Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Hello release team,
Please unblock iptables-persistent, it has a critical bug 857301
(merged with 857304), if this bug is not fixed iptables-persistent will
be deleted from testing.
The bug is very simple, ip{,6}-(save|restore) is not called using the
full path so it fails when it done from the crontab.
The fix simply adds the full path to those commands
PS: I'm aware the changelog doesn't close the bug correctly, so I'll do
it manually after (if) the unblock is processed.
thanks!
unblock iptables-persistent/1.0.4+nmu2
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf
Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru iptables-persistent-1.0.4+nmu1/debian/changelog
iptables-persistent-1.0.4+nmu2/debian/changelog
--- iptables-persistent-1.0.4+nmu1/debian/changelog 2016-08-23
16:34:23.000000000 +0800
+++ iptables-persistent-1.0.4+nmu2/debian/changelog 2017-03-18
21:11:49.000000000 +0800
@@ -1,3 +1,12 @@
+iptables-persistent (1.0.4+nmu2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Use the full path to executables when saving and restoring firewall
+ rules for both IP and IPv6. Thanks G.W. Haywood for the patch.
+ Closes (#857301)
+
+ -- gustavo panizzo <g...@zumbi.com.ar> Sat, 18 Mar 2017 21:11:49 +0800
+
iptables-persistent (1.0.4+nmu1) unstable; urgency=low
[ Jonathan Wiltshire ]
diff -Nru iptables-persistent-1.0.4+nmu1/plugins/15-ip4tables
iptables-persistent-1.0.4+nmu2/plugins/15-ip4tables
--- iptables-persistent-1.0.4+nmu1/plugins/15-ip4tables 2016-08-23
16:34:23.000000000 +0800
+++ iptables-persistent-1.0.4+nmu2/plugins/15-ip4tables 2017-03-18
21:11:49.000000000 +0800
@@ -20,7 +20,7 @@
if [ ! -f /etc/iptables/rules.v4 ]; then
echo "Warning: skipping IPv4 (no rules to load)"
else
- iptables-restore < /etc/iptables/rules.v4 2> /dev/null
+ /sbin/iptables-restore < /etc/iptables/rules.v4 2> /dev/null
if [ $? -ne 0 ]; then
rc=1
fi
@@ -37,7 +37,7 @@
elif [ -x /sbin/iptables-save ]; then
touch /etc/iptables/rules.v4
chmod 0640 /etc/iptables/rules.v4
- iptables-save > /etc/iptables/rules.v4
+ /sbin/iptables-save > /etc/iptables/rules.v4
if [ $? -ne 0 ]; then
rc=1
fi
diff -Nru iptables-persistent-1.0.4+nmu1/plugins/25-ip6tables
iptables-persistent-1.0.4+nmu2/plugins/25-ip6tables
--- iptables-persistent-1.0.4+nmu1/plugins/25-ip6tables 2016-08-23
16:34:23.000000000 +0800
+++ iptables-persistent-1.0.4+nmu2/plugins/25-ip6tables 2017-03-18
21:11:49.000000000 +0800
@@ -20,7 +20,7 @@
if [ ! -f /etc/iptables/rules.v6 ]; then
echo "Warning: skipping IPv6 (no rules to load)"
else
- ip6tables-restore < /etc/iptables/rules.v6 2> /dev/null
+ /sbin/ip6tables-restore < /etc/iptables/rules.v6 2> /dev/null
if [ $? -ne 0 ]; then
rc=1
fi
@@ -37,7 +37,7 @@
elif [ -x /sbin/ip6tables-save ]; then
touch /etc/iptables/rules.v6
chmod 0640 /etc/iptables/rules.v6
- ip6tables-save > /etc/iptables/rules.v6
+ /sbin/ip6tables-save > /etc/iptables/rules.v6
if [ $? -ne 0 ]; then
rc=1
fi
