Bug#1099749: bookworm-pu: package iptables-netflow/2.6-4+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: iptables-netflow@packages.debian.org
Control: affects -1 + src:iptables-netflow
[ Reason ]
An update to src:linux in bullseye backported a change that breaks a few
third-party modules (due to unexporting find_module()).
This is not a problem in bookworm itself (the -dkms module works fine
for the bookworm kernel as the find_module() usage is guarded by
preprocessor conditionals), but on upgrades from bullseye to bookworm
because linux-headers-* from both bullseye and bookworm will be
installed.
Also building the kernel module is very slow if there are other -dkms
packages installed because there is a useless dkms recursion in the
configure script.
[ Impact ]
Failed distupgrades that need manual fixing.
[ Tests ]
Local autopkgtest run in bookworm.
Manual installation in a bookworm chroot with these headers installed:
linux-headers-5.10.0-34-amd64
linux-headers-6.1.0-0.deb11.31-amd64
linux-headers-6.1.0-29-amd64
[ Risks ]
Low.
[ Checklist ]
[*] *all* changes are documented in the d/changelog
[*] I reviewed all changes and I approve them
[*] attach debdiff against the package in (old)stable
[*] the issue is verified as fixed in unstable
[ Changes ]
* Improve dkms debugging output in make.log
* Don't check for or call dkms (recursively) if the configure script
has been called by 'dkms build', as that slows down the configure
script significantly.
* Update the LINUX_VERSION_CODE constraint for find_module() usage to
take into account versions that got the unexport change backported.
[ Other info ]
As the window for the next point release will close soon, I'm going to
directly upload the changes.
Andreas
diff --git a/debian/changelog b/debian/changelog
index dc892b1..3e1cd08 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+iptables-netflow (2.6-4+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * Dump the generated compat_def.h.
+ * Avoid dkms recursion.
+ * Unexporting find_module() has been backported to Linux v5.10.220.
+ (Closes: #1076456, #1088678)
+
+ -- Andreas Beckmann <anbe@debian.org> Fri, 07 Mar 2025 14:48:52 +0100
+
iptables-netflow (2.6-4) unstable; urgency=medium
* Acknowledge NMU. Thanks Andreas!
diff --git a/debian/gbp.conf b/debian/gbp.conf
index cec628c..b7202c9 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,2 +1,3 @@
[DEFAULT]
+debian-branch = bookworm
pristine-tar = True
diff --git a/debian/patches/1005-Do-not-check-for-dkms-if-called-from-dkms.patch b/debian/patches/1005-Do-not-check-for-dkms-if-called-from-dkms.patch
new file mode 100644
index 0000000..1a9ac64
--- /dev/null
+++ b/debian/patches/1005-Do-not-check-for-dkms-if-called-from-dkms.patch
@@ -0,0 +1,28 @@
+From f158f57ba960b66b9428d245a2b3a6e1b16ce7bc Mon Sep 17 00:00:00 2001
+From: Andreas Beckmann <anbe@debian.org>
+Date: Wed, 3 Jul 2024 12:09:45 +0200
+Subject: [PATCH] Do not check for dkms if called from dkms
+
+the recursive calls slowed down the configure script significantly
+
+Signed-off-by: Andreas Beckmann <anbe@debian.org>
+---
+ configure | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure b/configure
+index 86f9488..f2ec1a9 100755
+--- a/configure
++++ b/configure
+@@ -348,7 +348,7 @@ do
+ --disable-snmp-a*) SKIPSNMP=1 ;;
+ --disable-net-snmp*) SKIPSNMP=1 ;;
+ --disable-dkms*) SKIPDKMS=1 ;;
+- --from-dkms-conf*) ;;
++ --from-dkms-conf*) SKIPDKMS=1 ;;
+ --make) echo called from make; CARGS=`echo $CARGS | sed s/--make//g` ;;
+ -Werror) KOPTS="$KOPTS -Werror" ;;
+ --help|-h) show_help ;;
+--
+2.39.5
+
diff --git a/debian/patches/1006-Set-KDIR-early-if-called-from-dkms-and-get-version-f.patch b/debian/patches/1006-Set-KDIR-early-if-called-from-dkms-and-get-version-f.patch
new file mode 100644
index 0000000..5260e67
--- /dev/null
+++ b/debian/patches/1006-Set-KDIR-early-if-called-from-dkms-and-get-version-f.patch
@@ -0,0 +1,26 @@
+From 0d92accaa14d21236377173e9b5ab2e2727097e3 Mon Sep 17 00:00:00 2001
+From: Andreas Beckmann <anbe@debian.org>
+Date: Wed, 3 Jul 2024 12:12:31 +0200
+Subject: [PATCH] Set KDIR early if called from dkms and get version from
+ sources
+
+Signed-off-by: Andreas Beckmann <anbe@debian.org>
+---
+ configure | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configure b/configure
+index f2ec1a9..ae8a579 100755
+--- a/configure
++++ b/configure
+@@ -6,6 +6,7 @@ PATH=$PATH:/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/sbin
+ case "$1" in
+ --from-dkms-conf*)
+ KDKMS=`echo "$1" | sed 's/[^=]*.//'`
++ KDIR="$KDKMS"
+ # restore options from existing Makefile, if present
+ if [ -e Makefile ]; then
+ set -- `sed -n 's/^CARGS = \(.*\)/\1/p' Makefile`
+--
+2.39.5
+
diff --git a/debian/patches/1009-Unexporting-find_module-has-been-backported-to-Linux.patch b/debian/patches/1009-Unexporting-find_module-has-been-backported-to-Linux.patch
new file mode 100644
index 0000000..1b5f045
--- /dev/null
+++ b/debian/patches/1009-Unexporting-find_module-has-been-backported-to-Linux.patch
@@ -0,0 +1,31 @@
+From 17efcde6a816672d8f4b7ee21789f57d3bdeaff6 Mon Sep 17 00:00:00 2001
+From: Andreas Beckmann <anbe@debian.org>
+Date: Sat, 20 Jul 2024 02:22:01 +0200
+Subject: [PATCH] Unexporting find_module() has been backported to Linux
+ v5.10.220
+
+Signed-off-by: Andreas Beckmann <anbe@debian.org>
+---
+ compat.h | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/compat.h b/compat.h
+index 27fe96d..ced9385 100644
+--- a/compat.h
++++ b/compat.h
+@@ -746,9 +746,10 @@ unsigned long long strtoul(const char *cp, char **endp, unsigned int base)
+ return result;
+ }
+
+-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,12,0)
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,12,0)) \
++ || ((LINUX_VERSION_CODE >= KERNEL_VERSION(5,10,220)) && (LINUX_VERSION_CODE < KERNEL_VERSION(5,11,0)))
+ /*
+- * find_module() is unexported in v5.12:
++ * find_module() is unexported in v5.12 (backported to 5.10.220):
+ * 089049f6c9956 ("module: unexport find_module and module_mutex")
+ * and module_mutex is replaced with RCU in
+ * a006050575745 ("module: use RCU to synchronize find_module")
+--
+2.39.5
+
diff --git a/debian/patches/series b/debian/patches/series
index 7c44743..83b5e5b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,7 @@
+1005-Do-not-check-for-dkms-if-called-from-dkms.patch
+1006-Set-KDIR-early-if-called-from-dkms-and-get-version-f.patch
+1009-Unexporting-find_module-has-been-backported-to-Linux.patch
+
ignore-unknown-configure-options.patch
properly-pass-CPPFLAGS-and-LDFLAGS.patch
disable-kernel-check.patch
@@ -5,3 +9,4 @@ dont-hardcode-current-gcc.patch
cherry-pick_66e43041_namespace_sk_error_report.patch
cherry-pick_6a55739a_fix_build_on_v5.15.patch
cherry-pick_0901f028_fix_building_on_old_kernels.patch
+verbose.patch
diff --git a/debian/patches/verbose.patch b/debian/patches/verbose.patch
new file mode 100644
index 0000000..36c09eb
--- /dev/null
+++ b/debian/patches/verbose.patch
@@ -0,0 +1,25 @@
+Author: Andreas Beckmann <anbe@debian.org>
+Description: dump compat_def.h
+
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -28,6 +28,7 @@ ipt_NETFLOW.ko: version.h ipt_NETFLOW.c
+ @touch $@
+ compat_def.h: gen_compat_def
+ ./gen_compat_def > $@
++ cat $@
+ sparse: | version.h ipt_NETFLOW.c ipt_NETFLOW.h compat.h Makefile
+ @rm -f ipt_NETFLOW.ko ipt_NETFLOW.o
+ @echo Compiling for kernel $(KVERSION)
+--- a/gen_compat_def
++++ b/gen_compat_def
+@@ -36,7 +36,8 @@ kbuild_test_compile() {
+ else
+ echo " undeclared" >&2
+ echo "#undef HAVE_$1"
+- echo "// ${2:-symbol} is undeclared${3:+ in <$3>}. Compile:"
++ echo "// ${2:-symbol} is undeclared${3:+ in <$3>}."
++ echo "// Compile:"
+ sed "s/^/\/\/ /" test.c
+ echo "// Output:"
+ sed "s/^/\/\/ /" log
Reply to: