Your message dated Sun, 07 Jul 2019 16:00:21 +0000
with message-id <[email protected]>
and subject line Bug#929527: fixed in iptables 1.8.3-1~exp1
has caused the Debian Bug report #929527,
regarding /usr/sbin/xtables-nft-multi: restoring IP Tables with an self-defined
chain segfaults in libnftnl.so
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
929527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929527
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: iptables
Version: 1.8.2-4
Severity: grave
File: /usr/sbin/xtables-nft-multi
Justification: renders package unusable by segfaulting on usage
Dear Maintainer,
First, it may be that this should be actually filed against nftables,
so I'd like to say sorry in advance if made noise to the wrong people.
Anyway, on a Debian Stretch system installed from latest weekly ISO
restoring a relative simple IP Table with a single "intermediate" chain
causes a segfaul and no restoration of said table.
Reproducer:
# cat simple-segv-table
*filter
:NEW-OUTPUT - [0:0]
-A OUTPUT -j NEW-OUTPUT
-F NEW-OUTPUT
-A NEW-OUTPUT -j ACCEPT
COMMIT
# iptables ./simple-segv-table
Segmentation fault
# dmesg | tail -1
[12860.813350] traps: iptables-restor[19173] general protection ip:7f4894682793
sp:7ffcedc177d0 error:0 in libnftnl.so.11.0.0[7f4894677000+17000]
# addr2line -e /usr/lib/x86_64-linux-gnu/libnftnl.so.11.0.0 -fCi $(printf "%x"
$[0x7f2cb9882793 - 0x7f2cb9877000])
nftnl_batch_is_supported
??:?
(hope that my addr2line foo isn't to much off)
Above example works just fine on a Debian Stretch 9.9 based machine.
As intially I produced this on a, let's say, far from minimal and a bit
Frankenstein'ed Buster, I installed the netinst weekly ISO again in a
QEMU/KVM backed VM, same outcome.
As said, this may well be an issue in the linked libnftnl shared
library, but could also be an issue from how iptables uses it, as I
produced the error by calling into a iptables provided binary I choose
to report it here (not sure if one can report against multiple
packages).
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages iptables depends on:
ii libc6 2.28-10
ii libip4tc0 1.8.2-4
ii libip6tc0 1.8.2-4
ii libiptc0 1.8.2-4
ii libmnl0 1.0.4-2
ii libnetfilter-conntrack3 1.0.7-1
ii libnfnetlink0 1.0.1-3+b1
ii libnftnl11 1.1.2-2
ii libxtables12 1.8.2-4
Versions of packages iptables recommends:
ii nftables 0.9.0-2
Versions of packages iptables suggests:
ii kmod 26-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: iptables
Source-Version: 1.8.3-1~exp1
We believe that the bug you reported is fixed in the latest version of
iptables, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arturo Borrero Gonzalez <[email protected]> (supplier of updated iptables
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 May 2019 12:34:08 +0200
Source: iptables
Binary: iptables iptables-dbgsym iptables-dev libip4tc-dev libip4tc2
libip4tc2-dbgsym libip6tc-dev libip6tc2 libip6tc2-dbgsym libiptc-dev libiptc0
libiptc0-dbgsym libxtables-dev libxtables12 libxtables12-dbgsym
Architecture: source amd64
Version: 1.8.3-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Netfilter Packaging Team
<[email protected]>
Changed-By: Arturo Borrero Gonzalez <[email protected]>
Description:
iptables - administration tools for packet filtering and NAT
iptables-dev - transitional dummy package
libip4tc-dev - Development files for libip4tc
libip4tc2 - netfilter libip4tc library
libip6tc-dev - Development files for libip6tc
libip6tc2 - netfilter libip6tc library
libiptc-dev - Development files for libiptc
libiptc0 - netfilter libiptc library
libxtables-dev - netfilter xtables library -- development files
libxtables12 - netfilter xtables library
Closes: 929527
Changes:
iptables (1.8.3-1~exp1) experimental; urgency=medium
.
* [89c92f0] New upstream version 1.8.3 (Closes: #929527)
* [7c34195] iptables: bump dependency on libnftnl to >= 1.1.3
* [ab1a5b7] d/patches: refresh 0104-lintian_hyphens.patch
* [3771b10] d/patches: refresh 0201-660748-iptables_apply_man.patch
* [97d6c1a] d/patches: refresh 0301-install_iptables_apply.patch
* [dd6d2e6] d/patches: drop format-security_fixes_in_libip[6]t_icmp.patch
* [6f0e55f] d/patches: drop bug_922973.patch
* [5d1950b] libip6tc: bump SONAME from 0 to 2
* [cf5f265] libip4tc: bump SONAME from 0 to 2
Checksums-Sha1:
583377ebcc391c44171cc84199e6b9a061105b9a 2730 iptables_1.8.3-1~exp1.dsc
6df99e90cb4d59032ab2050ebb426fe065249bd3 716257 iptables_1.8.3.orig.tar.bz2
1dad630a6f05954423930f564d18f54a6875947a 64456
iptables_1.8.3-1~exp1.debian.tar.xz
2bf0a17655f0dc3e275eb58a73dec3e7e88f29be 1551900
iptables-dbgsym_1.8.3-1~exp1_amd64.deb
c893052869725803d0951b1f3e97fff1643bc8cb 58268
iptables-dev_1.8.3-1~exp1_amd64.deb
e027a61593362b9b9e549be35955ab1464086585 9559
iptables_1.8.3-1~exp1_amd64.buildinfo
99a1baae7ae3e8de44e436c5cc83b925f5bf69df 417972 iptables_1.8.3-1~exp1_amd64.deb
5377aa3863e3680964f5bdb252a075a27a2a5f71 58640
libip4tc-dev_1.8.3-1~exp1_amd64.deb
bcbc37713f8e0fd53b8892667c4f2b75b4f78db4 42856
libip4tc2-dbgsym_1.8.3-1~exp1_amd64.deb
74a678b93116bd7d21981ff61694983e1a92e998 70336 libip4tc2_1.8.3-1~exp1_amd64.deb
11f6969e7e0698e3b2be84dc5cc4f6838c57e900 60104
libip6tc-dev_1.8.3-1~exp1_amd64.deb
fefef89db802ad52ba36e0348ed8c6f223a6a8ff 43472
libip6tc2-dbgsym_1.8.3-1~exp1_amd64.deb
53752ebac551f7452e4406d0be525f4127b407ac 70624 libip6tc2_1.8.3-1~exp1_amd64.deb
bd45080d1b8fd1ec7facabec2ae5773dbe7c6c4b 60752
libiptc-dev_1.8.3-1~exp1_amd64.deb
3fc8da35fc28d9f9d405ca4a3ddd27babff5c622 1952
libiptc0-dbgsym_1.8.3-1~exp1_amd64.deb
9efa93313b28bda4b606b68136db11fa9b0d7022 59712 libiptc0_1.8.3-1~exp1_amd64.deb
8c7af3643b35bd8013598a4c874bbed23f90623e 63988
libxtables-dev_1.8.3-1~exp1_amd64.deb
acfa6c8fc430bbf4f9d5b61450c6bc58ceb296c9 67432
libxtables12-dbgsym_1.8.3-1~exp1_amd64.deb
eb28320433b73948c68390afccc95a27e64ebc33 80280
libxtables12_1.8.3-1~exp1_amd64.deb
Checksums-Sha256:
81e2a82fbc637eb179afc615737edacc3207aab34f61dc9b3cc5c06a1f6d6cd2 2730
iptables_1.8.3-1~exp1.dsc
