pam_group.so is not evaluated by gnome-terminal

Bug #1762391 reported by mtemp
238
This bug affects 55 people
Affects Status Importance Assigned to Milestone
systemd
Fix Released
Undecided
Unassigned
systemd (Ubuntu)
Fix Released
Medium
Dariusz Gadomski
Xenial
Won't Fix
Undecided
Unassigned
Bionic
Fix Released
Medium
Dariusz Gadomski
Cosmic
Won't Fix
Undecided
Unassigned
Eoan
Fix Released
Medium
Dariusz Gadomski
Focal
Fix Released
Medium
Dariusz Gadomski

Bug Description

[Impact]

pam_setcred call was missing in systemd making its implementation of the PAM protocol incomplete. It could manifest in different ways, but one particularly problematic for enterprise environments was the fact that
processes were never getting group membership they were expected to get via pam_group module.

[Test Case]

 * Add a /etc/security/group.conf entry, e.g.
   *;*;*;Al0000-2400;dialout,users
 * Add pam_group to your PAM stack, e.g. /etc/pam.d/common-auth
 * Login to the system and launch gnome-terminal (it will be launched via gnome-terminal-server launched by systemd --user + dbus).

Expected result:
Logged in user is a member of 'dialout' and 'users' groups.

Actual result:
no group membership gained from pam_group.

[Regression Potential]

 * It introduces a new PAM warning message in some scenarios (e.g. for systemd DynamicUser=1 units) for users that can't authenticate (pam_setcred fails in such case).

 * In certain systems user group membership may be extended by pam_group.

[Other Info]
Original bug description:

We are using Ubuntu in a university network with lots of ldap users. To automatically map ldap users/groups to local groups we are using pam_group.so. This has worked for years.

With the upgrade from Xenial to Bionic /etc/security/group.conf is not evaluated anymore by gnome-terminal as it runs as systemd --user. Xterm, ssh, su, and tty* however do work as expected. Only the default gnome-terminal behaves different.

According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851243 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756458 this might not be a bug, but a feature.

Nevertheless this behavior is very unexpected when upgrading from Xenial to Bionic and therefore should at least added to the changelog.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gnome-terminal 3.28.0-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3
Uname: Linux 4.15.0-10-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu4
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 9 13:17:52 2018
InstallationDate: Installed on 2018-03-29 (11 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180321)
SourcePackage: gnome-terminal
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
mtemp (mtemp) wrote :
Revision history for this message
Chadarius (csutton-chadarius) wrote :

I am also using this feature and all previous versions of Ubuntu worked fine with this configuration. However with Bionic the GDM logins no longer add these local groups. Only no graphical logins like su, sudo, ssh, etc... add the appropriate local groups as per the /etc/security/group.conf.

This is a very important feature for us to be able to use Ubuntu with LDAP authentication in our computer labs for students and professors.

Revision history for this message
Chadarius (csutton-chadarius) wrote :

There is also a Gnome bug for this at https://gitlab.gnome.org/GNOME/gdm/issues/393#

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-terminal (Ubuntu):
status: New → Confirmed
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

According to my tests GDM works as expected - checking groups the user belongs to on different terminal emulators (e.g. xterm) proves that the /etc/security/group.conf groups are correctly applied.

The problem in this case affects gnome-terminal alone (and the problem is present also if using e.g. LightDM instead of GDM).

This is related to the way gnome-terminal-server is started via DBus and executed under systemd --user. It is started under the systemd-user PAM service, so pam_group entry should be added to /etc/pam.d/systemd-user. The problem is systemd will never apply pam_group settings because it does not call pam_setcred.

