systemd-selinux 250-3 update

4 files changed, 55 insertions, 109 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 7d26a1846bd4..4345fd594179 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = systemd-selinux
-	pkgver = 249.7
-	pkgrel = 2
+	pkgver = 250
+	pkgrel = 3
 	url = https://www.github.com/systemd/systemd
 	arch = x86_64
 	arch = aarch64
@@ -44,10 +44,9 @@ pkgbase = systemd-selinux
 	makedepends = rsync
 	makedepends = libselinux
 	options = strip
-	source = git+https://github.com/systemd/systemd-stable#tag=f223664ddf5cad0db04732985ee58006bc3916e4?signed
-	source = git+https://github.com/systemd/systemd#tag=v249?signed
+	source = git+https://github.com/systemd/systemd-stable#tag=9c8279cdd5d0bc256b8cc0ced2312e27e069a214?signed
+	source = git+https://github.com/systemd/systemd#tag=v250?signed
 	source = 0001-Use-Arch-Linux-device-access-groups.patch
-	source = 0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch
 	source = initcpio-hook-udev
 	source = initcpio-install-systemd
 	source = initcpio-install-udev
@@ -70,8 +69,7 @@ pkgbase = systemd-selinux
 	validpgpkeys = 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E
 	sha512sums = SKIP
 	sha512sums = SKIP
-	sha512sums = 10f3b477527ec263cc6465c84d94416e356435930edc9e26844a0fd4f71e87a27fa0f91ce24b43a22cacdd2ead5e760e9d607369bc537a8da8d34021302a89a1
-	sha512sums = 34541f1967536524329867f9f341f8d9250d9d771c60dc3e6a22ccb82fc01f103cfd3f9903329777591ccbecd2446622a5d6b3804fa0411482b85c70593ee8ad
+	sha512sums = cc0c2ffb5f7c3a7176cd68f3dddd85ca000dcc4cdf3044746a20147234adb6811800fd28a4713faa6a59bf8c02be9fd43c2d6aa6695fd1dbf03ae773a91d090c
 	sha512sums = f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73
 	sha512sums = 5479c8ef963ff247381392907c13308b4ae3a9383c867bd4c8a318b159f23acdb4be5f4ddae0dab4665f4927d3f30166077b1d3aaa2cde6bf53d023b7abb939c
 	sha512sums = a8c7e4a2cc9c9987e3c957a1fc3afe8281f2281fffd2e890913dcf00cf704024fb80d86cb75f9314b99b0e03bac275b22de93307bfc226d8be9435497e95b7e6
@@ -136,9 +134,9 @@ pkgname = systemd-selinux
 	optdepends = libfido2: unlocking LUKS2 volumes with FIDO2 token
 	optdepends = tpm2-tss: unlocking LUKS2 volumes with TPM2
 	provides = nss-myhostname
-	provides = systemd-tools=249.7
-	provides = udev=249.7
-	provides = systemd=249.7-2
+	provides = systemd-tools=250
+	provides = udev=250
+	provides = systemd=250-3
 	conflicts = nss-myhostname
 	conflicts = systemd-tools
 	conflicts = udev
@@ -176,7 +174,7 @@ pkgname = systemd-libs-selinux
 	provides = libsystemd.so
 	provides = libudev.so
 	provides = libsystemd-selinux
-	provides = systemd-libs=249.7-2
+	provides = systemd-libs=250-3
 	conflicts = libsystemd
 	conflicts = libsystemd-selinux
 	conflicts = systemd-libs
@@ -188,16 +186,16 @@ pkgname = systemd-resolvconf-selinux
 	depends = systemd-selinux
 	provides = openresolv
 	provides = resolvconf
-	provides = systemd-resolvconf=249.7-2
+	provides = systemd-resolvconf=250-3
 	conflicts = openresolv
-	conflicts = systemd-resolvconf=249.7-2
+	conflicts = systemd-resolvconf=250-3
 
 pkgname = systemd-sysvcompat-selinux
 	pkgdesc = sysvinit compat for systemd with SELinux support
 	license = GPL2
 	depends = systemd-selinux
-	provides = systemd-sysvcompat=249.7-2
-	provides = selinux-systemd-sysvcompat=249.7-2
+	provides = systemd-sysvcompat=250-3
+	provides = selinux-systemd-sysvcompat=250-3
 	conflicts = sysvinit
 	conflicts = systemd-sysvcompat
 	conflicts = selinux-systemd-sysvcompat
diff --git a/0001-Use-Arch-Linux-device-access-groups.patch b/0001-Use-Arch-Linux-device-access-groups.patch
index 6449c017db0c..6f7dd4a18a60 100644
--- a/0001-Use-Arch-Linux-device-access-groups.patch
+++ b/0001-Use-Arch-Linux-device-access-groups.patch
@@ -2,9 +2,6 @@ From f7d07e298c819a81eab965efbdbf53a2ce67fc0e Mon Sep 17 00:00:00 2001
 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
 Date: Tue, 6 Mar 2018 23:39:47 +0100
 Subject: [PATCH] Use Arch Linux' device access groups
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
 
   cdrom   → optical
   dialout → uucp
@@ -141,3 +138,39 @@ index 8cc1a7cad2..21bb6d8948 100644
  g video   {{VIDEO_GID  }}     -            -
  
  # Default group for normal users
+From 14de5ced41edc9fa8e380330c03adc89ef257fbc Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Mon, 27 Dec 2021 23:32:42 +0100
+Subject: [PATCH] generate tmpfiles.d/legacy.conf
+---
+ tmpfiles.d/legacy.conf.in | 3 ---
+ tmpfiles.d/meson.build    | 2 +-
+ 2 files changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/tmpfiles.d/legacy.conf.in b/tmpfiles.d/legacy.conf.in
+index 4f2c0d7c43..62e2ae0986 100644
+--- a/tmpfiles.d/legacy.conf.in
++++ b/tmpfiles.d/legacy.conf.in
+@@ -12,9 +12,6 @@
+ 
+ d /run/lock 0755 root root -
+ L /var/lock - - - - ../run/lock
+-{% if CREATE_LOG_DIRS %}
+-L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
+-{% endif %}
+ 
+ # /run/lock/subsys is used for serializing SysV service execution, and
+ # hence without use on SysV-less systems.
+diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
+index b8d3919025..000bd0bd22 100644
+--- a/tmpfiles.d/meson.build
++++ b/tmpfiles.d/meson.build
+@@ -27,7 +27,7 @@ foreach pair : files
+ endforeach
+ 
+ in_files = [['etc.conf',                      ''],
+-            ['legacy.conf',                   'HAVE_SYSV_COMPAT'],
++            ['legacy.conf',                   ''],
+             ['static-nodes-permissions.conf', ''],
+             ['systemd.conf',                  ''],
+             ['var.conf',                      ''],
diff --git a/0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch b/0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch
deleted file mode 100644
index 57b9e4dfcae3..000000000000
--- a/0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 9021729667e019defea0d4c1bdf563d629d7d837 Mon Sep 17 00:00:00 2001
-From: Ernesto Castellotti <mail@ernestocastellotti.it>
-Date: Sat, 10 Apr 2021 18:59:14 +0200
-Subject: [PATCH] PARTIAL REVERT commit tree-wide: replace strverscmp() and
- str_verscmp() with strverscmp_improved
-
-This is a workaround for the issue https://github.com/systemd/systemd/issues/19191
----
- src/boot/efi/boot.c | 49 ++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 48 insertions(+), 1 deletion(-)
-
-diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
-index 35248db009bf..75c7e2c61d19 100644
---- a/src/boot/efi/boot.c
-+++ b/src/boot/efi/boot.c
-@@ -914,6 +914,53 @@ static VOID config_entry_free(ConfigEntry *entry) {
-         FreePool(entry);
- }
- 
-+static BOOLEAN is_digit(CHAR16 c) {
-+        return (c >= '0') && (c <= '9');
-+}
-+static UINTN c_order(CHAR16 c) {
-+        if (c == '\0')
-+                return 0;
-+        if (is_digit(c))
-+                return 0;
-+        else if ((c >= 'a') && (c <= 'z'))
-+                return c;
-+        else
-+                return c + 0x10000;
-+}
-+static INTN str_verscmp(CHAR16 *s1, CHAR16 *s2) {
-+        CHAR16 *os1 = s1;
-+        CHAR16 *os2 = s2;
-+        while (*s1 || *s2) {
-+                INTN first;
-+                while ((*s1 && !is_digit(*s1)) || (*s2 && !is_digit(*s2))) {
-+                        INTN order;
-+                        order = c_order(*s1) - c_order(*s2);
-+                        if (order != 0)
-+                                return order;
-+                        s1++;
-+                        s2++;
-+                }
-+                while (*s1 == '0')
-+                        s1++;
-+                while (*s2 == '0')
-+                        s2++;
-+                first = 0;
-+                while (is_digit(*s1) && is_digit(*s2)) {
-+                        if (first == 0)
-+                                first = *s1 - *s2;
-+                        s1++;
-+                        s2++;
-+                }
-+                if (is_digit(*s1))
-+                        return 1;
-+                if (is_digit(*s2))
-+                        return -1;
-+                if (first != 0)
-+                        return first;
-+        }
-+        return StrCmp(os1, os2);
-+}
-+
- static CHAR8 *line_get_key_value(
-                 CHAR8 *content,
-                 CHAR8 *sep,
-@@ -1478,7 +1525,7 @@ static INTN config_entry_compare(ConfigEntry *a, ConfigEntry *b) {
-         if (a->tries_left == 0 && b->tries_left != 0)
-                 return -1;
- 
--        r = strverscmp_improved(a->id, b->id);
-+        r = str_verscmp(a->id, b->id);
-         if (r != 0)
-                 return r;
- 
diff --git a/PKGBUILD b/PKGBUILD
index eabee4bc9ae8..1064837c98e5 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -10,10 +10,10 @@
 
