All autopkgtests for the newly accepted iptables (1.8.5-3ubuntu2.20.10.1) for groovy have finished running. The following regressions have been reported in tests triggered by the package:
sshuttle/1.0.4-1ubuntu4 (arm64) firewalld/0.9.1-1ubuntu1 (arm64) Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1]. https://people.canonical.com/~ubuntu-archive/proposed- migration/groovy/update_excuses.html#iptables [1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions Thank you! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 Status in Ubuntu on IBM z Systems: Fix Committed Status in iptables package in Ubuntu: Fix Committed Status in neutron package in Ubuntu: Invalid Status in iptables source package in Groovy: Fix Committed Status in neutron source package in Groovy: Invalid Status in iptables source package in Hirsute: Fix Committed Status in neutron source package in Hirsute: Invalid Bug description: [Impact] With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start. The log file shows many errors like: 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr: iptables-restore: line 29 failed This can be demonstrated with a simple test case: iptables-restore <<EOF *filter :INPUT - [0:0] COMMIT EOF This fails with iptables 1.8.5 and is a known upstream bug that was subsequently fixed in upstream commit https://git.netfilter.org/iptables/commit/?id=0bd7a8eaf3582159490ab355b1217a4e42ed021f As such, neutron-linuxbridge-agent is not able to be used successfully on groovy. This fix to iptables is required to allow neutron- linuxbridge-agent to successfully run. In hirsute, iptables 1.8.5-3ubuntu3 has been uploaded which fixes this bug by backporting the upstream fix from commit 0bd7a8eaf3582159490ab355b1217a4e42ed021f above. This is currently sitting in hirsute-proposed waiting for autopkgtests to complete to finish migration. For groovy, iptables 1.8.5-3ubuntu2.20.10.1 is sitting in Unapproved and is the subject of this SRU (this is simply 1.8.5-3ubuntu3 packaged for groovy) [Test Case] This can be reproduced by the test case. [Regression Potential] * This is a low risk update since it only affects the behaviour when a policy of '-' is specified and so does not affect any users of iptables that specify an explicit policy (like ACCEPT, REJECT etc). Since this '-' behaviour is currently broken it has a very low chance of causing a regression as it does not affect any code paths the use an explicit policy. * In the event of a regression, iptables can be reverted back to a rebuild of 1.8.5-3ubuntu1 by simply backing out this patch. [Other Info] * Details regarding an explicit test verification of neutron-linuxbridge-agent will be added soon. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
