[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Note that this shouldn't have been released to -updates: conntrack is in universe in vivid, making neutron uninstallable within main. I promoted conntrack in wily now. ** Tags added: regression-release ** Changed in: conntrack (Ubuntu) Status: Fix Committed = Fix Released ** Changed in: libnetfilter-cthelper (Ubuntu) Status: Fix Committed = Fix Released ** Changed in: libnetfilter-cttimeout (Ubuntu) Status: Fix Committed = Fix Released ** Changed in: libnetfilter-queue (Ubuntu) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Note that this shouldn't have been released to -updates: conntrack is in universe in vivid, making neutron uninstallable within main. I promoted conntrack in wily now. ** Tags added: regression-release ** Changed in: conntrack (Ubuntu) Status: Fix Committed = Fix Released ** Changed in: libnetfilter-cthelper (Ubuntu) Status: Fix Committed = Fix Released ** Changed in: libnetfilter-cttimeout (Ubuntu) Status: Fix Committed = Fix Released ** Changed in: libnetfilter-queue (Ubuntu) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to conntrack in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Branch linked: lp:ubuntu/neutron -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Branch linked: lp:ubuntu/neutron -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to conntrack in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to conntrack in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Hello James, or anyone else affected, Accepted neutron into vivid-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/neutron/1:2015.1.0-0ubuntu1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to conntrack in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Hello James, or anyone else affected, Accepted neutron into vivid-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/neutron/1:2015.1.0-0ubuntu1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Branch linked: lp:~ubuntu-server-dev/neutron/kilo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Branch linked: lp:~ubuntu-server-dev/neutron/kilo -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Conntrack is fine from my POV too. Approved. ** Changed in: conntrack (Ubuntu) Status: Confirmed = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Conntrack is fine from my POV too. Approved. ** Changed in: conntrack (Ubuntu) Status: Confirmed = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Thanks guys I'll see if the SRU team will let me squeeze this in as part of the stable release update for OpenStack Kilo next week. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Thanks guys I'll see if the SRU team will let me squeeze this in as part of the stable release update for OpenStack Kilo next week. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
I reviewed conntrack version 1:1.4.2-2ubuntu1 sa checked into ubuntu vivid. This should not be considered a full security audit but rather a quick gauge of maintainability. - conntrack provides both a connection tracking daemon that can interface with the Linux kernel's netfilter interfaces as well as an information-publishing tool that can provide better filtering of flow information than the /proc/ interfaces. The connection tracking daemon can be used to support HA stateful firewalls. - Build-Depends: autotools-dev, bison, debhelper, dh-systemd, flex, libmnl-dev, libnetfilter-conntrack-dev, libnetfilter-cthelper0-dev, libnetfilter-cttimeout-dev, libnetfilter-queue-dev, libnfnetlink-dev - pre/post inst/rm scripts have complicated mechanisms to handle previous configuration file locations and init.d vs systemd handling. Review by domain expert would be welcome. - initscript and systemd service file look reasonable enough - No dbus services - No setuid binaries - Provides conntrack, conntrackd, nfct binaries - No sudo fragments - No udev rules - No cronjobs - No test suite run during build - No subprocesses spawned - Memory management looks careful - Few files opened; log files, configuration file, /proc/sys/net/netfilter/nf_conntrack_count - Logging looked careful - No environment variable use - A handful of privileged operations are used, but the entirety of the package does privileged operations - No cryptography - Extensive netlink use; conntrackd can communicate with other conntrackd instances on other hosts, requires a private privileged network. Can spawn helpers to inspect and modify packets -- helpers are provided for ftp, rpc, and tns. (Helpers looked careful, though this kind of code is prone to mistakes. I'd love to see privilege separation / seccomp kinds of things for userspace helpers.) - No tempory file handling - No webkit - No javascript - No policykit - Clean cppcheck Here's a few issues I found while reviewing this package, in the hopes these findings are useful: - nfct_helper_free() in libnetfilter-cthelper has a use-after-free bug that may result in sigsegv: http://www.openwall.com/lists/oss-security/2015/04/22/5 A fix has already been pushed to upstream git, this may be worth an SRU - nfq_queue_cb() leaks myct if pktb_alloc(), helper_run(), or pkt_verdict_issue() return failures - fork_process_new() will leak struct child_process c if the fork() fails - I'm concerned that the daemon closes stderr and stdout before starting its main loop; there are many printf() and printf(stderr) calls in the codebase. Making sure that stdout and stderr refer to something useful at any given point is difficult. I suggest duping /dev/null to those descriptors if they are truly not going to used in the life of the daemon. There's also an issue in the packaging, the binaries are not built PIE. I realize it is too late to make them PIE before the release of vivid, so please ensure this is handled shortly after the U series is opened, so that it is not forgotten. Security team ACK for promoting conntrack to main. Thanks ** Changed in: conntrack (Ubuntu) Assignee: Seth Arnold (seth-arnold) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
I reviewed conntrack version 1:1.4.2-2ubuntu1 sa checked into ubuntu vivid. This should not be considered a full security audit but rather a quick gauge of maintainability. - conntrack provides both a connection tracking daemon that can interface with the Linux kernel's netfilter interfaces as well as an information-publishing tool that can provide better filtering of flow information than the /proc/ interfaces. The connection tracking daemon can be used to support HA stateful firewalls. - Build-Depends: autotools-dev, bison, debhelper, dh-systemd, flex, libmnl-dev, libnetfilter-conntrack-dev, libnetfilter-cthelper0-dev, libnetfilter-cttimeout-dev, libnetfilter-queue-dev, libnfnetlink-dev - pre/post inst/rm scripts have complicated mechanisms to handle previous configuration file locations and init.d vs systemd handling. Review by domain expert would be welcome. - initscript and systemd service file look reasonable enough - No dbus services - No setuid binaries - Provides conntrack, conntrackd, nfct binaries - No sudo fragments - No udev rules - No cronjobs - No test suite run during build - No subprocesses spawned - Memory management looks careful - Few files opened; log files, configuration file, /proc/sys/net/netfilter/nf_conntrack_count - Logging looked careful - No environment variable use - A handful of privileged operations are used, but the entirety of the package does privileged operations - No cryptography - Extensive netlink use; conntrackd can communicate with other conntrackd instances on other hosts, requires a private privileged network. Can spawn helpers to inspect and modify packets -- helpers are provided for ftp, rpc, and tns. (Helpers looked careful, though this kind of code is prone to mistakes. I'd love to see privilege separation / seccomp kinds of things for userspace helpers.) - No tempory file handling - No webkit - No javascript - No policykit - Clean cppcheck Here's a few issues I found while reviewing this package, in the hopes these findings are useful: - nfct_helper_free() in libnetfilter-cthelper has a use-after-free bug that may result in sigsegv: http://www.openwall.com/lists/oss-security/2015/04/22/5 A fix has already been pushed to upstream git, this may be worth an SRU - nfq_queue_cb() leaks myct if pktb_alloc(), helper_run(), or pkt_verdict_issue() return failures - fork_process_new() will leak struct child_process c if the fork() fails - I'm concerned that the daemon closes stderr and stdout before starting its main loop; there are many printf() and printf(stderr) calls in the codebase. Making sure that stdout and stderr refer to something useful at any given point is difficult. I suggest duping /dev/null to those descriptors if they are truly not going to used in the life of the daemon. There's also an issue in the packaging, the binaries are not built PIE. I realize it is too late to make them PIE before the release of vivid, so please ensure this is handled shortly after the U series is opened, so that it is not forgotten. Security team ACK for promoting conntrack to main. Thanks ** Changed in: conntrack (Ubuntu) Assignee: Seth Arnold (seth-arnold) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: conntrack (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: conntrack (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
@Jamie Please can conntrack be reviewed; I'd like to enable this feature for Vivid/Kilo asap. Thanks! ** Changed in: conntrack (Ubuntu) Milestone: ubuntu-15.02 = ubuntu-15.01 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
@Jamie Please can conntrack be reviewed; I'd like to enable this feature for Vivid/Kilo asap. Thanks! ** Changed in: conntrack (Ubuntu) Milestone: ubuntu-15.02 = ubuntu-15.01 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Changed in: conntrack (Ubuntu) Assignee: Jamie Strandboge (jdstrand) = Seth Arnold (seth-arnold) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Changed in: conntrack (Ubuntu) Assignee: Jamie Strandboge (jdstrand) = Seth Arnold (seth-arnold) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Changed in: conntrack (Ubuntu) Milestone: None = ubuntu-15.02 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
** Changed in: conntrack (Ubuntu) Milestone: None = ubuntu-15.02 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
ubuntu-server subscribed to bug mail for all packages. ** Changed in: conntrack (Ubuntu) Importance: Undecided = Medium ** Changed in: libnetfilter-cthelper (Ubuntu) Importance: Undecided = Medium ** Changed in: libnetfilter-cttimeout (Ubuntu) Importance: Undecided = Medium ** Changed in: libnetfilter-queue (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Holding off adding this as a package dependency until the MIR team ack that can accommodate this so late in cycle (apologies for that). This is to support a new feature in neutron which is important from an HA perspective; users can obviously still just install conntrack manually but it would be nice to have this added to main to get security support etc... -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
I've bumped in the 1.4.2 release of conntrack into utopic. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
libnetfilter-queue: is fine. Would be nice to see tests, but upstream doesn't provide them. It also should use ${misc:Pre-Depends} instead of hardcoding its pre-depends, since it is missing Pre-Depends: multiarch- support for the library package. But not a blocker, just a bit of sloppiness. ** Changed in: libnetfilter-queue (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Oh also, for all three of these libraries, it would be great if they provided symbols files. Could you maybe suggest that to the Debian maintainers / file bugs? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
libnetfilter-cttimeout is fine too. Again, small package that could easily have a few tests, but upstream doesn't provide them, so ah well. ** Changed in: libnetfilter-cttimeout (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
cthelper is also fine. ** Changed in: libnetfilter-cthelper (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
conntrack seems like it'll need a security team look. Passing to Jamie. ** Changed in: conntrack (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnetfilter-cthelper in Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
All packages are pretty much up-to-date with upstream aside from conntrack itself which is a patch release older than that in Debian/upstream. ** Description changed: conntrack: Availability: in universe Rationale: new dependency for openstack neutron to support HA routers with connection state tracking Security: Looks OK - http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=conntrack - Quality assurance: + Quality assurance: No upstream test suite, packaging generall looks OK Dependencies: all in main aside from those on this bug report. Standards compliance: OK Maintenance: Server Team libnetfilter-cttimeout: Availability: in universe Rationale: dependency for conntrack Security: Looks OK - http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=netfilter-cttimeout - Quality assurance: + Quality assurance: No upstream test suite, packaging generall looks OK Dependencies: all in main aside from those on this bug report. Standards compliance: OK Maintenance: Server Team libnetfilter-cthelper: Availability: in universe Rationale: dependency for conntrack Security: Looks OK - http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=netfilter-cthelper - Quality assurance: + Quality assurance: No upstream test suite, packaging generall looks OK Dependencies: all in main aside from those on this bug report. Standards compliance: OK Maintenance: Server Team libnetfilter-queue: Availability: in universe Rationale: dependency for conntrack Security: Looks OK - http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=netfilter-queue - Quality assurance: + Quality assurance: No upstream test suite, packaging generall looks OK Dependencies: all in main aside from those on this bug report. Standards compliance: OK Maintenance: Server Team ** Description changed: conntrack: Availability: in universe Rationale: new dependency for openstack neutron to support HA routers with connection state tracking Security: Looks OK - http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=conntrack - Quality assurance: No upstream test suite, packaging generall looks OK + Quality assurance: No upstream test suite, packaging generally looks OK Dependencies: all in main aside from those on this bug report. Standards compliance: OK Maintenance: Server Team libnetfilter-cttimeout: Availability: in universe Rationale: dependency for conntrack Security: Looks OK - http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=netfilter-cttimeout - Quality assurance: No upstream test suite, packaging generall looks OK + Quality assurance: No upstream test suite, packaging generally looks OK Dependencies: all in main aside from those on this bug report. Standards compliance: OK Maintenance: Server Team libnetfilter-cthelper: Availability: in universe Rationale: dependency for conntrack Security: Looks OK - http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=netfilter-cthelper - Quality assurance: No upstream test suite, packaging generall looks OK + Quality assurance: No upstream test suite, packaging generally looks OK Dependencies: all in main aside from those on this bug report. Standards compliance: OK Maintenance: Server Team libnetfilter-queue: Availability: in universe Rationale: dependency for conntrack Security: Looks OK - http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=netfilter-queue - Quality assurance: No upstream test suite, packaging generall looks OK + Quality assurance: No upstream test suite, packaging generally looks OK Dependencies: all in main aside from those on this bug report. Standards compliance: OK Maintenance: Server Team -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
ubuntu-server subscribed to bug mail for all packages. ** Changed in: conntrack (Ubuntu) Importance: Undecided = Medium ** Changed in: libnetfilter-cthelper (Ubuntu) Importance: Undecided = Medium ** Changed in: libnetfilter-cttimeout (Ubuntu) Importance: Undecided = Medium ** Changed in: libnetfilter-queue (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Holding off adding this as a package dependency until the MIR team ack that can accommodate this so late in cycle (apologies for that). This is to support a new feature in neutron which is important from an HA perspective; users can obviously still just install conntrack manually but it would be nice to have this added to main to get security support etc... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
I've bumped in the 1.4.2 release of conntrack into utopic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
libnetfilter-queue: is fine. Would be nice to see tests, but upstream doesn't provide them. It also should use ${misc:Pre-Depends} instead of hardcoding its pre-depends, since it is missing Pre-Depends: multiarch- support for the library package. But not a blocker, just a bit of sloppiness. ** Changed in: libnetfilter-queue (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
Oh also, for all three of these libraries, it would be great if they provided symbols files. Could you maybe suggest that to the Debian maintainers / file bugs? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
libnetfilter-cttimeout is fine too. Again, small package that could easily have a few tests, but upstream doesn't provide them, so ah well. ** Changed in: libnetfilter-cttimeout (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
cthelper is also fine. ** Changed in: libnetfilter-cthelper (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1381450] Re: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper
conntrack seems like it'll need a security team look. Passing to Jamie. ** Changed in: conntrack (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381450 Title: [MIR] conntrack, libnetfilter-queue, libnetfilter-cttimeout, libnetfilter-cthelper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/conntrack/+bug/1381450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs