Merge ~danilogondolfo/ubuntu/+source/netplan.io:noble_generator_postinst into ubuntu/+source/netplan.io:ubuntu/noble-devel

Proposed by Danilo Egea Gondolfo
Status: Work in progress
Proposed branch: ~danilogondolfo/ubuntu/+source/netplan.io:noble_generator_postinst
Merge into: ubuntu/+source/netplan.io:ubuntu/noble-devel
Diff against target: 34 lines (+16/-1)
2 files modified
debian/changelog (+7/-0)
debian/netplan-generator.postinst (+9/-1)
Reviewer Review Type Date Requested Status
git-ubuntu import Pending
Review via email: mp+468426@code.launchpad.net
To post a comment you must log in.

Unmerged commits

edd0465... by Danilo Egea Gondolfo

Changelog

9b09cb5... by Danilo Egea Gondolfo

debian/netplan-generator.postinst

Don't call the generator if no netplan configuration file exists.
(LP: #2071333)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 433b999..34d7277 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+netplan.io (1.0-2ubuntu1.2) noble; urgency=medium
7+
8+ * debian/netplan-generator.postinst: Don't call the generator if no networkd
9+ configuration file exists. (LP: #2071333)
10+
11+ -- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Fri, 28 Jun 2024 09:41:13 +0100
12+
13 netplan.io (1.0-2ubuntu1.1) noble-security; urgency=medium
14
15 * SECURITY UPDATE: weak permissions on secret files, command injection
16diff --git a/debian/netplan-generator.postinst b/debian/netplan-generator.postinst
17index 5592e22..e64693c 100644
18--- a/debian/netplan-generator.postinst
19+++ b/debian/netplan-generator.postinst
20@@ -9,5 +9,13 @@ if [ "$1" = configure ] || [ "$1" = abort-upgrade ]; then
21 fi
22 # end-remove-after
23
24-#DEBHELPER#
25+# Calling the generator after installation to mitigate CVE-2022-4968
26+# We avoid calling the generator if the system doesn't have networkd files to be fixed (LP: #2071333)
27+if [ "$1" = configure ]; then
28+ FILES=$(find /run/systemd/network/ -type f -regex ".*-netplan.*\.\(network\|netdev\)")
29+ if [ -n "${FILES}" ]; then
30+ /usr/libexec/netplan/generate 2>/dev/null || echo "WARNING: Netplan could not re-generate network configuration. Please run 'netplan generate' to see details."
31+ fi
32+fi
33
34+#DEBHELPER#

Subscribers

People subscribed via source and target branches