********* QA ADVISORY ********** libseccomp 2.5.2-1 - updated from 2.5.1 to 2.5.2 - fixed building without %check https://abf.io/build_lists/3950847 https://abf.io/build_lists/3950848 https://abf.io/build_lists/3950858 systemd 249-1.gitfab79a.12 ************************** - Disable DNSSEC in systemd-resolved by default DNSSEC implementation in systemd-resolved is unreliable and causes random failures of DNSSEC validation. Fedora disables it (https://fedoraproject.org/wiki/Changes/systemd-resolved#DNSSEC). Disable it in ROSA (set -Ddefault-dnssec=no) by default, it can be enabled via /etc/systemd/resolved.conf or resolvectl(1). Commit: https://abf.io/import/systemd/commit/d0d22ad5b609ce71b6bce9ff017c3b8d68e31098 Fixes: https://bugzilla.rosalinux.ru/show_bug.cgi?id=11569 ************************** - Disable mDNS resolution via systemd-resolved by default Let Avahi handle mDNS resolution, see: https://bugzilla.redhat.com/show_bug.cgi?id=1867830 when both avahi and resolved run, they conflict. If we put mdns_minimal before resolve in /etc/nsswitch.conf, than it is resolved who will actually do DNS resolution, not Avahi. Avahi, as an implementation of mDNS, is important because it can not only resolve DNS, but also announce local service, we do it in openssh-server for example. So choosing to leave Avahi as it is for now. resolved will not respond for mDNS-related DNS queries. Disable LLMNR responding by default to avoid strange problems (see rhbz#1867830) and listening to a port on 0.0.0.0 (security issue). LLMNR resolving is still enabled by default. Disabled functionality can be reenabled via /etc/systemd/resolved.conf or resolvectl(1). Commit: https://abf.io/import/systemd/commit/ec66f86b9ee3905574627f653d9352464a1ad62f Fixes: https://bugzilla.rosalinux.ru/show_bug.cgi?id=11570 Fixes: https://bugzilla.rosalinux.ru/show_bug.cgi?id=11534 Fixes: https://bugzilla.rosalinux.ru/show_bug.cgi?id=11328 ************************** - Make Yandex DNS have higher priority than Google ones Most users of ROSA are in Russia. Yandex is a Russian service. Also, many people have ping to Yandex lower than to Google. Commit: https://abf.io/import/systemd/commit/65ec259466770bd4c8ce86e7d3c9778ec8366b08 ************************** - Fix location of oomd and udev parts * move all oomd-related files into systemd-oomd subpackage * move all hwdb-related files into udev subpackage * explicitly list files in some places instead of useing globs to make this move possible and to track files better * move some directories from systemd to systemd-units: current subpackage systemd-units does not make much sense, but owning some ramdom directories by systemd while most of the are owned by systemd-units makes even less sense * remove some no more needed Obsoletes Commit: https://abf.io/import/systemd/commit/b04e4f7d287feb53d7e294c376d19fa8ccae2e56 Fixes: https://bugzilla.rosalinux.ru/show_bug.cgi?id=11559 ************************** - add provides for scripts compatibility with OMV (fedya@) Commit: https://abf.io/import/systemd/commit/5eeaecc0e0d3a75c2e0ce1dce1b69c71e2870d17 ************************** - Remove broken symlink /etc/systemd/system/syslog.service if it points to nowhere Commit: https://abf.io/import/systemd/commit/5eeaecc0e0d3a75c2e0ce1dce1b69c71e2870d17 ************************** - Remove obsolete udev rule "all_partitions" is not known to udev. udisks2 package has a rule for these devices in another form: ENV{ID_VENDOR}=="*IOMEGA*", ENV{ID_MODEL}=="*ZIP*", ENV{ID_DRIVE_FLOPPY_ZIP}="1" "all_partitions" meant creating block devices for every partition in old versions of udev, there is no such option now. Let's just remove this line. See: https://shallowsky.com/blog/linux/udev-static-devices.html Commit: https://abf.io/import/systemd/commit/9c37ce53f132a94d0f1682682969fb176eaea6e8 ************************** - Disable updater of systemd-boot by default Grub2 is used in most cases, calling bootctl does not make sense, and it fails. Commit: https://abf.io/import/systemd/commit/270832d886afa4028d58218af05176c4cf78d58d ************************** - Fixed licenses systemd is licensed under LPGL, udev is licensed under GPL Commit: https://abf.io/import/systemd/commit/e9ac850382dfbf53db3eba4d5ff37dcdede28daa ************************** - Enable login in emergency mode if root account is locked Commit: https://abf.io/import/systemd/commit/536a67c4ad9c9b3bf21013787a5f58be95277136 Fixes: https://bugzilla.rosalinux.ru/show_bug.cgi?id=11592 ************************** https://abf.io/build_lists/3953964 https://abf.io/build_lists/3953965 https://abf.io/build_lists/3953966
*** Bug 11569 has been marked as a duplicate of this bug. ***
*** Bug 11570 has been marked as a duplicate of this bug. ***
*** Bug 11534 has been marked as a duplicate of this bug. ***
*** Bug 11328 has been marked as a duplicate of this bug. ***
*** Bug 11559 has been marked as a duplicate of this bug. ***
*** Bug 11592 has been marked as a duplicate of this bug. ***
systemd-249-1.gitfab79a.12 https://abf.io/build_lists/3953964 https://abf.io/build_lists/3953965 https://abf.io/build_lists/3953966 libseccomp-2.5.2-1 https://abf.io/build_lists/3950847 https://abf.io/build_lists/3950848 https://abf.io/build_lists/3950858 ******************* Advisory ************************* - Disable DNSSEC in systemd-resolved by default - Fix location of oomd and udev parts - Make Yandex DNS have higher priority than Google ones - add provides for scripts compatibility with OMV (fedya@) - Disable updater of systemd-boot by default - Remove broken symlink /etc/systemd/system/syslog.service - Fixed licenses - Remove obsolete udev rule - Enable login in rescue (single) mode if root account is locked ****************************************************** QA Verified