FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
iptables (Ubuntu) |
Fix Released
|
Undecided
|
Alex Murray |
Bug Description
Please merge iptables 1.8.5-3 (main) from Debian sid (main)
Explanation of FeatureFreeze exception:
Current iptables is using the same upstream version in focal, which had problems with the nft backend and was then reverted to the legacy backend.
1.8.5 has many fixes for the nft backend. For example these Debian bugs are fixed in 1.8.5:
https:/
https:/
https:/
Please merge it.
Changelog entries since current groovy version 1.8.4-3ubuntu3:
iptables (1.8.5-3) unstable; urgency=medium
* [2d587e5] src:iptables: bump build-dep version on libnftnl to 1.1.6
-- Arturo Borrero Gonzalez <email address hidden> Tue, 25 Aug 2020 11:56:55 +0200
iptables (1.8.5-2) unstable; urgency=medium
[ Alberto Molina Coballes ]
* [d90516d] d/control: modify breaks and replaces fields (Closes: #949576)
* [4754a45] d/not-installed: arch independ files
* [780330f] d/tests/control: Run iptables-legacy-* tests explicitly
[ Arturo Borrero Gonzalez ]
* [6fb6557] d/patches: add 0000-upstream-
(Closes: #962724)
-- Arturo Borrero Gonzalez <email address hidden> Wed, 24 Jun 2020 10:56:19 +0200
iptables (1.8.5-1) unstable; urgency=medium
[ Debian Janitor ]
* [c3deeb3] Wrap long lines in changelog entries: 1.8.2-1, 1.8.0-1~exp1,
1.6.0-1.
* [214468e] Update standards version to 4.5.0, no changes needed.
[ Arturo Borrero Gonzalez ]
* [eb1d7c5] New upstream version 1.8.5 (Closes: #950535)
* [7a119db] d/patches: drop all patches
* [ec63c87] libxtables12.
* [4056ce6] iptables: bump debhelper-compat to 13
-- Arturo Borrero Gonzalez <email address hidden> Thu, 04 Jun 2020 13:33:22 +0200
description: | updated |
description: | updated |
Changed in iptables (Ubuntu): | |
status: | New → Fix Committed |
assignee: | nobody → Alex Murray (alexmurray) |
I've attached the upstream changelog.
The upstream release contains a lot of fixes for nftables but also rewrites and fixes in other areas.
Landing the merge does have risks, but IMO it would be better ship it in 20.10 than the current version.
I've asked the Security Team in June if they could merge the new upstream from Debian, but they could not find time for that AFAIK.
I\m +1 on the FFe, but someone still needs to actually do the merge and landing.