update ufw to 0.36

Bug #1811129 reported by Jamie Strandboge on 2019-01-09
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned
Disco
Undecided
Unassigned

Bug Description

[Impact]

This bug is the master bug for a one time SRU of ufw to the new 0.36 release. Typically patches would be individually backported like normal, but the new 'prepend' command feature is the impetus for this SRU and it contains most of the code changes. Other bugs fixed in the upstream release are either already included in the Ubuntu/Debian packaging or small enough to not pose a significant regression risk. 0.36 had various pyflakes/pep8/pylint cleanups over 0.35 so upgrading 18.04 to 0.36 will make maintaining ufw a bit easier for the duration of this LTS.

[Test Case]

In addition to the in-build tests, there is an extensive testsuite for running under root on the live system. The QRT tests for ufw (scripts/test-ufw.py) run these tests (and more).

[Regression Potential]

In terms of code changes, I've attached code-changes-bionic-to-disco.diff which is a diff of the source code in bionic's 0.35-5 with patches applied and disco's 0.36-1 with its patches applied. This shows that:

 * only comment changes to conf/sysctl.conf
 * only comment changes to conf/ufw.defaults
 * doc/systemd.example is updated (but unused in our packaging)
 * various man page updates
 * ufw.pot is refreshed
 * various Makefile updates related to snap packaging and coverage (the debian packaging only uses the 'clean' target)
 * src/applications.py has only whitespace and comment changes

The remaining code changes in src/ are quite small and address the SRU bugs and the regression potential for these changes will be discussed in those bugs.

In addition to the SRU bugs listed in the changelog, 0.36 also fixes the following upstream bugs not already in 0.35-5:

* bug 1782384 - ufw-framework document error
* bug 1695718 - UFW rule for Transmission only allows 51413/tcp while 51413/udp is used for DHT
* bug 1377600 - ufw errors after ctr+c interupt
* bug 1586258 - Rule insertion fails if ruleset is empty
* bug 1558068 - remove extraneous source quench rule
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884932 - cannot preseed package configuration in debian-installer

(other bugs in the 0.36-1 changelog are dupes of the above)

[Other Info]

Note that the 0.36 code base has been the basis for the snap for many months with the majority of the non-'prepend' changes in production during this time. 0.36-1 was uploaded to Debian in December (and it migrated automatically to disco shortly after) with no new ufw bug reports in either. Buster will release with 0.36-1.

The snappy packaging, which is included upstream, underwent a lot of changes, but should not be considered as part of this SRU since it doesn't affect the deb builds.

Jamie Strandboge (jdstrand) wrote :
Changed in ufw (Ubuntu Disco):
status: New → Fix Released
Changed in ufw (Ubuntu Bionic):
status: New → In Progress
Changed in ufw (Ubuntu Cosmic):
status: New → In Progress

An upload of ufw to cosmic-proposed has been rejected from the upload queue for the following reason: "All bugs mentioned in the .changes file (so therefore also in the new debian/changelog entries) need to comply with SRU standards (test-case, regression potential). Please re-upload after filling out the required info or modify changelog to exclude irrelevant bug numbers.".

description: updated
Jamie Strandboge (jdstrand) wrote :

FYI, I've reuploaded 0.36 to bionic-proposed and cosmic-proposed after updating this master bug's description.

description: updated
description: updated

Hello Jamie, or anyone else affected,

Accepted ufw into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ufw/0.36-0ubuntu0.18.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ufw (Ubuntu Cosmic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Changed in ufw (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed-bionic
Brian Murray (brian-murray) wrote :

Hello Jamie, or anyone else affected,

Accepted ufw into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ufw/0.36-0ubuntu0.18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Jamie Strandboge (jdstrand) wrote :

I've verified this on bionic using a combination of test-ufw.py from QRT (which in addition to various smoke/etc tests, runs all the tests in the testsuite, including root/iptables tests):

ufw:
  Installed: 0.36-0ubuntu0.18.04.1
  Candidate: 0.36-0ubuntu0.18.04.1
  Version table:
 *** 0.36-0ubuntu0.18.04.1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu bionic-proposed/main i386 Packages
        100 /var/lib/dpkg/status
     0.35-5 500
        500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu bionic/main i386 Packages

Jamie Strandboge (jdstrand) wrote :

I've verified this on cosmic using a combination of test-ufw.py from QRT (which in addition to various smoke/etc tests, runs all the tests in the testsuite, including root/iptables tests):

ufw:
  Installed: 0.36-0ubuntu0.18.10.1
  Candidate: 0.36-0ubuntu0.18.10.1
  Version table:
 *** 0.36-0ubuntu0.18.10.1 500
        500 http://us.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu cosmic-proposed/main i386 Packages
        100 /var/lib/dpkg/status
     0.35-6 500
        500 http://us.archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu cosmic/main i386 Packages

tags: added: verification-done verification-done-bionic verification-done-cosmic
removed: verification-needed verification-needed-bionic verification-needed-cosmic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.36-0ubuntu0.18.10.1

---------------
ufw (0.36-0ubuntu0.18.10.1) cosmic-proposed; urgency=medium

  * Backport to cosmic addressing the following SRU bugs:
    - LP: #1811129 - master SRU bug
    - LP: #1664133 - before6.rules: echo-reply needs to be before INVALID
    - LP: #1719211 - improve interface name checks
    - LP: #1775043 - shell-completion/bash: adjust for modern bash
    - LP: #1204579 - support concurrent updates
    - LP: #1368411 - add 'prepend' command

 -- Jamie Strandboge <email address hidden> Mon, 25 Mar 2019 20:46:10 +0000

Changed in ufw (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for ufw has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.36-0ubuntu0.18.04.1

---------------
ufw (0.36-0ubuntu0.18.04.1) bionic-proposed; urgency=medium

  * Backport to bionic addressing the following SRU bugs:
    - LP: #1811129 - master SRU bug
    - LP: #1664133 - before6.rules: echo-reply needs to be before INVALID
    - LP: #1719211 - improve interface name checks
    - LP: #1775043 - shell-completion/bash: adjust for modern bash
    - LP: #1204579 - support concurrent updates
    - LP: #1368411 - add 'prepend' command

 -- Jamie Strandboge <email address hidden> Mon, 25 Mar 2019 21:14:25 +0000

Changed in ufw (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers