iptables etch release
Hi Release Team,
A couple of regressions occurred with iptables. They're both set at
severity normal, but I believe they are important.
The bug reported as 397712 broke the rename-chain command line option.
It was fixed upstream and is in 1.3.6.0debian1-2.
====
diff -Nur old/iptables_profectio/ip6tables.c new/iptables_profectio/ip6tables.c
--- old/iptables-1.3.6-orig/ip6tables.c 2006-09-28 18:40:36.000000000 +0200
+++ new/iptables_profectio/ip6tables.c 2006-11-09 08:37:46.000000000 +0100
@@ -170,7 +170,6 @@
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x'},
-/*CHECK*/ {'x','+','+','+','x',' ','x',' ',' ','x','x'},
/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x'}
};
diff -Nur old/iptables_profectio/iptables.c new/iptables_profectio/iptables.c
--- old/iptables_profectio/iptables.c 2006-09-28 18:40:36.000000000 +0200
+++ new/iptables_profectio/iptables.c 2006-11-09 08:37:58.000000000 +0100
@@ -171,7 +171,6 @@
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x','x'},
-/*CHECK*/ {'x','+','+','+','x',' ','x',' ',' ',' ','x','x'},
/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'}
};
====
The bug reported in 398082 breaks parsing of network groups from
/etc/networks. 399177 also says it affects names from /etc/hosts, but
I haven't verified that. I wrote a small fix that needs to be verified
by someone who actually knows C. I reported the problem[1] and posted
my fix[2] to the upstream mailing list. No one else offered a fix.
Mine appears to work fine.
====
--- iptables.c.ORIG 2006-11-18 16:40:30.902915398 -0500
+++ iptables.c 2006-11-18 16:38:31.549789934 -0500
@@ -696,13 +696,15 @@
char buf[256];
char *p;
int i, j, k, n;
+ char *vipchars = "0123456789.\0";
strncpy(buf, name, sizeof(buf) - 1);
buf[sizeof(buf) - 1] = '\0';
if ((p = strrchr(buf, '/')) != NULL) {
*p = '\0';
addrp = parse_mask(p + 1);
- if (strrchr(p + 1, '.') == NULL)
+ if (strrchr(p + 1, '.') == NULL
+ && strspn(buf,vipchars) == strlen(buf))
pad_cidr(buf);
} else
addrp = parse_mask(NULL);
====
I would really like to see both fixes implemented.
Thanks for the consideration.
1. http://lists.netfilter.org/pipermail/netfilter-devel/2006-November/026051.html
2. http://lists.netfilter.org/pipermail/netfilter-devel/2006-November/026109.html
Reply to: