When testing fix for bug #2222672 (CVE-2023-7008), I have found package upgrade does not ensure systemd-resolved.service is restarted after package update. That is done by scriptlets such as: %postun %systemd_postun_with_restart %{name}.service It is surprising systemd maintainers themselves have it missing. I have used scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=110707583 From branch: https://src.fedoraproject.org/fork/pemensik/rpms/systemd/tree/CVE-2023-7008 Reproducible: Always Steps to Reproduce: 1. Create build modifying behaviour, such as CVE-2023-7008 fix 2. Install systemd-resolved update 3. Test behaviour on running daemon, whether its behaviour has changed. 4. systemctl restart systemd-resolved 5. Recheck behaviour and ensure it is the same. Actual Results: Reported nothing has changed: https://github.com/systemd/systemd/pull/30549#issuecomment-1868013733 Because package lacks restart, no behaviour has changed. But not because it was unfixed, but because my machine were not running updated version yet. Expected Results: Package contains appropriate scriptlets for all actions and behaviour changes immediately after update package transaction. Should not require manual restart afterwards. I have found: %preun resolved %post resolved # contains %systemd_post systemd-resolved.service %posttrans resolved I am missing: %systemd_preun %systemd_postun_with_restart Whose I have in all my DNS caches, where such updates work better.
systemd-resolved package is missing, what is described on: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_scriptlets
FEDORA-2024-eb62cd6a19 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-eb62cd6a19
FEDORA-2024-eb62cd6a19 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.