On 2024-06-17, at 15:57:05 +0200, Michael Biebl wrote: > Source: iptables > Version: 1.8.10-4 > Severity: serious > > > The cherry-pick of the commit 34f085b1607364f4eaded1140060dcaf965a2649 > Revert "xshared: Print protocol numbers if --numeric was given" breaks > firewalld, as seen in > https://ci.debian.net/packages/f/firewalld/testing/amd64/47810213/ > > firewalld is very susceptible to changes of the output and command > line interface of iptables. See an older issue > https://github.com/firewalld/firewalld/issues/1112 > > Filing with RC severity, so the package doesn't migrate to testing > (the debci results should prevent that, but this is just to make > doubly sure) > > This change of iptables afaics has landed in a stable release > (bookworm). Do we really want to revert it again and make all users of > --numeric have to update again?
Hi. Let me explain my understanding of the current situation. I appre-
ciate that you probably know most of this already, but I just want to
avoid any confusion.
Upstream made a change that affected the output of protocols in listings
in the presence of the `--numeric` flag. Previously, they were still
output by name, after the change they were output by number. This was
released upstream in 1.8.9 and made its way into Bookworm.
This change broke stuff. As a result of a bug-report:
https://bugzilla.netfilter.org/show_bug.cgi?id=1729
upstream reverted the change in commit 34f085b16073 ("Revert "xshared:
Print protocol numbers if --numeric was given""). This is where things
currently stand upstream: in the next release (1.8.11), the original
behaviour will be restored.
A report was also created in the BTS:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067733
In response, I applied the upstream commit and uploaded it to unstable.
I have a draft bookworm-pu bug-report that I had intended to send
requesting that this change go into Bookworm to minimize the time before
the old behaviour is restored. Obviously, I will hold off while we
discuss this. :)
What do you propose? The firewalld test-suite was updated to work with
the new output; however, other tools were not, and upstream reverted the
change because there were no compelling reasons for it and it had caused
breakage in those tools. As things stand, the old behaviour will be re-
stored. Would you rather wait for the next upstream release? Are you
suggesting that we ask upstream to revert 34f085b16073? Or do you have
something else in mind?
J.
> -- System Information:
> Debian Release: trixie/sid
> APT prefers unstable
> APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 6.8.12-amd64 (SMP w/16 CPU threads; PREEMPT)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
signature.asc
Description: PGP signature
