I ran this command to verify that the changes on top of the latest
security update are the same as the original update that was superseeded
by security, and they are:
$ git range-diff pkg/import/255.4-1ubuntu8.6..pkg/import/255.4-1ubuntu8.7
pkg/import/255.4-1ubuntu8.8..queue/noble/unapproved/8ec281feb7
1: cdc393f953 ! 1: 8ec281feb7 255.4-1ubuntu8.7 (patches unapplied)
@@ Metadata
Author: Chengen Du <chengen...@canonical.com>
## Commit message ##
- 255.4-1ubuntu8.7 (patches unapplied)
-
- Imported using git-ubuntu import.
-
-
- ## Notes (changelog) ##
- * Preserve IPv6 configurations when `KeepConfiguration=dhcp-on-stop`
is set
- (LP: #2098183)
- - d/p/lp2098183/0001-network-use-json_variant_append_arrayb.patch
- -
d/p/lp2098183/0002-json-add-new-dispatch-flag-JSON_ALLOW_EXTENSIONS.patch
- -
d/p/lp2098183/0003-json-add-macro-for-automatically-defining-a-dispatch.patch
- -
d/p/lp2098183/0004-json-introduce-json_dispatch_byte_array_iovec-and-js.patch
- -
d/p/lp2098183/0005-json-introduce-json_dispatch_int8-and-json_dispatch_.patch
- -
d/p/lp2098183/0006-json-extend-JsonDispatch-flags-with-nullable-and-ref.patch
- -
d/p/lp2098183/0007-json-util-generalize-json_dispatch_ifindex.patch
- - d/p/lp2098183/0008-daemon-util-expose-notify_push_fd.patch
- -
d/p/lp2098183/0009-network-json-add-missing-entries-for-route-propertie.patch
- -
d/p/lp2098183/0010-network-introduce-network_config_source_from_string.patch
- -
d/p/lp2098183/0011-network-expose-log_route_debug-and-log_address_debug.patch
- -
d/p/lp2098183/0012-network-introduce-manager_serialize-deserialize.patch
- -
d/p/lp2098183/0013-network-keep-all-dynamically-acquired-configurations.patch
+ Queue import
## debian/changelog ##
@@
-+systemd (255.4-1ubuntu8.7) noble; urgency=medium
++systemd (255.4-1ubuntu8.9) noble; urgency=medium
+
+ * Preserve IPv6 configurations when `KeepConfiguration=dhcp-on-stop` is
set
+ (LP: #2098183)
@@ debian/changelog
+ -
d/p/lp2098183/0012-network-introduce-manager_serialize-deserialize.patch
+ -
d/p/lp2098183/0013-network-keep-all-dynamically-acquired-configurations.patch
+
-+ -- Chengen Du <chengen...@canonical.com> Thu, 13 Mar 2025 13:30:42 +0000
++ -- Chengen Du <chengen...@canonical.com> Mon, 09 Jun 2025 13:44:06 -0400
+
- systemd (255.4-1ubuntu8.6) noble; urgency=medium
+ systemd (255.4-1ubuntu8.8) noble-security; urgency=medium
- * stub: add magic cmdline option to force EFI handover
+ * SECURITY UPDATE: race condition in systemd-coredump
##
debian/patches/lp2098183/0001-network-use-json_variant_append_arrayb.patch
(new) ##
@@
@@ -351,28 +369,10 @@ int link_stop_engines(Link *link, bool m
+ r = log_link_warning_errno(link, k, "Could not stop IPv6
Router Advertisement: %m");
## debian/patches/series ##
-@@ debian/patches/series:
lp2055239-core-dbus-manager-mark-unit-file-state-as-outdated-only-i.patch
- lp2077779-udev-Handle-PTP-device-symlink-properly-on-udev-action-ch.patch
- lp2081192-core-exec-invoke-Fix-missing-arguments-for-PR_SET_MEMORY_.patch
- stub-add-magic-cmdline-option-to-force-EFI-handover.patch
+@@ debian/patches/series: CVE_2025_4598_1.patch
+ CVE_2025_4598_2.patch
+ CVE_2025_4598_3.patch
+ CVE_2025_4598_4.patch
+lp2098183/0001-network-use-json_variant_append_arrayb.patch
+lp2098183/0002-json-add-new-dispatch-flag-JSON_ALLOW_EXTENSIONS.patch
+lp2098183/0003-json-add-macro-for-automatically-defining-a-dispatch.patch
** Changed in: systemd (Ubuntu Noble)
Status: In Progress => Fix Committed
** Tags removed: verification-done verification-done-noble
** Tags added: verification-needed verification-needed-noble
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2098183
Title:
Preserve IPv6 configurations when `KeepConfiguration=dhcp-on-stop` is
set
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Focal:
Won't Fix
Status in systemd source package in Jammy:
Won't Fix
Status in systemd source package in Noble:
Fix Committed
Status in systemd source package in Oracular:
Won't Fix
Status in systemd source package in Plucky:
Fix Released
Bug description:
[Impact]
The IPv6 configuration is being cleared even though `KeepConfiguration` is
set to `yes`, causing the iSCSI backend system to hang during shutdown.
[Fix]
Systemd upstream has addressed this issue.
https://github.com/systemd/systemd/pull/34989
[Test Plan]
<Verify the functionality of KeepConfiguration in preserving IPv6
configurations>
1. Set up a machine with an iSCSI backend in an IPv6-only environment.
2. Configure the `KeepConfiguration` option for each network device
individually using drop-in configuration files (e.g.,
`/etc/systemd/network/*.network.d/*.conf`) or set the `"critical"` option to
`true` in the Netplan configuration.
3. Power off the machine and verify that the system does not hang.
<Verify the serialization and deserialization functionality in the
systemd-networkd service>
1. Enable debugging for systemd-networkd
> mkdir -p /etc/systemd/system/systemd-networkd.service.d/
> vim /etc/systemd/system/systemd-networkd.service.d/10-debug.conf
===
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
===
systemctl daemon-reload
2. Restart the systemd-networkd service twice using the `systemctl restart
systemd-networkd` command.
3. Confirm that serialization and deserialization are functioning correctly
by checking `/var/log/syslog`
2025-03-13T00:35:01.540134+00:00 oracular systemd-networkd[2998]:
Serializing...
2025-03-13T00:35:01.540165+00:00 oracular systemd-networkd[2998]: enp0s9:
Serializing DHCPv4 address (configured): 10.0.2.100/24 broadcast 10.0.2.255
(valid forever, preferred forever), flags: permanent, scope: global, label: n/a
2025-03-13T00:35:01.540193+00:00 oracular systemd-networkd[2998]: enp0s9:
Serializing DHCPv6 address (configured):
2603:c020:4016:8201:48ee:6b22:d3e4:2e8/128 (valid for 1d 56min 49s, preferred
for 23h 56min 49s), flags: no-prefixroute, scope: global
2025-03-13T00:35:01.540218+00:00 oracular systemd-networkd[2998]:
Serialization completed.
...
2025-03-13T00:35:01.596591+00:00 oracular systemd-networkd[3029]:
Deserializing...
2025-03-13T00:35:01.596612+00:00 oracular systemd-networkd[3029]: enp0s9:
Deserialized DHCPv4 address (configured): 10.0.2.100/24 broadcast 10.0.2.255
(valid forever, preferred forever), flags: permanent, scope: global, label: n/a
2025-03-13T00:35:01.596635+00:00 oracular systemd-networkd[3029]: enp0s9:
Deserialized DHCPv6 address (configured):
2603:c020:4016:8201:48ee:6b22:d3e4:2e8/128 (valid for 1d 56min 49s, preferred
for 23h 56min 49s), flags: no-prefixroute, scope: global
2025-03-13T00:35:01.596662+00:00 oracular systemd-networkd[3029]:
Deserialization completed.
<Verify that the IP address is removed when KeepConfiguration=no is set>
1. Check the name of the current network configuration file:
> ls /run/systemd/network/
10-netplan-enp0s9.link 10-netplan-enp0s9.network
2. Create a drop-in directory and override the KeepConfiguration setting:
> mkdir -p /etc/systemd/network/10-netplan-enp0s9.network.d
> vim
/etc/systemd/network/10-netplan-enp0s9.network.d/10-netplan-enp0s9.network.conf
===
[Network]
KeepConfiguration=no
===
3. Restart the systemd-networkd service to apply the changes:
> systemctl restart systemd-networkd
4. Stop the systemd-networkd service and verify the IP address is dropped:
> systemctl stop systemd-networkd
> ip a
[Where problems could occur]
The patches introduce network serialization and deserialization behavior,
ensuring that DHCPv6 addresses are preserved when `KeepConfiguration=yes` is
set. If any regressions occur, error messages may appear when restarting
`systemd-networkd`, but they will be ignored. Both IPv4/IPv6 configuration and
the IPv6 connection may be affected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2098183/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
