Bug#965371: resolve: enable RES_TRUSTAD towards the 127.0.0.53 stub resolver

2020-07-20 Thread Michael Biebl 
Am 20.07.20 um 15:38 schrieb Johan Fleury:
> Package: systemd
> Version: 245.6-3
> Severity: wishlist
> Tags: patch
> X-Debbugs-Cc: jfle...@arcaik.net
> 
> Since glibc 2.31, the resolvers in /etc/resolve.conf are not trusted
> anymore and the AD flag is stripped from their responses.
> 
> As systemd-resolved is listening on a loopback interface, the `trust-ad`
> option was added to its stub resolve.conf file by upstream commit
> a742f98[^1].
> 
> It would be great if this commit could be backported to systemd 245 in Sid,
> waiting for version 246 to be released by upstream.
> 
> [^1]: 
> https://github.com/systemd/systemd/commit/a742f9828ea73d9c2c9bafe701c10fe60f058012
> 

Isn't this a duplicate of
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960023 ?




signature.asc
Description: OpenPGP digital signature

Bug#965371: resolve: enable RES_TRUSTAD towards the 127.0.0.53 stub resolver

2020-07-20 Thread Johan Fleury 
Package: systemd
Version: 245.6-3
Severity: wishlist
Tags: patch
X-Debbugs-Cc: jfle...@arcaik.net

Since glibc 2.31, the resolvers in /etc/resolve.conf are not trusted
anymore and the AD flag is stripped from their responses.

As systemd-resolved is listening on a loopback interface, the `trust-ad`
option was added to its stub resolve.conf file by upstream commit
a742f98[^1].

It would be great if this commit could be backported to systemd 245 in Sid,
waiting for version 246 to be released by upstream.

[^1]: 
https://github.com/systemd/systemd/commit/a742f9828ea73d9c2c9bafe701c10fe60f058012

-- Package-specific info:

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-1-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  adduser  3.118
ii  libacl1  2.2.53-8
ii  libapparmor1 2.13.4-3
ii  libaudit11:2.8.5-3+b1
ii  libblkid12.35.2-7
ii  libc62.31-1
ii  libcap2  1:2.36-1
ii  libcrypt11:4.4.16-1
ii  libcryptsetup12  2:2.3.3-1
ii  libgcrypt20  1.8.6-2
ii  libgnutls30  3.6.14-2+b1
ii  libgpg-error01.38-2
ii  libidn2-02.3.0-1
ii  libip4tc21.8.5-2
ii  libkmod2 27+20200310-2
ii  liblz4-1 1.9.2-2
ii  liblzma5 5.2.4-1+b1
ii  libmount12.35.2-7
ii  libpam0g 1.3.1-5
ii  libpcre2-8-0 10.34-7
ii  libseccomp2  2.4.3-1+b1
ii  libselinux1  3.1-2
ii  libsystemd0  245.6-3
ii  mount2.35.2-7
ii  systemd-timesyncd [time-daemon]  245.6-3
ii  util-linux   2.35.2-7

Versions of packages systemd recommends:
ii  dbus  1.12.20-1

Versions of packages systemd suggests:
ii  policykit-10.105-28
pn  systemd-container  

Versions of packages systemd is related to:
pn  dracut   
ii  initramfs-tools  0.137
ii  libnss-systemd   245.6-3
ii  libpam-systemd   245.6-3
ii  udev 245.6-3

-- Configuration Files:
/etc/systemd/resolved.conf changed [not included]

-- no debconf information