X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=NEWS;h=56d05ac7efc131d75e51b7b07f5d555416f78932;hb=df957acc6603a04e62dee7e911c65dc7dbcb6208;hp=f6cf064281f99395b09f3ec371f9f8adc3ea8522;hpb=48a81b20ab95bacbedc2d61afe2eac1d972f0a8d;p=thirdparty%2Fsystemd.git diff --git a/NEWS b/NEWS index f6cf064281f..56d05ac7efc 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,159 @@ systemd System and Service Manager -CHANGES WITH 243 in spe: +CHANGES WITH 244 in spe: + + * Support for the cpuset cgroups v2 controller has been added. + Processes may be restricted to specific CPUs using the new + AllowedCPUs= setting, and to specific memory NUMA nodes using the new + AllowedMemoryNodes= setting. + + * The signal used in restart jobs (as opposed to e.g. stop jobs) may + now be configured using a new RestartKillSignal= settting. This + allows units which signals to request termination to implement + different behaviour when stopping in preparation for a restart. + + * "systemctl clean" may now be used also for socket, mount, and swap + units. + + * systemd will also read configuration options from the EFI variable + SystemdOptions. This may be used to configure systemd behaviour when + modifying the kernel command line is inconvenient, but configuration + on disk is read too late, for example for the options related to + cgroup hierarchy setup. 'bootctl system-options' may be used to + set the EFI variable. + + * systemd will now disable printk ratelimits in early boot. This should + allow us to capture more logs from the early boot phase where normal + storage is not available and the kernel ring buffer is used for + logging. Configuration on the kernel command line has higher priority + and overrides the systemd setting. + + systemd programs which log to /dev/kmsg directly use internal + ratelimits to prevent runaway logging. (Normally this is only used + during early boot, so in practice this change has very little + effect.) + + * The special -.service.d dropin directory may be used to add + configuration that affects all services. The "-.service" service name + is now disallowed (though hopefully no one would use such a service + name. -.mount gives us enough grief.) + + * The RuntimeMaxSec= setting is now supported by scopes, not just + .service units. This is particularly useful for PAM sessions which + create a scope unit for the user login. systemd.runtime_max_sec= + setting may used with the pam_systemd module to limit the duration + of the PAM session, for example for time-limited logins. + + * udev now provides a program (fido_id) that identifies FIDO CTAP1 + ("U2F")/CTAP2 security tokens based on the usage declared in their + report and descriptor and outputs suitable environment variables. + This replaces the externally maintained whitelists of all known + security tokens that were used previously. + + * Automatically generated autosuspend udev rules for whitelisted + devices have been imported from the Chromium OS project. This should + improve power saving with many more devices. + + * udev gained a new "CONST{key}=value" setting that allows matching + against system-wide constants without forking a helper binary. + Currently "arch" and "virt" keys are supported. + + * udev now opens CDROMs in non-exclusive mode when querying their + capabilities. This should fix issues where other programs trying to + use the CDROM cannot gain access to it, but carries a risk of + interfering with programs writing to the disk, if they did not open + the device in exclusive mode as they should. + + * systemd-networkd does not create a default route for IPv4 link local + addressing anymore. The creation of the route was unexpected and was + breaking routing in various cases, but people who rely on it being + created implicitly will need to adjust. Such a route may be requested + with DefaultRouteOnDevice=yes. + + Similarly, systemd-networkd will not assign a link-local IPv6 address + when IPv6 link-local routing is not enabled. + + * Receive and transmit buffers may now be configured on links with + the new RxBufferSize= and TxBufferSize= settings. + + * systemd-networkd