Bug 1892 - iptables update request
Summary: iptables update request
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-22 23:39 CEST by Thomas Backlund
Modified: 2014-05-08 18:07 CEST (History)
3 users (show)

See Also:
Source RPM: iptables
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2011-06-22 23:39:33 CEST 
There is now a iptables-1.4.11.1-1.mga1 in bs heading for updates_testing

The reason for doing the version upgrade from 1.4.10 -> 1.4.11.1 is that it's needed to fully support our 2.6.38 series kernels. (1.4.10 only fully supports up to 2.6.36 series)
(and 1.4.11* series got released 2011-May-26, so it missed final freeze)
it also fixes mga# 1404


full changelog:
- update to 1.4.11.1 (full kernel 2.6.37-39 support)
- Move the runtime libip{4,6}tc.so.* libraries to /%{_lib}, so that iptables in
  /sbin can use them when /usr isn't mounted yet (mga#1404)
- libmajor is now 6
- add compat symlinks for ip(6)tbles-multi
- update filelists
Sander Lepik 2011-06-22 23:41:12 CEST

CC: (none) => sander.lepik
Assignee: bugsquad => qa-bugs

Comment 1 Dave Hodgins 2011-06-30 02:55:30 CEST 
I've been running iptables 1.4.11.1 since June 23rd, on my i586 system without
any problems.  Is there a quick way to get a full list of what packages were
provided by the source rpm?

From /var/lib/urpmi/names.Core Updates Testing it appears to be ...
libip6tc-devel
libiptc-devel
libip6tc0
libip4tc0
libip4tc-devel
iptables
libiptables6
libiptables-devel
with the -devel packages manually instlaled.

The following two were pulled in when I manually installed libip4tc-devel
libiptc0
libipq-devel

The package libipq0 did not get installed.  Should it be?

CC: (none) => davidwhodgins

Comment 2 José Jorge 2011-07-06 19:11:05 CEST 
Tested on x86_64, it works for me (I don't know of a test case).

CC: (none) => lists.jjorge

Comment 3 Dave Hodgins 2011-07-07 01:58:41 CEST 
Can someone from the sysadmin team push the packages
libip6tc-devel
libiptc-devel
libip6tc0
libip4tc0
libip4tc-devel
iptables
libiptables6
libiptables-devel
libiptc0
libipq-devel
libipq0
from Core Updates Testing to Core Updates please.
The srpm is iptables-1.4.11.1-1.mga1.src.rpm
Comment 4 Nicolas Vigier 2011-07-07 14:11:54 CEST 
(In reply to comment #2)
> Tested on x86_64, it works for me (I don't know of a test case).

I think a test case could be installing the packages, and testing a few iptables commands.

CC: (none) => boklm

Comment 5 Thomas Backlund 2011-07-07 20:49:22 CEST 
(In reply to comment #4)
> (In reply to comment #2)
> > Tested on x86_64, it works for me (I don't know of a test case).
> 
> I think a test case could be installing the packages, and testing a few
> iptables commands.

Also test that shorewall / drakfirewall is not broken.
Comment 6 Dave Hodgins 2011-07-08 01:12:07 CEST 
As per comment 1, I've been running with the updated iptables since June 23rd.
Shorewall is working, grc.com shows expected ports open, with rest stealthed.

Incoming connections from autossh (from systems I support) are working, as
are all expected outgoing connections.

[dave@hodgins ~]$ locate libiptc.so
/lib/libiptc.so.0
/lib/libiptc.so.0.0.0
/usr/lib/libiptc.so
[dave@hodgins ~]$ ll /usr/lib/libiptc.so 
lrwxrwxrwx 1 root root 22 Jun 29 20:49 /usr/lib/libiptc.so -> ../../lib/libiptc.so.0*

The module has been moved to /lib, with a symlink for compatibility.

As per comment 3, the packages are ready to move to core updates, with
an advisory ...

Updating iptables to fully support 2.6.38 series kernels.
Comment 7 Nicolas Vigier 2011-07-08 18:53:25 CEST 
pushed to updates.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:07:16 CEST

CC: boklm => (none)
Note You need to log in before you can comment on or make changes to this bug.