Bug 13394

Summary: [fix 21] systemd: fixes of xdg-autostart-generator, fixed CVE-2021-3997 and CVE-2022-4415
Product: [ROSA-based products] ROSA Fresh Reporter: Mikhail Novosyolov <m.novosyolov>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: High CC: a.proklov, v.potapov
Version: AllFlags: v.potapov: qa_verified+
a.proklov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Mikhail Novosyolov 2023-06-02 14:52:52 MSK 
************ QA ADVISORY ***********

systemd 249-1.gitfab79a.20
- all upstream fixes of xdg-autostart-generator
- fixed CVE-2021-3997
- fixed CVE-2022-4415

Теперь xdg-генератор НЕ пропускает файлы с X-GNOME-AutostartPhase, как в старом варианте spice-vdagent, а также починена работа автозапускаемых самофоркающихся программ, например, yandex-disk, которые до этого обновления запускались и тут же завершались.

https://abf.io/build_lists/4460271
https://abf.io/build_lists/4460272
https://abf.io/build_lists/4460273
Comment 1 Vladimir Potapov 2023-06-02 16:35:54 MSK 
Ошибки при обновлении

Couldn't write '1' to 'net/ipv4/tcp_rx_skb_cache', ignoring: No such file or directory
Couldn't write '1' to 'net/ipv4/tcp_tx_skb_cache', ignoring: No such file or directory
Couldn't write '0' to 'net/ipv6/conf/all/optimistic_dad', ignoring: No such file or directory
Couldn't write '0' to 'net/ipv6/conf/all/use_optimistic', ignoring: No such file or directory
Couldn't write '0' to 'net/ipv6/conf/default/optimistic_dad', ignoring: No such file or directory
Couldn't write '0' to 'net/ipv6/conf/default/use_optimistic', ignoring: No such file or directory
Couldn't write '0' to 'net/ipv6/conf/lo/optimistic_dad', ignoring: No such file or directory
Couldn't write '0' to 'net/ipv6/conf/lo/use_optimistic', ignoring: No such file or directory
Comment 2 Vladimir Potapov 2023-06-02 16:36:33 MSK 
ну и вот это убрать бы, раз системд взялись обновлять. ДОстает.
Cannot set file attributes for '/var/log/journal', maybe due to incompatibility in specified attributes, previous=0x00080000, current=0x00080000, expected=0x00880000, ignoring.
Cannot set file attributes for '/var/log/journal/bb90fe6d9d5041d6a6a304afc2d8b44d', maybe due to incompatibility in specified attributes, previous=0x00080000, current=0x00080000, expected=0x00880000, ignoring.
Cannot set file attributes for '/var/log/journal/remote', maybe due to incompatibility in specified attributes, previous=0x00080000, current=0x00080000, expected=0x00880000, ignoring.
Comment 3 Mikhail Novosyolov 2023-06-04 22:17:46 MSK 
Не страшно, не регрессии. Потом как-нибудь уберем.
Ставлю высокий приоритет этому багу, т.к. он исправляет серьезную пробелму-регрессию от обновления KDE.
Comment 4 Vladimir Potapov 2023-06-07 12:05:15 MSK 
******************************************
The update sent to testings
Comment 5 Vladimir Potapov 2023-06-13 12:22:10 MSK 
systemd-249-1.gitfab79a.20
https://abf.io/build_lists/4460271
https://abf.io/build_lists/4460272
https://abf.io/build_lists/4460273
*********************** Advisory *******************
- all upstream fixes of xdg-autostart-generator
- fixed CVE-2021-3997
- fixed CVE-2022-4415
****************************************************
QA Verified