Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
Hi again, On 21-12-26 23:52:58, Georg Faerber wrote: > I've built a package now to ease this, and uploaded it to [1]. This > file is not signed, but this email is. The sha256sum of said file > should be 1edd0e09abf870146da441e7737fe78f634351c9cbbd0abdb46962911fe38e03. This package used an incorrect versioning scheme targeting buster, not bullseye. A fixed package is available via [1], sha256sum should be e6ccd338ebabcfea2014972e7b72e83ceb1e71f6a4ef9e3f32e0c718ece10311. Cheers, Georg [1] https://people.debian.org/~georg/rsyslog/rsyslog_8.2102.0-2+deb11u1_amd64.deb signature.asc Description: PGP signature
Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
Hi all, On 21-12-26 23:08:01, Georg Faerber wrote: > Besides, functional testing of this new package still needs to happen. I've built a package now to ease this, and uploaded it to [1]. This file is not signed, but this email is. The sha256sum of said file should be 1edd0e09abf870146da441e7737fe78f634351c9cbbd0abdb46962911fe38e03. I guess it would make sense if interested parties would test this package, before reaching out to the SRMs. Cheers, Georg [1] https://people.debian.org/~georg/rsyslog/rsyslog_8.2102.0-2+deb10u1_amd64.deb signature.asc Description: PGP signature
Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
Hi Michael, all, On 21-11-30 18:35:36, Michael Biebl wrote: > I'm very busy atm, but I can try. I've pushed the proposed upload to the debian/bullseye branch in the rsyslog repo. I've cherry-picked your commit (dfe482df2733940774c8d4f6d7756e5de3ade252) which initially introduced the fix and the corresponding testbench, but removed the later again, as the new test script is created with mode 100644, which fails, as the test setup expects these scripts to be executable. I'm unsure how to track file permissions via quilt, and a quick research didn't yield much. Any input how to solve this? Besides, functional testing of this new package still needs to happen. Cheers, Georg
Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
On 30.11.21 12:35, Georg Faerber wrote: Hi all, Thanks for maintaining rsyslog, and for the recent upload to fix this in unstable and testing. I've never dealt, up until now, the packaging of rsyslog, but I deem an update in bullseye important, due to the privacy-implications of this issue. Accordingly, I'll look into handling this, although it seems a bit late to still get this into 11.2, ETA 12/18. Michael, would you be up for a review before reaching out to the SRMs? I'm very busy atm, but I can try. Thanks for the offer, btw. OpenPGP_signature Description: OpenPGP digital signature
Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
Hi all, Thanks for maintaining rsyslog, and for the recent upload to fix this in unstable and testing. I've never dealt, up until now, the packaging of rsyslog, but I deem an update in bullseye important, due to the privacy-implications of this issue. Accordingly, I'll look into handling this, although it seems a bit late to still get this into 11.2, ETA 12/18. Michael, would you be up for a review before reaching out to the SRMs? Cheers, Georg
Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
Am 29.11.2021 um 21:54 schrieb Jonas Meurer: Hey Michael, Michael Biebl wrote: Dear rsyslog maintainers, the mmanon plugin in rsyslog fails to anonymize IPv6 addresses if they have a port appended without braces (e.g. 1234:5678:90ab:cdef:1234:5678:90ab:cdef:80). urgh, is that even a valid syntax? Thanks for the quick fix, it's much appreciated! Would you consider to backport it to stable-proposed-updates? Atm this is not planned. The overhead of a stable upload is just too much for such a smaller issue. Should there be stable upload for other reasons, this one could be included though. That said, I wouldn't mind if you want to make a stable upload yourself. The rsyslog package is in the debian namespace on salsa, so you can push any changes directly. Michael OpenPGP_signature Description: OpenPGP digital signature
Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
Hey Michael, Michael Biebl wrote: Dear rsyslog maintainers, the mmanon plugin in rsyslog fails to anonymize IPv6 addresses if they have a port appended without braces (e.g. 1234:5678:90ab:cdef:1234:5678:90ab:cdef:80). urgh, is that even a valid syntax? Thanks for the quick fix, it's much appreciated! Would you consider to backport it to stable-proposed-updates? Kind regards Jonas OpenPGP_signature Description: OpenPGP digital signature
Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
On 21.11.21 20:46, Jonas Meurer wrote: Package: rsyslog Version: 8.2102.0-2 Severity: important Tags: upstream, fixed-upstream Control: forwarded -1 https://github.com/rsyslog/rsyslog/issues/4725 Dear rsyslog maintainers, the mmanon plugin in rsyslog fails to anonymize IPv6 addresses if they have a port appended without braces (e.g. 1234:5678:90ab:cdef:1234:5678:90ab:cdef:80). urgh, is that even a valid syntax? OpenPGP_signature Description: OpenPGP digital signature
Bug#1000335: mmanon plugin: IPv6 anonymization partially broken
Package: rsyslog Version: 8.2102.0-2 Severity: important Tags: upstream, fixed-upstream Control: forwarded -1 https://github.com/rsyslog/rsyslog/issues/4725 Dear rsyslog maintainers, the mmanon plugin in rsyslog fails to anonymize IPv6 addresses if they have a port appended without braces (e.g. 1234:5678:90ab:cdef:1234:5678:90ab:cdef:80). This bug has already been reported[1] and fixed[2] upstream. [1] https://github.com/rsyslog/rsyslog/issues/4725 [2] https://github.com/rsyslog/rsyslog/pull/4735 Since this bug has privacy/security implications, I wonder whether it would warrant an upload to bullseye-security or bullseye-updates. Cheers Jonas
