Package: iptables | Debian Sources

Package: iptables / 1.8.12-2

Metadata

Package	Version	Patches format
iptables	1.8.12-2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
disable flaky py tests \| (download)	extensions/libxt_LED.t \| 4 0 + 4 - 0 ! extensions/libxt_LED.t.skipped \| 4 4 + 0 - 0 ! extensions/libxt_SECMARK.t \| 4 0 + 4 - 0 ! extensions/libxt_SECMARK.t.skipped \| 4 4 + 0 - 0 ! 4 files changed, 8 insertions(+), 8 deletions(-)	skip led and secmark python tests Currently the SECMARK tests fail when run by Salsa and Debian CI, and the LED tests when run by Salsa, so skip them in order not to have to declare the suite flaky.
revert_libxtables_refusal_to_run_with_capabilities.patch \| (download)	libxtables/xtables.c \| 5 2 + 3 - 0 ! 1 file changed, 2 insertions(+), 3 deletions(-)	apply upstream reversion of commit a2a733e9f0da ("libxtables: refuse to run under file capabilities"). . 1.8.12 included a commit to prevent iptables from running with capabilities enabled since it cannot do so safely. However, there have been reports that this change causes breakage for Docker and libvirt, possibly because the check used may also return a non-zero value in the presence of Linux security modules (cf `AT_SECURE' in getauxval(3)), and it has been reverted upstream.

Patch

File delta

Description

disable flaky py tests | (download)

extensions/libxt_LED.t | 4 0 + 4 - 0 !
extensions/libxt_LED.t.skipped | 4 4 + 0 - 0 !
extensions/libxt_SECMARK.t | 4 0 + 4 - 0 !
extensions/libxt_SECMARK.t.skipped | 4 4 + 0 - 0 !
4 files changed, 8 insertions(+), 8 deletions(-)

 skip led and secmark python tests
 Currently the SECMARK tests fail when run by Salsa and Debian CI, and the LED
 tests when run by Salsa, so skip them in order not to have to declare the suite
 flaky.

revert_libxtables_refusal_to_run_with_capabilities.patch | (download)

libxtables/xtables.c | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 apply upstream reversion of commit a2a733e9f0da ("libxtables:
 refuse to run under file capabilities").
 .
 1.8.12 included a commit to prevent iptables from running with capabilities
 enabled since it cannot do so safely.  However, there have been reports that
 this change causes breakage for Docker and libvirt, possibly because the check
 used may also return a non-zero value in the presence of Linux security modules
 (cf `AT_SECURE' in getauxval(3)), and it has been reverted upstream.