Activity log for bug #2019023

Date Who What changed Old value New value Message
2023-05-09 18:20:18 Andreas Hasenack bug added bug
2023-05-09 18:20:29 Andreas Hasenack tags server-todo
2023-05-09 18:20:36 Andreas Hasenack bug added subscriber Ubuntu Server
2023-05-09 18:20:41 Andreas Hasenack bug added subscriber Canonical Server
2023-05-10 13:29:41 Andreas Hasenack description The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Impact ] * An explanation of the effects of the bug on users and * justification for backporting the fix to the stable release. * In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug. [ Test Plan ] * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. * if other testing is appropriate to perform before landing this update, this should also be described here. [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This must '''never''' be "None" or "Low", or entirely an argument as to why your upload is low risk. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [ Other Info ] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance [ Original Description ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
2023-05-10 13:29:55 Andreas Hasenack nominated for series Ubuntu Focal
2023-05-10 13:29:55 Andreas Hasenack bug task added iptables (Ubuntu Focal)
2023-05-10 13:29:58 Andreas Hasenack iptables (Ubuntu Focal): status New In Progress
2023-05-10 13:30:01 Andreas Hasenack iptables (Ubuntu Focal): assignee Andreas Hasenack (ahasenack)
2023-05-10 13:30:03 Andreas Hasenack iptables (Ubuntu): status In Progress Fix Released
2023-05-10 13:36:44 Andreas Hasenack description [ Impact ] * An explanation of the effects of the bug on users and * justification for backporting the fix to the stable release. * In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug. [ Test Plan ] * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. * if other testing is appropriate to perform before landing this update, this should also be described here. [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This must '''never''' be "None" or "Low", or entirely an argument as to why your upload is low risk. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [ Other Info ] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance [ Original Description ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Impact ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed. Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases. 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Test Plan ] Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes. [ Where problems could occur ] If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign. [ Other Info ]  * Anything else you think is useful to include  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board  * and address these questions in advance [ Original Description ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
2023-05-10 13:37:42 Andreas Hasenack description [ Impact ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed. Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases. 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Test Plan ] Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes. [ Where problems could occur ] If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign. [ Other Info ]  * Anything else you think is useful to include  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board  * and address these questions in advance [ Original Description ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Impact ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed. Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases. 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Test Plan ] Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes. [ Where problems could occur ] If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign. [ Other Info ] This fix is being included in the same upload as #1992454. [ Original Description ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
2023-05-10 13:38:16 Andreas Hasenack description [ Impact ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed. Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases. 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Test Plan ] Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes. [ Where problems could occur ] If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign. [ Other Info ] This fix is being included in the same upload as #1992454. [ Original Description ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Impact ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests in focal only: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) The upstream fix includes other similar changes in other tests, but in the case of focal, the above is the minimal fix needed. Note that this shell test suite is not being run in focal, just in later ubuntu releases. But since the fix for #1992454 is adding such a test, I decided to fix the shell test run and add it to the existing DEP8 tests for focal via this bug, so we have test parity between focal and later ubuntu releases. 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6 [ Test Plan ] Verify that the DEP8 tests now include a run-tests.sh test suite, and that it passes. [ Where problems could occur ] If the fix is incorrect, it would affect only the already-failing firewalld test. But in addition to fixing that test, we are now also including a full test run of all shell tests, something which wasn't being done for focal until now. While these tests are passing now, they could fail in a future iptables SRU, or turn out to be flaky. They are being run in ubuntu releases after focal, though, so that is a good sign. [ Other Info ] This fix is being included in the same upload as bug #1992454. [ Original Description ] The shell test suite (iptables/tests/shell/run-tests.sh) is currently failing on the firewalld tests: W: [FAILED] ././testcases/firewalld-restore/0001-firewalld_0: expected 0 but got 1 W: [FAILED] ././testcases/firewalld-restore/0002-firewalld-restart_0: expected 0 but got 1 After some troubleshooting, it turns out this is happening because of an unsorted order in the output of iptables-save, which was fixed[1] in later releases of iptables. The code was trying to compensate for that, but there was a small mistake[2] in a case/esac globbing: case "$XT_MULTI" in -*/xtables-nft-multi) +*xtables-nft-multi) 1. https://git.netfilter.org/iptables/commit/?id=e28cf12cf50b9e2e0114f04331635fc122cb8aef 2. https://git.netfilter.org/iptables/commit/?id=2b2b7948c1960ba4680677664ff58477be869de6
2023-05-12 14:05:10 Timo Aaltonen iptables (Ubuntu Focal): status In Progress Fix Committed
2023-05-12 14:05:10 Timo Aaltonen bug added subscriber Ubuntu Stable Release Updates Team
2023-05-12 14:05:14 Timo Aaltonen bug added subscriber SRU Verification
2023-05-12 14:05:16 Timo Aaltonen tags server-todo server-todo verification-needed verification-needed-focal
2023-05-17 19:31:56 Andreas Hasenack tags server-todo verification-needed verification-needed-focal server-todo verification-done-focal verification-needed
2023-05-30 18:48:00 Launchpad Janitor iptables (Ubuntu Focal): status Fix Committed Fix Released
2023-05-30 18:48:05 Brian Murray removed subscriber Ubuntu Stable Release Updates Team