[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
This bug was fixed in the package iptables - 1.8.5-3ubuntu1 --- iptables (1.8.5-3ubuntu1) groovy; urgency=medium * Merge with Debian unstable (LP: #1894195). Remaining changes: - debian/control: correct Breaks/Replaces for ipt_kernel_headers.h move from libiptc-dev to libip4tc-dev - debian/control: add linuxdoc-tools dep - 9000-howtos.patch: add howtos/ and install them - 9002-libxt_recent-Add-support-for-reap-option.patch: Some changes are upstream, patch needed for additional reap option checks. - debian/iptables-dev.doc-base.netfilter-extensions, debian/iptables-dev.doc-base.netfilter-hacking, debian/iptables.doc-base.nat, debian/iptables.doc-base.packet-filter: add howtos - Demote nftables from Recommends to Suggests for groovy. - autopkgtest: allow-stderr on command9 to fix regression iptables (1.8.5-3) unstable; urgency=medium * [2d587e5] src:iptables: bump build-dep version on libnftnl to 1.1.6 iptables (1.8.5-2) unstable; urgency=medium [ Alberto Molina Coballes ] * [d90516d] d/control: modify breaks and replaces fields (Closes: #949576) * [4754a45] d/not-installed: arch independ files * [780330f] d/tests/control: Run iptables-legacy-* tests explicitly [ Arturo Borrero Gonzalez ] * [6fb6557] d/patches: add -upstream-fix-xtables-translate.patch (Closes: #962724) iptables (1.8.5-1) unstable; urgency=medium [ Debian Janitor ] * [c3deeb3] Wrap long lines in changelog entries: 1.8.2-1, 1.8.0-1~exp1, 1.6.0-1. * [214468e] Update standards version to 4.5.0, no changes needed. [ Arturo Borrero Gonzalez ] * [eb1d7c5] New upstream version 1.8.5 (Closes: #950535) * [7a119db] d/patches: drop all patches * [ec63c87] libxtables12.symbols: add new symbol * [4056ce6] iptables: bump debhelper-compat to 13 -- Alex Murray Mon, 21 Sep 2020 17:21:46 +0930 ** Changed in: iptables (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894195 Title: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
** Changed in: iptables (Ubuntu) Status: New => Fix Committed ** Changed in: iptables (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894195 Title: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
Right, yes, please do go ahead. It was pointed out before that this would be desirable after we switched away from -legacy due to the nature of the fixes. I had thought from the diff of debian/tests/control that the test coverage of the nft backend was being reduced, but then I took a look at https://salsa.debian.org/pkg-netfilter-team/pkg- iptables/-/blob/master/debian/tests/control and actually both are being tested explicitly, so that seems sensible. I'm certainly not fully competent to assess the entire impact here. A suggestion: maybe the server team could be asked to give it a round of extra testing / eyes after upload? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894195 Title: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
Good point about the changelog - I have removed that line and rebuilt. Attaching the debdiff here for the release team to review. ** Patch added: "iptables_1.8.5-3ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+attachment/5413736/+files/iptables_1.8.5-3ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894195 Title: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
I tested it and also backported for focal in my PPA ( https://launchpad.net/~oibaf/+archive/ubuntu/test/+packages?field.name_filter=_filter=published_filter=focal ): it works as intended. I think this should be removed from the 1.8.5-3ubuntu1 changelog: * Merge with Debian unstable. Remaining changes: - Swap alternative priority and prefer nftables backend over legacy Since this change is also available in Debian. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894195 Title: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
I have done the merge and uploaded it to the security-proposed PPA - https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa - and have confirmed the iptables autopkgtest tests all pass as well as the ufw tests. Oibaf - since you requested this, would you be able to also test this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894195 Title: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
I've attached the upstream changelog. The upstream release contains a lot of fixes for nftables but also rewrites and fixes in other areas. Landing the merge does have risks, but IMO it would be better ship it in 20.10 than the current version. I've asked the Security Team in June if they could merge the new upstream from Debian, but they could not find time for that AFAIK. I\m +1 on the FFe, but someone still needs to actually do the merge and landing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894195 Title: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
** Attachment added: "changes-iptables-1.8.5.txt" https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+attachment/5411820/+files/changes-iptables-1.8.5.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894195 Title: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1894195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
** Description changed: Please merge iptables 1.8.5-3 (main) from Debian sid (main) Explanation of FeatureFreeze exception: - Current iptables is using the same upstream version in focal, which had problem with the nft backend and was then reverted to the legacy backend. - 1.8.5 has many fixed for the -nft backend. + Current iptables is using the same upstream version in focal, which had problems with the nft backend and was then reverted to the legacy backend. + 1.8.5 has many fixed for the nft backend. + For example these Debian bugs are fixed in 1.8.5: + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950535 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961117 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968457 Please merge it. Changelog entries since current groovy version 1.8.4-3ubuntu3: iptables (1.8.5-3) unstable; urgency=medium - * [2d587e5] src:iptables: bump build-dep version on libnftnl to 1.1.6 + * [2d587e5] src:iptables: bump build-dep version on libnftnl to 1.1.6 - -- Arturo Borrero Gonzalez Tue, 25 Aug 2020 + -- Arturo Borrero Gonzalez Tue, 25 Aug 2020 11:56:55 +0200 iptables (1.8.5-2) unstable; urgency=medium - [ Alberto Molina Coballes ] - * [d90516d] d/control: modify breaks and replaces fields (Closes: #949576) - * [4754a45] d/not-installed: arch independ files - * [780330f] d/tests/control: Run iptables-legacy-* tests explicitly + [ Alberto Molina Coballes ] + * [d90516d] d/control: modify breaks and replaces fields (Closes: #949576) + * [4754a45] d/not-installed: arch independ files + * [780330f] d/tests/control: Run iptables-legacy-* tests explicitly - [ Arturo Borrero Gonzalez ] - * [6fb6557] d/patches: add -upstream-fix-xtables-translate.patch - (Closes: #962724) + [ Arturo Borrero Gonzalez ] + * [6fb6557] d/patches: add -upstream-fix-xtables-translate.patch + (Closes: #962724) - -- Arturo Borrero Gonzalez Wed, 24 Jun 2020 + -- Arturo Borrero Gonzalez Wed, 24 Jun 2020 10:56:19 +0200 iptables (1.8.5-1) unstable; urgency=medium - [ Debian Janitor ] - * [c3deeb3] Wrap long lines in changelog entries: 1.8.2-1, 1.8.0-1~exp1, - 1.6.0-1. - * [214468e] Update standards version to 4.5.0, no changes needed. + [ Debian Janitor ] + * [c3deeb3] Wrap long lines in changelog entries: 1.8.2-1, 1.8.0-1~exp1, + 1.6.0-1. + * [214468e] Update standards version to 4.5.0, no changes needed. - [ Arturo Borrero Gonzalez ] - * [eb1d7c5] New upstream version 1.8.5 (Closes: #950535) - * [7a119db] d/patches: drop all patches - * [ec63c87] libxtables12.symbols: add new symbol - * [4056ce6] iptables: bump debhelper-compat to 13 + [ Arturo Borrero Gonzalez ] + * [eb1d7c5] New upstream version 1.8.5 (Closes: #950535) + * [7a119db] d/patches: drop all patches + * [ec63c87] libxtables12.symbols: add new symbol + * [4056ce6] iptables: bump debhelper-compat to 13 - -- Arturo Borrero Gonzalez Thu, 04 Jun 2020 + -- Arturo Borrero Gonzalez Thu, 04 Jun 2020 13:33:22 +0200 ** Description changed: Please merge iptables 1.8.5-3 (main) from Debian sid (main) Explanation of FeatureFreeze exception: Current iptables is using the same upstream version in focal, which had problems with the nft backend and was then reverted to the legacy backend. - 1.8.5 has many fixed for the nft backend. - For example these Debian bugs are fixed in 1.8.5: + 1.8.5 has many fixes for the nft backend. For example these Debian bugs are fixed in 1.8.5: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950535 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961117 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968457 Please merge it. Changelog entries since current groovy version 1.8.4-3ubuntu3: iptables (1.8.5-3) unstable; urgency=medium * [2d587e5] src:iptables: bump build-dep version on libnftnl to 1.1.6 -- Arturo Borrero Gonzalez Tue, 25 Aug 2020 11:56:55 +0200 iptables (1.8.5-2) unstable; urgency=medium [ Alberto Molina Coballes ] * [d90516d] d/control: modify breaks and replaces fields (Closes: #949576) * [4754a45] d/not-installed: arch independ files * [780330f] d/tests/control: Run iptables-legacy-* tests explicitly [ Arturo Borrero Gonzalez ] * [6fb6557] d/patches: add -upstream-fix-xtables-translate.patch (Closes: #962724) -- Arturo Borrero Gonzalez Wed, 24 Jun 2020 10:56:19 +0200 iptables (1.8.5-1) unstable; urgency=medium [ Debian Janitor ] * [c3deeb3] Wrap long lines in changelog entries: 1.8.2-1, 1.8.0-1~exp1, 1.6.0-1. * [214468e] Update standards version to 4.5.0, no changes needed. [ Arturo Borrero Gonzalez ] * [eb1d7c5] New upstream version 1.8.5 (Closes: #950535) * [7a119db] d/patches: drop all patches * [ec63c87] libxtables12.symbols: add new symbol * [4056ce6] iptables: bump debhelper-compat to 13 --