Bug#949518: marked as done (ufw: does not work with iptables-restore 1.8.4-2 (blank line in file))

Thu, 13 Feb 2020 03:52:12 -0800 

Your message dated Thu, 13 Feb 2020 11:49:08 +0000
with message-id <e1j2czu-0004rh...@fasolo.debian.org>
and subject line Bug#949518: fixed in iptables 1.8.4-3
has caused the Debian Bug report #949518,
regarding ufw: does not work with iptables-restore 1.8.4-2 (blank line in file)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
949518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949518
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ufw
Version: 0.36-1
Severity: grave
Justification: renders package unusable

ufw fails to start with iptables 1.8.4-2, even after #946289 is fixed.
Downgrading to iptables 1.8.3-2 fixes this.  iptables-restore
(iptables-nft-restore) can no longer handle blank lines in the restored file.

Jan 21 06:39:42 hostname ufw-init[39272]: iptables-restore: COMMIT expected at 
line 19
Jan 21 06:39:42 hostname ufw-init[39373]: ip6tables-restore: COMMIT expected at 
line 19
Jan 21 06:39:42 hostname ufw-init[39379]: Problem running '/etc/ufw/user.rules'
Jan 21 06:39:42 hostname ufw-init[39379]: Problem running '/etc/ufw/user6.rules'

Line 19 is the first blank line after the '### RULES ###' in user.rules:

% sudo head -n19 /etc/ufw/user.rules
*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###

%

Tiny reproduction:

paul@vm$ echo -ne '*filter\n:otters - [0:0]\n# this is a comment\n\n-A otters 
-j ACCEPT\nCOMMIT\n' > has-blank-line.txt
paul@vm$ echo -ne '*filter\n:otters - [0:0]\n# this is a comment\n-A otters -j 
ACCEPT\nCOMMIT\n' > has-no-blank-line.txt
paul@vm$ sudo iptables-restore -v -n <has-blank-line.txt ; echo
iptables-restore: COMMIT expected at line 4
# this is a comment
paul@vm$ sudo iptables-restore -v -n <has-no-blank-line.txt ; echo
# this is a comment
paul@vm$ 


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ufw depends on:
ii  debconf [debconf-2.0]  1.5.73
hi  iptables               1.8.3-2
ii  lsb-base               11.1.0
ii  python3                3.7.5-3
ii  ucf                    3.0038+nmu1

ufw recommends no packages.

Versions of packages ufw suggests:
ii  rsyslog  8.1911.0-1

-- Configuration Files:
/etc/default/ufw changed [not included]

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: iptables
Source-Version: 1.8.4-3

We believe that the bug you reported is fixed in the latest version of
iptables, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arturo Borrero Gonzalez <art...@debian.org> (supplier of updated iptables 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Feb 2020 12:20:19 +0100
Source: iptables
Architecture: source
Version: 1.8.4-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Netfilter Packaging Team 
<pkg-netfilter-t...@lists.alioth.debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Closes: 949518 949576 951102
Changes:
 iptables (1.8.4-3) unstable; urgency=medium
 .
   [ Alberto Molina Coballes ]
   * [d87a98a] libiptc-dev: add Breaks and Replaces fields (Closes: #949576)
 .
   [ Arturo Borrero Gonzalez ]
   * [c66f003] d/patches: add 0000-upstream-xtables-restore-empty-lines.patch
     (Closes: #949518, #951102)
Checksums-Sha1:
 6855e5a47a33d16db736cb1e230e07a6260abe36 2719 iptables_1.8.4-3.dsc
 2bd50da76dc5f6d2a0a5ab19b1309256b5b9541a 65296 iptables_1.8.4-3.debian.tar.xz
 665a9e5c2d210c244c4829267e7839a28078acad 8930 iptables_1.8.4-3_amd64.buildinfo
Checksums-Sha256:
 0d0c9ae69f984d7ad8aef1f4361e56b01dfbb3908f2640644b02c62c0623f723 2719 
iptables_1.8.4-3.dsc
 1d7018909d55f4f578f811ee5eff7591d91af79a6283a947d1c8c2c5f5a4ffab 65296 
iptables_1.8.4-3.debian.tar.xz
 246db2f866719056a6151bbf012009e37f17dab73cb32f1c3d1bceb9aaa8e854 8930 
iptables_1.8.4-3_amd64.buildinfo
Files:
 b1c340a45b30e219f0699556ee025b4e 2719 net optional iptables_1.8.4-3.dsc
 f5ecfac4e9b237523918d4455a048328 65296 net optional 
iptables_1.8.4-3.debian.tar.xz
 6ed24d046354ea4bc3e1183aaae47f4e 8930 net optional 
iptables_1.8.4-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3ZhhqyPcMzOJLgepaOcTmB0VFfgFAl5FMmwACgkQaOcTmB0V
FfhnwA//VpbUjvSYQkdTxP97m1/1g1KZPcoGUgzN0Xt+qNhyjgUBbfKaqzsUSZMu
2ej6+4xZ+qFjKolOdnkNew/rE4BUk3mH74cKQQKChBT5ud0tNKMZru8XeVNHbUBT
ajBwDrHHusdhnEod2wODH2Ip4UurkXSVgY3eeDSLLrvMYMaAqkchznSj6r693ks3
PSw+S8zDYlYO5sMIWB4B52TCuOqtmCOl2THaRt4e3+kSG6PfotgCAQdMhQ/Ki6ka
XIN6dA04MGt+YJlBEBbMpAmamN6QPPgMZjCSv8nWpJKjy5nN0YCrEb+f0NjLrhtn
EKGAu2bAUAbsSGZUz4rQwJjMIqPbRKpYOhfpX5UYg9E/xS4AKuIg07aNSH6xtsQe
cwQ6IUHt/I5LcopQfDEXJdcvInT42cVLNXCrET4U4g+cJ5Naiqery6gBOUCmPl/g
R0nS3wYVooW4/CT+7iS0UxtgDEXkNyLQl5uRGX8qS/Rzmp6gJbDdEGA5xxUr4Oxv
hi1OKxFQ0YB24+Zj5dEBWBTwoa5C6KYiUwYNB3gmNgtQNAExZsZTolkHO8z5Gt5/
nUOgkCMrwqguBfA4xqu4DmVnGU9reTw3wfX6fpzSUXNaxNwp+o1irqAFXUycMqor
YHDajXk8I7g2XRDrea4L08cZbGhJ05h/oUOCB52MrHabdemECEw=
=EGai
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to