systemd-resolved re-creates /run/systemd/resolve/*resolv.conf for every IPv6 RA received

Bug #1891215 reported by Simon Déziel
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
systemd
Unknown
Unknown
systemd (Ubuntu)
Low
Unassigned
Bionic
Wishlist
Unassigned
Focal
Wishlist
Dan Streetman
Groovy
Wishlist
Dan Streetman
Hirsute
Wishlist
Dan Streetman

Bug Description

[impact]

networking changes, like RA events, can cause systemd-resolved to re-write the resolv.conf file, even if the contents didn't change, resulting in unnecessary increased amount of inotify events

[test case]

see original description for ipv6ra-related reproducer, or simple reproducer here:

configure networkd with some config for (e.g.) eth0, but not a config that would result in /etc/resolv.conf changing when the interface goes up/down - for example, use static config with no DNS search domains. Then bring eth0 up/down while observing the md5sum (file content) does not change but the mtime does change.

root@lp1891215-h:~# ip l set down dev eth0
root@lp1891215-h:~# md5sum /etc/resolv.conf
db23e80078515192c312e5f321ff0340 /etc/resolv.conf
root@lp1891215-h:~# stat -t -L /etc/resolv.conf
/etc/resolv.conf 740 8 81a4 101 103 fc 188 1 0 0 1625238218 1625238216 1625238216 0 4096
root@lp1891215-h:~# ip l set up dev eth0
root@lp1891215-h:~# md5sum /etc/resolv.conf
db23e80078515192c312e5f321ff0340 /etc/resolv.conf
root@lp1891215-h:~# stat -t -L /etc/resolv.conf
/etc/resolv.conf 740 8 81a4 101 103 fc 188 1 0 0 1625238227 1625238226 1625238226 0 4096

[regression potential]

regressions would result in incorrect or missing data in the resolv.conf file, possibly resulting in dns failures or errors

[scope]

this is needed for h and eralier

this is (potentially) fixed upstream by f3e1f00d03445911ee73729219cea88c8a70c612 which in first included in v248, so this is needed in hirsute and earlier

[original description]

# Issue description:

On 2 Linode VMs that are used as lxd hosts, we noticed that /run/systemd/resolve/*resolv.conf were re-created quite frequently (~ once per second). We noticed because of the log noise from lxd's dnsmasq instance using inotify to watch the target of /etc/resolv.conf (which points to the stub-resolv.conf in our case). This was (wrongly) reported as a lxd bug (https://github.com/lxc/lxd/issues/7765) until it became apparent it was more likely to be a problem with systemd(-resolved)?.

The log noise is the observable problem that would be nice to see addressed:

  root@lxd02:~# uptime
   17:55:48 up 9:52, 1 user, load average: 0.18, 0.11, 0.05
  root@lxd02:~# journalctl -b0 | grep -cF dnsmasq
  158609

Upon further investigation, it seems that systemd-resolved re-creates the resolv.conf and stub-resolv.conf files whenever an IPv6 RA is received.

1) One can observe that by setting systemd-resolved's service in debug mode:

$ sudo systemctl edit systemd-resolved

and in the editor that is opened, add and save this content:

[Service]
Environment=SYSTEMD_LOG_LEVEL=debug

then restart systemd-resolved and watch the logs scroll by with:

$ journalctl -fu systemd-resolved

3) In another terminal, watch the files be recreated with:

watch -d -n 0.1 stat /run/systemd/resolve/stub-resolv.conf

3) In yet another terminal, run a packet capture and watch "ICMP6, router advertisement" messages come by:

sudo tcpdump -ni eth0 icmp6

You will see that every time a RA packet comes in, resolved's journal will log this:

  Aug 11 17:33:55 lxd02 systemd-resolved[15368]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/resolve1 interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=244 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a

And the stat monitoring terminal will blink to highlight the new inode and timestamps of the freshly replaced stub-resolv.conf file.

# Additional information:

root@lxd02:~# lsb_release -rd
Description: Ubuntu 20.04.1 LTS
Release: 20.04

root@lxd02:~# apt-cache policy systemd
systemd:
  Installed: 245.4-4ubuntu3.2
  Candidate: 245.4-4ubuntu3.2
  Version table:
 *** 245.4-4ubuntu3.2 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     245.4-4ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

root@lxd02:~# uname -a
Linux lxd01 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

CVE References

Revision history for this message
Simon Déziel (sdeziel) wrote :

strace'ing systemd-resolved showed that files under /run/systemd/netif/links/ are re-created as well when a RA comes in but their content never changes yet the stub-resolv.conf is created over and over:

root@lxd02:~# cat /run/systemd/netif/links/* /run/systemd/resolve/stub-resolv.conf | md5sum; stat -c "%i" /run/systemd/resolve/stub-resolv.conf
4cec911154fd89fd31b3e4c96894aad7 -
625
root@lxd02:~# cat /run/systemd/netif/links/* /run/systemd/resolve/stub-resolv.conf | md5sum; stat -c "%i" /run/systemd/resolve/stub-resolv.conf
4cec911154fd89fd31b3e4c96894aad7 -
624
root@lxd02:~# cat /run/systemd/netif/links/* /run/systemd/resolve/stub-resolv.conf | md5sum; stat -c "%i" /run/systemd/resolve/stub-resolv.conf
4cec911154fd89fd31b3e4c96894aad7 -
625
root@lxd02:~# cat /run/systemd/netif/links/* /run/systemd/resolve/stub-resolv.conf | md5sum; stat -c "%i" /run/systemd/resolve/stub-resolv.conf
4cec911154fd89fd31b3e4c96894aad7 -
625
root@lxd02:~# cat /run/systemd/netif/links/* /run/systemd/resolve/stub-resolv.conf | md5sum; stat -c "%i" /run/systemd/resolve/stub-resolv.conf
4cec911154fd89fd31b3e4c96894aad7 -
624
root@lxd02:~# cat /run/systemd/netif/links/* /run/systemd/resolve/stub-resolv.conf | md5sum; stat -c "%i" /run/systemd/resolve/stub-resolv.conf
4cec911154fd89fd31b3e4c96894aad7 -
625

Balint Reczey (rbalint)
Changed in systemd (Ubuntu):
importance: Undecided → Low
Revision history for this message
Dan Streetman (ddstreet) wrote :

this needs to be fixed upstream first, have you opened an upstream bug?

Revision history for this message
Simon Déziel (sdeziel) wrote :

I no longer have access to the affected machine(s) so I'll mark it as incomplete waiting for an ex-colleague to check if the problem still occurs.

Changed in systemd (Ubuntu):
status: New → Incomplete
Revision history for this message
Patrick Naubert (jehreg) wrote :

On the same machine as sdeziel found the problem:

root@lxd02:~# lsb_release -rd
Description: Ubuntu 20.04.2 LTS
Release: 20.04

root@lxd02:~# apt-cache policy systemd
systemd:
  Installed: 245.4-4ubuntu3.7
  Candidate: 245.4-4ubuntu3.7
  Version table:
 *** 245.4-4ubuntu3.7 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     245.4-4ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

root@lxd02:~# uname -a
Linux lxd02 5.4.0-77-generic #86-Ubuntu SMP Thu Jun 17 02:35:03 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

root@lxd02:~# date
Tue 29 Jun 2021 01:16:13 PM UTC

root@lxd02:~# tail -f /var/log/syslog
Jun 29 13:16:20 lxd02 dnsmasq[1896]: using nameserver 127.0.0.53#53
Jun 29 13:16:20 lxd02 dnsmasq[1896]: reading /etc/resolv.conf
Jun 29 13:16:20 lxd02 dnsmasq[1896]: using local addresses only for domain lxd
Jun 29 13:16:20 lxd02 dnsmasq[1896]: using nameserver 127.0.0.53#53
^C
root@lxd02:~# uptime
 13:16:35 up 4 min, 1 user, load average: 0.74, 1.46, 0.74

Problem is still occuring.

Revision history for this message
Dan Streetman (ddstreet) wrote :

> Problem is still occuring.

thanks, but my question was if you'd opened an upstream bug, since this needs to be fixed upstream first.

Revision history for this message
Samy Mahmoudi (samy-mahmoudi) wrote (last edit ):

Hello,

Some days ago, I installed systemd-dbgsym_245.4-4ubuntu3.6_amd64.ddeb and set a breakpoint on function 'conservative_renameat':https://github.com/systemd/systemd/blob/main/src/basic/fs-util.c#L1504 (because of my understanding of function 'manager_write_resolv_conf':https://github.com/systemd/systemd/blob/main/src/resolve/resolved-resolv-conf.c#L324) to see what happens, but I was unsuccessful in hitting his breakpoint.

Besides, the issue has been reported upstream: https://github.com/systemd/systemd/issues/17577. Unfortunately, it was closed after someone suggested that a fix in https://github.com/systemd/systemd/pull/17535 resolved the systemd-resolved part of the issue (https://github.com/systemd/systemd/issues/17577#issuecomment-733962476), whereas in truth the combination of https://github.com/systemd/systemd/pull/17535 and its networkd counterpart did not resolve it.

Dan Streetman (ddstreet)
description: updated
Changed in systemd (Ubuntu):
status: Incomplete → In Progress
description: updated
Changed in systemd (Ubuntu):
status: In Progress → Fix Released
Changed in systemd (Ubuntu Focal):
status: New → In Progress
Changed in systemd (Ubuntu Groovy):
status: New → In Progress
Changed in systemd (Ubuntu Hirsute):
status: New → In Progress
importance: Undecided → Wishlist
Changed in systemd (Ubuntu Groovy):
importance: Undecided → Wishlist
Changed in systemd (Ubuntu Focal):
importance: Undecided → Wishlist
Changed in systemd (Ubuntu Hirsute):
assignee: nobody → Dan Streetman (ddstreet)
Changed in systemd (Ubuntu Groovy):
assignee: nobody → Dan Streetman (ddstreet)
Changed in systemd (Ubuntu Focal):
assignee: nobody → Dan Streetman (ddstreet)
Dan Streetman (ddstreet)
Changed in systemd (Ubuntu Bionic):
importance: Undecided → Wishlist
Dan Streetman (ddstreet)
description: updated
Revision history for this message
Samy Mahmoudi (samy-mahmoudi) wrote :

> whereas in truth the combination of https://github.com/systemd/systemd/pull/17535 and its networkd counterpart did not resolve it.

This statement is most probably not correct: what I meant is that the changes made upstream did not resolve our issue.

Because the issue was fixed upstream a few months ago, I was under the assumption that we were running a version of systemd that included the fixes, which is clearly not the case: I realized that after Yu Watanabe mentioned a discrepancy between the versions.

Dan Streetman (ddstreet)
description: updated
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Simon, or anyone else affected,

Accepted systemd into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/247.3-3ubuntu3.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Hirsute):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-hirsute
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Simon, or anyone else affected,

Accepted systemd into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/246.6-1ubuntu1.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Groovy):
status: In Progress → Fix Committed
tags: added: verification-needed-groovy
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Simon, or anyone else affected,

Accepted systemd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/245.4-4ubuntu3.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/247.3-3ubuntu3.2)

All autopkgtests for the newly accepted systemd (247.3-3ubuntu3.2) for hirsute have finished running.
The following regressions have been reported in tests triggered by the package:

umockdev/0.15.4-1 (armhf)
initramfs-tools/0.139ubuntu3 (amd64)
apt/2.2.4ubuntu0.1 (armhf)
netplan.io/0.102-0ubuntu3 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/hirsute/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/245.4-4ubuntu3.8)

