[v247] backport routing policy rule fix

The attachment "96.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

I'm able to reproduce this on hirsute, but not groovy, so this seems to affect only hirsute; please correct me if that's wrong.

Due to the rather large size of the patch to fix this, and the very low impact (only 'networkctl reload' doesn't work, normal systemd-networkd startup works), I think it's unlikely this will make it into hirsute before its EOL.

However I'll leave it open for now.

> I'm able to reproduce this on hirsute, but not groovy, so this seems to affect only hirsute; please correct me if that's wrong.
That’s correct.

> only 'networkctl reload' doesn't work, normal systemd-networkd startup works
`systemctl restart systemd-networkd` doesn’t work either.

I have this queued up for hirsute, with a test build here:
https://launchpad.net/~ddstreet/+archive/ubuntu/systemd

it seems to fix the issue for me, please let me know if it doesn't work for you, I plan to upload systemd either this week or early next week

Hello Zhang, or anyone else affected,

Accepted systemd into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/247.3-3ubuntu3.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted systemd (247.3-3ubuntu3.2) for hirsute have finished running.
The following regressions have been reported in tests triggered by the package:

umockdev/0.15.4-1 (armhf)
initramfs-tools/0.139ubuntu3 (amd64)
apt/2.2.4ubuntu0.1 (armhf)
netplan.io/0.102-0ubuntu3 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/hirsute/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Tested systemd 247.3-3ubuntu3.2 on hirsute, without problem.

thanks, marking verified

This bug was fixed in the package systemd - 247.3-3ubuntu3.4

---------------
systemd (247.3-3ubuntu3.4) hirsute-security; urgency=medium

  * SECURITY UPDATE: DoS via DHCP FORCERENEW
    - debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW
      command in src/libsystemd-network/sd-dhcp-client.c.
    - CVE-2020-13529
  * SECURITY UPDATE: denial of service via stack exhaustion
    - debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path
      in src/basic/unit-name.c.
    - CVE-2021-33910

 -- Marc Deslauriers <email address hidden> Tue, 20 Jul 2021 07:38:18 -0400