędrzejewski-Szmek - 237-2.gitdff4849- Backport a bunch of patches, most notably for the journal and various memory issues. Some minor build fixes.- Switch to new ldconfig macros that do nothing in F28+- /etc/systemd/dont-synthesize-nobody is created in %post if nfsnobody or nobody users are defined (#1537262) * Fri Feb 09 2018 Zbigniew Jędrzejeweski-Szmek - 237-1.git78bd769- Update to first stable snapshot (various minor memory leaks and misaccesses, some documentation bugs, build fixes). * Sun Jan 28 2018 Zbigniew Jędrzejewski-Szmek - 237-1- Update to latest version * Sun Jan 21 2018 Björn Esser - 236-4.git3e14c4c- Add patch to include if needed * Sat Jan 20 2018 Björn Esser - 236-3.git3e14c4c- Rebuilt for switch to libxcrypt * Thu Jan 11 2018 Zbigniew Jędrzejewski-Szmek - 236-2.git23e14c4- Backport a bunch of bugfixes from upstream (#1531502, #1531381, #1526621 various memory corruptions in systemd-networkd)- /dev/kvm is marked as a static node which fixes permissions on s390x and ppc64 (#1532382) * Fri Dec 15 2017 Zbigniew Jędrzejewski-Szmek - 236-1- Update to latest version * Mon Dec 11 2017 Zbigniew Jędrzejewski-Szmek - 235-5.git4a0e928- Update to latest git snapshot, do not build for realz- Switch to libidn2 again (#1449145) * Tue Nov 07 2017 Zbigniew Jędrzejewski-Szmek - 235-4- Rebuild for cryptsetup-2.0.0-0.2.fc28 * Wed Oct 25 2017 Zbigniew Jędrzejewski-Szmek - 235-3- Backport a bunch of patches, including LP#172535 * Wed Oct 18 2017 Zbigniew Jędrzejewski-Szmek - 235-2- Patches for cryptsetup _netdev * Fri Oct 06 2017 Zbigniew Jędrzejewski-Szmek - 235-1- Update to latest version * Tue Sep 26 2017 Nathaniel McCallum - 234-8- Backport /etc/crypttab _netdev feature from upstream * Thu Sep 21 2017 Michal Sekletar - 234-7- Make sure to remove all device units sharing the same sysfs path (#1475570) * Mon Sep 18 2017 Zbigniew Jędrzejewski-Szmek - 234-6- Bump xslt recursion limit for libxslt-1.30 * Mon Jul 31 2017 Zbigniew Jędrzejewski-Szmek - 234-5- Backport more patches (#1476005, hopefully #1462378) * Thu Jul 27 2017 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Mon Jul 17 2017 Zbigniew Jędrzejewski-Szmek - 234-3- Fix x-systemd.timeout=0 in /etc/fstab (#1462378)- Minor patches (memleaks, --help fixes, seccomp on arm64) * Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-2- Create kvm group (#1431876) * Thu Jul 13 2017 Zbigniew Jędrzejewski-Szmek - 234-1- Latest release * Sat Jul 01 2017 Zbigniew Jędrzejewski-Szmek - 233-7.git74d8f1c- Update to snapshot- Build with meson again * Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445) * Fri Jun 16 2017 Zbigniew Jędrzejewski-Szmek - 233-5.gitec36d05- Update to snapshot version, build with meson * Thu Jun 15 2017 Zbigniew Jędrzejewski-Szmek - 233-4- Backport a bunch of small fixes (memleaks, wrong format strings, man page clarifications, shell completion)- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493)- Fix systemd-vconsole-setup.service error on systems with no VGA console (#1272686)- Drop soft-static uid for systemd-journal-gateway- Use ID from /etc/os-release as ntpvendor * Thu Mar 16 2017 Michal Sekletar - 233-3- Backport bugfixes from upstream- Don\'t return error when machinectl couldn\'t figure out container IP addresses (#1419501) * Thu Mar 02 2017 Zbigniew Jędrzejewski-Szmek - 233-2- Fix installation conflict with polkit * Thu Mar 02 2017 Zbigniew Jędrzejewski-Szmek - 233-1- New upstream release (#1416201, #1405439, #1420753, many others)- New systemd-tests subpackage with \"installed tests\" * Thu Feb 16 2017 Zbigniew Jędrzejewski-Szmek - 