The issue is reported to systemd along with a PR fixing it:
https://github.com/systemd/systemd/issues/11198

affects: gnome-terminal → systemd
Changed in gnome-terminal (Ubuntu):
status: Confirmed → Invalid
Changed in systemd:
status: Unknown → New
Jeremy Bícha (jbicha)
no longer affects: gnome-terminal (Ubuntu Bionic)
no longer affects: gnome-terminal (Ubuntu Cosmic)
Revision history for this message
Steve Langasek (vorlon) wrote :

pam_group is a historical curiosity. While we should continue to ship it in pam for compatibility with existing configurations, there is no good reason to use it in a new deployment, and we should not consider incompatibility with pam_group to itself be a reason to change the behavior of a pam application.

Static group memberships should be expressed through NSS, not through pam_group, so that the system has a consistent view of the memberships. This includes group memberships at large LDAP installations. You may want to be using sssd for this.

pam_group's support for dynamic group assignments (time-of-day, etc) is inherently flawed, because there is no support for runtime revocation of group membership of Unix processes, and there is no associated service to reap processes with out-of-policy group memberships. pam_group's dynamic group assignments should be considered entirely superseded by logind.

I believe the behavior of calling pam_setcred() from a pam application that has not first called pam_authenticate() is undefined, so I don't think this is a good general solution for applications aside from pam_group.

So I'm closing this bug as wontfix unless a clearer rationale for this change presents itself.

Changed in systemd (Ubuntu Bionic):
status: New → Won't Fix
Changed in systemd (Ubuntu):
status: New → Invalid
status: Invalid → Won't Fix
Changed in systemd (Ubuntu Cosmic):
status: New → Won't Fix
no longer affects: gnome-terminal (Ubuntu Xenial)
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

This issue has been fixed upstream, I believe it makes sense to also have it in Ubuntu.

Changed in systemd (Ubuntu Bionic):
status: Won't Fix → In Progress
Changed in systemd (Ubuntu):
status: Won't Fix → In Progress
assignee: nobody → Dariusz Gadomski (dgadomski)
Changed in systemd (Ubuntu Bionic):
assignee: nobody → Dariusz Gadomski (dgadomski)
Changed in systemd (Ubuntu Eoan):
status: New → In Progress
assignee: nobody → Dariusz Gadomski (dgadomski)
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for Focal (upstream backport).

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Please hold on with uploading until https://github.com/systemd/systemd/issues/14567 is resolved.

no longer affects: gnome-terminal (Ubuntu)
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for focal.

Upstream regression has been resolved and the fix is integrated in the patch.

no longer affects: gnome-terminal (Ubuntu Eoan)
Dan Streetman (ddstreet)
Changed in systemd (Ubuntu Focal):
importance: Undecided → Medium
Changed in systemd (Ubuntu Eoan):
importance: Undecided → Medium
Changed in systemd (Ubuntu Bionic):
importance: Undecided → Medium
description: updated
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for bionic.

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for eoan.

description: updated
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for eoan (patches split)

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for bionic (patches split)

Dan Streetman (ddstreet)
tags: added: sts sts-sponsor-ddstreet
Dan Streetman (ddstreet)
tags: added: ddstreet-next
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.9 KiB)

This bug was fixed in the package systemd - 244.1-0ubuntu2

---------------
systemd (244.1-0ubuntu2) focal; urgency=medium

  [ Dimitri John Ledkov ]
  * shutdown: do not detach autoclear loopback devices
    Author: Dimitri John Ledkov
    File: debian/patches/shutdown-do-not-detach-autoclear-loopback-devices.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3978d34b59e98cdd01836c41a10442967636b8fc

  [ Balint Reczey ]
  * Revert upstream commit breaking IPv4 DHCP in LXC containers in 244.1
    (LP: #1857123)
    File: debian/patches/Revert-network-if-sys-is-rw-then-udev-should-be-around.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=39c12f8e736afd1b7bdeb13ff6bccaea85020873

systemd (244.1-0ubuntu1) focal; urgency=medium

  * New upstream version 244.1
    - network: set ipv6 mtu after link-up or device mtu change (LP: #1671951)
    - & other changes
  * Refresh patches.
    - Dropped changes:
      * d/p/lp-1853852-*: fix issues with muliplexed shmat calls (LP: #1853852)
        Files:
        - debian/patches/lp-1853852-seccomp-fix-multiplexed-system-calls.patch
        - debian/patches/lp-1853852-seccomp-mmap-test-results-depend-on-kernel-libseccom.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=382271662c60c339b0a404c7a1772fe5670516ef
      * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
        set ipv6 mtu at correct time
  * pstore: Don't start systemd-pstore.service in containers.
    Usually it is not useful and can also fail making
    boot-and-services autopkgtest fail. (LP: #1856729)
    File: debian/patches/pstore-Don-t-start-systemd-pstore.service-in-containers.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=28b5a03769cbed9d3170ebac38508b867530a2d6
  * Revert: network: do not drop foreign config if interface is in initialized state.
    This fixes FTBFS with the other network-related reverts.
    File: debian/patches/Revert-network-do-not-drop-foreign-config-if-interface-is.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=22a9fa3bb03ba2a629926af39ea7df81fe33c9b8

systemd (244-3ubuntu5) focal; urgency=medium

  [ Dariusz Gadomski ]
  * d/p/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch,
    d/p/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch,
    d/p/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch,
    d/p/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch,
    d/p/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch,
    d/p/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch:
    - Restore call to pam_setcred (LP: #1762391)

  [ Dan Streetman ]
  * d/t/storage: without scsi_debug, skip test (LP: #1847816)

systemd (244-3ubuntu4) focal; urgency=medium

  * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
    set ipv6 mtu at correct time (LP: #1671951)
  * d/p/0001-network-rename-linux_configure_after_setting_mtu-to-linux.patch,
    d/p/0002-network-add-link-setting_genmode-flag.patc...

Read more...

Changed in systemd (Ubuntu Focal):
status: In Progress → Fix Released
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

systemd in Xenial differs to much to cleanly apply the upstream fix. It would require reimplementing it and may be more risky than useful.

Marking Won't fix.

Changed in systemd (Ubuntu Xenial):
status: New → Won't Fix
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello mtemp, or anyone else affected,

Accepted systemd into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/242-7ubuntu3.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Eoan):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-eoan
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello mtemp, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.34 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/237-3ubuntu10.34)

All autopkgtests for the newly accepted systemd (237-3ubuntu10.34) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

php7.2/7.2.24-0ubuntu0.18.04.2 (armhf)
openssh/1:7.6p1-4ubuntu0.3 (arm64, armhf, ppc64el, amd64, s390x, i386)
dovecot/1:2.2.33.2-1ubuntu4.5 (armhf)
gvfs/1.36.1-0ubuntu1.3.3 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/242-7ubuntu3.3)

All autopkgtests for the newly accepted systemd (242-7ubuntu3.3) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

samba/2:4.10.7+dfsg-0ubuntu2.4 (armhf)
netplan.io/0.98-0ubuntu1 (amd64, ppc64el)
gnome-desktop3/3.34.2-2ubuntu1~19.10.1 (armhf)
systemd/242-7ubuntu3.3 (ppc64el, arm64)
munin/2.0.49-3ubuntu1 (armhf)
bolt/0.8-4 (armhf)
umockdev/0.13.2-1 (armhf)
openssh/1:8.0p1-6build1 (amd64, ppc64el, i386, s390x, arm64, armhf)
linux-oem-osp1/5.0.0-1037.42 (amd64)
multipath-tools/unknown (armhf)
knot-resolver/3.2.1-3 (amd64, ppc64el)
lxc/3.0.4-0ubuntu1 (amd64, ppc64el, i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

I have just verified bionic. With version 237-3ubuntu10.34 after replaying test case from the description I see the groups from /etc/security/group.conf (dialout, users) added:

ubuntu@bionic:~$ groups
ubuntu adm dialout cdrom sudo dip plugdev users lpadmin sambashare vboxsf

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

With identical setup and testcase for eoan I have managed to successfully verify the patch with version 242-7ubuntu3.3:

ubuntu@eoan:~$ groups
ubuntu adm dialout cdrom sudo dip plugdev users lpadmin lxd sambashare
ubuntu@eoan:~$

tags: added: verification-done-eoan
removed: verification-needed-eoan
tags: added: verification-done
removed: verification-needed
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

This SRU needs to be reuploaded, due to security update that trumped this in progress SRU.