may now advertise additional IPv6 routes. A new + [IPv6RoutePrefix] section with Route= and LifetimeSec= options is + now supported. + + * systemd-networkd may now configure "next hop" routes using the + [NextHop] section and Gateway= and Id= settings. + + * systemd-networkd will now retain DHCP config on restarts by default + (but this may be overridden using the KeepConfiguration= setting). + The default for SendRelease= has been changed to true. + + * The DHCPv4 client now uses the OPTION_INFORMATION_REFRESH_TIME option + received from the server. + + The client will use the received SIP server list if UseSIP=yes is + set. + + The client may be configured to request specific options from the + server using a new RequestOptions= setting. + + A new IPServiceType= setting has been added to configure the "IP + service type" value used by the client. + + * The DHCPv6 client learnt a new PrefixDelegationHint= option to + request prefix hints in the DHCPv6 solicitation. + + * systemd-networkd and networkctl may now renew DHCP leases on demand. + networkctl has a new 'networkctl renew' verb. + + * systemd-networkd may now reconfigure links on demand. networkctl + gained two new verbs: "reload" will reload the configuration, and + "reconfigure DEVICE…" will reconfigure one or more devices. + + * .network files may now match on SSID and BSSID of a wireless network, + i.e. the access point name and hardware address using the new SSID= + and BSSID= options. networkctl will display the current SSID and + BSSID for wireless links. + + .network files may also match on the wireless network type using the + new WLANInterfaceType= option. + + * systemd-networkd now includes default configuration that enables + link-local addressing when connected to an ad-hoc wireless network. + + * The DHCPv4 server may now be configured to emit SIP server list using + the new EmitSIP= and SIP= settings. + + * systemd-networkd may configure the Traffic Control queueing + disciplines in the kernel using the new + [TrafficControlQueueingDiscipline] section and Parent=, + NetworkEmulatorDelaySec=, NetworkEmulatorDelayJitterSec=, + NetworkEmulatorPacketLimit=, NetworkEmulatorLossRate=, + NetworkEmulatorDuplicateRate= settings. + + * systemd-tmpfiles gained a new w+ setting to append to files. + + * systemd-analyze dump will now report when the memory configuration in + the kernel does not match what systemd has configured (usually, + because some external program has modified the kernel configuration + on its own). + + * journalctl --update-catalog now produces deterministic output (making + reproducible image builds easier). + + * A new devicetree-overlay setting is now documented in the Boot Loader + Specification. + + * The default value of the WatchdogSec= setting used in systemd + services (the ones bundled with the project itself) may be set at + configuration time using the -Dservice-watchdog= setting. If set to + empty, the watchdogs will be disabled. + + * libcryptsetup >= 2.0.1 is now required. + + * systemd-resolved validates IP addresses in certificates now when GnuTLS + is being used. + +CHANGES WITH 243: * This release enables unprivileged programs (i.e. requiring neither setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests @@ -279,6 +432,16 @@ CHANGES WITH 243 in spe: been renamed to LinkLayerAddress=, and it now allows configuration of IP addresses, too. + * systemd-networkd's handling of the kernel's disable_ipv6 sysctl is + simplified: systemd-networkd will disable the sysctl (enable IPv6) if + IPv6 configuration (static or DHCPv6) was found for a given + interface. It will not touch the sysctl otherwise. + + * The order of entries is $PATH used by the user manager instance was + changed to put bin/ entries before the corresponding sbin/ entries. + It is recommended to not rely on this order, and only ever have one + binary with a given name in the system paths under /usr. + * A new tool systemd-network-generator has been added that may generate .network, .netdev and .link files from IP configuration specified on the kernel command line in the format used by