Bugfix for nftables Userspace nftables v1.0.6 sometimes generates incorrect bytecode that hits a new kernel check introduced in kernel-6.4.8 fix for CVE-2023-4147 that rejects adding rules to bound chains. This update fixes nftables to generate correct bytecode.. SRPMS: nftables-1.0.6-1.1.mga9.src.rpm i586: libnftables1-1.0.6-1.1.mga9.i586.rpm libnftables-devel-1.0.6-1.1.mga9.i586.rpm nftables-1.0.6-1.1.mga9.i586.rpm python3-nftables-1.0.6-1.1.mga9.noarch.rpm x86_64: lib64nftables1-1.0.6-1.1.mga9.x86_64.rpm lib64nftables-devel-1.0.6-1.1.mga9.x86_64.rpm nftables-1.0.6-1.1.mga9.x86_64.rpm python3-nftables-1.0.6-1.1.mga9.noarch.rpm
Advisory from comment 0 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete".
Keywords: (none) => advisoryCC: (none) => marja11
MGA9-64 Plasma in VirtualBox. No installation issues. I have no idea how to test the issue that generated this bug, so... $ urpmq --whatrequires nftables eddie nftables podman python3-nftables waydroid Installing waydroid depends on another bug currently waiting for QA attention, so no help there. Eddie is a UI for managing a VPN from Airvpn, but it is supposed to work with VPNs from other providers, as well. I installed it without issue, ran it under strace, looked around, couldn't easily determine how to get it working with a Surfshark VPN, and closed it again. Examining the strace file showed no reference to nftables, so apparently it's not invoked unless one actually activates a VPN. Again, no help. So I installed podman, and attempted to run some of the commands from Bug 28885 comment 55: [tom@localhost ~]$ podman images ERRO[0000] cannot find UID/GID for user tom: no subuid ranges found for user "tom" in /etc/subuid - check rootless mode in man pages. WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user REPOSITORY TAG IMAGE ID CREATED SIZE [tom@localhost ~]$ podman search docker.io/library/mageia [tom@localhost ~]$ podman run -dt -p 8080:80/tcp docker.io/library/mageia Trying to pull docker.io/library/mageia:latest... Getting image source signatures Copying blob 2b7a6260b5e1 done Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:2b7a6260b5e1024ee3e3aaea14424ae322182becf6d1593b6542c7e711e2c6bc": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 0:25 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /etc/gshadow: invalid argument): exit status 1 [tom@localhost ~]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [tom@localhost ~]$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES So, I didn't get very far, but the messages look to be from user error, rather than some fault of the application/libraries. To be fair, the test in bug 28885 wasn't exactly conclusive, either. I'm going to OK this based mostly on a clean install. Validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA9-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2023-0093.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED