Package: firejail Followup-For: Bug #1015151 X-Debbugs-Cc: debbug.1015...@sideload.33mail.com
When doing this upgrade: 0.9.64.4-2 → 0.9.64.4-2+deb11u1 ~50+ or so other packages were upgraded at the same time which could have theoretically changed the Tor middlebox. So more testing was needed to confirm that the regression was actually in the firejail pkg. The deb file for the old version was still present, so this was run: $ apt install /var/cache/apt/archives/firejail_0.9.64.4-2_amd64.deb Then this was run as a test: $ firejail --net=vnet0 --dns="$(ip address show dev vnet0 | awk '/inet\>/{gsub(/[/].*/,""); print $2 }')" lynx -dump 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015151' Indeed firejail worked after the downgrade. I believe this proves the bug was introduced in firejail version 0.9.64.4-2+deb11u1. The following file was created to prevent the buggy version from being reinstalled before bug 1015151 is fixed: [/etc/apt/preferences.d/firejail] ===8<------------------------------ Package: firejail Pin: version 0.9.64.4-2 Pin-Priority: 999 ===8<------------------------------ Reproducing the bug may require the tester to create a Tor middlebox. The Tor middlebox used in my tests followed this approach: https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://github.com/Bylon/TOR_Middlebox A newer approach to building a Tor middlebox is documented here: https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://gitlab.com/BylonAkila/TOR_Middlebox.git This article may have been inspired the above repos: https://web.archive.org/web/20200805082619/https://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network -- System Information: Debian Release: 11.4 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'testing'), (990, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-16-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firejail depends on: ii libapparmor1 2.13.6-10 ii libc6 2.31-13+deb11u3 ii libselinux1 3.1-3 Versions of packages firejail recommends: ii firejail-profiles 0.9.64.4-2+deb11u1 ii iproute2 5.10.0-4 ii iptables 1.8.7-1 ii xauth 1:1.1-1 ii xdg-dbus-proxy 0.1.2-2 ii xpra 3.0.13+dfsg1-1 ii xvfb 2:1.20.11-1+deb11u1 firejail suggests no packages. -- Configuration Files: /etc/firejail/firejail.config changed: cgroup no -- no debconf information