[Bug 875818] Re: [MIR] libnetfilter-conntrack

Sun Oct 23 17:57:30 UTC 2011

** Description changed:

- The latest manual sync introduced build deps which are not in main, and
- therefore dnsmasq is blocked in dep-wait.  Please evaluate if a MIR
- needs to be raised, or if we need to carry a delta removing them.
+ 1. Availability - already packaged & builds in Ubuntu universe & Debian
+ stable since 2006
+ 
+ 2. Rationale -
+ Debian enabled this optional feature when dnsmasq 2.58 was packaged. We are currently in sync with Debian dnsmasq.
+ 
+ From dnsmasq 2.58 changelog. :
+ 
+ Add support for Linux conntrack connection marking. If 
+ enabled with --conntrack, the connection mark for incoming
+ DNS queries will be copied  to the outgoing connections
+ used to answer those queries. This allows clever firewall
+ and accounting stuff. Only available if dnsmasq is
+ compiled with HAVE_CONNTRACK and adds a dependency on 
+ libnetfilter-conntrack. Thanks to Ed Wildgoose for the
+ initial idea, testing and sponsorship of this function.
+ 
+ 3. Security - There are no known security bugs:
+ https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=conntrack (These appear to refer to the Linux kernel itself. libnetfilter-conntrack has only existed since 2005.)
+ 
+ 4. QA -
+ https://bugs.launchpad.net/ubuntu/+source/libnetfilter-conntrack
+ http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=libnetfilter-conntrack
+ http://bugzilla.netfilter.org/buglist.cgi?quicksearch=product%3A%22netfilter%2Fiptables%22 (it's a bit confusing how this bugzilla works)
+ 
+ 5. UI - N/A
+ 
+ 6. Dependencies: https://bazaar.launchpad.net/+branch/ubuntu/libnetfilter-conntrack/view/head:/debian/control
+ All dependencies are already in main
+ 
+ 7. Standards compliant 3.9.1
+ 
+ 8. Maintenance - We are currently in sync with Debian
+ 
+ Original bug report
+ ===================
+ The latest manual sync introduced build deps which are not in main, and therefore dnsmasq is blocked in dep-wait.  Please evaluate if a MIR needs to be raised, or if we need to carry a delta removing them.

  libnetfilter-conntrack: libnetfilter-conntrack-dev libnetfilter-
  conntrack3 libnetfilter-conntrack3-dbg

  Thanks.

** Summary changed:

- [MIR] libnetfilter-conntrack
+ [mir] libnetfilter-conntrack

** Changed in: libnetfilter-conntrack (Ubuntu)
       Status: Confirmed => New

** Changed in: libnetfilter-conntrack (Ubuntu)
     Assignee: Jeremy Bicha (jbicha) => (unassigned)

** Changed in: dnsmasq (Ubuntu)
     Assignee: Jeremy Bicha (jbicha) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/875818

Title:
  [mir] libnetfilter-conntrack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/875818/+subscriptions