a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80 716257
iptables_1.8.3.orig.tar.bz2
2ce38ae8996195a84f73fac9bb6ff911cfb64d7510eca88f78d32f956faec1b1 64456
iptables_1.8.3-1~exp1.debian.tar.xz
059cb83a9fb15d724d446e51337634cf7edbbbd55616ff26620654a9e478e96b 1551900
iptables-dbgsym_1.8.3-1~exp1_amd64.deb
0b12c8774ef51fe4547b95c15340e89be42f71196a40eba23c26d325a95ad779 58268
iptables-dev_1.8.3-1~exp1_amd64.deb
f9851e042517bac2d0efdcb9974ea1195f8b5f8cbeccc05d352cfba0dae76cfc 9559
iptables_1.8.3-1~exp1_amd64.buildinfo
2b1ef87254f7ca0aeaca414ba6d3786903c219a6830369abe2adf99a4d7242e1 417972
iptables_1.8.3-1~exp1_amd64.deb
174bf95dbbf9cc902fd7b4e1bafc29c010b13a7a0a54c4d67d5e480e63ac5eab 58640
libip4tc-dev_1.8.3-1~exp1_amd64.deb
cfc5c9d16f3a96ac36119cfd75298ef4bdc21783754a5c5ae924b3e9aa7f75a3 42856
libip4tc2-dbgsym_1.8.3-1~exp1_amd64.deb
3e93c76315bd5e55acf5581fe324c78d6cbeac7d53b3c9f9f6768d06756104f6 70336
libip4tc2_1.8.3-1~exp1_amd64.deb
deceb05cbffff40ad556415f4f1496c321857dd9a6e8edb7bc718f1b59570a99 60104
libip6tc-dev_1.8.3-1~exp1_amd64.deb
cee7ffa0c7198efbe1d803254e58ce30e1fd06a7ce7a4d495ab8c6158c7223f6 43472
libip6tc2-dbgsym_1.8.3-1~exp1_amd64.deb
f9010a2bf08288bf57df2eb6c905f2ad7a230f7e0ad21bbbf366ffd7be39bac7 70624
libip6tc2_1.8.3-1~exp1_amd64.deb
9d5c195434880a130a34b4f60cb4b62bc779805d763a521700b373a2f93b79a2 60752
libiptc-dev_1.8.3-1~exp1_amd64.deb
eb19ba18a93a9b3c111e524134466270b57b2da8d5d931273c77c24dd4e4fcb7 1952
libiptc0-dbgsym_1.8.3-1~exp1_amd64.deb
72918cb380ae4af5869c0991ad09dee339e91334f389066466055c179ca2a50a 59712
libiptc0_1.8.3-1~exp1_amd64.deb
d3bc31045265431b9b2c3deb41c41e3a9c3717cf239df5f9be5318f2c4f35160 63988
libxtables-dev_1.8.3-1~exp1_amd64.deb
4b37eeb073fea6a425f883dd663dc28265d456aa8a36ebd90720e0801bee5805 67432
libxtables12-dbgsym_1.8.3-1~exp1_amd64.deb
153a7672b28adcae5202d3017d3b08c7b68dd7ef689a3a5c58ca924bbb1edf5b 80280
libxtables12_1.8.3-1~exp1_amd64.deb
Files:
0a51a77fa959e2dec50d1c64a833e2b6 2730 net important iptables_1.8.3-1~exp1.dsc
29de711d15c040c402cf3038c69ff513 716257 net important
iptables_1.8.3.orig.tar.bz2
115ef5c969241032dad87bd8ea0cd494 64456 net important
iptables_1.8.3-1~exp1.debian.tar.xz
c3146ad68ae8d5e0c31cf0cdd3308f3c 1551900 debug optional
iptables-dbgsym_1.8.3-1~exp1_amd64.deb
21ab95852e236dad07548fa8461a9d33 58268 oldlibs optional
iptables-dev_1.8.3-1~exp1_amd64.deb
9904d0031609f37c69b905d7a001559c 9559 net important
iptables_1.8.3-1~exp1_amd64.buildinfo
d61eba62c4a5e914ab3ae2f93cd3ccb3 417972 net important
iptables_1.8.3-1~exp1_amd64.deb
36640816b4def6069a5aa23604fa3563 58640 libdevel optional
libip4tc-dev_1.8.3-1~exp1_amd64.deb
284424816c5bdc844e0dac1e62d5f0ab 42856 debug optional
libip4tc2-dbgsym_1.8.3-1~exp1_amd64.deb
a6944aa357e749de9516076ce37ad73d 70336 libs optional
libip4tc2_1.8.3-1~exp1_amd64.deb
db702f7b49bc9b762455b395a285db19 60104 libdevel optional
libip6tc-dev_1.8.3-1~exp1_amd64.deb
35d187d46b9f631919c4249b09540b94 43472 debug optional
libip6tc2-dbgsym_1.8.3-1~exp1_amd64.deb
d3d454d3ef6236c662655cad9d3aec18 70624 libs optional
libip6tc2_1.8.3-1~exp1_amd64.deb
38779d3dd1bd7a483bf052308f483ac4 60752 libdevel optional
libiptc-dev_1.8.3-1~exp1_amd64.deb
899937617b4e90e28a94d321f4debc3a 1952 debug optional
libiptc0-dbgsym_1.8.3-1~exp1_amd64.deb
138ae5cc94dee1c47588c8cfd148f663 59712 libs optional
libiptc0_1.8.3-1~exp1_amd64.deb
083fee28966da0a9f83e96b756626c34 63988 libdevel optional
libxtables-dev_1.8.3-1~exp1_amd64.deb
00f9c8b2a877016190104fe6d8938b5d 67432 debug optional
libxtables12-dbgsym_1.8.3-1~exp1_amd64.deb
cda5c62734ee127df4b78beec5e3b492 80280 libs optional
libxtables12_1.8.3-1~exp1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE3ZhhqyPcMzOJLgepaOcTmB0VFfgFAlztGDgACgkQaOcTmB0V
Ffj25Q//TYe2wiwNHEvtmCbQtf7HWBB017d5Rbh6T9Zg1uck0jXrzzcNX5mCKb57
J06ilF+F2eSm7LPswv6MGHkqCGvYHrMZmlqpgx5Al4hLpd/B4SHEDpjlgTDI+kqO
S/zfBJNzzv9ZOlqKzBtolrsNFoUB08h4feF768EHE1WhBLwqsUPZWoegTZkS4132
7wU0W+dnfjYa6gRVKrkU8m8KbOW7XDKImh0625N7BcdZfMqnqjbXXllSeJTr30yX
dbdACENO5UDWmdukaTt+Is65DXV2iFZ6wDNCUo/6GDKcGLhWkp7yY/q4/7Ryw6N5
n4dP10eURZrAwoZw9r79Vlf4YN/0ICiUk5y9mOct2cyDNzM9eV3XPwG2OwObDzV0
I4t40WoYlm7fl330vGJXJhBHnwe3r7Ft0v3qB8y7wAdm2jbxBg0eGwuI1ED/IwA2
I4MyFXnn7+83/eTgeTDt9GCYDYQvBE31GYegvzPsMS6cNREirUtXdgQpbj2oWsp2
Kuxm0Aa7pgESTTfjFL0g3uocP8jW/HQ7ZGX53+nKf6RVY62FJpXv8PwdrxV5+PLg
QRUZj9NhYZHPzK3eYum+vU4tMMlycfTHEc9SuLMttaXmoRhoOyqkkUaQ+76oBbc4
BDuds1a1t25jsIsXrlmyWa1pkivdMOD6vTvlvdOVlR1K1Kr/6pY=
=Rd9+
-----END PGP SIGNATURE-----
--- End Message ---
