[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1038727: marked as done (bookworm-pu: package nftables/1.0.6-2+deb12u1)

Your message dated Sat, 22 Jul 2023 13:19:41 +0000
with message-id <E1qNCWL-005rp8-HX@coccia.debian.org>
and subject line Released with 12.1
has caused the Debian Bug report #1038727,
regarding bookworm-pu: package nftables/1.0.6-2+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1038727: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038727
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: nftables@packages.debian.org
Control: affects -1 + src:nftables

There has been a behavior regression reported in nftables when
upgrading from Debian 11 Bullseye to Debian 12 Bookworm.

The change is in how nftables prints the set definitions, with
or without set elements by default.

Some user tools relying on 'nft -j list sets' fail after upgrading
to Debian Bookworm from Debian Bullseye because the behavior change.

The small upstream fix makes the behavior coherent and predictable for the
set listing action.

There is not much risk in this update:
* The fix patch has been provided directly by upstream
* The fix has been applied to upstream main branch already
* The fix is already in Debian Sid

Find debdiff attached against the current Debian stable package.

See also:
 * https://marc.info/?l=netfilter&m=168704941828372&w=2 (original report)
 * https://bugs.debian.org/1038724 (debian bug)
 * https://git.netfilter.org/nftables/commit/?id=29bed4fa594c3f6e343a8b5669d61e20c7129cca (upstream fix)

diff -Nru nftables-1.0.6/debian/changelog nftables-1.0.6/debian/changelog
--- nftables-1.0.6/debian/changelog	2023-01-29 12:33:00.000000000 +0100
+++ nftables-1.0.6/debian/changelog	2023-06-20 16:55:52.000000000 +0200
@@ -1,3 +1,9 @@
+nftables (1.0.6-2+deb12u1) bookworm; urgency=medium
+
+  * [7edf72e] d/patches: add 0001-debian-bug-1038724.patch (Closes: #1038724)
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org>  Tue, 20 Jun 2023 16:55:52 +0200
+
 nftables (1.0.6-2) unstable; urgency=medium
 
   [ Jeremy Sowden ]
diff -Nru nftables-1.0.6/debian/patches/0001-debian-bug-1038724.patch nftables-1.0.6/debian/patches/0001-debian-bug-1038724.patch
--- nftables-1.0.6/debian/patches/0001-debian-bug-1038724.patch	1970-01-01 01:00:00.000000000 +0100
+++ nftables-1.0.6/debian/patches/0001-debian-bug-1038724.patch	2023-06-20 16:55:52.000000000 +0200
@@ -0,0 +1,66 @@
+From 29bed4fa594c3f6e343a8b5669d61e20c7129cca Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Sun, 18 Jun 2023 18:39:45 +0200
+Subject: cache: include set elements in "nft set list"
+
+Make "nft list sets" include set elements in listing by default.
+In nftables 1.0.0, "nft list sets" did not include the set elements,
+but with "--json" they were included.
+
+1.0.1 and newer never include them.
+This causes a problem for people updating from 1.0.0 and relying
+on the presence of the set elements.
+
+Change nftables to always include the set elements.
+The "--terse" option is honored to get the "no elements" behaviour.
+
+Fixes: a1a6b0a5c3c4 ("cache: finer grain cache population for list commands")
+Link: https://marc.info/?l=netfilter&m=168704941828372&w=2
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ src/cache.c | 2 ++
+ src/rule.c  | 8 +-------
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index 95adee7f..becfa57f 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -235,6 +235,8 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
+ 	case CMD_OBJ_SETS:
+ 	case CMD_OBJ_MAPS:
+ 		flags |= NFT_CACHE_TABLE | NFT_CACHE_SET;
++		if (!nft_output_terse(&nft->output))
++			flags |= NFT_CACHE_SETELEM;
+ 		break;
+ 	case CMD_OBJ_FLOWTABLE:
+ 		if (filter &&
+diff --git a/src/rule.c b/src/rule.c
+index 633a5a12..1faa1a27 100644
+--- a/src/rule.c
++++ b/src/rule.c
+@@ -1574,11 +1574,6 @@ static int do_list_table(struct netlink_ctx *ctx, struct table *table)
+ 
+ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd)
+ {
+-	struct print_fmt_options opts = {
+-		.tab		= "\t",
+-		.nl		= "\n",
+-		.stmt_separator	= "\n",
+-	};
+ 	struct table *table;
+ 	struct set *set;
+ 
+@@ -1601,8 +1596,7 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd)
+ 			if (cmd->obj == CMD_OBJ_MAPS &&
+ 			    !map_is_literal(set->flags))
+ 				continue;
+-			set_print_declaration(set, &opts, &ctx->nft->output);
+-			nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl);
++			set_print(set, &ctx->nft->output);
+ 		}
+ 
+ 		nft_print(&ctx->nft->output, "}\n");
+-- 
+cgit v1.2.3
+
diff -Nru nftables-1.0.6/debian/patches/series nftables-1.0.6/debian/patches/series
--- nftables-1.0.6/debian/patches/series	2023-01-29 12:33:00.000000000 +0100
+++ nftables-1.0.6/debian/patches/series	2023-06-20 16:55:52.000000000 +0200
@@ -1 +1,2 @@
+0001-debian-bug-1038724.patch
 invalid-octal-fix.patch

--- End Message ---
--- Begin Message --- 
Version: 12.1

The upload requested in this bug has been released as part of 12.1.

--- End Message ---
Reply to: