-
systemd (232-21ubuntu7.1) zesty-security; urgency=medium
* SECURITY UPDATE: remote DoS in resolve (LP: #1725351)
- debian/patches/CVE-2017-15908.patch: fix loop on packets with pseudo
dns types in src/resolve/resolved-dns-packet.c.
- CVE-2017-15908
-- Marc Deslauriers <email address hidden> Thu, 26 Oct 2017 07:59:03 -0400
-
systemd (232-21ubuntu7) zesty; urgency=medium
* networkd: accept `:' in ifnames in systemd/networkd. (LP: #1714933)
* networkd: add support for ActiveSlave and PrimarySlave netdev options.
(LP: #1709135)
* Cherrypick upstream fix for a race between .mount and .automount units,
which currently may result in automounts hanging. (LP: #1709649)
* systemd.postinst: Fix-up version number check in the previous sru.
The version check in the postinst was too tight, thus the SRU fix failed
validation. (LP: #1710410)
systemd (232-21ubuntu6) zesty; urgency=medium
* link: Fix offload features initialization.
This fixes a regression introduced in v232 which caused TCP
segmentation offloads being disabled by default, resulting in
significant performance issues under certain conditions. (Closes: #864073)
(LP: #1703393)
* loginctl: Fix loginctl ignoring user given session IDs at command-line
(LP: #1682154)
* Disable fallback DNS servers.
This causes resolved to call-home to google, attempt to access network when
none is available, and spams logs. (LP: #1449001)
* initramfs-tools: trigger udevadm add actions with subsystems first.
This updates the initramfs-tools init-top udev script to trigger udevadm
actions with type specified. This mimicks the
systemd-udev-trigger.service. Without type specified only devices are
triggered, but triggering subsystems may also be required and should happen
before triggering the devices. This is the case for example on s390x with zdev
generated udev rules. (LP: #1713536)
* Enable systemd-resolved by default. (LP: #1710410)
* core: fix systemd failing to serialize tasks correctly on daemon-reload.
(LP: #1702823)
-- Dimitri John Ledkov <email address hidden> Wed, 04 Oct 2017 14:22:02 +0100
-
systemd (232-21ubuntu6) zesty; urgency=medium
* link: Fix offload features initialization.
This fixes a regression introduced in v232 which caused TCP
segmentation offloads being disabled by default, resulting in
significant performance issues under certain conditions. (Closes: #864073)
(LP: #1703393)
* loginctl: Fix loginctl ignoring user given session IDs at command-line
(LP: #1682154)
* Disable fallback DNS servers.
This causes resolved to call-home to google, attempt to access network when
none is available, and spams logs. (LP: #1449001)
* initramfs-tools: trigger udevadm add actions with subsystems first.
This updates the initramfs-tools init-top udev script to trigger udevadm
actions with type specified. This mimicks the
systemd-udev-trigger.service. Without type specified only devices are
triggered, but triggering subsystems may also be required and should happen
before triggering the devices. This is the case for example on s390x with zdev
generated udev rules. (LP: #1713536)
* Enable systemd-resolved by default. (LP: #1710410)
* core: fix systemd failing to serialize tasks correctly on daemon-reload.
(LP: #1702823)
-- Dimitri John Ledkov <email address hidden> Thu, 31 Aug 2017 13:27:39 +0100
-
systemd (232-21ubuntu5) zesty-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds write in systemd-resolved (LP: #1695546)
- debian/patches/test-resolved-packet-add-a-simple-test-for-our-alloc.patch:
Add a simple allocation test
- debian/patches/resolved-simplify-alloc-size-calculation.patch: Simply
allocation size calculation
- CVE-2017-9445
-- Chris Coulson <email address hidden> Wed, 21 Jun 2017 16:33:22 +0100
-
systemd (232-21ubuntu4) zesty; urgency=medium
* Cherrypick upstream commit to enable system use kernel maximum limit for
RLIMIT_NOFILE isntead of hard-coded (low) limit of 65536. (LP: #1686361)
* debian/tests/root-unittests: disable execute and seccomp tests on arm
test-seccomp and test-execute fail on arm64 kernels. Marking both tests as
expected failures. An upstream bug report is filed to resolve these.
(LP: #1672499)
* Cherrypick upstream patch for platform predictable interface names.
(LP: #1686784)
* resolved: fix null pointer dereference crash (LP: #1621396)
* Cherrypick core/timer downgrade message about random time addition
(LP: #1692136)
-- Dimitri John Ledkov <email address hidden> Wed, 24 May 2017 16:26:16 +0100
-
systemd (232-21ubuntu3) zesty; urgency=medium
[ Martin Pitt ]
* resolved: Disable DNSSEC by default on stretch and zesty.
Both Debian stretch and Ubuntu zesty are close to releasing, switch to
DNSSEC=off by default for those. Users can still turn it back on with
DNSSEC=allow-downgrade (or even "yes"). (LP: #1682499)
[ Michael Biebl ]
* journal: fix up syslog facility when forwarding native messages.
Native journal messages (_TRANSPORT=journal) typically don't have a
syslog facility attached to it. As a result when forwarding the
messages to syslog they ended up with facility 0 (LOG_KERN).
Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893)
(LP: #1682484)
[ Dimitri John Ledkov ]
* networkd: cherry-pick support for setting bridge port's priority.
This is a useful feature/bugfix to improve feature parity of networkd with
ifupdown. This matches netplan's expectations to be able to set bridge port's
priorities via networked. This featue is to be used by netplan/MAAS/OpenStack.
(LP: #1668347)
* TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd.
(LP: #1672542)
* udev.postinst: preserve virtio interfaces names on upgrades, on s390x.
New udev generates stable interface names on s390x kvm instances, however, upon
upgrades existing ethX names should be preserved to prevent breaking networking
and software configurations. (Closes: #860246) (LP: #1682437)
-- Dimitri John Ledkov <email address hidden> Thu, 13 Apr 2017 18:10:33 +0100
-
systemd (232-21ubuntu2) zesty; urgency=medium
* pkgconfig: Cherrypick upstream fix to libdir locations in .pc files
(LP: #1674201)
-- Dimitri John Ledkov <email address hidden> Tue, 28 Mar 2017 16:59:14 +0100
-
systemd (232-21ubuntu1) zesty; urgency=medium
* Merge from Debian unstable, remaining changes:
* debian/extra/units/systemd-resolved.service.d/resolvconf.conf: if
resolved is going to be started, make sure this blocks
network-online.target. LP: #1673860.
-- Gianfranco Costamagna <email address hidden> Thu, 23 Mar 2017 10:02:35 +0100
-
systemd (232-20ubuntu1) zesty; urgency=medium
* debian/extra/units/systemd-resolved.service.d/resolvconf.conf: if
resolved is going to be started, make sure this blocks
network-online.target. LP: #1673860.
-- Steve Langasek <email address hidden> Fri, 17 Mar 2017 17:18:46 -0700
-
systemd (232-20) unstable; urgency=medium
[ Martin Pitt ]
* debian/gbp.conf: Switch to "stretch" branch
* udev: Fix /dev/disk/by-path aliases for virtio disks. (Closes: #856558)
* udev: Create persistent net names for virtio CCW devices.
This only affects s390x as only this has CCW devices. This provides
stable network interface names for those and avoids changing the names
on updating Stretch to Buster. (Closes: #856559)
* Move systemd.link(5) to udev package.
.link files are being handled by udev, so it should ship the
corresponding manpage. Bump Breaks/Replaces accordingly. (Closes: #857270)
[ Michael Biebl ]
* Avoid strict DM API versioning.
Compiling against the dm-ioctl.h header as provided by the Linux kernel
will embed the DM interface version number. Running an older kernel can
lead to errors on shutdown when trying to detach DM devices.
As a workaround, build against a local copy of dm-ioctl.h based on 3.13,
which is the minimum required version to support DM_DEFERRED_REMOVE.
(Closes: #856337)
* cryptsetup-generator: Run cryptsetup service before swap unit.
Otherwise if the cryptsetup service unit and swap unit for a swap
device are not strictly ordered, it might happen that the swap unit
activates/mounts the swap device before its cryptsetup service unit has
a chance to run the 'mkswap' command. (Closes: #787028)
* Override package-name-doesnt-match-sonames lintian warning for libnss-*
* networkd: Fix size of MTUBytes so that it does not overwrite ARP
[ Felipe Sateler ]
* git-cherry-pick: Actually use cherry-pick for picking.
Use git cherry-pick for picking instead of rebase.
This allows using -x flag and thus record the upstream commit that is
being picked.
-- Michael Biebl <email address hidden> Thu, 16 Mar 2017 17:38:24 +0100
-
systemd (232-19) unstable; urgency=medium
[ Martin Pitt ]
* debian/README.source: Update patch and changelog handling to current
reality.
* root-unittests autopkgtest: Blacklist test-journal-importer.
This got added in a recent PR, but running this requires using "make
install-tests" which hasn't landed yet.
* fsckd: Fix format specifiers on 32 bit architectures.
* resolved: Fix NSEC proofs for missing TLDs (Closes: #855479)
* boot-and-services autopkgtest: Skip CgroupsTest on unified hierarchy.
* boot-smoke autopkgtest: Run in containers, too.
* logind autopkgtest: Adjust to work in containers.
[ Dimitri John Ledkov ]
* Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031)
* Fix emitting change signals with a sessions property in logind
(LP: #1661568)
[ Michael Biebl ]
* If an automount unit is masked, don't react to activation anymore.
Otherwise we'll hit an assert sooner or later. (Closes: #856035)
[ Felipe Sateler ]
* resolved: add the new KSK to the built-in resolved trust anchor.
The old root key will be discarded in early 2018, so get this into
stretch.
* Backport some zsh completion fixes from upstream (Closes: #847203)
-- Martin Pitt <email address hidden> Thu, 02 Mar 2017 09:21:12 +0100
-
systemd (232-18ubuntu1) zesty; urgency=medium
[ Martin Pitt ]
* debian/README.source: Update patch and changelog handling to current reality.
We've used gbp dch for a fair while now, let's document it as official
policy.
Update documentation about patch handling: using quilt directly is
not really "welcome" any more as it creates a lot of noise in pq, so
only document pq now. Also document the usage of topic branches, and our
shiny debian/git-cherry-pick tool.
[ Dimitri John Ledkov ]
* Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031)
* Fix emitting change signals with a sessions property in logind.
(LP: #1661568)
systemd (232-18) unstable; urgency=medium
* udev autopkgtest: Adjust to script-based test /sys creation.
PR #5250 changes from the static sys.tar.xz to creating the test /sys
directory with a script. Get along with both cases until 233 gets
released and packaged.
* systemd-resolved.service.d/resolvconf.conf: Don't fail if resolvconf is
not installed. ReadWritePaths= fails by default if the referenced
directory does not exist. This happens if resolvconf is not installed, so
use '-' to ignore the absence. (Closes: #854814)
* Fix two more seccomp issues.
* Permit seeing process list of units whose unit files are missing.
* Fix systemctl --user enable/disable without $XDG_RUNTIME_DIR being set.
(Closes: #855050)
-- Dimitri John Ledkov <email address hidden> Thu, 16 Feb 2017 22:33:24 +0000
-
systemd (232-17ubuntu1) zesty; urgency=medium
* debian/patches/0001-resolved-follow-CNAMES-for-DNS-stub-
replies.patch: cherry-pick upstream fix for following CNAMEs in DNS
stub replies. Closes LP: #1647031.
-- Steve Langasek <email address hidden> Sun, 12 Feb 2017 22:54:55 -0800
-
systemd (232-17) unstable; urgency=medium
* Add libcap2-bin build dependency for tests. This will make
test_exec_capabilityboundingset() actually run. (Closes: #854394)
* Add iproute2 build dependency for tests. This will make
test_exec_privatenetwork() actually run; it skips if "ip" is not present.
(Closes: #854396)
* autopkgtest: Run all upstream unit tests as root.
Ship all upstream unit tests in libsystemd-dev, and run them all as root
in autopkgtest. (Closes: #854392) This also fixes the FTBFS on non-seccomp
architectures.
* systemd-resolved.service.d/resolvconf.conf: Allow writing to
/run/resolvconf. Upstream PR #5283 will introduce permission restrictions
for systemd-resolved.service, including the lockdown to writing
/run/systemd/. This will then cause the resolvconf call in our drop-in to
fail as that needs to write to /run/resolvconf/. Add this to
ReadWritePaths=. (This is a no-op with the current unrestricted unit).
-- Martin Pitt <email address hidden> Fri, 10 Feb 2017 11:52:46 +0100
-
systemd (232-10ubuntu1) zesty; urgency=medium
* d/p/0001-libudev-util-change-util_replace_whitespace-to-retur.patch,
d/p/0002-udev-event-add-replace_whitespace-param-to-udev_even.patch,
d/p/0003-udev-rules-perform-whitespace-replacement-for-symlin.patch:
Cherry-pick upstream fixes from Dan Streetman <email address hidden> to
fix by-id symlinks for devices whose IDs contain whitespace.
LP: #1647485.
-- Steve Langasek <email address hidden> Fri, 13 Jan 2017 18:08:34 +0200
-
systemd (232-10) unstable; urgency=medium
* Add NULL sentinel to strjoin.
We haven't cherry-picked upstream commit 605405c6c which introduced a
strjoin macro that adds the NULL sentinel automatically so we need to do
it manually. (Closes: #851210)
-- Michael Biebl <email address hidden> Fri, 13 Jan 2017 05:08:55 +0100
-
systemd (232-9) unstable; urgency=medium
* Use --disable-wheel-group configure switch.
Instead of mangling the tmpfiles via sed to remove the wheel group, use
the configure switch which was added upstream in v230.
See https://github.com/systemd/systemd/issues/2492
* Update debian/copyright.
Bob Jenkins released the lookup3.[ch] files as public domain which means
there is no copyright holder.
* Drop fallback for older reportbug versions when attaching files
* debian/extra/init-functions.d/40-systemd: Stop checking for init env var.
This env variable is no longer set when systemd executes a service so
it's pointless to check for it.
* debian/extra/init-functions.d/40-systemd: Stop setting _SYSTEMCTL_SKIP_REDIRECT=true.
It seems we don't actually need it to detect recursive loops (PPID is
sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into
the runtime environment of the service. (Closes: #802018)
* debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT.
Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more
consistent with other environment variables which are used internally by
systemd, like SYSTEMCTL_SKIP_SYSV.
* Various specifier resolution fixes.
Turn on specifier expansion for more unit file settings.
See https://github.com/systemd/systemd/pull/4835 (Closes: #781730)
-- Michael Biebl <email address hidden> Thu, 12 Jan 2017 16:59:22 +0100
-
systemd (232-8) unstable; urgency=medium
[ Martin Pitt ]
* Drop systemd dependency from libnss-myhostname again.
This NSS module is completely independent from systemd, unlike the other
three.
* Install 71-seat.rules into the initrd.
This helps plymouth to detect applicable devices. (Closes: #756109)
* networkd: Fix crash when setting routes.
* resolved: Drop removal of resolvconf entry on stop.
This leads to timeouts on shutdown via the resolvconf hooks and does not
actually help much -- /etc/resolv.conf would then just be empty instead of
having a nonexisting 127.0.0.53 nameserver, so manually stopping resolved
in a running system is broken either way. (LP: #1648068)
* Keep RestrictAddressFamilies on amd64.
This option and libseccomp currently work on amd64 at least, so let's make
sure it does not break there as well, and benefit from the additional
protection at least on this architecture.
* Explicitly set D-Bus policy dir.
This is about to change upstream in
https://github.com/systemd/systemd/pull/4892, but as explained in commit
2edb1e16fb12f4 we need to keep the policies in /etc/ until stretch+1.
[ Michael Biebl ]
* doc: Clarify NoNewPrivileges in systemd.exec(5). (Closes: #756604)
* core: Rework logic to determine when we decide to add automatic deps for
mounts. This adds a concept of "extrinsic" mounts. If mounts are
extrinsic we consider them managed by something else and do not add
automatic ordering against umount.target, local-fs.target,
remote-fs.target. (Closes: #818978)
* rules: Add persistent links for nbd devices. (Closes: #837999)
-- Michael Biebl <email address hidden> Sat, 17 Dec 2016 01:54:18 +0100
-
systemd (232-7) unstable; urgency=medium
[ Michael Biebl ]
* Mark liblz4-tool build dependency as <!nocheck>
* udev: Try mount -n -o move first
initramfs-tools is not actually using util-linux mount (yet), so making
mount -n --move the first alternative would trigger an error message if
users have built their initramfs without busybox support.
[ Alexander Kurtz ]
* debian/extra/kernel-install.d/85-initrd.install: Remove an unnecessary
variable. (Closes: #845977)
[ Martin Pitt ]
* Drop systemd-networkd's "After=dbus.service" ordering, so that it can
start during early boot (for cloud-init.service). It will auto-connect to
D-Bus once it becomes available later, and transient (from DHCP) hostname
and timezone setting do not currently work anyway. (LP: #1636912)
* Run hwdb/parse_hwdb.py during package build.
* Package libnss-systemd
* Make libnss-* depend on the same systemd package version.
-- Martin Pitt <email address hidden> Wed, 30 Nov 2016 14:38:36 +0100
-
systemd (232-6) unstable; urgency=medium
* Add policykit-1 test dependency for networkd-test.py.
* debian/rules: Don't destroy unit symlinks with sed -i.
Commit 21711e74 introduced a "sed -i" to remove RestrictAddressFamilies= from
units. This also caused unit symlinks to get turned into real files, causing
D-BBus activated services like timedated to fail ("two units with the same
D-Bus name").
* Fall back to "mount -o move" in udev initramfs script
klibc's mount does not understand --move, so for the time being we need to
support both variants. (Closes: #845161)
* debian/README.Debian: Document how to generate a shutdown log.
Thanks 積丹尼 Dan Jacobson. (Closes: #826297)
-- Martin Pitt <email address hidden> Mon, 21 Nov 2016 10:39:57 +0100
-
systemd (232-5) unstable; urgency=medium
* Add missing liblz4-tool build dependency.
Fixes test-compress failure during package build.
* systemd: Ship /var/lib.
This will soon contain a polkit pkla file.
-- Martin Pitt <email address hidden> Sun, 20 Nov 2016 12:22:52 +0100
-
systemd (232-4) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/unit-config: Query pkg-config for system unit dir.
This fixes confusion on merged-/usr systems where both /usr/lib/systemd and
/lib/systemd exist. It's actually useful to verify that systemd.pc says the
truth.
* debian/tests/upstream: Fix clobbering of merged-/usr symlinks
* debian/tests/systemd-fsckd: Create /etc/default/grub.d if necessary
* debian/rules: Drop check for linking to libs in /usr.
This was just an approximation, as booting without an initrd could still be
broken by library updates (e. g. #828991). With merged /usr now being the
default this is now completely moot.
* Move kernel-install initrd script to a later prefix.
60- does not leave much room for scripts that want to run before initrd
building (which is usually one of the latest things to do), so bump to 85.
Thanks to Sjoerd Simons for the suggestion.
* Disable 99-default.link instead of the udev rule for disabling persistent interface names.
Disabling 80-net-setup-link.rules will also cause ID_NET_DRIVER to not be set
any more, which breaks 80-container-ve.network and matching on driver name in
general. So disable the actual default link policy instead.
Still keep testing for 80-net-setup-link.rules in the upgrade fix and
73-usb-net-by-mac.rules to keep the desired behaviour on systems which already
disabled ifnames via that udev rule.
See https://lists.freedesktop.org/archives/systemd-devel/2016-November/037805.html
* debian/tests/boot-and-services: Always run seccomp test
seccomp is now available on all architectures on which Debian and Ubuntu run
tests, so stop making this test silently skip if seccomp is disabled.
* Bump libseccomp build dependency as per configure.ac.
* Replace "Drop RestrictAddressFamilies=" patch with sed call.
With that it will also apply to upstream builds/CI, and it is structurally
simpler.
* Rebuild against libseccomp with fixed shlibs. (Closes: #844497)
[ Michael Biebl ]
* fstab-generator: add x-systemd.mount-timeout option. (Closes: #843989)
* build-sys: do not install ctrl-alt-del.target symlink twice.
(Closes: #844039)
* Enable lz4 support.
While the compression rate is not as good as XZ, it is much faster, so a
better default for the journal and especially systemd-coredump.
(Closes: #832010)
[ Felipe Sateler ]
* Enable machines.target by default. (Closes: #806787)
[ Evgeny Vereshchagin ]
* debian/tests/upstream: Print all journal files.
We don't print all journal files. This is misleading a bit:
https://github.com/systemd/systemd/pull/4331#issuecomment-252830790
https://github.com/systemd/systemd/pull/4395#discussion_r87948836
[ Luca Boccassi ]
* Use mount --move in initramfs-tools udev script.
Due to recent changes in busybox and initramfs-tools the mount
utility is no longer the one from busybox but from util-linux.
The latter does not support mount -o move.
The former supports both -o move and --move, so use it instead to be
compatible with both.
See this discussion for more details:
https://bugs.debian.org/823856 (Closes: #844775)
-- Michael Biebl <email address hidden> Sun, 20 Nov 2016 03:34:58 +0100
-
systemd (232-3) unstable; urgency=medium
[ Felipe Sateler ]
* Make systemd-delta less confused on merged-usr systems. (Closes: #843070)
* Fix wrong paths for /bin/mount when compiled on merged-usr system.
Then the build system finds /usr/bin/mount which won't exist on a
split-/usr system. Set the paths explicitly in debian/rules and drop
Use-different-default-paths-for-various-binaries.patch. (Closes: #843433)
[ Martin Pitt ]
* debian/tests/logind: Split out "pid in logind session" test
* debian/tests/logind: Adjust "in logind session" test for unified cgroup
hierarchy
* debian/tests/boot-and-services: Check common properties of CLI programs.
Verify that CLI programs have a sane behaviour and exit code when being
called with --help, --version, or an invalid option.
* nspawn: Fix exit code for --help and --version (Closes: #843544)
* core: Revert using the unified hierarchy for the systemd cgroup.
Too many things don't get along with it yet, like docker, LXC, or runc.
(Closes: #843509)
-- Martin Pitt <email address hidden> Wed, 09 Nov 2016 09:34:45 +0100
-
systemd (232-2git1) zesty; urgency=medium
Upload current packaging git head to fix autopkgtest.
[ Felipe Sateler ]
* Make systemd-delta less confused on merged-usr systems. (Closes: #843070)
[ Martin Pitt ]
* debian/tests/logind: Split out "pid in logind session" test
* debian/tests/logind: Adjust "in logind session" test for unified cgroup hierarchy
-- Felipe Sateler <email address hidden> Mon, 07 Nov 2016 13:09:01 +0100
-
systemd (232-2) unstable; urgency=medium
* Drop RestrictAddressFamilies from service files.
RestrictAddressFamilies= is broken on 32bit architectures and causes
various services to fail with a timeout, including
systemd-udevd.service.
While this might actually be a libseccomp issue, remove this option for
now until a proper solution is found. (Closes: #843160)
-- Michael Biebl <email address hidden> Sat, 05 Nov 2016 22:43:27 +0100
-
systemd (232-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release 232:
- Fix "systemctl start" when ReadWriteDirectories is a symlink
(Closes: ##792187)
- Fix "journalctl --setup-keys" output (Closes: #839097)
- Run run sysctl service if /proc/sys/net is writable, for containers
(Closes: #840529)
- resolved: Add d.f.ip6.arpa to the DNSSEC default negative trust anchors
(Closes: #834453)
* debian/tests/logind: Copy the current on-disk unit instead of the
on-memory one.
* Build sd-boot on arm64. gnu-efi is available on arm64 now.
(Closes: #842617)
* Link test-seccomp against seccomp libs to fix FTBFS
* debian/rules: Remove nss-systemd (until we package it)
* Install new systemd-mount
[ Michael Biebl ]
* Install new journal-upload.conf man pages in systemd-journal-remote
-- Martin Pitt <email address hidden> Fri, 04 Nov 2016 07:18:10 +0200
-
systemd (231-10) unstable; urgency=medium
[ Martin Pitt ]
* systemctl: Add --wait option to wait until started units terminate again.
* nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors.
This makes it possible to configure a fallback to "dns" without breaking
DNSSEC, with "resolve [!UNAVAIL=return] dns".
* libnss-resolve.postinst: Skip dns fallback if resolve is present.
Only fall back to "dns" if nss-resolve is not installed (for the
architecture of the calling program). Once it is, we never want to fall
back to "dns" as that breaks enforcing DNSSEC verification and also
pointlessly retries NXDOMAIN failures. (LP: #1624071)
* unit: sent change signal before removing the unit if necessary
(LP: #1632964)
* networkd: Fix assertion crash on adding VTI with IPv6 addresses
(LP: #1633274)
* debian/tests/upstream: Stop specifying initrd, it is autodetected now.
* debian/tests/upstream: Add gcc/libc-dev/make test dependencies,
so that the tests can build helper binaries.
[ Felipe Sateler ]
* Explicitly disable installing the upstream-provided PAM configuration.
* Register interest in the status of dracut and initramfs-tools in reportbug
template
[ Michael Biebl ]
* Stop creating systemd-update-utmp-runlevel.service symlinks manually
-- Martin Pitt <email address hidden> Wed, 26 Oct 2016 13:24:37 +0200
-
systemd (231-9git1) yakkety; urgency=medium
* systemctl: Add --wait option to wait until started units terminate again.
This is a prerequisite for using systemd for graphical sessions without
ugly polling.
* nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors.
This makes it possible to configure a fallback to "dns" without breaking
DNSSEC, with "resolve [!UNAVAIL=return] dns".
* libnss-resolve.postinst: Skip dns fallback if resolve is present.
Only fall back to "dns" if nss-resolve is not installed (for the
architecture of the calling program). Once it is, we never want to fall
back to "dns" as that breaks enforcing DNSSEC verification and also
pointlessly retries NXDOMAIN failures. (LP: #1624071)
-- Martin Pitt <email address hidden> Sun, 02 Oct 2016 10:33:11 +0200
