netplan.io (0.106.1-7ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY REGRESSION: failure on systems without dbus
- debian/netplan.io.postinst: Don't call the generator if no networkd
configuration file exists. (LP: #2071333)
-- Sudhakar Verma <sudhakar.verma@canonical.com> Fri, 28 Jun 2024 22:42:13 +0530
netplan.io (0.106.1-7ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: weak permissions on secret files, command injection
- d/p/lp2065738/0028-libnetplan-use-more-restrictive-file-permissions.patch:
Use more restrictive file permissions to prevent unprivileged users to
read sensitive data from back end files (LP: #2065738, #1987842)
- CVE-2022-4968
- d/p/lp2066258/0029-libnetplan-escape-control-characters.patch:
Escape control characters in the parser and double quotes in backend
files
- d/p/lp2066258/0030-backends-escape-file-paths.patch:
Escape special characters in file paths
- d/p/lp2066258/0031-backends-escape-semicolons-in-service-units.patch:
Escape isolated semicolons in systemd service units (LP: #2066258)
* debian/netplan.io.postinst: Add a postinst maintainer script to call the
generator. It's needed so the file permissions fixes will be applied
automatically, thanks to danilogondolfo
-- Sudhakar Verma <sudhakar.verma@canonical.com> Mon, 24 Jun 2024 23:20:42 +0530
netplan.io (0.106.1-7ubuntu0.22.04.2) jammy; urgency=medium
* Drop d/p/sru-compat/0024-Avoid-unnecessary-export-of-API.patch.
Also, update the .symbols file, according to SRU review.
-- Lukas Märdian <slyon@ubuntu.com> Mon, 04 Sep 2023 11:17:14 +0200
netplan.io (0.106.1-7ubuntu0.22.04.1) jammy; urgency=medium
* Backport netplan.io 0.106.1-7 to 22.04 (LP: #2025519)
- New 'netplan status' CLI (!290)
- API: implement APIs from the new specification (!298)
- Check and fix non-inclusive laguange (!303)
- Documentation improvements (using Diátaxis & RTD)
- Match by PermanentMACAddress (!278)
- Netplan api iterator (!306)
- API: update netplan_delete_connection() (!322)
- NM 1.40 compat & file permission fixes (!300), LP: 1862600, LP: 1997348
- Migrate from (deprecated) nose to pytest (!302)
- parse: Add the filepath to OVS ports netdefs (!295)
- Check if the interface name is too long (!313), LP: 1988749
- doc/examples: remove unnecessary route for IPv6 on-link gateways (!312)
- Memory leak CI action (!321)
- tests:base:ethernets: Improve stability of autopkgtests (!223)
- Add all the commands to the bash completion file (LP: 1749869)
- parse-nm: fix eap_method handling (LP: 2016625)
- ovs: don't allow peers with the same name
- parse: validate NM backend settings usage
- nm: check the passthrough config format
- wireguard: plug a memory leak
- validate: drop the YAML node parameter
- parse: don't point to the wrong node on validation
- parse: set the backend on nm-devices to NM by default
- parse: plug a memory leak
- nm: return if write_routes() fails
- libnetplan: don't try to read from a NULL file
- networkd: plug a memory leak
- vrfs: skip policies parsing if list is NULL (LP: 2016427)
- parse: use "--" with systemd-escape
- netplan: adjust the maximum buffer size to 1MB
- cli:status: improve networkctl parameter passing
- cli:test: use 'text' alias instead of 'universal_newlines'
- cli:apply: use shutil.rmtree instead of 'rm -rf'
- Use controlled execution environment, to avoid failure if PATH is unset
(LP: 1959570)
- meson: fix installation of legacy /lib/netplan/generate symlink
- dbus: Use the error set by _copy_yaml_state()
- dbus: Build the copy path correctly (LP: 1997467)
- parse:ovs: Ignore deprecated OpenFlow1.6 protocol (LP: 1963735)
- parser: Don't duplicate OVS configuration (LP: 2007682)
- parser: Don't add DNS entries duplicates (LP: 2007682)
- parser: handle duplicated routing rules (LP: 2007682)
- netplan: cli: fix typo from 'unkown' to 'unknown'
- meson: cli:utils: drop legacy generator path, use libexec instead
- meson: use meson_make_symlink.sh helper instead of install_symlink()
- ATTN: parser: validate lacp-rate properly (LP: 1745648)
- parser: demote the new lacp-rate check to warning
- Don't drop files with just global values on 'set' (LP: 2027584)
d/p/0020-netplan.c-Don-t-drop-files-with-just-global-values-o.patch
- Add parser support for WPA3 Personal (LP: 2023238)
