NEWS

@@ -86,33 +86,6 @@ CHANGES WITH 247 in spe:
           this is not caused by systemd/udev changes, but result of a kernel
           behaviour change.
 
-        * UPCOMING INCOMPATIBILITY: So far most downstream distribution
-          packages have not retriggered devices once the udev package (or any
-          auxiliary package installing additional udev rules) is updated. We
-          intend to work with major distributions to change this, so that
-          "udevadm trigger -a change" is issued on such upgrades, ensuring that
-          the updated ruleset is applied to the devices already discovered, so
-          that (asynchronously) after the upgrade completed the udev database
-          is consistent with the updated rule set. This means udev rules must
-          be ready to be retriggered with a "change" action any time, and
-          result in correct and complete udev database entries. While the
-          majority of udev rule files known to us currently get this right,
-          some don't. Specifically, there are udev rules files included in
-          various packages that only set udev properties on the "add" action,
-          but do not handle the "change" action. If a device matching those
-          rules is retriggered with the "change" action (as is intended here)
-          it would suddenly lose the relevant properties. This always has been
-          a problematic, but as soon as all udev devices are triggered on
-          relevant package upgrades this will become particularly so. It is
-          strongly recommended to fix offending rules so that they can handle a
-          "change" action at any time, and acquire all necessary udev
-          properties even then. Or in other words: the header guard mentioned
-          above (ACTION=="remove",GOTO="xyz_end") is the correct approach to
-          handle this, as it makes sure rules are rerun on "change" correctly,
-          and acccumulate the correct and complete set of udev properties. udev
-          rule definitions that cannot handle "change" events being triggered
-          at arbitrary times should be considered buggy.
-
         * The MountAPIVFS= service file setting now defaults to on if
           RootImage= and RootDirectory= are used, which means that with those
           two settings /proc/, /sys/ and /dev/ are automatically properly set
@@ -646,11 +619,6 @@ CHANGES WITH 247 in spe:
           placed in app.slice. The plan is to add resource limits and
           protections for the different slices in the future.
 
-        * New GPT partition types for RISCV32/64 for the root and /usr
-          partitions, and their associated Verity partitions have been defined,
-          and are now understood by systemd-gpt-auto-generator, and the OS
-          image dissection logic.
-
         Contributions from: Adolfo Jayme Barrientos, afg, Alec Moskvin, Alyssa
         Ross, Amitanand Chikorde, Andrew Hangsleben, Anita Zhang, Ansgar
         Burchardt, Arian van Putten, Aurelien Jarno, Axel Rasmussen, bauen1,

man/systemd.link.xml

@@ -273,21 +273,18 @@
             <varlistentry>
               <term><option>none</option></term>
               <listitem>
-                <para>Keeps the MAC address assigned by the kernel. Or use the MAC address specified in
-                <varname>MACAddress=</varname>.</para>
+                <para>Keeps the MAC address assigned by the kernel.</para>
               </listitem>
             </varlistentry>
           </variablelist>
-
-          <para>An empty string assignment is equivalent to setting <literal>none</literal>.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term><varname>MACAddress=</varname></term>
         <listitem>
-          <para>The interface MAC address to use. For this setting to take effect,
-          <varname>MACAddressPolicy=</varname> must either be unset, empty, or <literal>none</literal>.
-          </para>
+          <para>The MAC address to use, if no
+          <varname>MACAddressPolicy=</varname>
+          is specified.</para>
         </listitem>
       </varlistentry>
       <varlistentry>

src/home/pam_systemd_home.c

@@ -625,15 +625,6 @@ static int acquire_home(
                 do_auth = true;
         }
 
-        /* Later PAM modules may need the auth token, but only during pam_authenticate. */
-        if (please_authenticate && !strv_isempty(secret->password)) {
-                r = pam_set_item(handle, PAM_AUTHTOK, *secret->password);
-                if (r < 0) {
-                        pam_syslog(handle, LOG_ERR, "Failed to set PAM auth token: %s", pam_strerror(handle, r));
-                        return r;
-                }
-        }
-
         r = pam_set_data(handle, fd_field, FD_TO_PTR(acquired_fd), cleanup_home_fd);
         if (r < 0) {
                 pam_syslog(handle, LOG_ERR, "Failed to set PAM bus data: %s", pam_strerror(handle, r));

src/udev/net/link-config.c

@@ -181,13 +181,6 @@ int link_load_one(link_config_ctx *ctx, const char *filename) {
                 return 0;
         }
 
-        if (IN_SET(link->mac_address_policy, MAC_ADDRESS_POLICY_PERSISTENT, MAC_ADDRESS_POLICY_RANDOM) && link->mac) {
-                log_warning("%s: MACAddress= in [Link] section will be ignored when MACAddressPolicy= "
-                            "is set to \"persistent\" or \"random\".",
-                            filename);
-                link->mac = mfree(link->mac);
-        }
-
         log_debug("Parsed configuration file %s", filename);
 
         LIST_PREPEND(links, ctx->links, TAKE_PTR(link));
@@ -675,11 +668,7 @@ static const char* const mac_address_policy_table[_MAC_ADDRESS_POLICY_MAX] = {
 };
 
 DEFINE_STRING_TABLE_LOOKUP(mac_address_policy, MACAddressPolicy);
-DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(
-        config_parse_mac_address_policy,
-        mac_address_policy,
-        MACAddressPolicy,
-        MAC_ADDRESS_POLICY_NONE,
+DEFINE_CONFIG_PARSE_ENUM(config_parse_mac_address_policy, mac_address_policy, MACAddressPolicy,
                          "Failed to parse MAC address policy");
 
 static const char* const name_policy_table[_NAMEPOLICY_MAX] = {

test/test-functions

@@ -1058,9 +1058,7 @@ install_pam() {
     else
         find /lib*/security -xtype f
     fi
-    for d in /etc/pam.d /etc/security /usr/lib/pam.d; do
-        [ -d "$d" ] && find $d -xtype f
-    done
+    find /etc/pam.d /etc/security -xtype f
     ) | while read file; do
         inst $file
     done
@@ -1069,6 +1067,9 @@ install_pam() {
     # see http://www.linux-pam.org/Linux-PAM-html/sag-pam_unix.html
     dracut_install -o unix_chkpwd
 
+    [[ "$LOOKS_LIKE_DEBIAN" ]] &&
+        cp /etc/pam.d/systemd-user $initdir/etc/pam.d/
+
     # set empty root password for easy debugging
     sed -i 's/^root:x:/root::/' $initdir/etc/passwd
 }