<html>
<head>
<base href="https://bugzilla.rosalinux.ru/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Platform</th>
<td>2021.1
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - [fix 21] systemd 249-1.gitfab79a.12"
href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=11597">11597</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[fix 21] systemd 249-1.gitfab79a.12
</td>
</tr>
<tr>
<th>Classification</th>
<td>ROSA-based products
</td>
</tr>
<tr>
<th>Product</th>
<td>ROSA Fresh
</td>
</tr>
<tr>
<th>Version</th>
<td>All
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>CONFIRMED
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>Normal
</td>
</tr>
<tr>
<th>Component</th>
<td>Packages from Main
</td>
</tr>
<tr>
<th>Assignee</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>Reporter</th>
<td>m.novosyolov@rosalinux.ru
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>Target Milestone</th>
<td>---
</td>
</tr></table>
<p>
<div>
<pre>********* QA ADVISORY **********
libseccomp 2.5.2-1
- updated from 2.5.1 to 2.5.2
- fixed building without %check
<a href="https://abf.io/build_lists/3950847">https://abf.io/build_lists/3950847</a>
<a href="https://abf.io/build_lists/3950848">https://abf.io/build_lists/3950848</a>
<a href="https://abf.io/build_lists/3950858">https://abf.io/build_lists/3950858</a>
systemd 249-1.gitfab79a.12
**************************
- Disable DNSSEC in systemd-resolved by default
DNSSEC implementation in systemd-resolved is unreliable and causes random
failures of DNSSEC validation. Fedora disables it
(<a href="https://fedoraproject.org/wiki/Changes/systemd-resolved#DNSSEC">https://fedoraproject.org/wiki/Changes/systemd-resolved#DNSSEC</a>). Disable it in
ROSA (set -Ddefault-dnssec=no) by default, it can be enabled via
/etc/systemd/resolved.conf or resolvectl(1).
Commit:
<a href="https://abf.io/import/systemd/commit/d0d22ad5b609ce71b6bce9ff017c3b8d68e31098">https://abf.io/import/systemd/commit/d0d22ad5b609ce71b6bce9ff017c3b8d68e31098</a>
Fixes: <a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - disabling DNSSEC by default!"
href="show_bug.cgi?id=11569">https://bugzilla.rosalinux.ru/show_bug.cgi?id=11569</a>
**************************
- Disable mDNS resolution via systemd-resolved by default
Let Avahi handle mDNS resolution, see:
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1867830">https://bugzilla.redhat.com/show_bug.cgi?id=1867830</a>
when both avahi and resolved run, they conflict. If we put mdns_minimal before
resolve in /etc/nsswitch.conf, than it is resolved who will actually do DNS
resolution, not Avahi.
Avahi, as an implementation of mDNS, is important because it can not only
resolve DNS, but also announce local service, we do it in openssh-server for
example.
So choosing to leave Avahi as it is for now. resolved will not respond for
mDNS-related DNS queries.
Disable LLMNR responding by default to avoid strange problems (see
rhbz#1867830) and listening to a port on 0.0.0.0 (security issue).
LLMNR resolving is still enabled by default.
Disabled functionality can be reenabled via /etc/systemd/resolved.conf or
resolvectl(1).
Commit:
<a href="https://abf.io/import/systemd/commit/ec66f86b9ee3905574627f653d9352464a1ad62f">https://abf.io/import/systemd/commit/ec66f86b9ee3905574627f653d9352464a1ad62f</a>
Fixes: <a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - cups: Проблема с печатью принтера hp cp1025nw"
href="show_bug.cgi?id=11570">https://bugzilla.rosalinux.ru/show_bug.cgi?id=11570</a>
Fixes: <a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - Ошибки при работе по сети"
href="show_bug.cgi?id=11534">https://bugzilla.rosalinux.ru/show_bug.cgi?id=11534</a>
Fixes: <a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - Общие папки(smb) - нет подключения"
href="show_bug.cgi?id=11328">https://bugzilla.rosalinux.ru/show_bug.cgi?id=11328</a>
**************************
- Make Yandex DNS have higher priority than Google ones
Most users of ROSA are in Russia. Yandex is a Russian service. Also, many
people have ping to Yandex lower than to Google.
Commit:
<a href="https://abf.io/import/systemd/commit/65ec259466770bd4c8ce86e7d3c9778ec8366b08">https://abf.io/import/systemd/commit/65ec259466770bd4c8ce86e7d3c9778ec8366b08</a>
**************************
- Fix location of oomd and udev parts
* move all oomd-related files into systemd-oomd subpackage
* move all hwdb-related files into udev subpackage
* explicitly list files in some places instead of useing globs to make this
move possible and to track files better
* move some directories from systemd to systemd-units: current subpackage
systemd-units does not make much sense, but owning some ramdom directories by
systemd while most of the are owned by systemd-units makes even less sense
* remove some no more needed Obsoletes
Commit:
<a href="https://abf.io/import/systemd/commit/b04e4f7d287feb53d7e294c376d19fa8ccae2e56">https://abf.io/import/systemd/commit/b04e4f7d287feb53d7e294c376d19fa8ccae2e56</a>
Fixes: <a class="bz_bug_link
bz_status_IN_PROGRESS "
title="IN_PROGRESS - break symlink in systemd"
href="show_bug.cgi?id=11559">https://bugzilla.rosalinux.ru/show_bug.cgi?id=11559</a>
**************************
- add provides for scripts compatibility with OMV (fedya@)
Commit:
<a href="https://abf.io/import/systemd/commit/5eeaecc0e0d3a75c2e0ce1dce1b69c71e2870d17">https://abf.io/import/systemd/commit/5eeaecc0e0d3a75c2e0ce1dce1b69c71e2870d17</a>
**************************
- Remove broken symlink /etc/systemd/system/syslog.service if it points to
nowhere
Commit:
<a href="https://abf.io/import/systemd/commit/5eeaecc0e0d3a75c2e0ce1dce1b69c71e2870d17">https://abf.io/import/systemd/commit/5eeaecc0e0d3a75c2e0ce1dce1b69c71e2870d17</a>
**************************
- Remove obsolete udev rule
"all_partitions" is not known to udev.
udisks2 package has a rule for these devices in another form:
ENV{ID_VENDOR}=="*IOMEGA*", ENV{ID_MODEL}=="*ZIP*",
ENV{ID_DRIVE_FLOPPY_ZIP}="1"
"all_partitions" meant creating block devices for every partition in old
versions of udev,
there is no such option now. Let's just remove this line.
See: <a href="https://shallowsky.com/blog/linux/udev-static-devices.html">https://shallowsky.com/blog/linux/udev-static-devices.html</a>
Commit:
<a href="https://abf.io/import/systemd/commit/9c37ce53f132a94d0f1682682969fb176eaea6e8">https://abf.io/import/systemd/commit/9c37ce53f132a94d0f1682682969fb176eaea6e8</a>
**************************
- Disable updater of systemd-boot by default
Grub2 is used in most cases, calling bootctl does not make sense, and it fails.
Commit:
<a href="https://abf.io/import/systemd/commit/270832d886afa4028d58218af05176c4cf78d58d">https://abf.io/import/systemd/commit/270832d886afa4028d58218af05176c4cf78d58d</a>
**************************
- Fixed licenses
systemd is licensed under LPGL, udev is licensed under GPL
Commit:
<a href="https://abf.io/import/systemd/commit/e9ac850382dfbf53db3eba4d5ff37dcdede28daa">https://abf.io/import/systemd/commit/e9ac850382dfbf53db3eba4d5ff37dcdede28daa</a>
**************************
- Enable login in emergency mode if root account is locked
Commit:
<a href="https://abf.io/import/systemd/commit/536a67c4ad9c9b3bf21013787a5f58be95277136">https://abf.io/import/systemd/commit/536a67c4ad9c9b3bf21013787a5f58be95277136</a>
Fixes: <a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - rescue.target and emegrency.target not work (root disabled)"
href="show_bug.cgi?id=11592">https://bugzilla.rosalinux.ru/show_bug.cgi?id=11592</a>
**************************
<a href="https://abf.io/build_lists/3953964">https://abf.io/build_lists/3953964</a>
<a href="https://abf.io/build_lists/3953965">https://abf.io/build_lists/3953965</a>
<a href="https://abf.io/build_lists/3953966">https://abf.io/build_lists/3953966</a></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>