Recommended update for systemd

Announcement ID:	SUSE-RU-2024:2641-1
Rating:	moderate
References:
Affected Products:	Basesystem Module 15-SP6 openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Package Hub 15 15-SP6

An update that can now be installed.

Description:

This update for systemd fixes the following issues:

systemd was updated from version 254.13 to version 254.15:

• Changes in version 254.15:

• boot: cover for hardware keys on phones/tablets

• Conditional PSI check to reflect changes done in 5.13
• core/dbus-manager: refuse SoftReboot() for user managers
• core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
• core/exec-invoke: use sched_setattr instead of sched_setscheduler
• core/unit: follow merged units before updating SourcePath= timestamp too
• coredump: correctly take tmpfs size into account for compression
• cryptsetup: improve TPM2 blob display
• docs: Add section to HACKING.md on distribution packages
• docs: fixed dead link to GNOME documentation
• docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
• Fixed typo in CAP_BPF description
• LICENSES/README: expand text to summarize state for binaries and libs
• man: fully adopt ~/.local/state/
• man/systemd.exec: list inaccessible files for ProtectKernelTunables
• man/tmpfiles: remove outdated behavior regarding symlink ownership
• meson: bpf: propagate 'sysroot' for cross compilation
• meson: Define __TARGET_ARCH macros required by bpf
• mkfs-util: Set sector size for btrfs as well
• mkosi: drop CentOS 8 from CI
• mkosi: Enable hyperscale-packages-experimental for CentOS
• mountpoint-util: do not assume symlinks are not mountpoints
• os-util: avoid matching on the wrong extension-release file
• README: add missing CONFIG_MEMCG kernel config option for oomd
• README: update requirements for signed dm-verity
• resolved: allow the full TTL to be used by OPT records
• resolved: correct parsing of OPT extended RCODEs
• sysusers: handle NSS errors gracefully
• TEST-58-REPART: reverse order of diff args
• TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
• test: fixed TEST-24-CRYPTSETUP on SUSE
• test: install /etc/hosts
• Use consistent spelling of systemd.condition_first_boot argument
• util: make file_read() 64bit offset safe

• vmm: make sure we can handle smbios objects without variable part

• Changes in version 254.14:

• analyze: show pcrs also in sha384 bank

• chase: Tighten "." and "./" check
• core/service: fixed accept-socket deserialization
• efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too
• executor: check for all permission related errnos when setting up IPC namespace
• install: allow removing symlinks even for units that are gone
• json: use secure un{base64,hex}mem for sensitive variants
• man,units: drop "temporary" from description of systemd-tmpfiles
• missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS
• repart: fixed memory leak
• repart: Use CRYPT_ACTIVATE_PRIVATE
• resolved: permit dnssec rrtype questions when we aren't validating
• rules: Limit the number of device units generated for serial ttys
• run: do not pass the pty slave fd to transient service in a machine
• sd-dhcp-server: clear buffer before receive
• strbuf: use GREEDY_REALLOC to grow the buffer

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2024-2641=1 SUSE-2024-2641=1
• Basesystem Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2641=1
• SUSE Package Hub 15 15-SP6
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2641=1

Package List:

• openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
  • udev-mini-debuginfo-254.15-150600.4.8.1
  • systemd-coredump-254.15-150600.4.8.1
  • libsystemd0-mini-254.15-150600.4.8.1
  • systemd-portable-254.15-150600.4.8.1
  • udev-mini-254.15-150600.4.8.1
  • libudev1-254.15-150600.4.8.1
  • libsystemd0-debuginfo-254.15-150600.4.8.1
  • systemd-mini-container-debuginfo-254.15-150600.4.8.1
  • systemd-container-254.15-150600.4.8.1
  • systemd-homed-254.15-150600.4.8.1
  • libudev1-debuginfo-254.15-150600.4.8.1
  • systemd-mini-debuginfo-254.15-150600.4.8.1
  • udev-254.15-150600.4.8.1
  • libsystemd0-mini-debuginfo-254.15-150600.4.8.1
  • systemd-journal-remote-debuginfo-254.15-150600.4.8.1
  • systemd-doc-254.15-150600.4.8.1
  • systemd-journal-remote-254.15-150600.4.8.1
  • systemd-network-254.15-150600.4.8.1
  • systemd-debuginfo-254.15-150600.4.8.1
  • systemd-homed-debuginfo-254.15-150600.4.8.1
  • systemd-container-debuginfo-254.15-150600.4.8.1
  • systemd-mini-debugsource-254.15-150600.4.8.1
  • systemd-254.15-150600.4.8.1
  • systemd-coredump-debuginfo-254.15-150600.4.8.1
  • libudev-mini1-debuginfo-254.15-150600.4.8.1
  • systemd-mini-254.15-150600.4.8.1
  • systemd-devel-254.15-150600.4.8.1
  • systemd-network-debuginfo-254.15-150600.4.8.1
  • systemd-sysvcompat-debuginfo-254.15-150600.4.8.1
  • systemd-experimental-254.15-150600.4.8.1
  • systemd-sysvcompat-254.15-150600.4.8.1
  • systemd-experimental-debuginfo-254.15-150600.4.8.1
  • systemd-testsuite-debuginfo-254.15-150600.4.8.1
  • udev-debuginfo-254.15-150600.4.8.1
  • libsystemd0-254.15-150600.4.8.1
  • systemd-portable-debuginfo-254.15-150600.4.8.1
  • systemd-mini-container-254.15-150600.4.8.1
  • libudev-mini1-254.15-150600.4.8.1
  • systemd-debugsource-254.15-150600.4.8.1
  • systemd-testsuite-254.15-150600.4.8.1
  • systemd-mini-devel-254.15-150600.4.8.1
• openSUSE Leap 15.6 (x86_64)
  • systemd-32bit-debuginfo-254.15-150600.4.8.1
  • systemd-32bit-254.15-150600.4.8.1
  • libudev1-32bit-debuginfo-254.15-150600.4.8.1
  • libsystemd0-32bit-254.15-150600.4.8.1
  • libsystemd0-32bit-debuginfo-254.15-150600.4.8.1
  • libudev1-32bit-254.15-150600.4.8.1
• openSUSE Leap 15.6 (aarch64 x86_64 i586)
  • systemd-boot-254.15-150600.4.8.1
  • systemd-boot-debuginfo-254.15-150600.4.8.1
• openSUSE Leap 15.6 (noarch)
  • systemd-lang-254.15-150600.4.8.1
• openSUSE Leap 15.6 (aarch64_ilp32)
  • systemd-64bit-debuginfo-254.15-150600.4.8.1
  • libudev1-64bit-254.15-150600.4.8.1
  • libsystemd0-64bit-254.15-150600.4.8.1
  • libudev1-64bit-debuginfo-254.15-150600.4.8.1
  • libsystemd0-64bit-debuginfo-254.15-150600.4.8.1
  • systemd-64bit-254.15-150600.4.8.1
• Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
  • udev-debuginfo-254.15-150600.4.8.1
  • libsystemd0-254.15-150600.4.8.1
  • systemd-254.15-150600.4.8.1
  • systemd-coredump-254.15-150600.4.8.1
  • systemd-doc-254.15-150600.4.8.1
  • systemd-coredump-debuginfo-254.15-150600.4.8.1
  • systemd-debuginfo-254.15-150600.4.8.1
  • libudev1-254.15-150600.4.8.1
  • libsystemd0-debuginfo-254.15-150600.4.8.1
  • systemd-container-debuginfo-254.15-150600.4.8.1
  • systemd-devel-254.15-150600.4.8.1
  • systemd-sysvcompat-debuginfo-254.15-150600.4.8.1
  • systemd-container-254.15-150600.4.8.1
  • systemd-debugsource-254.15-150600.4.8.1
  • libudev1-debuginfo-254.15-150600.4.8.1
  • systemd-sysvcompat-254.15-150600.4.8.1
  • udev-254.15-150600.4.8.1
• Basesystem Module 15-SP6 (noarch)
  • systemd-lang-254.15-150600.4.8.1
• Basesystem Module 15-SP6 (x86_64)
  • systemd-32bit-debuginfo-254.15-150600.4.8.1
  • systemd-32bit-254.15-150600.4.8.1
  • libudev1-32bit-debuginfo-254.15-150600.4.8.1
  • libsystemd0-32bit-254.15-150600.4.8.1
  • libsystemd0-32bit-debuginfo-254.15-150600.4.8.1
  • libudev1-32bit-254.15-150600.4.8.1
• SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
  • systemd-network-debuginfo-254.15-150600.4.8.1
  • systemd-network-254.15-150600.4.8.1
  • systemd-debugsource-254.15-150600.4.8.1
  • systemd-debuginfo-254.15-150600.4.8.1