232-15- Add %ghost %dir entries for .wants dirs of our targets (#1422894) * Tue Feb 14 2017 Zbigniew Jędrzejewski-Szmek - 232-14- Ignore the hwdb parser test * Tue Feb 14 2017 Jan Synáček - 232-14- machinectl fails when virtual machine is running (#1419501) * Sat Feb 11 2017 Fedora Release Engineering - 232-13- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Tue Jan 31 2017 Zbigniew Jędrzejewski-Szmek - 232-12- Backport patch for initrd-switch-root.service getting killed (#1414904)- Fix sd-journal-gatewayd -D, --trust, and COREDUMP_CONTAINER_CMDLINE extraction by sd-coredump. * Sun Jan 29 2017 zbyszek - 232-11- Backport a number of patches (#1411299, #1413075, #1415745, - Fix various memleaks and unitialized variable access- Shell completion enhancements- Enable TPM logging by default (#1411156)- Update hwdb (#1270124) * Thu Jan 19 2017 Adam Williamson - 232-10- Backport fix for boot failure in initrd-switch-root (#1414904) * Wed Jan 18 2017 Zbigniew Jędrzejewski-Szmek - 232-9- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam is available as multilib (#1414153) * Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek - 232-8- Fix buildsystem to check for lz4 correctly (#1404406) * Wed Jan 11 2017 Zbigniew Jędrzejewski-Szmek - 232-7- Various small tweaks to scriplets * Sat Jan 07 2017 Kevin Fenzi - 232-6- Fix scriptlets to never fail in libs post * Fri Jan 06 2017 Kevin Fenzi - 232-5- Add patch from Michal Schmidt to avoid process substitution (#1392236) * Sun Nov 06 2016 Zbigniew Jędrzejewski-Szmek - 232-4- Rebuild (#1392236) * Fri Nov 04 2016 Zbigniew Jędrzejewski-Szmek - 232-3- Make /etc/dbus-1/system.d directory non-%ghost * Fri Nov 04 2016 Zbigniew Jędrzejewski-Szmek - 232-2- Fix kernel-install (#1391829)- Restore previous systemd-user PAM config (#1391836)- Move journal-upload.conf.5 from systemd main to journal-remote subpackage (#1391833)- Fix permissions on /var/lib/systemd/journal-upload (#1262665) * Thu Nov 03 2016 Zbigniew Jędrzejewski-Szmek - 232-1- Update to latest version (#998615, #1181922, #1374371, #1390704, #1384150, #1287161)- Add %{_isa} to Provides on arch-full packages (#1387912)- Create systemd-coredump user in %pre (#1309574)- Replace grubby patch with a short-circuiting install.d \"plugin\"- Enable nss-systemd in the passwd, group lines in nsswith.conf- Add [!UNAVAIL=return] fallback after nss-resolve in hosts line in nsswith.conf- Move systemd-nspawn man pages to the right subpackage (#1391703) * Tue Oct 18 2016 Jan Synáček - 231-11- SPC - Cannot restart host operating from container (#1384523) * Sun Oct 09 2016 Zbigniew Jędrzejewski-Szmek - 231-10- Do not recreate /var/log/journal on upgrades (#1383066)- Move nss-myhostname provides to systemd-libs (#1383271) * Fri Oct 07 2016 Zbigniew Jędrzejewski-Szmek - 231-9- Fix systemctl set-default (#1374371)- Prevent systemd-udev-trigger.service from restarting (follow-up for #1378974) * Tue Oct 04 2016 Zbigniew Jędrzejewski-Szmek - 231-8- Apply fix for #1378974 * Mon Oct 03 2016 Zbigniew Jędrzejewski-Szmek - 231-7- Apply patches properly * Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-6- Better fix for (#1380286) * Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek - 231-5- Denial-of-service bug against pid1 (#1380286) * Thu Aug 25 2016 Zbigniew Jędrzejewski-Szmek - 231-4- Fix preset-all (#1363858)- Fix issue with daemon-reload messing up graphics (#1367766)- A few other bugfixes * Wed Aug 03 2016 Adam Williamson - 231-3- Revert preset-all change, it broke stuff (#1363858) * Wed Jul 27 2016 Zbigniew Jędrzejewski-Szmek - 231-2- Call preset-all on initial installation (#1118740)- Fix botched Recommends for libxkbcommon * Tue Jul 26 2016 Zbigniew Jędrzejewski-Szmek - 231-1- Update to latest version * Wed Jun 08 2016 Zbigniew Jędrzejewski-Szmek - 230-3- Update to latest git snapshot (fixes for systemctl set-default, polkit lingering policy, reversal of the framebuffer rules, unaligned access fixes, fix for StartupBlockIOWeight-over-dbus). Those changes are interspersed with other changes and new features (mostly in lldp, networkd, and nspawn). Some of those new features might not work, but I think that existing functionality should not be broken, so it seems worthwile to update to the snapshot. * Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-2- Remove systemd-compat-libs on upgrade * Sat May 21 2016 Zbigniew Jędrzejewski-Szmek - 230-1- New version- Drop compat-libs- Require libxkbcommon explictly, since the automatic dependency will not be generated anymore * Tue Apr 26 2016 Zbigniew Jędrzejewski-Szmek - 229-15- Remove duplicated entries in -container %files (#1330395) * Fri Apr 22 2016 Zbigniew Jędrzejewski-Szmek - 229-14- Move installation of udev services to udev subpackage (#1329023) * Mon Apr 18 2016 Zbigniew Jędrzejewski-Szmek - 229-13- Split out systemd-pam subpackage (#1327402) * Mon Apr 18 2016 Harald Hoyer - 229-12- move more binaries and services from the main package to subpackages * Mon Apr 18 2016 Harald Hoyer - 229-11- move more binaries and services from the main package to subpackages * Mon Apr 18 2016 Harald Hoyer - 229-10- move device dependant stuff to the udev subpackage * Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek - 229-9- Add myhostname to /etc/nsswitch.conf (#1318303) * Mon Mar 21 2016 Harald Hoyer - 229-8- fixed kernel-install for copying files for grubbyResolves: rhbz#1299019 * Thu Mar 17 2016 Zbigniew Jędrzejewski-Szmek - 229-7- Moar patches (#1316964, #1317928)- Move vconsole-setup and tmpfiles-setup-dev bits to systemd-udev- Protect systemd-udev from deinstallation * Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek - 229-6- Create /etc/resolv.conf symlink from systemd-resolved (#1313085) * Fri Mar 04 2016 Zbigniew Jędrzejewski-Szmek - 229-5- Split out systemd-container subpackage (#1163412)- Split out system-udev subpackage- Add various bugfix patches, incl. a tentative fix for #1308771 * Tue Mar 01 2016 Peter Robinson 229-4- Power64 and s390(x) now have libseccomp support- aarch64 has gnu-efi * Tue Feb 23 2016 Jan Synáček - 229-3- Fix build failures on ppc64 (#1310800) * Tue Feb 16 2016 Dennis Gilmore - 229-2- revert: fixed kernel-install for copying files for grubbyResolves: rhbz#1299019- this causes the dtb files to not get installed at all and the fdtdir- line in extlinux.conf to not get updated correctly * Thu Feb 11 2016 Michal Sekletar - 229-1- New upstream release * Thu Feb 11 2016 Harald Hoyer - 228-10.gite35a787- fixed kernel-install for copying files for grubbyResolves: rhbz#1299019 * Fri Feb 05 2016 Fedora Release Engineering - 228-9.gite35a787- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Jan 27 2016 Peter Robinson 228-8.gite35a787- Rebuild for binutils on aarch64 fix * Fri Jan 08 2016 Dan Horák - 228-7.gite35a787- apply the conflict with fedora-release only in Fedora * Thu Dec 10 2015 Jan Synáček - 228-6.gite35a787- Fix rawhide build failures on ppc64 (#1286249) * Sun Nov 29 2015 Zbigniew Jędrzejewski-Szmek - 228-6.gite35a787- Create /etc/systemd/network (#1286397) * Thu Nov 26 2015 Zbigniew Jędrzejewski-Szmek - 228-5.gite35a787- Do not install nss modules by default * Tue Nov 24 2015 Zbigniew Jędrzejewski-Szmek - 228-4.gite35a787- Update to latest upstream git: there is a bunch of fixes (nss-mymachines overflow bug, networkd fixes, more completions are properly installed), mixed with some new resolved features.- Rework file triggers so that they always run before daemons are restarted * Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-3- Enable rpm file triggers for daemon-reload * Thu Nov 19 2015 Zbigniew Jędrzejewski-Szmek - 228-2- Fix version number in obsoleted package name (#1283452) * Wed Nov 18 2015 Kay Sievers - 228-1- New upstream release * Thu Nov 12 2015 Zbigniew Jędrzejewski-Szmek - 227-7- Rename journal-gateway subpackage to journal-remote- Ignore the access mode on /var/log/journal (#1048424)- Do not assume fstab is present (#1281606) * Wed Nov 11 2015 Fedora Release Engineering - 227-6- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 * Tue Nov 10 2015 Lukáš Nykrýn - 227-5- Rebuild for libmicrohttpd soname bump * Fri Nov 06 2015 Robert Kuska - 227-4- Rebuilt for Python3.5 rebuild * Wed Nov 04 2015 Zbigniew Jędrzejewski-Szmek - 227-3- Fix syntax in kernel-install (#1277264) * Tue Nov 03 2015 Michal Schmidt - 227-2- Rebuild for libmicrohttpd soname bump. * Wed Oct 07 2015 Kay Sievers - 227-1- New upstream release * Fri Sep 18 2015 Jan Synáček - 226-3- user systemd-journal-upload should be in systemd-journal group (#1262743) * Fri Sep 18 2015 Kay Sievers - 226-2- Add selinux to system-user PAM config * Tue Sep 08 2015 Kay Sievers - 226-1- New upstream release * Thu Aug 27 2015 Kay Sievers - 225-1- New upstream release * Fri Jul 31 2015 Kay Sievers - 224-1- New upstream release * Wed Jul 29 2015 Kay Sievers - 223-2- update to git snapshot * Wed Jul 29 2015 Kay Sievers - 223-1- New upstream release * Thu Jul 09 2015 Zbigniew Jędrzejewski-Szmek - 222-2- Remove python subpackages (python-systemd in now standalone) * Tue Jul 07 2015 Kay Sievers - 222-1- New upstream release * Mon Jul 06 2015 Kay Sievers - 221-5.git619b80a- update to git snapshot * Mon Jul 06 2015 Zbigniew Jędrzejewski-Szmek - 221-4.git604f02a- Add example file with yama config (#1234951) * Sun Jul 05 2015 Kay Sievers - 221-3.git604f02a- update to git snapshot * Mon Jun 22 2015 Kay Sievers - 221-2- build systemd-boot EFI tools * Fri Jun 19 2015 Lennart Poettering - 221-1- New upstream release- Undoes botched translation check, should be reinstated later? * Fri Jun 19 2015 Fedora Release Engineering - 220-10- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Thu Jun 11 2015 Peter Robinson 220-9- The gold linker is now fixed on aarch64 * Tue Jun 09 2015 Zbigniew Jędrzejewski-Szmek - 220-8- Remove gudev which is now provided as separate package (libgudev)- Fix for spurious selinux denials (#1224211)- Udev change events (#1225905)- Patches for some potential crashes- ProtectSystem=yes does not touch /home- Man page fixes, hwdb updates, shell completion updates- Restored persistent device symlinks for bcache, xen block devices- Tag all DRM cards as master-of-seat * Tue Jun 09 2015 Harald Hoyer 220-7- fix udev block device watch * Tue Jun 09 2015 Harald Hoyer 220-6- add support for network disk encryption * Sun Jun 07 2015 Peter Robinson 220-5- Disable gold on aarch64 until it\'s fixed (tracked in rhbz #1225156) * Sat May 30 2015 Zbigniew Jędrzejewski-Szmek - 220-4- systemd-devel should require systemd-libs, not the main package (#1226301)- Check for botched translations (#1226566)- Make /etc/udev/hwdb.d part of the rpm (#1226379) * Thu May 28 2015 Richard W.M. Jones - 220-3- Add patch to fix udev --daemon not cleaning child processes (upstream commit 86c3bece38bcf5). * Wed May 27 2015 Richard W.M. Jones - 220-2- Add patch to fix udev --daemon crash (upstream commit 040e689654ef08). * Thu May 21 2015 Lennart Poettering - 220-1- New upstream release- Drop /etc/mtab hack, as that\'s apparently fixed in mock now (#1116158)- Remove ghosting for %{_sysconfdir}/systemd/system/runlevel *.target, these targets are not configurable anymore in systemd upstream- Drop work-around for #1002806, since this is solved upstream now * Wed May 20 2015 Dennis Gilmore - 219-15- fix up the conflicts version for fedora-release * Wed May 20 2015 Zbigniew Jędrzejewski-Szmek - 219-14- Remove presets (#1221340)- Fix (potential) crash and memory leak in timedated, locking failure in systemd-nspawn, crash in resolved.- journalctl --list-boots should be faster- zsh completions are improved- various ommissions in docs are corrected (#1147651)- VARIANT and VARIANT_ID fields in os-release are documented- systemd-fsck-root.service is generated in the initramfs (#1201979, #1107818)- systemd-tmpfiles should behave better on read-only file systems (#1207083) * Wed Apr 29 2015 Zbigniew Jędrzejewski-Szmek - 219-13- Patches for some outstanding annoyances- Small keyboard hwdb updates * Wed Apr 08 2015 Zbigniew Jędrzejewski-Szmek - 219-12- Tighten requirements between subpackages (#1207381). * Sun Mar 22 2015 Zbigniew Jędrzejewski-Szmek - 219-11- Move all parts systemd-journal-{remote,upload} to systemd-journal-gatewayd subpackage (#1193143).- Create /var/lib/systemd/journal-upload directory (#1193145).- Cut out lots of stupid messages at debug level which were obscuring more important stuff.- Apply \"tentative\" state for devices only when they are added, not removed.- Ignore invalid swap pri= settings (#1204336)- Fix SELinux check for timedated operations to enable/disable ntp (#1014315)- Fix comparing of filesystem paths (#1184016) * Sat Mar 14 2015 Zbigniew Jędrzejewski-Szmek - 219-10- Fixes for bugs 1186018, 1195294, 1185604, 1196452.- Hardware database update.- Documentation fixes.- A fix for journalctl performance regression.- Fix detection of inability to open files in journalctl.- Detect SuperH architecture properly.- The first of duplicate lines in tmpfiles wins again.- Do vconsole setup after loading vconsole driver, not fbcon.- Fix problem where some units were restarted during systemd reexec.- Fix race in udevadm settle tripping up NetworkManager.- Downgrade various log messages.- Fix issue where journal-remote would process some messages with a delay.- GPT /srv partition autodiscovery is fixed.- Reconfigure old Finnish keymaps in post (#1151958) * Tue Mar 10 2015 Jan Synáček - 219-9- Buttons on Lenovo X6 * tablets broken (#1198939) * Tue Mar 03 2015 Zbigniew Jędrzejewski-Szmek - 219-8- Reworked device handling (#1195761)- ACL handling fixes (with a script in %post)- Various log messages downgraded (#1184712)- Allow PIE on s390 again (#1197721) * Wed Feb 25 2015 Michal Schmidt - 219-7- arm: reenable lto. gcc-5.0.0-0.16 fixed the crash (#1193212) * Tue Feb 24 2015 Colin Walters - 219-6- Revert patch that breaks Atomic/OSTree (#1195761) * Fri Feb 20 2015 Michal Schmidt - 219-5- Undo the resolv.conf workaround, Aim for a proper fix in Rawhide. * Fri Feb 20 2015 Michal Schmidt - 219-4- Revive fedora-disable-resolv.conf-symlink.patch to unbreak composes. * Wed Feb 18 2015 Michal Schmidt - 219-3- arm: disabling gold did not help; disable lto instead (#1193212) * Tue Feb 17 2015 Peter Jones - 219-2- Update 90-default.present for dbxtool. * Mon Feb 16 2015 Lennart Poettering - 219-1- New upstream release- This removes the sysctl/bridge hack, a different solution needs to be found for this (see #634736)- This removes the /etc/resolv.conf hack, anaconda needs to fix their handling of /etc/resolv.conf as symlink- This enables \"%check\"- disable gold on arm, as that is broken (see #1193212) * Mon Feb 16 2015 Peter Robinson 218-6- aarch64 now has seccomp support * Thu Feb 05 2015 Michal Schmidt - 218-5- Don\'t overwrite systemd.macros with unrelated Source file. * Thu Feb 05 2015 Jan Synáček - 218-4- Add a touchpad hwdb (#1189319) * Thu Jan 15 2015 Zbigniew Jędrzejewski-Szmek - 218-4- Enable xkbcommon dependency to allow checking of keymaps- Fix permissions of /var/log/journal (#1048424)- Enable timedatex in presets (#1187072)- Disable rpcbind in presets (#1099595) * Wed Jan 07 2015 Jan Synáček - 218-3- RFE: journal: automatically rotate the file if it is unlinked (#1171719) * Mon Jan 05 2015 Zbigniew Jędrzejewski-Szmek - 218-3- Add firewall description files (#1176626) * Thu Dec 18 2014 Jan Synáček - 218-2- systemd-nspawn doesn\'t work on s390/s390x (#1175394) * Wed Dec 10 2014 Lennart Poettering - 218-1- New upstream release- Enable \"nss-mymachines\" in /etc/nsswitch.conf * Thu Nov 06 2014 Zbigniew Jędrzejewski-Szmek - 217-4- Change libgudev1 to only require systemd-libs (#727499), there\'s no need to require full systemd stack.- Fixes for bugs #1159448, #1152220, #1158035.- Bash completions updates to allow propose more units for start/restart, and completions for set-default,get-default.- Again allow systemctl enable of instances.- Hardware database update and fixes.- Udev crash on invalid options and kernel commandline timeout parsing are fixed.- Add \"embedded\" chassis type.- Sync before \'reboot -f\'.- Fix restarting of timer units. * Wed Nov 05 2014 Michal Schmidt - 217-3- Fix hanging journal flush (#1159641) * Fri Oct 31 2014 Michal Schmidt - 217-2- Fix ordering cycles involving systemd-journal-flush.service and remote-fs.target (#1159117) * Tue Oct 28 2014 Lennart Poettering - 217-1- New upstream release * Fri Oct 17 2014 Zbigniew Jędrzejewski-Szmek - 216-12- Drop PackageKit.service from presets (#1154126) * Mon Oct 13 2014 Zbigniew Jędrzejewski-Szmek - 216-11- Conflict with old versions of initscripts (#1152183)- Remove obsolete Finnish keymap (#1151958) * Fri Oct 10 2014 Zbigniew Jędrzejewski-Szmek - 216-10- Fix a problem with voluntary daemon exits and some other bugs (#1150477, #1095962, #1150289) * Fri Oct 03 2014 Zbigniew Jędrzejewski-Szmek - 216-9- Update to latest git, but without the readahead removal patch (#1114786, #634736) * Wed Oct 01 2014 Kay Sievers - 216-8- revert \"don\'t reset selinux context during CHANGE events\" * Wed Oct 01 2014 Lukáš Nykrýn - 216-7- add temporary workaround for #1147910- don\'t reset selinux context during CHANGE events * Wed Sep 10 2014 Michal Schmidt - 216-6- Update timesyncd with patches to avoid hitting NTP pool too often. * Tue Sep 09 2014 Michal Schmidt - 216-5- Use common CONFIGURE_OPTS for build2 and build3.- Configure timesyncd with NTP servers from Fedora/RHEL vendor zone. * Wed Sep 03 2014 Zbigniew Jędrzejewski-Szmek - 216-4- Move config files for sd-j-remote/upload to sd-journal-gateway subpackage (#1136580) * Thu Aug 28 2014 Peter Robinson 216-3- Drop no LTO build option for aarch64/s390 now it\'s fixed in binutils (RHBZ 1091611) * Thu Aug 21 2014 Zbigniew Jędrzejewski-Szmek - 216-2- Re-add patch to disable resolve.conf symlink (#1043119) * Wed Aug 20 2014 Lennart Poettering - 216-1- New upstream release | |