commit systemd for openSUSE:Factory

Fri, 07 Jan 2022 03:45:07 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package systemd for openSUSE:Factory checked 
in at 2022-01-07 12:44:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/systemd (Old)
 and      /work/SRC/openSUSE:Factory/.systemd.new.1896 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "systemd"

Fri Jan  7 12:44:33 2022 rev:342 rq:943712 version:249.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/systemd/systemd.changes  2021-11-24 
23:54:32.392465454 +0100
+++ /work/SRC/openSUSE:Factory/.systemd.new.1896/systemd.changes        
2022-01-07 12:44:58.243786690 +0100
@@ -1,0 +2,22 @@
+Tue Jan  4 08:23:19 UTC 2022 - Franck Bui <f...@suse.com>
+
+- Update systemd-user PAM service again
+
+  Change the default implementation of pam_setcred() again, previously
+  customized to run the full "auth" PAM stack and only call pam_deny.so which 
is
+  basically the SUSE default behavior without pam_warn.so.
+
+  This is considered safer, especially on SLE where a regression was spotted by
+  QA.
+
+-------------------------------------------------------------------
+Tue Dec  7 12:05:55 UTC 2021 - Ludwig Nussel <lnus...@suse.de>
+
+- move files related to static nodes to udev
+
+-------------------------------------------------------------------
+Wed Nov 24 10:40:01 UTC 2021 - Ludwig Nussel <lnus...@suse.com>
+
+- Replace S:$n references with SOURCE$n. Makes vim * search work.
+
+-------------------------------------------------------------------
@@ -283,0 +306 @@
+    - upstream commit 6fe2a70b9160e35fdeed9d37bd31727c2d46a8b2 (jsc#SLE-17798)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ systemd.spec ++++++
--- /var/tmp/diff_new_pack.cp2zlg/_old  2022-01-07 12:44:59.231787376 +0100
+++ /var/tmp/diff_new_pack.cp2zlg/_new  2022-01-07 12:44:59.235787379 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package systemd
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -725,8 +725,8 @@
 mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/sysv-convert
 mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/migrated
 
-install -m0755 -D %{S:3}  
%{buildroot}/%{_prefix}/lib/systemd/systemd-sysv-convert
-install -m0755 -D %{S:4}  
%{buildroot}/%{_prefix}/lib/systemd/systemd-sysv-install
+install -m0755 -D %{SOURCE3}  
%{buildroot}/%{_prefix}/lib/systemd/systemd-sysv-convert
+install -m0755 -D %{SOURCE4}  
%{buildroot}/%{_prefix}/lib/systemd/systemd-sysv-install
 %endif
 
 mkdir -p % %{buildroot}%{_sysconfdir}/systemd/network
@@ -735,7 +735,7 @@
 # Package the scripts used to fix all packaging issues. Also drop the
 # "scripts-{systemd/udev}" prefix which is used because osc doesn't
 # allow directory structure...
-for s in %{S:100} %{S:101} %{S:102}; do
+for s in %{SOURCE100} %{SOURCE101} %{SOURCE102}; do
        install -m0755 -D $s 
%{buildroot}%{_prefix}/lib/systemd/scripts/${s#*/scripts-systemd-}
 done
 
@@ -759,7 +759,7 @@
 rm -f %{buildroot}/etc/systemd/system/default.target
 
 # Replace upstream systemd-user with the openSUSE one.
-install -m0644 -D --target-directory=%{buildroot}%{_pam_vendordir} %{S:2}
+install -m0644 -D --target-directory=%{buildroot}%{_pam_vendordir} %{SOURCE2}
 
 # don't enable wall ask password service, it spams every console (bnc#747783)
 rm 
%{buildroot}%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path
@@ -824,7 +824,7 @@
 mkdir -p %{buildroot}%{_systemd_user_env_generator_dir}
 
 # ensure after.local wrapper is called
-install -m 644 %{S:11} %{buildroot}%{_unitdir}/
+install -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/
 ln -s ../after-local.service %{buildroot}%{_unitdir}/multi-user.target.wants/
 
 # ghost directories with default permissions.
@@ -867,7 +867,7 @@
 # still keep the remaining paths that still don't have a better home
 # in suse.conf.
 rm -f %{buildroot}%{_tmpfilesdir}/{etc,home,legacy,tmp,var}.conf
-install -m 644 %{S:5} %{buildroot}%{_tmpfilesdir}/suse.conf
+install -m 644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/suse.conf
 
 # The content of the files shipped by systemd doesn't match the
 # defaults used by SUSE. Don't ship those files but leave the decision
@@ -891,7 +891,7 @@
 
 # kbd-model-map.legacy is used to provide mapping for legacy keymaps,
 # which may still be used by yast.
-cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
+cat %{SOURCE14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
 
 # Don't ship systemd-journald-audit.socket as there's no other way for
 # us to prevent journald from recording audit messages in the journal
@@ -1304,6 +1304,8 @@
 %exclude %{_unitdir}/*.target.wants/systemd-hwdb*.*
 %exclude %{_unitdir}/initrd-udevadm-cleanup-db.service
 %exclude %{_unitdir}/kmod-static-nodes.service
+%exclude %{_unitdir}/sysinit.target.wants/kmod-static-nodes.service
+%exclude %{_tmpfilesdir}/static-nodes-permissions.conf
 %exclude %{_unitdir}/systemd-nspawn@.service
 %if %{with machined}
 %exclude %{_prefix}/lib/systemd/systemd-machined
@@ -1651,6 +1653,8 @@
 %dir %{_unitdir}
 %{_prefix}/lib/systemd/systemd-udevd
 %{_unitdir}/kmod-static-nodes.service
+%{_unitdir}/sysinit.target.wants/kmod-static-nodes.service
+%{_tmpfilesdir}/static-nodes-permissions.conf
 %{_unitdir}/systemd-udev*.service
 %{_unitdir}/systemd-udevd*.socket
 %{_unitdir}/systemd-hwdb*.*

++++++ systemd-user ++++++
--- /var/tmp/diff_new_pack.cp2zlg/_old  2022-01-07 12:44:59.387787484 +0100
+++ /var/tmp/diff_new_pack.cp2zlg/_new  2022-01-07 12:44:59.391787487 +0100
@@ -2,18 +2,19 @@
 #
 # Used by systemd --user instances.
 
-# This is not about authentication per se (user@.service is a system
-# service anyway) but to give the possibility to user services
-# (especially those like gnome-terminal, see [1]) to have theirs
-# credentials extended similar to the ones received by a user when he
-# logs in (and the full PAM authentication stack is run). See [2] and
-# [3] for details.
+# Override the default behavior of the "auth" PAM stack and don't throw a
+# warning each time a user instance is started, which is the default behavior 
of
+# the PAM stack when no auth is defined. Indeed PID1 calls pam_setcred() when
+# the user instance is about to be started to allow some user services, such as
+# gnome-terminal, to extend theirs credentials similar to the ones received by 
a
+# user when he logs in (and the full PAM authentication stack is run). For some
+# details, see:
 #
-# [1] https://gitlab.gnome.org/GNOME/gdm/-/issues/393
-# [2] https://github.com/systemd/systemd/issues/11198
-# [3] https://bugzilla.suse.com/show_bug.cgi?id=1190515
+# https://gitlab.gnome.org/GNOME/gdm/-/issues/393
+# https://github.com/systemd/systemd/issues/11198
+# https://bugzilla.suse.com/show_bug.cgi?id=1190515
 #
-auth include common-auth
+auth     required pam_deny.so
 
 account  include  common-account

Reply via email to