Your message dated Sat, 28 Feb 2026 15:37:20 +0000
with message-id <[email protected]>
and subject line Fixed in 0.9.8-3.1+deb11u3
has caused the Debian Bug report #1063690,
regarding nftables: Segfault on named set or map definition in second table
specification
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1063690: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063690
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nftables
Version: 0.9.8-3.1+deb11u2
Severity: important
Upon running `nft -f file.nft`, where `file.nft` specifies the same
table at least twice, and a named set or map is defined in the second
(or later) table specification, a segmentation fault is caused.
The specified ruleset appears to be correctly applied regardless.
Example `file.nft`:
---
table inet t0 {
}
table inet t0 {
set s0 {
type inet_service
elements = { 42 }
}
}
---
Note that both a named set and a named map definition cause the
segfault, while a (similarly simple) chain definition does not.
The only error message printed is "Segmentation fault\n".
Note that this causes nftables.service to fail if `/etc/nftables.conf`
contains such configuration (but the ruleset appears to be applied).
I cannot reproduce the bug with the preceding package version,
0.9.8-3.1+deb11u1, nor on Debian 12 Bookworm (nftables 1.0.6-2+deb12u2).
-- System Information:
Debian Release: 11.9
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'),
(500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nftables depends on:
ii dpkg 1.20.13
ii libc6 2.31-13+deb11u8
ii libedit2 3.1-20191231-2+b1
ii libnftables1 0.9.8-3.1+deb11u2
nftables recommends no packages.
Versions of packages nftables suggests:
pn firewalld <none>
-- Configuration Files:
/etc/nftables.conf changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Control: fixed -1 0.9.8-3.1+deb11u3
Closing as fixed.
J.
signature.asc
Description: PGP signature
--- End Message ---
