Your message dated Tue, 21 May 2024 08:34:31 +0000
with message-id <e1s9kx5-008cjx...@fasolo.debian.org>
and subject line Bug#1071248: fixed in crowdsec-firewall-bouncer 0.0.25-4
has caused the Debian Bug report #1071248,
regarding crowdsec-firewall-bouncer: blocks wrong IPv4 and IPv6 addresses on LE
systems (reversed byte order)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1071248: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071248
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: crowdsec-firewall-bouncer
Version: 0.0.25-3
Severity: grave
Tags: patch security
Justification: renders package unusable
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>,
debian.pack...@crowdsec.net
Hi,
This is the bouncer side of #1071247: golang-github-google-nftables up
to version 0.1.0-3 ships a broken AddSet() function, which results in
IPv4 and IPv6 addresses to be in reverse byte order at the nftables
level on LE systems (i.e. all release architectures but s930x).
This issue was confirmed to go away on LE systems once the bouncer gets
rebuilt against a fixed golang-github-google-nftables-dev package, and
not to regress on BE systems.
Grave looks warranted as the package doesn't fulfill its purposes
(blocking suspicious addresses), giving a false sense of security… while
also blocking potentially harmless addresses.
Cheers,
--
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
--- End Message ---
--- Begin Message ---
Source: crowdsec-firewall-bouncer
Source-Version: 0.0.25-4
Done: Cyril Brulebois <cy...@debamax.com>
We believe that the bug you reported is fixed in the latest version of
crowdsec-firewall-bouncer, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cyril Brulebois <cy...@debamax.com> (supplier of updated
crowdsec-firewall-bouncer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 21 May 2024 10:15:36 +0200
Source: crowdsec-firewall-bouncer
Architecture: source
Version: 0.0.25-4
Distribution: unstable
Urgency: high
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Cyril Brulebois <cy...@debamax.com>
Closes: 1071248
Changes:
crowdsec-firewall-bouncer (0.0.25-4) unstable; urgency=high
.
* Set minimal version for the golang-github-google-nftables-dev build
dependency to ensure a working AddSet() function, i.e. no longer
reversing byte order for IPv4 and IPv6 addresses at the nftables level
on little-endian architectures (Closes: #1071248, See: #1071247).
Checksums-Sha1:
e11fc3a45ceba91dec4bee14bb5cb35ea2c2e9b9 2602
crowdsec-firewall-bouncer_0.0.25-4.dsc
2051792153b25422adc11b215f101099220e4b7d 7600
crowdsec-firewall-bouncer_0.0.25-4.debian.tar.xz
112a3fd19cbef6c22021576738ca770d99d75d08 27724
crowdsec-firewall-bouncer_0.0.25-4_source.buildinfo
Checksums-Sha256:
6ffb351d70d0ce06d8426618605979f878eb6b57207200d973f12eca01c22146 2602
crowdsec-firewall-bouncer_0.0.25-4.dsc
2c67ecd6d6c60ecbf1f26448c92874e300c5a8806ebb3d729a78774520bbd0dc 7600
crowdsec-firewall-bouncer_0.0.25-4.debian.tar.xz
1534cb45c8a10c0280a432eb165779582461f5ce169040c6b7db8832500ed6ed 27724
crowdsec-firewall-bouncer_0.0.25-4_source.buildinfo
Files:
ceb9df4ce30324299a3a625d89b766f9 2602 golang optional
crowdsec-firewall-bouncer_0.0.25-4.dsc
e25937243bdbfa6acba76a2a13ae7ac3 7600 golang optional
crowdsec-firewall-bouncer_0.0.25-4.debian.tar.xz
fb137f0b883404ee62443c9fd550d478 27724 golang optional
crowdsec-firewall-bouncer_0.0.25-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCgAuFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmZMWkwQHGtpYmlAZGVi
aWFuLm9yZwAKCRD/kUrwwrNVIDtRD/0f5JiMwEMwiDMIEm7GBCboGRCjI+tfCJ+g
5QUW46uRzEq6HlP+s1EbKuR3P5/qTmFEDYZs+7VFvBqaCw/qTUT5719XWVSw64YP
raSGEvuj53TSJeWjdSwKp+atvJx22kywGsvrboYqmTsn5Hrye5KwRorgg0lMg/Yk
mtm7grDTzh56l1CqmAMkGE6JFCazbvdlZ/dshqThaNwgACn0P6Khyu7ZfoGYQ1qK
9TnVDHfFX3gm5ipJTRUMFhZ+gk3OahrRwtN2tHKjPsqdXj/qkZ2piSaK3CR+pbFL
pCqx00ApUzGiLpp7+/IkIDczWobm9fVLlp4mRiy5kFtDWq50Da0CIM9VnrHr3SMo
IsucocHpc5IvMrkmVT9ovR76FIk1NEfZ6M3mv/q/AnMjnc5jHCgPjbkgDu7nrFAd
WpZDfrAuoF+49+kQOxNFOX9F4MKQtGmWGZRTFclEkZ3h3A0RD6QfdO71PdD1ukXd
sfSdeFFrdbuxobXWjEqjWm6OyWnwGW8iqr37oYINkbpSg7/1jvWvvn4cO93sY7Jw
PmuMaWR1KHgW2GQABzKj5fsB3WWA0SHpiwtoMhLcUcatl8vOcq+tAqLmMI4ww+VI
FtsgA4W+T90pDtxM5bU1Nk5SWmuN45sxIBF0MjiHiG0YHy5AgB+gzZIs6Sz0SHQj
bfnyeXIM5w==
=6vnZ
-----END PGP SIGNATURE-----
pgp6Q17mYQno9.pgp
Description: PGP signature
--- End Message ---
