From 6d4c387951b06f74baf730a1ea653a190942350d Mon Sep 17 00:00:00 2001
From: Mykola Malkov <mmalkov@sipwise.com>
Date: Thu, 31 Jul 2025 11:17:50 +0300
Subject: [PATCH] MT#62935 Update sysctl kernel.core_pattern for systemd
 247.3-7+deb11u7 security update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The systemd package got a security update in Debian bullseye, which
changed the systemd-coredump kernel sysctl core_pattern value (by
appending « %d»). This is part of the fix for CVE-2025-4598.

This has caused ngcp-system-tests to fail to match the new pattern,
so we need to adapt it for all currently support Debian bullseye
releases.

Ref: https://security-tracker.debian.org/tracker/CVE-2025-4598
Ref: https://github.com/systemd/systemd-stable/commit/2eb46dce078334805c547cbcf5e6462cf9d2f9f0
Change-Id: I531f197e47094321d688d425fb7f577b42fd7391
(cherry picked from commit 2abaac7e3c26c77a7d5b995d077cb195bb3610f3)
(cherry picked from commit d2c37223648f33a64c19e4d0e509cead8da512e2)
---
 templates/610_kernel-sysctl-params.yaml.tt2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/610_kernel-sysctl-params.yaml.tt2 b/templates/610_kernel-sysctl-params.yaml.tt2
index 4bc1d7d..d241266 100644
--- a/templates/610_kernel-sysctl-params.yaml.tt2
+++ b/templates/610_kernel-sysctl-params.yaml.tt2
@@ -4,7 +4,7 @@ kernel-param:
     value: "1"
 
   kernel.core_pattern:
-    value: "|/lib/systemd/systemd-coredump %P %u %g %s %t 9223372036854775808 %h"
+    value: "|/lib/systemd/systemd-coredump %P %u %g %s %t 9223372036854775808 %h %d"
 
   fs.suid_dumpable:
     value: "2"