Dracut. @@ -432,32 +595,41 @@ CHANGES WITH 243 in spe: * IOWeight= has learnt to properly set the IO weight when using the BFQ scheduler officially found in kernels 5.0+. - Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Andrej - Valek, Anita Zhang, Arian van Putten, Balint Reczey, Bastien Nocera, - Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris Chiu, Chris Down, - Christian Kellner, Clinton Roy, Connor Reeder, Daniele Medri, Dan - Streetman, Dave Reisner, Dave Ross, David Art, David Tardon, Debarshi - Ray, Dominick Grift, Donald Buczek, Douglas Christman, Eric DeVolder, - Evgeny Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Franck - Bui, Frantisek Sumsal, Franz Pletz, Hans de Goede, Iago López Galeiras, - Insun Pyo, Ivan Shapovalov, Iwan Timmer, Jack, Jakob Unterwurzacher, - Jan Klötzke, Jan Pokorný, Jan Synacek, Jeka Pats, Jérémy Rosen, Jiri - Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann B. Guðmundsson, - Johannes Schmitz, Jonathan Rouleau, Jorge Niedbalski, Kai Lüke, Karel - Zak, Kashyap Chamarthy, Krayushkin Konstantin, Lennart Poettering, - Lubomir Rintel, Luca Boccassi, Luís Ferreira, Marc-André Lureau, Markus - Felten, Martin Pitt, Michael Biebl, Michael Olbrich, Michael Prokop, - Michael Stapelberg, Michael Zhivich, Michal Koutný, Michal Sekletar, - Mike Gilbert, Milan Broz, mpe85, Network Silence, Oliver Harley, - pan93412, Paul Menzel, pEJipE, Peter A. Bigot, Philip Withnall, Piotr - Drąg, Rafael Fontenelle, Roberto Santalla, root, RussianNeuroMancer, - Sebastian Jennen, shinygold, Shreyas Behera, Simon Schricker, Susant - Sahani, Thadeu Lima de Souza Cascardo, Theo Ouzhinski, Thiebaud - Weksteen, Thomas Haller, Thomas Weißschuh, Tomas Mraz, Topi Miettinen, - ven, Wieland Hoffmann, Xi Ruoyao, Yuri Chornoivan, Yu Watanabe, Zach - Smith, Zbigniew Jędrzejewski-Szmek, Zhang Xianwei - - – Somewhere, SOME-TI-ME + * A new mailing list has been created for reporting of security issues: + systemd-security@redhat.com. For mode details, see + https://systemd.io/CONTRIBUTING#security-vulnerability-reports. + + Contributions from: Aaron Barany, Adrian Bunk, Alan Jenkins, Albrecht + Lohofener, Andrej Valek, Anita Zhang, Arian van Putten, Balint Reczey, + Bastien Nocera, Ben Boeckel, Benjamin Robin, camoz, Chen Qi, Chris + Chiu, Chris Down, Christian Kellner, Clinton Roy, Connor Reeder, Daniel + Black, Daniele Medri, Dan Streetman, Dave Reisner, Dave Ross, David + Art, David Tardon, Debarshi Ray, Dimitri John Ledkov, Dominick Grift, + Donald Buczek, Douglas Christman, Eric DeVolder, EtherGraf, Evgeny + Vereshchagin, Feldwor, Felix Riemann, Florian Dollinger, Francesco + Pennica, Franck Bui, Frantisek Sumsal, Franz Pletz, frederik, Hans + de Goede, Iago López Galeiras, Insun Pyo, Ivan Shapovalov, Iwan Timmer, + Jack, Jakob Unterwurzacher, Jan Chren, Jan Klötzke, Jan Losinski, Jan + Pokorný, Jan Synacek, Jan-Michael Brummer, Jeka Pats, Jeremy Soller, + Jérémy Rosen, Jiri Pirko, Joe Lin, Joerg Behrmann, Joe Richey, Jóhann + B. Guðmundsson, Johannes Christ, Johannes Schmitz, Jonathan Rouleau, + Jorge Niedbalski, Kai Krakow, Kai Lüke, Karel Zak, Kashyap Chamarthy, + Krayushkin Konstantin, Lennart Poettering, Lubomir Rintel, Luca + Boccassi, Luís Ferreira, Marc-André Lureau, Markus Felten, Martin Pitt, + Matthew Leeds, Mattias Jernberg, Michael Biebl, Michael Olbrich, + Michael Prokop, Michael Stapelberg, Michael Zhivich, Michal Koutný, + Michal Sekletar, Mike Gilbert, Milan Broz, Miroslav Lichvar, mpe85, + Mr-Foo, Network Silence, Oliver Harley, pan93412, Paul Menzel, pEJipE, + Peter A. Bigot, Philip Withnall, Piotr Drąg, Rafael Fontenelle, Roberto + Santalla, Ronan Pigott, root, RussianNeuroMancer, Sebastian Jennen, + shinygold, Shreyas Behera, Simon Schricker, Susant Sahani, Thadeu Lima + de Souza Cascardo, Theo Ouzhinski, Thiebaud Weksteen, Thomas Haller, + Thomas Weißschuh, Tomas Mraz, Tommi Rantala, Topi Miettinen, VD-Lycos, + ven, Wieland Hoffmann, William A. Kennington III, William Wold, Xi + Ruoyao, Yuri Chornoivan, Yu Watanabe, Zach Smith, Zbigniew + Jędrzejewski-Szmek, Zhang Xianwei + + – Camerino, 2019-09-03 CHANGES WITH 242: