Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: crowdsec-firewall-boun...@packages.debian.org Control: affects -1 + src:crowdsec-firewall-bouncer
Hi, [ Reason ] I'd like to fix the #1071247/#1071248 pair in bookworm, which results in crowdsec-firewall-bouncer's being broken on little-endian architectures (addresses are getting logged just fine, but they're not passed over correctly to the firewall layer). I've checked with the security team, this doesn't warrant a DSA. This is the daemon part (crowdsec-firewall-bouncer). [ Impact ] If the fix doesn't make it into stable, crowdsec-firewall-bouncer remains broken on little-endian architectures. [ Tests ] Same checks as for unstable when I uploaded the fixes there: - amd64 (LE, baremetal) before: KO - amd64 (LE, baremetal) after: OK - s390x (BE, debvm) before: OK - s390x (BE, debvm) after: OK [ Risks ] Except for a possible regression on s390x (which isn't the case, see previous section), it cannot be worse than it currently is. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable Additionally, that reached testing. [ Changes ] Since there were already binNMUs for this package in p-u, with different versions, I decided to err on the side of caution, and to propose a new revision with a versioned build-dep on golang-github-google-nftables's binary package; alternatively this package could be binNMU'd within p-u once golang-github-google-nftables is available in p-u. [ Other info ] Previous bug report is the golang-github-google-nftables part. Cheers, -- Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
diff -Nru crowdsec-firewall-bouncer-0.0.25/debian/changelog crowdsec-firewall-bouncer-0.0.25/debian/changelog --- crowdsec-firewall-bouncer-0.0.25/debian/changelog 2023-05-31 18:57:41.000000000 +0200 +++ crowdsec-firewall-bouncer-0.0.25/debian/changelog 2024-06-11 10:20:58.000000000 +0200 @@ -1,3 +1,18 @@ +crowdsec-firewall-bouncer (0.0.25-4~deb12u1) bookworm; urgency=medium + + * Rebuild for bookworm. + + -- Cyril Brulebois <cy...@debamax.com> Tue, 11 Jun 2024 10:20:58 +0200 + +crowdsec-firewall-bouncer (0.0.25-4) unstable; urgency=high + + * Set minimal version for the golang-github-google-nftables-dev build + dependency to ensure a working AddSet() function, i.e. no longer + reversing byte order for IPv4 and IPv6 addresses at the nftables level + on little-endian architectures (Closes: #1071248, See: #1071247). + + -- Cyril Brulebois <cy...@debamax.com> Tue, 21 May 2024 10:15:36 +0200 + crowdsec-firewall-bouncer (0.0.25-3) unstable; urgency=medium * Fix failure to install if crowdsec is unpacked but not configured diff -Nru crowdsec-firewall-bouncer-0.0.25/debian/control crowdsec-firewall-bouncer-0.0.25/debian/control --- crowdsec-firewall-bouncer-0.0.25/debian/control 2023-03-21 01:03:29.000000000 +0100 +++ crowdsec-firewall-bouncer-0.0.25/debian/control 2024-05-21 09:53:53.000000000 +0200 @@ -10,7 +10,7 @@ golang-github-coreos-go-systemd-dev, golang-github-crowdsecurity-crowdsec-dev, golang-github-crowdsecurity-go-cs-bouncer-dev, - golang-github-google-nftables-dev, + golang-github-google-nftables-dev (>= 0.1.0-4~), golang-golang-x-sys-dev, golang-gopkg-natefinch-lumberjack.v2-dev, golang-gopkg-tomb.v2-dev,