Your message dated Thu, 22 Jul 2021 08:26:32 +0200 with message-id <CAM8zJQui3LFP=g3-ykNpaa7ZmCvfWhyjX=qOuaVYV_dAKNCtNQ@mail.gmail.com> and subject line Re: Bug#991360: unblock: nftables/0.9.8-3.1 has caused the Debian Bug report #991360, regarding unblock: nftables/0.9.8-3.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 991360: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991360 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: nftables/0.9.8-3.1
- From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
- Date: Wed, 21 Jul 2021 16:48:26 +0200
- Message-id: <[🔎] CAATJJ0JQsOU9H5YS=P-O_tD7dLeunMjhNwiHCjYKzJpyfBKi=Q@mail.gmail.com>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-CC: Arturo Borrero Gonzalez <arturo@debian.org> Please unblock package nftables [ Reason ] Fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991309 Under certain conditions nftables tends to be greedy and can delete too much rules. This was identified via an issue to firewalld which had a test that failed on it [1] but was then found and fixed in nftables [2]. [ Impact ] The change looks bigger than it is as it moves code around to be available earlier in the code. It really comes down to dependency killing of rules and should not have a different impact to nftables than that. [ Tests ] While the Debian tests skip the tests e.g. of firewalld [3] I have uploaded the same to Ubuntu where all the tests (including those that failed due to the issue) already completed. On this upload the debci will again skip the tests that would have flagged this bug, others will run but they have worked before and will afterwards. [ Risks ] I'd hope that it is low as it is not just from git, but also part of an official release (0.9.9) already. We don't want to bump versions so late, but this gives some extra confidence in the testing that was done. As mentioned above the risk should be limited to the dependent rule removal. [ Other info ] * I've prepared a debdiff (attached) which matches testing vs unstable at the moment that the request here asks to unblock. * The unstable version has just been uploaded, please give it some time to build and be tested (by tools and myself), but I wanted to give a heads up as early as possible. P.S. The usual maintainer asked for an NMU and driving the unblocking, details on the bug we fix that is linked above. [1]: https://github.com/firewalld/firewalld/issues/752 [2]: https://git.netfilter.org/nftables/commit/?id=533565244d88a [3]: https://ci.debian.net/data/autopkgtest/testing/amd64/f/firewalld/13738304/log.gz -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical LtdAttachment: fix-debian-991309.debdiff
Description: Binary data
--- End Message ---
--- Begin Message ---
- To: Christian Ehrhardt <christian.ehrhardt@canonical.com>, 991360-done@bugs.debian.org
- Subject: Re: Bug#991360: unblock: nftables/0.9.8-3.1
- From: Graham Inggs <ginggs@debian.org>
- Date: Thu, 22 Jul 2021 08:26:32 +0200
- Message-id: <CAM8zJQui3LFP=g3-ykNpaa7ZmCvfWhyjX=qOuaVYV_dAKNCtNQ@mail.gmail.com>
- In-reply-to: <[🔎] CAATJJ0JQsOU9H5YS=P-O_tD7dLeunMjhNwiHCjYKzJpyfBKi=Q@mail.gmail.com>
- References: <[🔎] CAATJJ0JQsOU9H5YS=P-O_tD7dLeunMjhNwiHCjYKzJpyfBKi=Q@mail.gmail.com>
Unblocked.
--- End Message ---