Bug#1072984: marked as done (bookworm-pu: package crowdsec-firewall-bouncer/0.0.25-4~deb12u1)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 29 Jun 2024 10:46:20 +0000
with message-id <E1sNVb2-002biu-Td@coccia.debian.org>
and subject line Released with 12.6
has caused the Debian Bug report #1072984,
regarding bookworm-pu: package crowdsec-firewall-bouncer/0.0.25-4~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1072984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072984
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: bookworm-pu: package crowdsec-firewall-bouncer/0.0.25-4~deb12u1
• From: Cyril Brulebois <cyril@debamax.com>
• Date: Tue, 11 Jun 2024 11:29:14 +0200
• Message-id: <[🔎] 171809815437.199615.7858878418165180452.reportbug@tokyo>

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: crowdsec-firewall-bouncer@packages.debian.org
Control: affects -1 + src:crowdsec-firewall-bouncer

Hi,

[ Reason ]

I'd like to fix the #1071247/#1071248 pair in bookworm, which results in
crowdsec-firewall-bouncer's being broken on little-endian architectures
(addresses are getting logged just fine, but they're not passed over
correctly to the firewall layer).

I've checked with the security team, this doesn't warrant a DSA.

This is the daemon part (crowdsec-firewall-bouncer).

[ Impact ]

If the fix doesn't make it into stable, crowdsec-firewall-bouncer 
remains broken on little-endian architectures.

[ Tests ]

Same checks as for unstable when I uploaded the fixes there:
 - amd64 (LE, baremetal) before: KO
 - amd64 (LE, baremetal) after: OK
 - s390x (BE, debvm) before: OK
 - s390x (BE, debvm) after: OK

[ Risks ]

Except for a possible regression on s390x (which isn't the case, see
previous section), it cannot be worse than it currently is.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

Additionally, that reached testing.

[ Changes ]

Since there were already binNMUs for this package in p-u, with different
versions, I decided to err on the side of caution, and to propose a new
revision with a versioned build-dep on golang-github-google-nftables's
binary package; alternatively this package could be binNMU'd within p-u
once golang-github-google-nftables is available in p-u.

[ Other info ]

Previous bug report is the golang-github-google-nftables part.


Cheers,
-- 
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/

diff -Nru crowdsec-firewall-bouncer-0.0.25/debian/changelog crowdsec-firewall-bouncer-0.0.25/debian/changelog
--- crowdsec-firewall-bouncer-0.0.25/debian/changelog	2023-05-31 18:57:41.000000000 +0200
+++ crowdsec-firewall-bouncer-0.0.25/debian/changelog	2024-06-11 10:20:58.000000000 +0200
@@ -1,3 +1,18 @@
+crowdsec-firewall-bouncer (0.0.25-4~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm.
+
+ -- Cyril Brulebois <cyril@debamax.com>  Tue, 11 Jun 2024 10:20:58 +0200
+
+crowdsec-firewall-bouncer (0.0.25-4) unstable; urgency=high
+
+  * Set minimal version for the golang-github-google-nftables-dev build
+    dependency to ensure a working AddSet() function, i.e. no longer
+    reversing byte order for IPv4 and IPv6 addresses at the nftables level
+    on little-endian architectures (Closes: #1071248, See: #1071247).
+
+ -- Cyril Brulebois <cyril@debamax.com>  Tue, 21 May 2024 10:15:36 +0200
+
 crowdsec-firewall-bouncer (0.0.25-3) unstable; urgency=medium
 
   * Fix failure to install if crowdsec is unpacked but not configured
diff -Nru crowdsec-firewall-bouncer-0.0.25/debian/control crowdsec-firewall-bouncer-0.0.25/debian/control
--- crowdsec-firewall-bouncer-0.0.25/debian/control	2023-03-21 01:03:29.000000000 +0100
+++ crowdsec-firewall-bouncer-0.0.25/debian/control	2024-05-21 09:53:53.000000000 +0200
@@ -10,7 +10,7 @@
                golang-github-coreos-go-systemd-dev,
                golang-github-crowdsecurity-crowdsec-dev,
                golang-github-crowdsecurity-go-cs-bouncer-dev,
-               golang-github-google-nftables-dev,
+               golang-github-google-nftables-dev (>= 0.1.0-4~),
                golang-golang-x-sys-dev,
                golang-gopkg-natefinch-lumberjack.v2-dev,
                golang-gopkg-tomb.v2-dev,

--- End Message ---

--- Begin Message ---

• To: 1072984-done@bugs.debian.org
• Subject: Released with 12.6
• From: Jonathan Wiltshire <jmw@coccia.debian.org>
• Date: Sat, 29 Jun 2024 10:46:20 +0000
• Message-id: <E1sNVb2-002biu-Td@coccia.debian.org>

Version: 12.6

The upload requested in this bug has been released as part of 12.6.

--- End Message ---