Your message dated Mon, 28 Oct 2024 07:04:39 +0000
with message-id <e1t5jnr-0026qx...@fasolo.debian.org>
and subject line Bug#1085953: fixed in linux 6.11.5-1
has caused the Debian Bug report #1085953,
regarding ip6tables: Extension MARK revision 0 not supported
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1085953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085953
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:linux
Version: 6.11.4-1
Severity: important
Tags: ipv6

Hi,

I upgraded a couple of systems from linux-image-6.11.2-amd64 to
linux-image-6.11.4-amd64 and after rebooting the systems' firewalls fail
to start.

The problem can be reproduced very simply:

# ip6tables -w -t mangle -A fooX9269 -j MARK --set-mark 1
Warning: Extension MARK revision 0 not supported, missing kernel module?
ip6tables: No chain/target/match by that name.

When reverting to linux-image-6.11.2-amd64 the firewalls start correctly
again, and the test command displayed above works as expected.

The firewall systems I tested are shorewall6 and the (complex!) ruleset
that kube-proxy generates for Kubernetes 1.31.1.

In all cases I am using ip6tables-nft not ip6tables-legacy.

Thanks,
Chris

-- Package-specific info:
** Kernel log: boot messages should be attached


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.11.2-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages linux-image-6.11.4-amd64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.145
ii  kmod                                    33+20240816-2
ii  linux-base                              4.10.1

Versions of packages linux-image-6.11.4-amd64 recommends:
ii  apparmor  3.1.7-1+b1

Versions of packages linux-image-6.11.4-amd64 suggests:
pn  debian-kernel-handbook  <none>
ii  firmware-linux-free     20240610-1
ii  grub-efi-amd64          2.12-5
pn  linux-doc-6.11          <none>

Versions of packages linux-image-6.11.4-amd64 is related to:
pn  firmware-amd-graphics     <none>
pn  firmware-atheros          <none>
pn  firmware-bnx2             <none>
pn  firmware-bnx2x            <none>
pn  firmware-brcm80211        <none>
pn  firmware-cavium           <none>
pn  firmware-intel-sound      <none>
pn  firmware-intelwimax       <none>
pn  firmware-ipw2x00          <none>
pn  firmware-ivtv             <none>
pn  firmware-iwlwifi          <none>
pn  firmware-libertas         <none>
pn  firmware-linux-nonfree    <none>
pn  firmware-misc-nonfree     <none>
pn  firmware-myricom          <none>
pn  firmware-netxen           <none>
pn  firmware-qlogic           <none>
pn  firmware-realtek          <none>
pn  firmware-samsung          <none>
pn  firmware-siano            <none>
pn  firmware-ti-connectivity  <none>
pn  xen-hypervisor            <none>

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: linux
Source-Version: 6.11.5-1
Done: Salvatore Bonaccorso <car...@debian.org>

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1085...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 27 Oct 2024 07:25:33 +0100
Source: linux
Architecture: source
Version: 6.11.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1085425 1085953
Changes:
 linux (6.11.5-1) unstable; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.5
     - btrfs: fix uninitialized pointer free in add_inode_ref()
     - btrfs: fix uninitialized pointer free on read_alloc_one_name() error
     - ksmbd: fix user-after-free from session log off
     - ALSA: scarlett2: Add error check after retrieving PEQ filter values
     - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
     - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
     - net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
     - net: enetc: block concurrent XDP transmissions during ring 
reconfiguration
     - net: enetc: disable Tx BD rings after they are empty
     - net: enetc: disable NAPI after all rings are disabled
     - net: enetc: add missing static descriptor and inline keyword
     - posix-clock: Fix missing timespec64 check in pc_clock_settime()
     - udp: Compute L4 checksum as usual when not segmenting the skb
     - [arm64] dts: marvell: cn9130-sr-som: fix cp0 mdio pin numbers
     - [arm64] probes: Remove broken LDR (literal) uprobe support
     - [arm64] probes: Fix simulate_ldr*_literal()
     - [arm64] probes: Fix uprobes for big-endian kernels
     - net: macb: Avoid 20s boot delay by skipping MDIO bus registration for
       fixed-link PHY
     - net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
     - maple_tree: correct tree corruption on spanning store
     - nilfs2: propagate directory read errors from nilfs_find_entry()
     - fat: fix uninitialized variable
     - mm/mremap: fix move_normal_pmd/retract_page_tables race (CVE-2024-50066)
     - mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace
       point
     - mm/mglru: only clear kswapd_failures if reclaimable
     - mm/swapfile: skip HugeTLB pages for unuse_vma
     - mm/damon/tests/sysfs-kunit.h: fix memory leak in
       damon_sysfs_test_add_targets()
     - tcp: fix mptcp DSS corruption due to large pmtu xmit
     - net: fec: Move `fec_ptp_read()` to the top of the file
     - net: fec: Remove duplicated code
     - mptcp: prevent MPC handshake on port-based signal endpoints
     - [amd64] iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI
       devices
     - [s390x] sclp: Deactivate sclp after all its users
     - [s390x] sclp_vt220: Convert newlines to CRLF instead of LFCR
     - [s390x] KVM: s390: gaccess: Check if guest address is in memslot
     - [s390x] KVM: s390: Change virtual to physical address access in diag 
0x258
       handler
     - [x86] cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
     - [x86] cpufeatures: Add a IBPB_NO_RET BUG flag
     - [x86] entry: Have entry_ibpb() invalidate return predictions
     - [x86] bugs: Skip RSB fill at VMEXIT
     - [x86] bugs: Do not use UNTRAIN_RET with IBPB on entry
     - fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks
     - Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller
     - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
     - io_uring/sqpoll: close race on waiting for sqring entries
     - blk-mq: setup queue ->tag_set before initializing hctx
     - ublk: don't allow user copy for unprivileged device
     - io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work
     - Input: xpad - add support for MSI Claw A1M
     - scsi: mpi3mr: Validate SAS port assignments
     - scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
     - scsi: ufs: core: Fix the issue of ICU failure
     - scsi: ufs: core: Requeue aborted request
     - drm/radeon: Fix encoder->possible_clones
     - [x86] drm/i915/dp_mst: Handle error during DSC BW overhead/slice
       calculation
     - [x86] drm/i915/dp_mst: Don't require DSC hblank quirk for a non-DSC
       compatible mode
     - drm/vmwgfx: Cleanup kms setup without 3d
     - drm/vmwgfx: Handle surface check failure correctly
     - drm/amdgpu/mes: fix issue of writing to the same log buffer from 2 MES
       pipes
     - drm/amdgpu/smu13: always apply the powersave optimization
     - drm/amdgpu/swsmu: Only force workload setup on init
     - drm/amdgpu: prevent BO_HANDLES error from being overwritten
     - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
     - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
     - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in 
Kconfig
     - iio: hid-sensors: Fix an error handling path in
       _hid_sensor_set_report_latency()
     - iio: light: veml6030: fix ALS sensor resolution
     - iio: light: veml6030: fix IIO device retrieval from embedded device
     - iio: light: opt3001: add missing full-scale range value
     - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig
     - iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig
     - iio: chemical: ens160: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: light: bu27008: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: magnetometer: af8133j: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: resolver: ad2s1210 add missing select REGMAP in Kconfig
     - iio: pressure: bm1390: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig
     - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: resolver: ad2s1210: add missing select (TRIGGERED_)BUFFER in Kconfig
     - iio: adc: ad7944: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - Bluetooth: Call iso_exit() on module unload
     - Bluetooth: Remove debugfs directory on module init failure
     - Bluetooth: ISO: Fix multiple init when debugfs is disabled
     - Bluetooth: btusb: Fix not being able to reconnect after suspend
     - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
     - vt: prevent kernel-infoleak in con_font_get()
     - xhci: tegra: fix checked USB2 port number
     - xhci: Fix incorrect stream context type macro
     - xhci: Mitigate failed set dequeue pointer commands
     - USB: serial: option: add support for Quectel EG916Q-GL
     - USB: serial: option: add Telit FN920C04 MBIM compositions
     - usb: typec: qcom-pmic-typec: fix sink status being overwritten with 
RP_DEF
     - USB: gadget: dummy-hcd: Fix "task hung" problem
     - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
     - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG
     - usb: dwc3: core: Fix system suspend on TI AM62 platforms
     - misc: microchip: pci1xxxx: add support for NVMEM_DEVID_AUTO for EEPROM
       device
     - misc: microchip: pci1xxxx: add support for NVMEM_DEVID_AUTO for OTP 
device
     - serial: imx: Update mctrl old_status on RTSD interrupt
     - parport: Proper fix for array out-of-bounds access
     - [x86] resctrl: Annotate get_mem_config() functions as __init
     - [x86] apic: Always explicitly disarm TSC-deadline timer
     - [x86] CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode 
load
     - [x86] entry_32: Do not clobber user EFLAGS.ZF
     - [x86] entry_32: Clear CPU buffers after register restore in NMI return
     - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
     - [x86] bugs: Use code segment selector for VERW operand
     - pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func()
     - pinctrl: intel: platform: fix error path in device_for_each_child_node()
     - pinctrl: ocelot: fix system hang on level based interrupts
     - pinctrl: stm32: check devm_kasprintf() returned value
     - pinctrl: apple: check devm_kasprintf() returned value
     - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
     - irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()
     - irqchip/sifive-plic: Return error code on failure
     - serial: qcom-geni: fix polled console initialisation
     - serial: qcom-geni: revert broken hibernation support
     - serial: qcom-geni: fix shutdown race
     - serial: qcom-geni: fix dma rx cancellation
     - serial: qcom-geni: fix receiver enable
     - mm: vmscan.c: fix OOM on swap stress test
     - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
       1000 G2
 .
   [ Aurelien Jarno ]
   * Revert upstream commit causing data corrution (Closes: #1085425)
     - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
 .
   [ Salvatore Bonaccorso ]
   * netfilter: xtables: fix typo causing some targets not to load on IPv6
     (Closes: #1085953)
Checksums-Sha1:
 9c4f5b6656deb108f8271e62538bfafd190c15a1 204594 linux_6.11.5-1.dsc
 e66cb565b2cd551930e7433c239a59a06b309714 149903400 linux_6.11.5.orig.tar.xz
 8091bb140e2a6b5005eb461d471bcb2efee5027e 1591368 linux_6.11.5-1.debian.tar.xz
 fd097a912041ce442747df18dc0fda8223398d0e 7425 linux_6.11.5-1_source.buildinfo
Checksums-Sha256:
 df684e997856af69805bd473bc0d566c8282eaaa2d9a6551f8587523ea76325d 204594 
linux_6.11.5-1.dsc
 d19ddb0ed6e0c0b75a986841f3dd7ebd2ad1a2d58b2338ac69dd12f1b3feed02 149903400 
linux_6.11.5.orig.tar.xz
 ff9ba6207aa87139e705de909c2e5eb2ba3546c270e96e32d1e6c20af27812b7 1591368 
linux_6.11.5-1.debian.tar.xz
 aa96755bf59549f4bcbec64e08d10e75c09181c4f4f277e03d4f4502296766c5 7425 
linux_6.11.5-1_source.buildinfo
Files:
 433bb04ac240b8c62b425750bccada30 204594 kernel optional linux_6.11.5-1.dsc
 ac2a84d9121aa335dabec25e4c38d6e8 149903400 kernel optional 
linux_6.11.5.orig.tar.xz
 25945100f7a156a11481af97dbddf26b 1591368 kernel optional 
linux_6.11.5-1.debian.tar.xz
 1a9c9053ad14ec7da78c59342d1d568d 7425 kernel optional 
linux_6.11.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmcd3e1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EZdwP/R5SN4dpq/H5oFvg1MZoJ5XT9dTBQlm1
iljFoQt6PeuGwZYlucXJKef1YWvW9PApUb1nz51zi0IQFhbZSAJKcM66WGoLrjfb
EaHcfHdzqYH0rcU9JkzEg4avGg0st2VKlAgNLDwmsd6ksT8JzPbLwWzQ8fAFZsXP
LmWCFvavBJaohUq2E5Qqhflc5u4XSHIp5oM75c/dHJQoxckW5ySEh4XLKOqSUuGV
jRjBJPSRkZl2MWVuWVDf9xyLG6y8fPEj+QbFSW+wO/674piTwuEgd4SCP6riD+Z0
Pfq9KobyQzixgP2XOR2USZZLDbp4t4e82Ye/AViwsf8SHVFpLOLgzdLWIx7eV/tw
Hit6MA4vcehX9O5fYezTVZyA8bG537wVcGC6OORiex+Pfb17gpWxFGZ81PrPokDN
ay8dCSsvyJAmqmsm3/3j289hNZipHOJqe3IHval6JBdqlATQTztH7HNwHNMadDYZ
A9StM1iYze63vA1HnY/Q2RaCAqn6BAF3IKLmF+QknTFhh5DPmYMVxoQZuH3pvzIr
MM1z7VgIa7z4aopaxCS19cqtb0fTGEqxn5ole/NTOlz7f53yJC4PSma/WjLR5luQ
rs3Ap0euzEx6eXkOB3vejdOztTNmCNAvDJe/7Fq8iFgm+B8O6hjRdUODuPfXN7Cs
1NqFPUnBFK3V
=yPtp
-----END PGP SIGNATURE-----

Attachment: pgpMPpBstXVMx.pgp
Description: PGP signature


--- End Message ---

Reply via email to