- d/patches/lp2016473: Keyfile parsing for all tunnel types, LP: 2016473
- d/p/lp2021884: WireGuard: auto append prefix to allowed IPs, LP: 2021884
- d/p/lp1997467: Improve DEP-3 headers
- Fix some memory leaks (!297)
- parser: plug a memory leak (!309)
- src:parse: plug memory leaks in nullable handling (!319)
- Fix 'netplan ip leases' crash (!301), LP: 1996941
- tests: mock calls to systemctl (!314)
- ctests: fix an integer conversion issue (!315)
- docs: small fix on netplan-set doc (!316)
- parser: return the correct error on failure (!308), LP: 2000324
- apply: Fix crash when OVS is stopped (!307),LP: 1995598
- networkd: make sure VXLAN is in the right section (!310), LP: 2000713
- cli:set: update only specific origin-hint if given (!299), LP: 1997467
- vxlan: convert some settings to tristate (!311), LP: 2000712
- parser: check for route duplicates (!320), LP: 2003061
[CI]
- CI: make use of the canonical/setup-lxd action
- Add new spread based snapd integration test
- Add some integration tests for DBus
- CI: update canonical/setup-lxd to v0.1.1
- Makefile: fully cleanup coverage data
- spread.yaml: restore /etc/netplan for each test
- tests: Don't use duplicated DNS entries (LP: 2007682)
- rpm: Refresh packaging for 0.106 and sync from Fedora
- meson: Enable finding pycoverage on RPM based distributions
- Fix ethernets,vlans,scenarios autopkgtests on systemd 254
- Fix NetworkManager interaction with systemd v253
- Fix tunnels tests with iproute 6.4, using JSON interface
- d/t/prep-testbed.sh: stop NetworkManager, to start with a common state
- autopkgtest:regressions: Simplify assertions to avoid buffering races
d/p/0018-tests-regressions-simplify-assertions-to-avoid-buffe.patch
- Increase test timeouts to fix FTBFS on mips64el and riscv64
d/p/0012-meson-Increase-test-timeout-for-slow-architectures.patch
- debian/tests: Enforce more strict integration tests.
Also, resolve the systemd-resolved issue in ethernets test.
- Add d/p/0012-meson-Increase-test-timeout-for-slow-architectures.patch
To fix FTBFS due to test timeouts on mipsel, alpha, riscv64, sparc64
- debian/tests: Fix testbed timeout with systemd v253 (Closes: #1033265)
[Docs]
- Netplan docs rework (Part 2)
- Netplan docs rework
- Add a short netplan-everywhere howto
- Add Ubuntu Code of Conduct 2.0
- rtd: set the OS and Python versions explicitly
- docs: fix bridge parameters types and add examples
* d/rules,d/control,d/libnetplan.io.install,d/libnetplan-dev.install:
Make use of meson build system and enable hardening flags.
Ship netplan.pc file and copy netplan's systemd generator to LIBEXECDIR.
* d/control: bump Standards-Version to 4.6.2, no changes needed
* d/t/control: prepare Debian testbed
* d/control: Add python3-dbus, python3-rich deps, also CMocka and Pytest B-Ds
* d/watch: fix checking for upstream tags
* d/copyright: update for 2023
* d/source/: add lintian-overrides
* d/patches/: Drop patches, applied upstream
* d/control: Cleanup list of Uploaders.
* d/control: Update Lukas' DD email address
* Revert usrmerge packaging changes for stable series
* Add patches for SRU backwards compatbility
d/p/sru-compat/cli-status-Make-rich-pretty-printing-optional-388.patch
d/p/sru-compat/validation-avoid-new-yaml_error-in-SRU.patch
d/p/sru-compat/Avoid-unnecessary-export-of-API.patch
d/p/sru-compat/Revert-ovs-don-t-allow-peers-with-the-same-name.patch
d/p/sru-compat/parse-add-comment-about-OpenFlow16-deprecation.patch
* d/t/sru-compat: Add patches for Jammy LTS backwards compatibility
* Update symbols file for 0.106.1, avoiding any unnecessary exports
* d/control: Drop python3-rich dependency to Suggests
-- Lukas Märdian <slyon@ubuntu.com> Thu, 24 Aug 2023 12:11:14 +0200
netplan.io (0.105-0ubuntu2~22.04.3) jammy; urgency=medium
* Fix and improvements for the DBus integration (LP: #1997467)
Cherry-picked from upstream: https://github.com/canonical/netplan/pull/331
- d/p/lp1997467/0009-dbus-Build-the-copy-path-correctly.patch
Properly build the destination path before copying files in the dbus
integration and improve error handling
- d/p/lp1997467/0010-tests-Add-an-integration-test-for-netplan-dbus.patch
Add an integration test to exercise the code path where the issue was
addressed.
-- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Fri, 03 Mar 2023 13:14:22 +0000
netplan.io (0.105-0ubuntu2~22.04.2) jammy; urgency=medium
* d/p/lp1997467: set only specific origin-hint if given (LP: #1997467)
Cherry-picked from upstream: https://github.com/canonical/netplan/pull/299
- d/libnetplan0.symbols: Add netplan_parser_load_nullable_overrides() API
- d/p/0008-src-parse-plug-memory-leaks-in-nullable-handling.patch backport
upstream commit 40c53bb (memory leak fixup of PR#299)
-- Danilo Egea Gondolfo <danilo.egea.gondolfo@canonical.com> Mon, 13 Feb 2023 12:40:20 +0000
netplan.io (0.105-0ubuntu2~22.04.1) jammy; urgency=medium
* Backport netplan.io 0.105-0ubuntu2 to 22.04 (LP: #1988447)
- Add support for VXLAN tunnels (#288)
- Add support for VRF devices (#285)
- Add support for InfiniBand (IPoIB) (#283)
- Allow key configuration for GRE tunnels (#274)
- Allow setting the regulatory domain (#281)
- Documentation improvements & restructuring (#287)
- Add meson build system (#268)
- Add abigail ABI compatibility checker (#269)
- Update of Fedora RPM spec (#264)
- CI improvements (#265, #282)
- Netplan `set` uses the consolidated libnetplan YAML parser (#254)
- Refactor ConfigManager to use the libnetplan YAML parser (#255)
- New `netplan_netdef_get_filepath` API (#275)
- Improve NetworkManager device management logic (#276)
* Update symbols file for 0.105
* d/patches/: Drop patches, applied upstream
* d/p/autopkgtest-fixes.patch: Refresh
* d/control: bump Standards-Version, no changes needed
* d/control, d/tests/control: suggest/add iw for setting a regulatory domain
* d/control: merge with Debian, dropping deprecated versioned depends
* d/control: Update Vcs-* tags for Ubuntu
* d/watch: sync with Debian
* d/u/metadata: sync with Debian
* d/tests: partially merge with Debian
* d/t/control: SKIP Open vSwitch test if OVS is inactive in the test env
to fix armhf (LXD/container) autopkgtests
-- Lukas Märdian <slyon@ubuntu.com> Tue, 11 Oct 2022 14:58:36 +0200
netplan.io (0.104-0ubuntu2.1) jammy; urgency=medium
* Cherry-pick fix for rendering WPA3 password (8934a1b), LP: #1975576
+ d/p/0010-nm-fix-rendering-of-password-for-unknown-passthrough.patch
* Backport offloading tristate patches (LP: #1956264)
+ d/p/0003-Add-tristate-type-for-offload-options-LP-1956264-270.patch
+ d/p/0004-tests-ethernets-fix-autopkgtest-with-alternating-def.patch
+ d/t/control: add 'ethtool' test-dep for link offloading tests
-- Lukas Märdian <slyon@ubuntu.com> Wed, 29 Jun 2022 17:54:23 +0200
netplan.io (0.104-0ubuntu2) jammy; urgency=medium
* Pick upstream commit a4b70e7, to restart networkd if necessary (LP: #1962095)
-- Lukas Märdian <slyon@ubuntu.com> Thu, 10 Mar 2022 09:45:00 +0100
netplan.io (0.104-0ubuntu1) jammy; urgency=medium
* New upstream release: 0.104
- Enable 'embedded-switch-mode' setting on SmartNICs
- Permit multiple patterns for the driver globs in match (LP: #1918421)
- Improve routing capabilities (LP: #1892272, LP: #1805038)
- Support additional link offload options for networkd (LP: #1771740)
- Handle differing 'ip6-privacy' default value for NetworkManager
- YAML state tracking for DBus API and 'netplan try' (LP: #1943120)
- Support ConfigureWithoutCarrier ('ignore-carrier') for networkd
- Cleanup Makefile, install only public headers
- Netplan 'get' to use the libnetplan parser
- libnetplan:
+ introduce the notion of NetplanState
+ use an explicit parser context
+ expose coherent generator APIs
+ improve overall error handling
+ consolidation of YAML parsing into the library
ATTENTION:
- Restrict the symbol export to a determined public API
+ We dropped some internal symbols from the API that we know have no
external consumers, see upstream changelog for list of dropped symbols
Bug fixes:
- Fix removal of defunct OVS vlan interfaces (LP: #1959147)
- Make ConfigManager cleanup on destruction (LP: #1959729)
- Do not write unvalidated YAML from keyfile (LP: #1952967)
- Disable tmp address generation for real with NetworkManager (LP: #1948027)
- Ignore empty YAML hints, delete files on 'set network=null' (LP: #1946957)
- Wait for 'netplan try' to be ready in DBus API (LP: #1949893)
- Initialize self.state in 'apply' (LP: #1949104)
- Driver fallback to nl80211 and/or wext for wpa_supplicant (LP: #1814012)
- Handle missing 'gateway' in keyfile routes, keep 'dns-search' fallback
- Make it possible to unset a whole devtype subtree (LP: #1942930)
- Fix memory leaks, dangling pointers & overall cleanup of API data
* d/t/control: Add explicit wpasupplicant test Depends
* d/control: Improved glib (v2.70+-) compat
* d/control: Strict version dependency on libnetplan
* d/control: Bump standards version to 4.6.0, improve sections
* Mute false positive lintian warning
* d/patches/: Drop patches, applied upstream
* d/p/autopkgtest-fixes: Refresh
* d/libnetplan0.symbols: Add new symbols for 0.104
* d/libnetplan0.symbols: Drop (internal) legacy symbols
-- Lukas Märdian <slyon@ubuntu.com> Thu, 17 Feb 2022 12:46:23 +0100
# For older changelog entries, run 'apt-get changelog libnetplan0'
Generated by dwww version 1.14 on Tue May 6 13:33:16 CEST 2025.