Ubuntu
systemd package

Merge ~enr0n/ubuntu/+source/systemd:ubuntu-focal-sru into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-focal

  1. Git
  2. lp:~enr0n/ubuntu/+source/systemd
  3. ubuntu-focal-sru
  4. Merge into ubuntu-focal
Proposed by Nick Rosbrook
Status: Merged
Merged at revision: c01b87ac960331a1e79815b2a643753af074614e
Proposed branch: ~enr0n/ubuntu/+source/systemd:ubuntu-focal-sru
Merge into: ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-focal
Diff against target: 508 lines (+444/-10)
5 files modified
debian/changelog (+18/-6)
debian/patches/CVE-2022-3821.patch (+37/-0)
debian/patches/CVE-2022-4415.patch (+386/-0)
debian/patches/series (+2/-0)
debian/tests/boot-and-services (+1/-4)
Reviewer Review Type Date Requested Status
Lukas Märdian Approve
Review via email: mp+438988@code.launchpad.net

Description of the change

Re-upload these changes with a new version number due to the recent security update. Also address an SRU review comment to tweak the workaround for LP: #1991285.

To post a comment you must log in.
Revision history for this message
Lukas Märdian (slyon) wrote :

Thanks. Security matches what we have in the archive (git-ubuntu).
The is_container check looks good to me after reading the SRU discussion.

Nice job of keeping a clean fast-forward git history, with using this squashed revert commit!

review: Approve
Revision history for this message
Lukas Märdian (slyon) wrote :

I pushed the corresponding branch & tags to our git repo and sponsored the upload:
https://launchpad.net/ubuntu/focal/+queue?queue_state=1&queue_text=systemd

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 0edd425..9185ef8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
1systemd (245.4-4ubuntu3.20) focal; urgency=medium1systemd (245.4-4ubuntu3.21) focal; urgency=medium
22
3 * udev: avoid NIC renaming race with kernel (LP: #2002445)3 * udev: avoid NIC renaming race with kernel (LP: #2002445)
4 Files:4 Files:
@@ -7,16 +7,28 @@ systemd (245.4-4ubuntu3.20) focal; urgency=medium
7 - debian/patches/lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch7 - debian/patches/lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch
8 - debian/patches/lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch8 - debian/patches/lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch
9 - debian/patches/lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch9 - debian/patches/lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch
10 https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e34409f9d68a15220aa36cbae219d4f4987e520710 https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=69ab4a02e828e20ea0ddbd75179324df7a8d1175
11 * test-seccomp: accept ENOSYS from sysctl(2) too (LP: #1933090)11 * test-seccomp: accept ENOSYS from sysctl(2) too (LP: #1933090)
12 Thanks to Roxana Nicolescu12 Thanks to Roxana Nicolescu
13 File: debian/patches/lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch13 File: debian/patches/lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch
14 https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=706f2e0c787cade9609d0f2b37634d7eb4517beb14 https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=adaddd1441370ebcdb8bc33d7406b95d85b744f9
15 * debian/test: ignore systemd-remount-fs.service failure on armhf (LP: #1991285)15 * debian/test: ignore systemd-remount-fs.service failure in containers (LP: #1991285)
16 File: debian/tests/boot-and-services16 File: debian/tests/boot-and-services
17 https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cddc66ef6ecfb555dfd38c5f5fe8572efb42411417 https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=264bdc86f1e4dcd10e8d914d095581c54c33199a
1818
19 -- Nick Rosbrook <nick.rosbrook@canonical.com> Mon, 27 Feb 2023 10:11:13 -050019 -- Nick Rosbrook <nick.rosbrook@canonical.com> Wed, 15 Mar 2023 11:04:15 -0400
20
21systemd (245.4-4ubuntu3.20) focal-security; urgency=medium
22
23 * SECURITY UPDATE: buffer overrun vulnerability in format_timespan()
24 - debian/patches/CVE-2022-3821.patch: time-util: fix buffer-over-run
25 - CVE-2022-3821
26 * SECURITY UPDATE: information leak vulnerability in systemd-coredump
27 - debian/patches/CVE-2022-4415.patch: do not allow user to access
28 coredumps with changed uid/gid/capabilities
29 - CVE-2022-4415
30
31 -- Nishit Majithia <nishit.majithia@canonical.com> Thu, 02 Mar 2023 18:28:02 +0530
2032
21systemd (245.4-4ubuntu3.19) focal; urgency=medium33systemd (245.4-4ubuntu3.19) focal; urgency=medium
2234
diff --git a/debian/patches/CVE-2022-3821.patch b/debian/patches/CVE-2022-3821.patch
23new file mode 10064435new file mode 100644
index 0000000..e7ee561
--- /dev/null
+++ b/debian/patches/CVE-2022-3821.patch
@@ -0,0 +1,37 @@
1 Origin: bakcport, https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
2
3From 9102c625a673a3246d7e73d8737f3494446bad4e Mon Sep 17 00:00:00 2001
4From: Yu Watanabe <watanabe.yu+github@gmail.com>
5Date: Thu, 7 Jul 2022 18:27:02 +0900
6Subject: [PATCH] time-util: fix buffer-over-run
7
8Fixes #23928.
9---
10 src/basic/time-util.c | 2 +-
11 src/test/test-time-util.c | 5 +++++
12 2 files changed, 6 insertions(+), 1 deletion(-)
13
14--- systemd-245.4.orig/src/basic/time-util.c
15+++ systemd-245.4/src/basic/time-util.c
16@@ -514,7 +514,7 @@ char *format_timespan(char *buf, size_t
17 t = b;
18 }
19
20- n = MIN((size_t) k, l);
21+ n = MIN((size_t) k, l-1);
22
23 l -= n;
24 p += n;
25--- systemd-245.4.orig/src/test/test-time-util.c
26+++ systemd-245.4/src/test/test-time-util.c
27@@ -520,5 +520,10 @@ int main(int argc, char *argv[]) {
28 x++;
29 assert((time_t) x < 0);
30
31+ /* See issue #23928. */
32+ _cleanup_free_ char *buf;
33+ assert_se(buf = new(char, 5));
34+ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
35+
36 return 0;
37 }
diff --git a/debian/patches/CVE-2022-4415.patch b/debian/patches/CVE-2022-4415.patch
0new file mode 10064438new file mode 100644
index 0000000..527b156
--- /dev/null
+++ b/debian/patches/CVE-2022-4415.patch
@@ -0,0 +1,386 @@
1 Origin: backport, https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce
2
3From bb47600aeb38c68c857fbf0ee5f66c3144dd81ce Mon Sep 17 00:00:00 2001
4From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
5Date: Mon, 28 Nov 2022 12:12:55 +0100
6Subject: [PATCH] coredump: do not allow user to access coredumps with changed
7 uid/gid/capabilities
8
9When the user starts a program which elevates its permissions via setuid,
10setgid, or capabilities set on the file, it may access additional information
11which would then be visible in the coredump. We shouldn't make the the coredump
12visible to the user in such cases.
13
14Reported-by: Matthias Gerstner <mgerstner@suse.de>
15
16This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
17PROC_AUXV. Before the coredump is submitted, it is parsed and if either
18at_secure was set (which the kernel will do for processes that are setuid,
19setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
20is not made accessible to the user. If we can't access this data, we assume the
21file should not be made accessible either. In principle we could also access
22the auxv data from a note in the core file, but that is much more complex and
23it seems better to use the stand-alone file that is provided by the kernel.
24
25Attaching auxv is both convient for this patch (because this way it's passed
26between the stages along with other fields), but I think it makes sense to save
27it in general.
28
29We use the information early in the core file to figure out if the program was
3032-bit or 64-bit and its endianness. This way we don't need heuristics to guess
31whether the format of the auxv structure. This test might reject some cases on
32fringe architecutes. But the impact would be limited: we just won't grant the
33user permissions to view the coredump file. If people report that we're missing
34some cases, we can always enhance this to support more architectures.
35
36I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
37ppc64el, but not the whole coredump handling.
38
39(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03)
40(cherry picked from commit 9b75a3d0502d6741c8ecb7175794345f8eb3827c)
41(cherry picked from commit efca5283dc791a07171f80eef84e14fdb58fad57)
42(cherry picked from commit 1d5e0e9910500f3c3584485f77bfc35e601036e3)
43(cherry picked from commit 8215e1527d859e77dd1378fd7e42bbd32130edb3)
44(cherry picked from commit 786df410b1cb3a2294c9a5d118c958525e7439e6)
45---
46 src/basic/io-util.h | 9 ++
47 src/coredump/coredump.c | 196 +++++++++++++++++++++++++++++++++++++---
48 2 files changed, 192 insertions(+), 13 deletions(-)
49
50--- systemd-245.4.orig/src/basic/io-util.h
51+++ systemd-245.4/src/basic/io-util.h
52@@ -85,7 +85,16 @@ struct iovec_wrapper *iovw_new(void);
53 struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw);
54 struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw);
55 void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors);
56+
57 int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len);
58+static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) {
59+ /* Move data into iovw or free on error */
60+ int r = iovw_put(iovw, data, len);
61+ if (r < 0)
62+ free(data);
63+ return r;
64+}
65+
66 int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value);
67 int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value);
68 void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new);
69--- systemd-245.4.orig/src/coredump/coredump.c
70+++ systemd-245.4/src/coredump/coredump.c
71@@ -3,6 +3,7 @@
72 #include <errno.h>
73 #include <stdio.h>
74 #include <sys/prctl.h>
75+#include <sys/auxv.h>
76 #include <sys/xattr.h>
77 #include <unistd.h>
78
79@@ -95,6 +96,7 @@ enum {
80
81 META_EXE = _META_MANDATORY_MAX,
82 META_UNIT,
83+ META_PROC_AUXV,
84 _META_MAX
85 };
86
87@@ -109,10 +111,12 @@ static const char * const meta_field_nam
88 [META_COMM] = "COREDUMP_COMM=",
89 [META_EXE] = "COREDUMP_EXE=",
90 [META_UNIT] = "COREDUMP_UNIT=",
91+ [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=",
92 };
93
94 typedef struct Context {
95 const char *meta[_META_MAX];
96+ size_t meta_size[_META_MAX];
97 pid_t pid;
98 bool is_pid1;
99 bool is_journald;
100@@ -171,7 +175,9 @@ static uint64_t storage_size_max(void) {
101 return 0;
102 }
103
104-static int fix_acl(int fd, uid_t uid) {
105+static int fix_acl(int fd, uid_t uid, bool allow_user) {
106+ assert(fd >= 0);
107+ assert(uid_is_valid(uid));
108
109 #if HAVE_ACL
110 _cleanup_(acl_freep) acl_t acl = NULL;
111@@ -179,7 +185,9 @@ static int fix_acl(int fd, uid_t uid) {
112 acl_permset_t permset;
113 int r;
114
115- assert(fd >= 0);
116+ /* We don't allow users to read coredumps if the uid or capabilities were changed. */
117+ if (!allow_user)
118+ return 0;
119
120 if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY)
121 return 0;
122@@ -258,7 +266,8 @@ static int fix_permissions(
123 const char *filename,
124 const char *target,
125 const Context *context,
126- uid_t uid) {
127+ uid_t uid,
128+ bool allow_user) {
129
130 int r;
131
132@@ -268,7 +277,7 @@ static int fix_permissions(
133
134 /* Ignore errors on these */
135 (void) fchmod(fd, 0640);
136- (void) fix_acl(fd, uid);
137+ (void) fix_acl(fd, uid, allow_user);
138 (void) fix_xattr(fd, context);
139
140 if (fsync(fd) < 0)
141@@ -339,6 +348,153 @@ static int make_filename(const Context *
142 return 0;
143 }
144
145+static int parse_auxv64(
146+ const uint64_t *auxv,
147+ size_t size_bytes,
148+ int *at_secure,
149+ uid_t *uid,
150+ uid_t *euid,
151+ gid_t *gid,
152+ gid_t *egid) {
153+
154+ assert(auxv || size_bytes == 0);
155+
156+ if (size_bytes % (2 * sizeof(uint64_t)) != 0)
157+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes);
158+
159+ size_t words = size_bytes / sizeof(uint64_t);
160+
161+ /* Note that we set output variables even on error. */
162+
163+ for (size_t i = 0; i + 1 < words; i += 2)
164+ switch (auxv[i]) {
165+ case AT_SECURE:
166+ *at_secure = auxv[i + 1] != 0;
167+ break;
168+ case AT_UID:
169+ *uid = auxv[i + 1];
170+ break;
171+ case AT_EUID:
172+ *euid = auxv[i + 1];
173+ break;
174+ case AT_GID:
175+ *gid = auxv[i + 1];
176+ break;
177+ case AT_EGID:
178+ *egid = auxv[i + 1];
179+ break;
180+ case AT_NULL:
181+ if (auxv[i + 1] != 0)
182+ goto error;
183+ return 0;
184+ }
185+ error:
186+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA),
187+ "AT_NULL terminator not found, cannot parse auxv structure.");
188+}
189+
190+static int parse_auxv32(
191+ const uint32_t *auxv,
192+ size_t size_bytes,
193+ int *at_secure,
194+ uid_t *uid,
195+ uid_t *euid,
196+ gid_t *gid,
197+ gid_t *egid) {
198+
199+ assert(auxv || size_bytes == 0);
200+
201+ size_t words = size_bytes / sizeof(uint32_t);
202+
203+ if (size_bytes % (2 * sizeof(uint32_t)) != 0)
204+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes);
205+
206+ /* Note that we set output variables even on error. */
207+
208+ for (size_t i = 0; i + 1 < words; i += 2)
209+ switch (auxv[i]) {
210+ case AT_SECURE:
211+ *at_secure = auxv[i + 1] != 0;
212+ break;
213+ case AT_UID:
214+ *uid = auxv[i + 1];
215+ break;
216+ case AT_EUID:
217+ *euid = auxv[i + 1];
218+ break;
219+ case AT_GID:
220+ *gid = auxv[i + 1];
221+ break;
222+ case AT_EGID:
223+ *egid = auxv[i + 1];
224+ break;
225+ case AT_NULL:
226+ if (auxv[i + 1] != 0)
227+ goto error;
228+ return 0;
229+ }
230+ error:
231+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA),
232+ "AT_NULL terminator not found, cannot parse auxv structure.");
233+}
234+
235+static int grant_user_access(int core_fd, const Context *context) {
236+ int at_secure = -1;
237+ uid_t uid = UID_INVALID, euid = UID_INVALID;
238+ uid_t gid = GID_INVALID, egid = GID_INVALID;
239+ int r;
240+
241+ assert(core_fd >= 0);
242+ assert(context);
243+
244+ if (!context->meta[META_PROC_AUXV])
245+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions.");
246+
247+ uint8_t elf[EI_NIDENT];
248+ errno = 0;
249+ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf))
250+ return log_warning_errno(errno_or_else(EIO),
251+ "Failed to pread from coredump fd: %s", errno != 0 ? strerror_safe(errno) : "Unexpected EOF");
252+
253+ if (elf[EI_MAG0] != ELFMAG0 ||
254+ elf[EI_MAG1] != ELFMAG1 ||
255+ elf[EI_MAG2] != ELFMAG2 ||
256+ elf[EI_MAG3] != ELFMAG3 ||
257+ elf[EI_VERSION] != EV_CURRENT)
258+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
259+ "Core file does not have ELF header, not adjusting permissions.");
260+ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) ||
261+ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB))
262+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
263+ "Core file has strange ELF class, not adjusting permissions.");
264+
265+ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN))
266+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
267+ "Core file has non-native endianness, not adjusting permissions.");
268+
269+ if (elf[EI_CLASS] == ELFCLASS64)
270+ r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV],
271+ context->meta_size[META_PROC_AUXV],
272+ &at_secure, &uid, &euid, &gid, &egid);
273+ else
274+ r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV],
275+ context->meta_size[META_PROC_AUXV],
276+ &at_secure, &uid, &euid, &gid, &egid);
277+ if (r < 0)
278+ return r;
279+
280+ /* We allow access if we got all the data and at_secure is not set and
281+ * the uid/gid matches euid/egid. */
282+ bool ret =
283+ at_secure == 0 &&
284+ uid != UID_INVALID && euid != UID_INVALID && uid == euid &&
285+ gid != GID_INVALID && egid != GID_INVALID && gid == egid;
286+ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)",
287+ ret ? "permit" : "restrict",
288+ uid, euid, gid, egid, yes_no(at_secure));
289+ return ret;
290+}
291+
292 static int save_external_coredump(
293 const Context *context,
294 int input_fd,
295@@ -404,6 +560,8 @@ static int save_external_coredump(
296 goto fail;
297 }
298 *ret_truncated = r == 1;
299+ bool allow_user = grant_user_access(fd, context) > 0;
300+
301 if (*ret_truncated)
302 log_struct(LOG_INFO,
303 LOG_MESSAGE("Core file was truncated to %zu bytes.", max_size),
304@@ -445,7 +603,7 @@ static int save_external_coredump(
305 goto fail_compressed;
306 }
307
308- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid);
309+ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user);
310 if (r < 0)
311 goto fail_compressed;
312
313@@ -468,7 +626,7 @@ static int save_external_coredump(
314 uncompressed:
315 #endif
316
317- r = fix_permissions(fd, tmp, fn, context, uid);
318+ r = fix_permissions(fd, tmp, fn, context, uid, allow_user);
319 if (r < 0)
320 goto fail;
321
322@@ -719,7 +877,7 @@ static int change_uid_gid(const Context
323 }
324
325 static int submit_coredump(
326- Context *context,
327+ const Context *context,
328 struct iovec_wrapper *iovw,
329 int input_fd) {
330
331@@ -841,16 +999,15 @@ static int save_context(Context *context
332 struct iovec *iovec = iovw->iovec + n;
333
334 for (i = 0; i < ELEMENTSOF(meta_field_names); i++) {
335- char *p;
336-
337 /* Note that these strings are NUL terminated, because we made sure that a
338 * trailing NUL byte is in the buffer, though not included in the iov_len
339 * count (see process_socket() and gather_pid_metadata_*()) */
340 assert(((char*) iovec->iov_base)[iovec->iov_len] == 0);
341
342- p = startswith(iovec->iov_base, meta_field_names[i]);
343+ const char *p = startswith(iovec->iov_base, meta_field_names[i]);
344 if (p) {
345 context->meta[i] = p;
346+ context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]);
347 count++;
348 break;
349 }
350@@ -1098,6 +1255,7 @@ static int gather_pid_metadata(struct io
351 uid_t owner_uid;
352 pid_t pid;
353 char *t;
354+ size_t size;
355 const char *p;
356 int r;
357
358@@ -1163,13 +1321,26 @@ static int gather_pid_metadata(struct io
359 (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t);
360
361 p = procfs_file_alloca(pid, "cgroup");
362- if (read_full_file(p, &t, NULL) >=0)
363+ if (read_full_file(p, &t, NULL) >= 0)
364 (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t);
365
366 p = procfs_file_alloca(pid, "mountinfo");
367- if (read_full_file(p, &t, NULL) >=0)
368+ if (read_full_file(p, &t, NULL) >= 0)
369 (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t);
370
371+ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */
372+ p = procfs_file_alloca(pid, "auxv");
373+ if (read_full_virtual_file(p, &t, &size) >= 0) {
374+ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1);
375+ if (buf) {
376+ /* Add a dummy terminator to make save_context() happy. */
377+ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0';
378+ (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV="));
379+ }
380+
381+ free(t);
382+ }
383+
384 if (get_process_cwd(pid, &t) >= 0)
385 (void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t);
386
diff --git a/debian/patches/series b/debian/patches/series
index bae1736..49f6f2e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -185,6 +185,8 @@ lp1945225/0001-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch
185lp1945225/0002-udev-net_id-don-t-generate-slot-based-names-if-multi.patch185lp1945225/0002-udev-net_id-don-t-generate-slot-based-names-if-multi.patch
186lp1945225/0003-net_id-fix-newly-added-naming-scheme-name.patch186lp1945225/0003-net_id-fix-newly-added-naming-scheme-name.patch
187lp1945225/0004-Add-remaining-supported-schemes-as-options-for-defau.patch187lp1945225/0004-Add-remaining-supported-schemes-as-options-for-defau.patch
188CVE-2022-3821.patch
189CVE-2022-4415.patch
188lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch190lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch
189lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch191lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch
190lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch192lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch
diff --git a/debian/tests/boot-and-services b/debian/tests/boot-and-services
index 6090569..6c832be 100755
--- a/debian/tests/boot-and-services
+++ b/debian/tests/boot-and-services
@@ -59,10 +59,7 @@ class ServicesTest(unittest.TestCase):
59 # https://bugs.debian.org/92613859 # https://bugs.debian.org/926138
60 if is_container:60 if is_container:
61 failed = [f for f in failed if 'e2scrub_reap.service' not in f]61 failed = [f for f in failed if 'e2scrub_reap.service' not in f]
62 # LP: #199128562 # LP: #1991285
63 arch = subprocess.check_output(['dpkg', '--print-architecture'])
64 arch = arch.decode('utf-8').strip()
65 if arch == 'armhf':
66 failed = [f for f in failed if 'systemd-remount-fs.service' not in f]63 failed = [f for f in failed if 'systemd-remount-fs.service' not in f]
67 if failed:64 if failed:
68 for f in failed:65 for f in failed:

Subscribers

People subscribed via source and target branches