passt (0.0~git20241030.ee7d0b6-1) unstable; urgency=medium * New upstream version 0.0~git20241030.ee7d0b6: - Fix occasional hang on TCP loopback path after the receiving buffer fills up: https://github.com/containers/podman/issues/24219 - By default, don't expose loopback-only services in container: https://github.com/containers/podman/issues/24045 - Add --dns-host option to configure host side nameserver: https://bugs.passt.top/show_bug.cgi?id=102 - Add --frebind option to enable IP_FREEBIND on sockets: https://bugs.passt.top/show_bug.cgi?id=101 -- Stefano Brivio Wed, 30 Oct 2024 13:29:54 +0100 passt (0.0~git20240906.6b38f07-1) unstable; urgency=medium * New upstream version 0.0~git20240906.6b38f07: - Fix possible EPOLLRDHUP event storms with half-closed TCP connections, leading to periods of high CPU load: https://github.com/containers/podman/issues/23686 https://bugs.passt.top/show_bug.cgi?id=94 - Fix possible EPOLLERR event storms with UDP flows: https://bugs.passt.top/show_bug.cgi?id=95 -- Stefano Brivio Fri, 06 Sep 2024 16:09:07 +0200 passt (0.0~git20240821.1d6142f-1) unstable; urgency=medium * New upstream version 0.0~git20240821.1d6142f: - Allow currently needed set of system calls for i386 and armhf in seccomp profiles (Closes: #1078981) - Introduce --map-host-loopback and --map-guest-addr options to reach the host using arbitrary addresses, using either loopback or the guest/container address as source -- Stefano Brivio Wed, 21 Aug 2024 14:33:46 +0200 passt (0.0~git20240814.61c0b0d-1) unstable; urgency=medium * New upstream version 0.0~git20240814.61c0b0d: - Avoid triggering an ASSERT() checking that the port isn't zero when the container sends a TCP packet to port zero -- Stefano Brivio Wed, 14 Aug 2024 13:54:49 +0200 passt (0.0~git20240806.ee36266-1) unstable; urgency=medium * New upstream version 0.0~git20240806.ee36266: - Fix possible TCP transfer hang on local pasta(1) connections: https://github.com/containers/podman/issues/23517 -- Stefano Brivio Tue, 06 Aug 2024 15:46:13 +0200 passt (0.0~git20240726.57a21d2-1) unstable; urgency=medium * New upstream version 0.0~git20240726.57a21d2: - Unified flow table for all flow types (TCP, UDP, ICMP), with the side effect of fixing possible inconsistencies in UDP source port tracking - Forwarding for DNS queries over TCP and DNS over TLS (dot) now supported -- Stefano Brivio Fri, 26 Jul 2024 15:54:22 +0200 passt (0.0~git20240624.1ee2eca-1) unstable; urgency=medium * New upstream version 0.0~git20240624.1ee2eca: - Outbound connections now work when ip_non_local_bind sysctls are set: https://github.com/containers/podman/issues/23003 - Start even if we have multiple interfaces but no default routes: https://bugzilla.redhat.com/show_bug.cgi?id=2277954 - Fix duplicating routes to containers with 'noprefixroute' addresses: https://github.com/containers/podman/issues/22824 - Don't fail to duplicate routes originated from OSPF daemons: https://github.com/containers/podman/issues/22960 - Always log to standard error during initialisation, and if in foreground - Fix UDP port forwarding with different original and target ports: https://bugs.passt.top/show_bug.cgi?id=80 was reintroduced and has been fixed again -- Stefano Brivio Mon, 24 Jun 2024 18:03:28 +0200 passt (0.0~git20240607.8a83b53-1) unstable; urgency=medium * New upstream version 0.0~git20240607.8a83b53, most notable fix: avoid triggering an assertion if container or guest try to access an unreachable port using the address of the default gateway (https://github.com/containers/podman/issues/22925) -- Stefano Brivio Fri, 07 Jun 2024 20:52:50 +0200 passt (0.0~git20240523.765eb0b-1) unstable; urgency=medium * New upstream version 0.0~git20240523.765eb0b -- Stefano Brivio Thu, 23 May 2024 19:48:09 +0200 passt (0.0~git20240426.d03c4e2-1) unstable; urgency=medium * Actually install pasta's AppArmor profile from passt.install * debian/control: Bump standards version from 4.6.2 to 4.7.0 * New upstream version 0.0~git20240426.d03c4e2 -- Stefano Brivio Fri, 26 Apr 2024 08:39:30 +0200 passt (0.0~git20240326.4988e2b-1) unstable; urgency=medium * debian/rules: Include pkg-info.mk * New upstream version 0.0~git20240326.4988e2b: never send TCP segments with none of ACK, SYN or RST flags to avoid unexpected connection resets (https://github.com/containers/podman/issues/22146) -- Stefano Brivio Tue, 26 Mar 2024 10:28:50 +0100 passt (0.0~git20240320.71dd405-1) unstable; urgency=medium * New upstream version 0.0~git20240320.71dd405, most notable fix: pasta(1) hang on start-up with Linux kernel versions 6.9 and later * debian/rules: It's DEB_VERSION_UPSTREAM, not DEB_UPSTREAM_VERSION -- Stefano Brivio Wed, 20 Mar 2024 12:14:37 +0100 passt (0.0~git20240220.1e6f92b-1) unstable; urgency=medium * New upstream version 0.0~git20240220.1e6f92b: - pasta(1) now quits as expected once the container goes away when used as network back-end for buildah(1) - fix possible mix-up of ports for UDP outbound flows originating from -U outbound forwarding option -- Stefano Brivio Tue, 20 Feb 2024 11:05:49 +0100 passt (0.0~git20240216.08344da-1) unstable; urgency=medium * New upstream version 0.0~git20240216.08344da: - default gateway can now be sourced from host multipath routes as well - on failure of the inotify watch used by pasta to exit when a nsfs-bound namespace, fall back to a simple timed check -- Stefano Brivio Fri, 16 Feb 2024 11:02:16 +0100 passt (0.0~git20231230.f091893-1) unstable; urgency=medium * New upstream version 0.0~git20231230.f091893: - increase lifetime for router and prefix validity in router advertisements to maximum allowed values - pick most specific IPv6 global unicast address (via netlink) for guest configuration, if multiple addresses are available -- Stefano Brivio Tue, 02 Jan 2024 17:07:41 +0100 passt (0.0~git20231204.b86afe3-1) unstable; urgency=medium * New upstream version 0.0~git20231204.b86afe3 * Fixes build warnings on 32-bit architectures due to mismatching format specifiers -- Stefano Brivio Mon, 04 Dec 2023 11:14:52 +0100 passt (0.0~git20231107.74e6f48-1) unstable; urgency=medium * New upstream version 0.0~git20231107.74e6f48 * Most notable fixed issue: DNS resolution stopped working after a relatively long time, https://bugs.passt.top/show_bug.cgi?id=57 * debian/rules: 'host' is the machine we're building for, not 'build' -- Stefano Brivio Tue, 07 Nov 2023 14:10:52 +0100 passt (0.0~git20231004.f851084-1) unstable; urgency=medium * New upstream version 0.0~git20231004.f851084 * Most notable fix: workaround to trigger TCP window update in kernel after it was reported empty, on socket side, very visible with default values for rmem_max and wmem_max (https://bugs.passt.top/show_bug.cgi?id=74) -- Stefano Brivio Tue, 10 Oct 2023 00:13:04 +0200 passt (0.0~git20230908.05627dc-1) unstable; urgency=medium * debian/rules: Pass DEB_BUILD_GNU_CPU to Makefile, not DEB_BUILD_ARCH * debian/rules: Override pasta symbolic links with hard links * debian/rules: Install new pasta profile using dh_apparmor * New upstream version 0.0~git20230908.05627dc -- Stefano Brivio Fri, 08 Sep 2023 17:39:07 +0200 passt (0.0~git20230823.a7e4bfb-1) unstable; urgency=medium * New upstream version 0.0~git20230823.a7e4bfb * Several fixes for pasta --config-net operation, most importantly: don't copy lifetime information of addresses from host, avoid unexpected expiration of IPv4 addresses -- Stefano Brivio Wed, 23 Aug 2023 23:10:18 +0200 passt (0.0~git20230627.289301b-1) unstable; urgency=medium * New upstream version 0.0~git20230627.289301b * Update licensing information to new licensing terms from upstream (GPLv2+ instead of AGPLv3+) * Fix cross-build in Debian package itself by overriding TARGET via dh_auto_install with target architecture -- Stefano Brivio Tue, 27 Jun 2023 19:31:18 +0200 passt (0.0~git20230309.7c7625d-1) unstable; urgency=medium * New upstream version 0.0~git20230309.7c7625d * Fix cross-build and armhf build reproducibility by using the target declared by the compiler to build seccomp profiles, not the current machine type * Fix build on sh4 by correcting the AUDIT_ARCH target name * Fix signedness warning reported on 32-bit architectures * Terminate gracefully if open files quota is reached * Fix inbound TCP Maximum Segment Size used to queue data to tap interface, in pasta mode * Fix accidental gap in slirp4netns compatibility by introducing trivial options to actually set outbound interfaces and addresses -- Stefano Brivio Thu, 09 Mar 2023 09:29:19 +0100 passt (0.0~git20230227.c538ee8-1) unstable; urgency=medium * New upstream version 0.0~git20230227.c538ee8 * Most rules from the AppArmor profile are now divided into two abstractions for passt(1) and pasta(1), and the usr.bin.passt profile sources them. This makes it easier for frameworks such as libvirt to source the required parts in subprofiles -- Stefano Brivio Mon, 27 Feb 2023 23:29:43 +0100 passt (0.0~git20230216.4663ccc-1) unstable; urgency=medium * New upstream version 0.0~git20230216.4663ccc -- Stefano Brivio Fri, 17 Feb 2023 12:48:47 +0100 passt (0.0~git20221116.ace074c-1) unstable; urgency=medium * New upstream version 0.0~git20221116.ace074c. Most relevant change: AppArmor profile actually covers both pasta(1) and passt(1) * Fix Vcs-Browser and Vcs-Git links in debian/control * Build with -DVERSION corresponding to current package version * Move copy of AppArmor profile to debian/passt.install -- Stefano Brivio Wed, 16 Nov 2022 22:42:50 +0100 passt (0.0~git20221104.e308018-1) unstable; urgency=medium * Initial release. Closes: #1010498 -- Stefano Brivio Fri, 04 Nov 2022 18:26:31 +0100