All autopkgtests for the newly accepted systemd (245.4-4ubuntu3.8) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

asterisk/1:16.2.1~dfsg-2ubuntu1 (armhf)
gvfs/1.44.1-1ubuntu1 (amd64)
linux-oem-5.6/5.6.0-1057.61 (amd64)
munin/2.0.56-1ubuntu1 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Simon Déziel (sdeziel) wrote :

@ddstreet, unfortunately, even with 245.4-4ubuntu3.8 on Focal, the mtime keeps changing as RAs are received :/

tags: added: verification-failed-focal
removed: verification-needed-focal
Revision history for this message
Simon Déziel (sdeziel) wrote :

Sorry about the noise, I had a problem in my reproducing steps, the previous comment should be ignored. I got confused by stat's output changing but that was the atime, not the mtime that was changing.

tags: added: verification-needed-focal
removed: verification-failed-focal
Revision history for this message
Simon Déziel (sdeziel) wrote :
Download full text (6.5 KiB)

Verification for Focal (245.4-4ubuntu3.8)

# Initial repro on focal:

root@focal:~# md5sum /etc/resolv.conf; stat -t -L /etc/resolv.conf
fbfde622ae28a4dcfbf73a397a10c6ae /etc/resolv.conf
/etc/resolv.conf 717 8 81a4 101 103 76 123 1 0 0 1625844292 1625844273 1625844273 0 4096
root@focal:~# ip link set eth0 down; sleep 1; ip link set eth0 up
root@focal:~# md5sum /etc/resolv.conf; stat -t -L /etc/resolv.conf
fbfde622ae28a4dcfbf73a397a10c6ae /etc/resolv.conf
/etc/resolv.conf 717 8 81a4 101 103 76 123 1 0 0 1625844310 1625844308 1625844308 0 4096

# Upgrading to -proposed

root@focal:~# apt update && apt-get dist-upgrade -V
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease
Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-proposed InRelease [267 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [1,086 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal-updates/main Translation-en [239 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [840 kB]
Get:8 http://archive.ubuntu.com/ubuntu focal-proposed/restricted amd64 Packages [191 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal-proposed/restricted Translation-en [27.2 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages [203 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal-proposed/main Translation-en [42.2 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal-proposed/multiverse amd64 Packages [18.2 kB]
Get:13 http://archive.ubuntu.com/ubuntu focal-proposed/multiverse Translation-en [6,732 B]
Get:14 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 Packages [56.2 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal-proposed/universe Translation-en [24.5 kB]
Fetched 3,229 kB in 2s (1,428 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
9 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
   libgnutls30 (3.6.13-2ubuntu1.3 => 3.6.13-2ubuntu1.5)
   libnss-systemd (245.4-4ubuntu3.7 => 245.4-4ubuntu3.8)
   libpam-systemd (245.4-4ubuntu3.7 => 245.4-4ubuntu3.8)
   libsystemd0 (245.4-4ubuntu3.7 => 245.4-4ubuntu3.8)
   libudev1 (245.4-4ubuntu3.7 => 245.4-4ubuntu3.8)
   systemd (245.4-4ubuntu3.7 => 245.4-4ubuntu3.8)
   systemd-sysv (245.4-4ubuntu3.7 => 245.4-4ubuntu3.8)
   systemd-timesyncd (245.4-4ubuntu3.7 => 245.4-4ubuntu3.8)
   udev (245.4-4ubuntu3.7 => 245.4-4ubuntu3.8)
9 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 6,672 kB of archives.
After this operation, 15.4 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 libnss-systemd amd64 245.4-4ubuntu3.8 [96.1 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 udev amd64 245.4-4ubuntu3.8 [1,365...

Read more...

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/246.6-1ubuntu1.5)

All autopkgtests for the newly accepted systemd (246.6-1ubuntu1.5) for groovy have finished running.
The following regressions have been reported in tests triggered by the package:

prometheus/2.20.0+ds-1 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/groovy/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Simon Déziel (sdeziel) wrote :
Download full text (15.0 KiB)

Verification for Groovy (246.6-1ubuntu1.5)

# Initial repro on groovy:

root@groovy:~# md5sum /etc/resolv.conf; stat -t -L /etc/resolv.conf
6b21d96b644bdafc7a3094fe04ab4e88 /etc/resolv.conf
/etc/resolv.conf 729 8 81a4 102 104 8f 111 1 0 0 1625844827 1625844823 1625844823 0 4096
root@groovy:~# ip link set eth0 down; sleep 1; ip link set eth0 up
root@groovy:~# md5sum /etc/resolv.conf; stat -t -L /etc/resolv.conf
6b21d96b644bdafc7a3094fe04ab4e88 /etc/resolv.conf
/etc/resolv.conf 729 8 81a4 102 104 8f 111 1 0 0 1625844838 1625844837 1625844837 0 4096

# Upgrading to -proposed

root@groovy:~# apt update && apt-get dist-upgrade -V
Get:1 http://security.ubuntu.com/ubuntu groovy-security InRelease [110 kB]
Hit:2 http://archive.ubuntu.com/ubuntu groovy InRelease
Get:3 http://archive.ubuntu.com/ubuntu groovy-updates InRelease [115 kB]
Get:4 http://archive.ubuntu.com/ubuntu groovy-proposed InRelease [269 kB]
Get:5 http://archive.ubuntu.com/ubuntu groovy-updates/universe amd64 Packages [450 kB]
Get:6 http://archive.ubuntu.com/ubuntu groovy-proposed/restricted amd64 Packages [100 kB]
Get:7 http://archive.ubuntu.com/ubuntu groovy-proposed/restricted Translation-en [14.7 kB]
Get:8 http://archive.ubuntu.com/ubuntu groovy-proposed/main amd64 Packages [83.6 kB]
Get:9 http://archive.ubuntu.com/ubuntu groovy-proposed/main Translation-en [22.3 kB]
Get:10 http://archive.ubuntu.com/ubuntu groovy-proposed/multiverse amd64 Packages [11.6 kB]
Get:11 http://archive.ubuntu.com/ubuntu groovy-proposed/multiverse Translation-en [5,932 B]
Get:12 http://archive.ubuntu.com/ubuntu groovy-proposed/universe amd64 Packages [24.9 kB]
Get:13 http://archive.ubuntu.com/ubuntu groovy-proposed/universe Translation-en [12.8 kB]
Fetched 1,220 kB in 1s (840 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
12 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
   libc-bin (2.32-0ubuntu3 => 2.32-0ubuntu3.2)
   libc6 (2.32-0ubuntu3 => 2.32-0ubuntu3.2)
   libgnutls30 (3.6.15-4ubuntu2 => 3.6.15-4ubuntu2.1)
   libnss-systemd (246.6-1ubuntu1.4 => 246.6-1ubuntu1.5)
   libpam-systemd (246.6-1ubuntu1.4 => 246.6-1ubuntu1.5)
   libsystemd0 (246.6-1ubuntu1.4 => 246.6-1ubuntu1.5)
   libudev1 (246.6-1ubuntu1.4 => 246.6-1ubuntu1.5)
   locales (2.32-0ubuntu3 => 2.32-0ubuntu3.2)
   systemd (246.6-1ubuntu1.4 => 246.6-1ubuntu1.5)
   systemd-sysv (246.6-1ubuntu1.4 => 246.6-1ubuntu1.5)
   systemd-timesyncd (246.6-1ubuntu1.4 => 246.6-1ubuntu1.5)
   udev (246.6-1ubuntu1.4 => 246.6-1ubuntu1.5)
12 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.1 MB of archives.
After this operation, 3,072 B of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://archive.ubuntu.com/ubuntu groovy-proposed/main amd64 libc6 amd64 2.32-0ubuntu3.2 [2,680 kB]
Get:2 http://archive.ubuntu.com/ubuntu groovy-proposed/main amd64 libc-bin amd64 2.32-0ubuntu3.2 [628 kB]
Get:3 http://archive.ubuntu.com/ubuntu groovy-propos...

tags: added: verification-done verification-done-groovy verification-done-hirsute
removed: verification-needed verification-needed-groovy verification-needed-hirsute
Revision history for this message
Dan Streetman (ddstreet) wrote :

> that was the atime

yep, really no way around updating the atime, as systemd of course needs to access the file to check if the content is the same or not

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu Bionic):
status: New → Confirmed
Revision history for this message
Patrick Naubert (jehreg) wrote :

Confirmed fixed on lxd02 and client site, running Focal. No reboot was done.

Thank you.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 246.6-1ubuntu1.5

---------------
systemd (246.6-1ubuntu1.5) groovy; urgency=medium

  [ Kai-Heng Feng ]
  * d/p/lp1930910-hwdb-Add-ProBook-to-use-micmute-hotkey.patch:
    - Add ProBook to use micmute hotkey (LP: #1930910)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=61d8acfdadb856cb408afde99f583142ec31b54e

  [ Jeremy Szu ]
  * d/p/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch:
    - Fix micmute hotkeys on HP Elite Dragonfly (LP: #1932352)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a635153cbd0542019190380c1f10fd86c12b537d

  [ Dan Streetman ]
  * d/p/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch,
    d/p/lp1931578/0002-networkctl-add-field-Required-For-Online.patch,
    d/p/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch:
    Adjust default for RequiredForOnline when using ActivationPolicy
    (LP: #1931578)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9496d9934550d842609bf9d4aff8fc93eece1321
  * d/p/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch:
    Add man page symlink and deprecation notice for systemd-resolve
    (LP: #1894622)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=bdcb37e447bf419cc3ff1082aec3427ab9ad0c47
  * d/p/lp1858210/0001-time-simplify-get_timezones.patch,
    d/p/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch,
    d/p/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch:
    Parse tzdata.zi so timedatectl list-timezones also lists aliases
    (LP: #1858210)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a64ac9f1413abd3b7d427560ac6c439ba916e542
  * d/p/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch,
    d/p/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch,
    d/p/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch,
    d/p/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch:
    Don't rewrite resolv.conf is content unchanged (LP: #1891215)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=79ff24ba51d2239315d948e7dfb3e39769946937

 -- Dan Streetman <email address hidden> Tue, 06 Jul 2021 14:00:27 -0400

Changed in systemd (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for systemd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 245.4-4ubuntu3.10

---------------
systemd (245.4-4ubuntu3.10) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via DHCP FORCERENEW
    - debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW
      command in src/libsystemd-network/sd-dhcp-client.c.
    - CVE-2020-13529
  * SECURITY UPDATE: denial of service via stack exhaustion
    - debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path
      in src/basic/unit-name.c.
    - CVE-2021-33910

 -- Marc Deslauriers <email address hidden> Tue, 20 Jul 2021 07:39:51 -0400

Changed in systemd (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 247.3-3ubuntu3.4

---------------
systemd (247.3-3ubuntu3.4) hirsute-security; urgency=medium

  * SECURITY UPDATE: DoS via DHCP FORCERENEW
    - debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW
      command in src/libsystemd-network/sd-dhcp-client.c.
    - CVE-2020-13529
  * SECURITY UPDATE: denial of service via stack exhaustion
    - debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path
      in src/basic/unit-name.c.
    - CVE-2021-33910

 -- Marc Deslauriers <email address hidden> Tue, 20 Jul 2021 07:38:18 -0400

Changed in systemd (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Dan Streetman (ddstreet) wrote :

since the patch to fix this relies on conservative_rename(), which isn't present in bionic, as well as this bug being mostly an annoyance that can be ignored, i'm marking as wont-fix for bionic

Changed in systemd (Ubuntu Bionic):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.