diff -Nru systemd-245.4/debian/changelog systemd-245.4/debian/changelog --- systemd-245.4/debian/changelog 2023-03-02 12:58:02.000000000 +0000 +++ systemd-245.4/debian/changelog 2023-03-15 15:04:15.000000000 +0000 @@ -1,3 +1,23 @@ +systemd (245.4-4ubuntu3.21) focal; urgency=medium + + * udev: avoid NIC renaming race with kernel (LP: #2002445) + Files: + - debian/patches/lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch + - debian/patches/lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch + - debian/patches/lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch + - debian/patches/lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch + - debian/patches/lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=69ab4a02e828e20ea0ddbd75179324df7a8d1175 + * test-seccomp: accept ENOSYS from sysctl(2) too (LP: #1933090) + Thanks to Roxana Nicolescu + File: debian/patches/lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=adaddd1441370ebcdb8bc33d7406b95d85b744f9 + * debian/test: ignore systemd-remount-fs.service failure in containers (LP: #1991285) + File: debian/tests/boot-and-services + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=264bdc86f1e4dcd10e8d914d095581c54c33199a + + -- Nick Rosbrook Wed, 15 Mar 2023 11:04:15 -0400 + systemd (245.4-4ubuntu3.20) focal-security; urgency=medium * SECURITY UPDATE: buffer overrun vulnerability in format_timespan() diff -Nru systemd-245.4/debian/patches/lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch systemd-245.4/debian/patches/lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch --- systemd-245.4/debian/patches/lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch 2023-03-15 15:04:15.000000000 +0000 @@ -0,0 +1,25 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Tue, 22 Sep 2020 19:05:17 +0200 +Subject: test-seccomp: accept ENOSYS from sysctl(2) too + +Origin: upstream, https://github.com/systemd/systemd/commit/0af05e485a3a88f454c714901eb6109307dc893e +Bug-Ubuntu: https://launchpad.net/bugs/1933090 + +It seems that kernel 5.9 started returning that. +--- + src/test/test-seccomp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c +index 22953a2..9c37655 100644 +--- a/src/test/test-seccomp.c ++++ b/src/test/test-seccomp.c +@@ -308,7 +308,7 @@ static void test_protect_sysctl(void) { + if (pid == 0) { + #if defined __NR__sysctl && __NR__sysctl >= 0 + assert_se(syscall(__NR__sysctl, NULL) < 0); +- assert_se(errno == EFAULT); ++ assert_se(IN_SET(errno, EFAULT, ENOSYS)); + #endif + + assert_se(seccomp_protect_sysctl() >= 0); diff -Nru systemd-245.4/debian/patches/lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch systemd-245.4/debian/patches/lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch --- systemd-245.4/debian/patches/lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch 2023-03-15 15:04:15.000000000 +0000 @@ -0,0 +1,50 @@ +From: Yu Watanabe +Date: Fri, 17 Jul 2020 21:31:24 +0900 +Subject: netlink: do not fail when new interface name is already used as an + alternative name + +Origin: upstream, https://github.com/systemd/systemd/commit/434a34838034347f45fb9a47df55b1a36e5addfd +Bug-Ubuntu: https://launchpad.net/bugs/2002445 + +When renaming a network interface, the new name may be used as an +alternative name. In that case, let's swap the current name and the +alternative name. That is, first drop the new name from the list of +alternative names, then rename the interface, finally set the old name +as an alternative name. + +(partial backport with 080afbb57c4b2d592c5cf77ab10c6e0be74f0732 amended) +--- + src/libsystemd/sd-netlink/netlink-util.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c +index 83f2a9b..7e3ec53 100644 +--- a/src/libsystemd/sd-netlink/netlink-util.c ++++ b/src/libsystemd/sd-netlink/netlink-util.c +@@ -9,6 +9,7 @@ + + int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { + _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL; ++ _cleanup_strv_free_ char **alternative_names = NULL; + int r; + + assert(rtnl); +@@ -24,6 +25,18 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { + return r; + } + ++ r = rtnl_get_link_alternative_names(rtnl, ifindex, &alternative_names); ++ if (r < 0) ++ log_debug_errno(r, "Failed to get alternative names on network interface %i, ignoring: %m", ++ ifindex); ++ ++ if (strv_contains(alternative_names, name)) { ++ r = rtnl_delete_link_alternative_names(rtnl, ifindex, STRV_MAKE(name)); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to remove '%s' from alternative names on network interface %i: %m", ++ name, ifindex); ++ } ++ + r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex); + if (r < 0) + return r; diff -Nru systemd-245.4/debian/patches/lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch systemd-245.4/debian/patches/lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch --- systemd-245.4/debian/patches/lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch 2023-03-15 15:04:15.000000000 +0000 @@ -0,0 +1,102 @@ +From: Yu Watanabe +Date: Fri, 17 Jul 2020 21:29:13 +0900 +Subject: netlink: introduce rtnl_get/delete_link_alternative_names() + +Origin: upstream, https://github.com/systemd/systemd/commit/14982526145de84201c7e3b4fc6be6aa5e9a08f7 +Bug-Ubuntu: https://launchpad.net/bugs/2002445 + +--- + src/libsystemd/sd-netlink/netlink-util.c | 45 ++++++++++++++++++++++++++++++-- + src/libsystemd/sd-netlink/netlink-util.h | 2 ++ + 2 files changed, 45 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c +index 7387cff..83f2a9b 100644 +--- a/src/libsystemd/sd-netlink/netlink-util.c ++++ b/src/libsystemd/sd-netlink/netlink-util.c +@@ -85,12 +85,45 @@ int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, + return 0; + } + +-int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) { ++int rtnl_get_link_alternative_names(sd_netlink **rtnl, int ifindex, char ***ret) { ++ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL; ++ _cleanup_strv_free_ char **names = NULL; ++ int r; ++ ++ assert(rtnl); ++ assert(ifindex > 0); ++ assert(ret); ++ ++ if (!*rtnl) { ++ r = sd_netlink_open(rtnl); ++ if (r < 0) ++ return r; ++ } ++ ++ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_GETLINK, ifindex); ++ if (r < 0) ++ return r; ++ ++ r = sd_netlink_call(*rtnl, message, 0, &reply); ++ if (r < 0) ++ return r; ++ ++ r = sd_netlink_message_read_strv(reply, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &names); ++ if (r < 0 && r != -ENODATA) ++ return r; ++ ++ *ret = TAKE_PTR(names); ++ ++ return 0; ++} ++ ++static int rtnl_update_link_alternative_names(sd_netlink **rtnl, uint16_t nlmsg_type, int ifindex, char * const *alternative_names) { + _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL; + int r; + + assert(rtnl); + assert(ifindex > 0); ++ assert(IN_SET(nlmsg_type, RTM_NEWLINKPROP, RTM_DELLINKPROP)); + + if (strv_isempty(alternative_names)) + return 0; +@@ -101,7 +134,7 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const + return r; + } + +- r = sd_rtnl_message_new_link(*rtnl, &message, RTM_NEWLINKPROP, ifindex); ++ r = sd_rtnl_message_new_link(*rtnl, &message, nlmsg_type, ifindex); + if (r < 0) + return r; + +@@ -124,6 +157,14 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const + return 0; + } + ++int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) { ++ return rtnl_update_link_alternative_names(rtnl, RTM_NEWLINKPROP, ifindex, alternative_names); ++} ++ ++int rtnl_delete_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) { ++ return rtnl_update_link_alternative_names(rtnl, RTM_DELLINKPROP, ifindex, alternative_names); ++} ++ + int rtnl_set_link_alternative_names_by_ifname(sd_netlink **rtnl, const char *ifname, char * const *alternative_names) { + _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL; + int r; +diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h +index d2d8334..33f36ec 100644 +--- a/src/libsystemd/sd-netlink/netlink-util.h ++++ b/src/libsystemd/sd-netlink/netlink-util.h +@@ -49,8 +49,10 @@ static inline bool rtnl_message_type_is_qdisc(uint16_t type) { + + int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name); + int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu); ++int rtnl_get_link_alternative_names(sd_netlink **rtnl, int ifindex, char ***ret); + int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names); + int rtnl_set_link_alternative_names_by_ifname(sd_netlink **rtnl, const char *ifname, char * const *alternative_names); ++int rtnl_delete_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names); + int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name); + int rtnl_get_link_iftype(sd_netlink **rtnl, int ifindex, unsigned short *ret); + diff -Nru systemd-245.4/debian/patches/lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch systemd-245.4/debian/patches/lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch --- systemd-245.4/debian/patches/lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch 2023-03-15 15:04:15.000000000 +0000 @@ -0,0 +1,64 @@ +From: Nick Rosbrook +Date: Wed, 2 Nov 2022 05:36:14 -0400 +Subject: sd-netlink: restore altname on error in rtnl_set_link_name + +Origin: upstream, https://github.com/systemd/systemd/commit/4d600667f8 +Bug-Ubuntu: https://launchpad.net/bugs/2002445 + +If a current alternative name is to be used to rename a network +interface, the alternative name must be removed first. If interface +renaming fails, restore the alternative name that was deleted if +necessary. +--- + src/libsystemd/sd-netlink/netlink-util.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c +index 502ea41..828203b 100644 +--- a/src/libsystemd/sd-netlink/netlink-util.c ++++ b/src/libsystemd/sd-netlink/netlink-util.c +@@ -10,6 +10,7 @@ + int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { + _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL; + _cleanup_strv_free_ char **alternative_names = NULL; ++ bool altname_deleted = false; + int r; + + assert(rtnl); +@@ -29,21 +30,33 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { + if (r < 0) + return log_debug_errno(r, "Failed to remove '%s' from alternative names on network interface %i: %m", + name, ifindex); ++ ++ altname_deleted = true; + } + + r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex); + if (r < 0) +- return r; ++ goto fail; + + r = sd_netlink_message_append_string(message, IFLA_IFNAME, name); + if (r < 0) +- return r; ++ goto fail; + + r = sd_netlink_call(*rtnl, message, 0, NULL); + if (r < 0) +- return r; ++ goto fail; + + return 0; ++ ++fail: ++ if (altname_deleted) { ++ int q = rtnl_set_link_alternative_names(rtnl, ifindex, STRV_MAKE(name)); ++ if (q < 0) ++ log_debug_errno(q, "Failed to restore '%s' as an alternative name on network interface %i, ignoring: %m", ++ name, ifindex); ++ } ++ ++ return r; + } + + int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, diff -Nru systemd-245.4/debian/patches/lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch systemd-245.4/debian/patches/lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch --- systemd-245.4/debian/patches/lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch 2023-03-15 15:04:15.000000000 +0000 @@ -0,0 +1,38 @@ +From: Nick Rosbrook +Date: Tue, 14 Feb 2023 15:56:38 -0500 +Subject: udev: attempt device rename even if interface is up + +Origin: upstream, https://github.com/systemd/systemd/commit/53584e7b61 +Bug-Ubuntu: https://launchpad.net/bugs/2002445 + +Currently rename_netif() will not attempt to rename a device if it is +already up, because the kernel will return -EBUSY unless live renaming +is allowed on the device. This restriction will be removed in a future +kernel version [1]. + +To cover both cases, always attempt to rename the interface and return 0 +if we get -EBUSY. + +[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=bd039b5ea2a9 + +(modified to apply to v245.4) +--- + src/udev/udev-event.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index eb51139..dae485b 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -835,6 +835,11 @@ static int rename_netif(UdevEvent *event) { + return log_device_error_errno(dev, r, "Failed to get ifindex: %m"); + + r = rtnl_set_link_name(&event->rtnl, ifindex, event->name); ++ if (r == -EBUSY) { ++ log_device_info(dev, "Network interface '%s' is already up, cannot rename to '%s'.", ++ oldname, event->name); ++ return 0; ++ } + if (r < 0) + return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", + ifindex, oldname, event->name); diff -Nru systemd-245.4/debian/patches/lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch systemd-245.4/debian/patches/lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch --- systemd-245.4/debian/patches/lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch 2023-03-15 15:04:15.000000000 +0000 @@ -0,0 +1,36 @@ +From: Nick Rosbrook +Date: Wed, 2 Nov 2022 11:05:01 -0400 +Subject: udev/net: allow new link name as an altname before renaming happens + +Origin: upstream, https://github.com/systemd/systemd/commit/d0b31efc1a +Bug-Ubuntu: https://launchpad.net/bugs/2002445 + +When configuring a link's alternative names, the link's new name to-be +is not allowed to be included because interface renaming will fail if +the new name is already present as an alternative name. However, +rtnl_set_link_name will delete the conflicting alternative name before +renaming the device, if necessary. + +Allow the new link name to be set as an alternative name before the +device is renamed. This means that if the rename is later skipped (i.e. +because the link is already up), then the name can at least still be +present as an alternative name. + +(modified to apply to v245.5) +--- + src/udev/net/link-config.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c +index 4d08bce..26c4a02 100644 +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -536,8 +536,6 @@ int link_config_apply(link_config_ctx *ctx, link_config *config, + } + } + +- if (new_name) +- strv_remove(altnames, new_name); + strv_remove(altnames, old_name); + strv_uniq(altnames); + strv_sort(altnames); diff -Nru systemd-245.4/debian/patches/series systemd-245.4/debian/patches/series --- systemd-245.4/debian/patches/series 2023-02-21 09:55:19.000000000 +0000 +++ systemd-245.4/debian/patches/series 2023-03-15 15:04:15.000000000 +0000 @@ -187,3 +187,9 @@ lp1945225/0004-Add-remaining-supported-schemes-as-options-for-defau.patch CVE-2022-3821.patch CVE-2022-4415.patch +lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch +lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch +lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch +lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch +lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch +lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch diff -Nru systemd-245.4/debian/tests/boot-and-services systemd-245.4/debian/tests/boot-and-services --- systemd-245.4/debian/tests/boot-and-services 2022-09-06 09:32:07.000000000 +0000 +++ systemd-245.4/debian/tests/boot-and-services 2023-03-15 15:04:15.000000000 +0000 @@ -59,6 +59,8 @@ # https://bugs.debian.org/926138 if is_container: failed = [f for f in failed if 'e2scrub_reap.service' not in f] + # LP: #1991285 + failed = [f for f in failed if 'systemd-remount-fs.service' not in f] if failed: for f in failed: f = f.split()[0]