Changed in systemd (Ubuntu Bionic):
status: Fix Committed → In Progress
Changed in systemd (Ubuntu Eoan):
status: Fix Committed → In Progress
tags: added: verification-failed verification-failed-bionic verification-failed-eoan
removed: verification-done verification-done-bionic verification-done-eoan
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello mtemp, or anyone else affected,

Accepted systemd into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/242-7ubuntu3.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Eoan):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-eoan
removed: verification-failed verification-failed-eoan
Changed in systemd (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed-bionic
removed: verification-failed-bionic
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello mtemp, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.39 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/237-3ubuntu10.39)

All autopkgtests for the newly accepted systemd (237-3ubuntu10.39) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

php7.2/7.2.24-0ubuntu0.18.04.2 (armhf)
gvfs/1.36.1-0ubuntu1.3.3 (ppc64el)
lxc/3.0.3-0ubuntu1~18.04.1 (amd64)
systemd/237-3ubuntu10.39 (i386)
netplan.io/0.98-0ubuntu1~18.04.1 (i386, amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/242-7ubuntu3.7)

All autopkgtests for the newly accepted systemd (242-7ubuntu3.7) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

remctl/3.15-1build2 (armhf)
systemd-bootchart/unknown (armhf)
netplan.io/0.98-0ubuntu1 (amd64)
systemd/242-7ubuntu3.7 (ppc64el, s390x)
sks/unknown (armhf)
munin/2.0.49-3ubuntu1 (i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

I have repeated verification for eoan (242-7ubuntu3.7) with identical results.

ubuntu@eoan:~$ groups
ubuntu adm dialout cdrom sudo dip plugdev users lpadmin lxd sambashare

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Similarly for bionic using version 237-3ubuntu10.39 verification was also successsful:

ubuntu@bionic:~$ groups
ubuntu adm dialout cdrom sudo dip plugdev users lpadmin sambashare vboxsf

tags: added: verification-done verification-done-bionic verification-done-eoan
removed: verification-needed verification-needed-bionic verification-needed-eoan
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for systemd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 242-7ubuntu3.7

---------------
systemd (242-7ubuntu3.7) eoan; urgency=medium

  [ Dariusz Gadomski ]
  * d/p/lp1762391/0001-Call-getgroups-to-know-size-of-supplementary-groups-.patch,
    d/p/lp1762391/0002-user-util-tweak-to-in_gid.patch,
    d/p/lp1762391/0003-user-util-Add-helper-functions-for-gid-lists-operati.patch,
    d/p/lp1762391/0004-execute-Restore-call-to-pam_setcred.patch,
    d/p/lp1762391/0005-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch,
    d/p/lp1762391/0006-test-Add-tests-for-gid-list-ops.patch,
    d/p/lp1762391/0007-execute-add-const-to-array-parameters-where-possible.patch,
    d/p/lp1762391/0008-execute-allow-pam_setcred-to-fail-ignore-errors.patch:
    - Restore call to pam_setcred (LP: #1762391)

  * d/p/lp1846232/0001-network-honor-MTUBytes-setting.patch,
    d/p/lp1846232/0002-network-bump-MTU-bytes-only-when-MTUByte-is-not-set.patch:
    - do not always bump MTU with additional 4bytes (LP: #1846232)
  * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
    - set ipv6 mtu at correct time (LP: #1671951)
  * d/p/lp1845909/0001-network-rename-linux_configure_after_setting_mtu-to-linux.patch,
    d/p/lp1845909/0002-network-add-link-setting_genmode-flag.patch,
    d/p/lp1845909/0003-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch,
    d/p/lp1845909/0004-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch,
    d/p/lp1845909/0005-network-drop-IPv6LL-address-when-LinkLocalAddressing.patch:
    - drop foreign config and raise interface after setting genmode
      (LP: #1845909)
  * d/t/storage: without scsi_debug, skip test (LP: #1847816)

 -- Dan Streetman <email address hidden> Thu, 06 Feb 2020 09:45:57 -0500

Changed in systemd (Ubuntu Eoan):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 237-3ubuntu10.39

---------------
systemd (237-3ubuntu10.39) bionic; urgency=medium

  [ Dariusz Gadomski ]
  * d/p/lp1762391/0001-Call-getgroups-to-know-size-of-supplementary-groups-.patch,
    d/p/lp1762391/0002-user-util-tweak-to-in_gid.patch,
    d/p/lp1762391/0003-user-util-Add-helper-functions-for-gid-lists-operati.patch,
    d/p/lp1762391/0004-execute-Restore-call-to-pam_setcred.patch,
    d/p/lp1762391/0005-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch,
    d/p/lp1762391/0006-test-Add-tests-for-gid-list-ops.patch,
    d/p/lp1762391/0007-execute-add-const-to-array-parameters-where-possible.patch,
    d/p/lp1762391/0008-execute-allow-pam_setcred-to-fail-ignore-errors.patch:
    - Restore call to pam_setcred (LP: #1762391)

  [ Ioanna Alifieraki ]
  * d/p/lp1860548/0001-Revert-Replace-use-of-snprintf-with-xsprintf.patch,
    d/p/lp1860548/0002-job-truncate-unit-description.patch:
    - use snprintf instead of xsprintf (LP: #1860548)

  [ Dan Streetman ]
  * d/p/lp1833193-network-update-address-when-static-address-was-alrea.patch:
    - Update lft when static addr was cfg by dhcp (LP: #1833193)
  * d/p/lp1849261/0001-core-when-we-can-t-enqueue-OnFailure-job-show-full-e.patch,
    d/p/lp1849261/0002-core-don-t-trigger-OnFailure-deps-when-a-unit-is-goi.patch:
    - Only trigger OnFailure= if Restart= is not in effect (LP: #1849261)
  * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
    - set ipv6 mtu at correct time (LP: #1671951)
  * d/p/lp1845909/0001-networkd-honour-LinkLocalAddressing.patch,
    d/p/lp1845909/0002-networkd-fix-link_up-12505.patch,
    d/p/lp1845909/0003-network-do-not-send-ipv6-token-to-kernel.patch,
    d/p/lp1845909/0004-network-rename-linux_configure_after_setting_mtu-to-linux.patch,
    d/p/lp1845909/0005-network-add-link-setting_genmode-flag.patch,
    d/p/lp1845909/0006-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch,
    d/p/lp1845909/0007-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch,
    d/p/lp1845909/0008-network-drop-IPv6LL-address-when-LinkLocalAddressing.patch:
    - if LinkLocalAddressing=no prevent creation of ipv6ll (LP: #1845909)
  * d/p/lp1859862-network-Do-not-disable-IPv6-by-writing-to-sysctl.patch:
    - enable ipv6 when needed (LP: #1859862)
  * d/p/lp1836695-networkd-Add-back-static-routes-after-DHCPv4-lease-e.patch:
    - (re)add static routes after getting dhcp4 addr (LP: #1836695)
  * d/t/storage:
    - fix buggy test (LP: #1831459)
    - without scsi_debug, skip test (LP: #1847816)

 -- Dan Streetman <email address hidden> Thu, 06 Feb 2020 10:00:49 -0500

Changed in systemd (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Dan Streetman (ddstreet) wrote :

upstream systemd issue is https://github.com/systemd/systemd/issues/11198
As launchpad was failing to sync the status of the upstream issue, I just marked it manually as fix released.

Changed in systemd:
importance: Unknown → Undecided
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.