 pkgbase=systemd-selinux
 pkgname=('systemd-selinux' 'systemd-libs-selinux' 'systemd-resolvconf-selinux' 'systemd-sysvcompat-selinux')
-_tag='f223664ddf5cad0db04732985ee58006bc3916e4' # git rev-parse v${_tag_name}
-_tag_name=249.7
+_tag='9c8279cdd5d0bc256b8cc0ced2312e27e069a214' # git rev-parse v${_tag_name}
+_tag_name=250
 pkgver="${_tag_name/-/}"
-pkgrel=2
+pkgrel=3
 arch=('x86_64' 'aarch64')
 url='https://www.github.com/systemd/systemd'
 groups=('selinux')
@@ -30,7 +30,6 @@ validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4'  # Lennart Poettering <
 source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed"
         "git+https://github.com/systemd/systemd#tag=v${_tag_name%.*}?signed"
         '0001-Use-Arch-Linux-device-access-groups.patch'
-        '0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch'
         'initcpio-hook-udev'
         'initcpio-install-systemd'
         'initcpio-install-udev'
@@ -50,8 +49,7 @@ source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed"
         '30-systemd-update.hook')
 sha512sums=('SKIP'
             'SKIP'
-            '10f3b477527ec263cc6465c84d94416e356435930edc9e26844a0fd4f71e87a27fa0f91ce24b43a22cacdd2ead5e760e9d607369bc537a8da8d34021302a89a1'
-            '34541f1967536524329867f9f341f8d9250d9d771c60dc3e6a22ccb82fc01f103cfd3f9903329777591ccbecd2446622a5d6b3804fa0411482b85c70593ee8ad'
+            'cc0c2ffb5f7c3a7176cd68f3dddd85ca000dcc4cdf3044746a20147234adb6811800fd28a4713faa6a59bf8c02be9fd43c2d6aa6695fd1dbf03ae773a91d090c'
             'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73'
             '5479c8ef963ff247381392907c13308b4ae3a9383c867bd4c8a318b159f23acdb4be5f4ddae0dab4665f4927d3f30166077b1d3aaa2cde6bf53d023b7abb939c'
             'a8c7e4a2cc9c9987e3c957a1fc3afe8281f2281fffd2e890913dcf00cf704024fb80d86cb75f9314b99b0e03bac275b22de93307bfc226d8be9435497e95b7e6'
@@ -71,6 +69,8 @@ sha512sums=('SKIP'
             '825b9dd0167c072ba62cabe0677e7cd20f2b4b850328022540f122689d8b25315005fa98ce867cf6e7460b2b26df16b88bb3b5c9ebf721746dce4e2271af7b97')
 
 _backports=(
+  # chrattr-util: return EOPNOTSUPP from chrattr_full if no other failure was observed
+  '7c3b51c469140cdbc1b7e9a232af3f250fea3884'
 )
 
 _reverts=(
@@ -94,10 +94,6 @@ prepare() {
 
   # Replace cdrom/dialout/tape groups with optical/uucp/storage
   patch -Np1 -i ../0001-Use-Arch-Linux-device-access-groups.patch
-
-  # https://bugs.archlinux.org/task/70264
-  # https://github.com/systemd/systemd/issues/19191
-  patch -Np1 -i ../0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch
 }
 
 build() {
@@ -225,9 +221,6 @@ package_systemd-selinux() {
   sed -i -e '/^C \/etc\/nsswitch\.conf/d' \
     -e '/^C \/etc\/issue/d' "$pkgdir"/usr/lib/tmpfiles.d/etc.conf
 
-  # add back tmpfiles.d/legacy.conf, normally omitted without sysv-compat
-  install -m0644 "${pkgbase/-selinux}-stable/tmpfiles.d/legacy.conf" "$pkgdir"/usr/lib/tmpfiles.d
-
   # ship default policy to leave services disabled
   echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset