[mir] libnetfilter-conntrack

Bug #875818 reported by Dave Walker on 2011-10-16
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
dnsmasq (Ubuntu)
High
Unassigned
libnetfilter-conntrack (Ubuntu)
High
Unassigned

Bug Description

1. Availability - already packaged & builds in Ubuntu universe & Debian stable since 2006

2. Rationale -
Debian enabled this optional feature when dnsmasq 2.58 was packaged. We are currently in sync with Debian dnsmasq.

From dnsmasq 2.58 changelog. :

Add support for Linux conntrack connection marking. If
enabled with --conntrack, the connection mark for incoming
DNS queries will be copied to the outgoing connections
used to answer those queries. This allows clever firewall
and accounting stuff. Only available if dnsmasq is
compiled with HAVE_CONNTRACK and adds a dependency on
libnetfilter-conntrack. Thanks to Ed Wildgoose for the
initial idea, testing and sponsorship of this function.

3. Security - There are no known security bugs:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=conntrack (These appear to refer to the Linux kernel itself. libnetfilter-conntrack has only existed since 2005.)

4. QA -
https://bugs.launchpad.net/ubuntu/+source/libnetfilter-conntrack
http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=libnetfilter-conntrack
http://bugzilla.netfilter.org/buglist.cgi?quicksearch=product%3A%22netfilter%2Fiptables%22 (it's a bit confusing how this bugzilla works)

5. UI - N/A

6. Dependencies: https://bazaar.launchpad.net/+branch/ubuntu/libnetfilter-conntrack/view/head:/debian/control
All dependencies are already in main

7. Standards compliant 3.9.1

8. Maintenance - We are currently in sync with Debian

Original bug report
===================
The latest manual sync introduced build deps which are not in main, and therefore dnsmasq is blocked in dep-wait. Please evaluate if a MIR needs to be raised, or if we need to carry a delta removing them.

libnetfilter-conntrack: libnetfilter-conntrack-dev libnetfilter-conntrack3 libnetfilter-conntrack3-dbg

Thanks.

Dave Walker (davewalker) wrote :

Tentatively assigning to ~jbicha who performed the manual sync for evaluation

Thanks.

Changed in dnsmasq (Ubuntu):
assignee: nobody → Jeremy Bicha (jbicha)
milestone: none → precise-alpha-1
Dave Walker (davewalker) on 2011-10-16
Changed in dnsmasq (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libnetfilter-conntrack (Ubuntu):
status: New → Confirmed
Dave Walker (davewalker) on 2011-10-21
Changed in libnetfilter-conntrack (Ubuntu):
assignee: nobody → Jeremy Bicha (jbicha)
milestone: none → precise-alpha-1
Dave Walker (davewalker) on 2011-10-23
Changed in libnetfilter-conntrack (Ubuntu):
importance: Undecided → High
Changed in dnsmasq (Ubuntu):
status: Confirmed → Invalid
summary: - dnsmasq sync introduced new non-main depends, causing dep-wait
+ [MIR] libnetfilter-conntrack
Jeremy Bicha (jbicha) on 2011-10-23
description: updated
summary: - [MIR] libnetfilter-conntrack
+ [mir] libnetfilter-conntrack
Changed in dnsmasq (Ubuntu):
status: Invalid → New
Changed in libnetfilter-conntrack (Ubuntu):
status: Confirmed → New
assignee: Jeremy Bicha (jbicha) → nobody
Changed in dnsmasq (Ubuntu):
assignee: Jeremy Bicha (jbicha) → nobody
status: New → Invalid
Michael Terry (mterry) wrote :

Looks mostly good, but the library lacks a .symbols file, which is a blocker. Either add a .symbols file or tighted the dh_makeshlibs line to a version-less -V in debian/rules.

It would also be nice to see an Ubuntu bug subscriber, but that's not a blocker.

Changed in libnetfilter-conntrack (Ubuntu):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libnetfilter-conntrack - 0.9.1-1ubuntu1

---------------
libnetfilter-conntrack (0.9.1-1ubuntu1) precise; urgency=low

  * debian/rules: Drop versioned dh_makeshlibs, as there is no symbols file.
    For MIR bug, LP: #875818.
 -- Dave Walker (Daviey) <email address hidden> Wed, 26 Oct 2011 17:49:19 +0100

Changed in libnetfilter-conntrack (Ubuntu):
status: Incomplete → Fix Released
Dave Walker (davewalker) on 2011-10-26
Changed in libnetfilter-conntrack (Ubuntu):
status: Fix Released → New
Michael Terry (mterry) on 2011-10-26
Changed in libnetfilter-conntrack (Ubuntu):
status: New → Fix Committed
Steve Langasek (vorlon) wrote :

2011-10-26 18:20:56 INFO Creating lockfile: /var/lock/launchpad-change-override.lock
2011-10-26 18:21:06 INFO Override Component to: 'main'
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack - 0.9.1-1ubuntu1/universe/libs' source overridden
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack-dev-0.9.1-1ubuntu1/universe/libdevel/OPTIONAL' binary overridden in precise/amd64
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack-dev-0.9.1-1ubuntu1/universe/libdevel/OPTIONAL' binary overridden in precise/armel
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack-dev-0.9.1-1ubuntu1/universe/libdevel/OPTIONAL' binary overridden in precise/i386
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack-dev-0.9.1-1/universe/libdevel/OPTIONAL' binary overridden in precise/powerpc
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack3-0.9.1-1ubuntu1/universe/libs/EXTRA' binary overridden in precise/amd64
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack3-0.9.1-1ubuntu1/universe/libs/EXTRA' binary overridden in precise/armel
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack3-0.9.1-1ubuntu1/universe/libs/EXTRA' binary overridden in precise/i386
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack3-0.9.1-1/universe/libs/EXTRA' binary overridden in precise/powerpc
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack3-dbg-0.9.1-1ubuntu1/universe/debug/EXTRA' binary overridden in precise/amd64
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack3-dbg-0.9.1-1ubuntu1/universe/debug/EXTRA' binary overridden in precise/armel
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack3-dbg-0.9.1-1ubuntu1/universe/debug/EXTRA' binary overridden in precise/i386
2011-10-26 18:21:06 INFO 'libnetfilter-conntrack3-dbg-0.9.1-1/universe/debug/EXTRA' binary overridden in precise/powerpc
Confirm this transaction? [yes, no] yes
2011-10-26 18:21:18 INFO Transaction committed.
2011-10-26 18:21:18 INFO Done.

Changed in libnetfilter-conntrack (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers