2023-05-09 18:20:18 |
Andreas Hasenack |
bug |
|
|
added bug |
2023-05-09 18:20:29 |
Andreas Hasenack |
tags |
|
server-todo |
|
2023-05-09 18:20:36 |
Andreas Hasenack |
bug |
|
|
added subscriber Ubuntu Server |
2023-05-09 18:20:41 |
Andreas Hasenack |
bug |
|
|
added subscriber Canonical Server |
2023-05-10 13:29:41 |
Andreas Hasenack |
description |
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 |
[ Impact ]
* An explanation of the effects of the bug on users and
* justification for backporting the fix to the stable release.
* In addition, it is helpful, but not required, to include an
explanation of how the upload fixes this bug.
[ Test Plan ]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
* if other testing is appropriate to perform before landing this update,
this should also be described here.
[ Where problems could occur ]
* Think about what the upload changes in the software. Imagine the change is
wrong or breaks something else: how would this show up?
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This must '''never''' be "None" or "Low", or entirely an argument as to why
your upload is low risk.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance
[ Original Description ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 |
|
2023-05-10 13:29:55 |
Andreas Hasenack |
nominated for series |
|
Ubuntu Focal |
|
2023-05-10 13:29:55 |
Andreas Hasenack |
bug task added |
|
iptables (Ubuntu Focal) |
|
2023-05-10 13:29:58 |
Andreas Hasenack |
iptables (Ubuntu Focal): status |
New |
In Progress |
|
2023-05-10 13:30:01 |
Andreas Hasenack |
iptables (Ubuntu Focal): assignee |
|
Andreas Hasenack (ahasenack) |
|
2023-05-10 13:30:03 |
Andreas Hasenack |
iptables (Ubuntu): status |
In Progress |
Fix Released |
|
2023-05-10 13:36:44 |
Andreas Hasenack |
description |
[ Impact ]
* An explanation of the effects of the bug on users and
* justification for backporting the fix to the stable release.
* In addition, it is helpful, but not required, to include an
explanation of how the upload fixes this bug.
[ Test Plan ]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
* if other testing is appropriate to perform before landing this update,
this should also be described here.
[ Where problems could occur ]
* Think about what the upload changes in the software. Imagine the change is
wrong or breaks something else: how would this show up?
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This must '''never''' be "None" or "Low", or entirely an argument as to why
your upload is low risk.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance
[ Original Description ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 |
[ Impact ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed.
Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases.
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
[ Test Plan ]
Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes.
[ Where problems could occur ]
If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance
[ Original Description ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 |
|
2023-05-10 13:37:42 |
Andreas Hasenack |
description |
[ Impact ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed.
Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases.
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
[ Test Plan ]
Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes.
[ Where problems could occur ]
If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance
[ Original Description ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 |
[ Impact ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed.
Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases.
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
[ Test Plan ]
Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes.
[ Where problems could occur ]
If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign.
[ Other Info ]
This fix is being included in the same upload as #1992454.
[ Original Description ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 |
|
2023-05-10 13:38:16 |
Andreas Hasenack |
description |
[ Impact ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed.
Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases.
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
[ Test Plan ]
Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes.
[ Where problems could occur ]
If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign.
[ Other Info ]
This fix is being included in the same upload as #1992454.
[ Original Description ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 |
[ Impact ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed.
Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases.
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
[ Test Plan ]
Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes.
[ Where problems could occur ]
If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign.
[ Other Info ]
This fix is being included in the same upload as bug #1992454.
[ Original Description ]
The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests:
W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1
W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1
After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing:
case "$XT_MULTI" in
-*/xtables-nft-multi)
+*xtables-nft-multi)
1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef
2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 |
|
2023-05-12 14:05:10 |
Timo Aaltonen |
iptables (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2023-05-12 14:05:10 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2023-05-12 14:05:14 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
2023-05-12 14:05:16 |
Timo Aaltonen |
tags |
server-todo |
server-todo verification-needed verification-needed-focal |
|
2023-05-17 19:31:56 |
Andreas Hasenack |
tags |
server-todo verification-needed verification-needed-focal |
server-todo verification-done-focal verification-needed |
|
2023-05-30 18:48:00 |
Launchpad Janitor |
iptables (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2023-05-30 18:48:05 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|