Please unblock shorewall-perl/4.0.14-4, shorewall-common/4.0.14-3. Here are the relevant changelog entries: shorewall-perl (4.0.14-4) unstable; urgency=medium . * Patch for point release (4.0.14.2) (Closes: #501467) shorewall-common (4.0.14-3) unstable; urgency=medium . * Patch for point release (4.0.14.2) The debdiffs are attached. The reason for the additional point release is that the first point release (uploaded as shorewall-perl/4.0.14-2 and shorewall-common/4.0.14-2) missed some parts of the fix due to operator error. The second point release completes the fix. Also, I have an outstanding unblock request for shorewall-doc/4.0.14-2: http://lists.debian.org/debian-release/2008/10/msg01082.html Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
diff -u shorewall-common-4.0.14/debian/changelog shorewall-common-4.0.14/debian/changelog --- shorewall-common-4.0.14/debian/changelog +++ shorewall-common-4.0.14/debian/changelog @@ -1,3 +1,9 @@ +shorewall-common (4.0.14-3) unstable; urgency=medium + + * Patch for point release (4.0.14.2) + + -- Roberto C. Sanchez <roberto@connexer.com> Thu, 30 Oct 2008 21:01:22 -0400 + shorewall-common (4.0.14-2) unstable; urgency=low * Patch for point release (4.0.14.1) diff -u shorewall-common-4.0.14/debian/patches/00list shorewall-common-4.0.14/debian/patches/00list --- shorewall-common-4.0.14/debian/patches/00list +++ shorewall-common-4.0.14/debian/patches/00list @@ -1,4 +1,5 @@ 02_point_release_1 +03_point_release_2 07_enable_startup 10_sh_to_dash 99_lockfile_relocation only in patch2: unchanged: --- shorewall-common-4.0.14.orig/debian/patches/03_point_release_2.dpatch +++ shorewall-common-4.0.14/debian/patches/03_point_release_2.dpatch @@ -0,0 +1,94 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_point_release_2.dpatch by <roberto@connexer.com> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Point release 2 + +@DPATCH@ + +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/fallback.sh shorewall-common-4.0.14.2/fallback.sh +--- shorewall-common-4.0.14.1/fallback.sh 2008-10-13 10:36:50.000000000 -0700 ++++ shorewall-common-4.0.14.2/fallback.sh 2008-10-30 16:39:08.000000000 -0700 +@@ -28,7 +28,7 @@ + # shown below. Simply run this script to revert to your prior version of + # Shoreline Firewall. + +-VERSION=4.0.14.1 ++VERSION=4.0.14.2 + + usage() # $1 = exit status + { +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/install.sh shorewall-common-4.0.14.2/install.sh +--- shorewall-common-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700 ++++ shorewall-common-4.0.14.2/install.sh 2008-10-30 16:39:08.000000000 -0700 +@@ -22,7 +22,7 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + # + +-VERSION=4.0.14.1 ++VERSION=4.0.14.2 + + usage() # $1 = exit status + { +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/lib.base shorewall-common-4.0.14.2/lib.base +--- shorewall-common-4.0.14.1/lib.base 2008-10-13 09:55:02.000000000 -0700 ++++ shorewall-common-4.0.14.2/lib.base 2008-10-30 16:39:08.000000000 -0700 +@@ -979,6 +979,7 @@ + qt $IPTABLES -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED= + + CONNTRACK_MATCH= ++ NEW_CONNTRACK_MATCH= + MULTIPORT= + XMULTIPORT= + POLICY_MATCH= +@@ -1026,6 +1027,10 @@ + + qt $IPTABLES -A $chain -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes + ++ if [ -n "$CONNTRACK_MATCH" ]; then ++ qt $IPTABLES -A $chain -m conntrack ! --ctorigdst 192.168.1.1 -j ACCEPT && NEW_CONNTRACK_MATCH=Yes ++ fi ++ + if qt $IPTABLES -A $chain -p tcp -m multiport --dports 21,22 -j ACCEPT; then + MULTIPORT=Yes + qt $IPTABLES -A $chain -p tcp -m multiport --sports 60 -m multiport --dports 99 -j ACCEPT && KLUDEFREE=Yes +@@ -1126,6 +1131,7 @@ + report_capability "Multi-port Match" $MULTIPORT + [ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT + report_capability "Connection Tracking Match" $CONNTRACK_MATCH ++ report_capability "New Connection Tracking Match Syntax" $NEW_CONNTRACK_MATCH + report_capability "Packet Type Match" $USEPKTTYPE + report_capability "Policy Match" $POLICY_MATCH + report_capability "Physdev Match" $PHYSDEV_MATCH +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/shorewall-common.spec shorewall-common-4.0.14.2/shorewall-common.spec +--- shorewall-common-4.0.14.1/shorewall-common.spec 2008-10-13 10:36:50.000000000 -0700 ++++ shorewall-common-4.0.14.2/shorewall-common.spec 2008-10-30 16:39:08.000000000 -0700 +@@ -1,6 +1,6 @@ + %define name shorewall-common + %define version 4.0.14 +-%define release 1 ++%define release 2 + + Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. + Name: %{name} +@@ -244,6 +244,8 @@ + %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples + + %changelog ++* Thu Oct 30 2008 Tom Eastep tom@shorewall.net ++- Updated to 4.0.14-2 + * Mon Oct 13 2008 Tom Eastep tom@shorewall.net + - Updated to 4.0.14-1 + * Mon Sep 22 2008 Tom Eastep tom@shorewall.net +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/uninstall.sh shorewall-common-4.0.14.2/uninstall.sh +--- shorewall-common-4.0.14.1/uninstall.sh 2008-10-13 10:36:50.000000000 -0700 ++++ shorewall-common-4.0.14.2/uninstall.sh 2008-10-30 16:39:08.000000000 -0700 +@@ -26,7 +26,7 @@ + # You may only use this script to uninstall the version + # shown below. Simply run this script to remove Shorewall Firewall + +-VERSION=4.0.14.1 ++VERSION=4.0.14.2 + + usage() # $1 = exit status + {
diff -u shorewall-perl-4.0.14/debian/changelog shorewall-perl-4.0.14/debian/changelog --- shorewall-perl-4.0.14/debian/changelog +++ shorewall-perl-4.0.14/debian/changelog @@ -1,3 +1,9 @@ +shorewall-perl (4.0.14-4) unstable; urgency=medium + + * Patch for point release (4.0.14.2) (Closes: #501467) + + -- Roberto C. Sanchez <roberto@connexer.com> Thu, 30 Oct 2008 21:03:06 -0400 + shorewall-perl (4.0.14-3) unstable; urgency=low * Observe the length paramter in tcrules (thanks to Lennart Sorensen) reverted: --- shorewall-perl-4.0.14/debian/patches/03_observe_tcrules_length.dpatch +++ shorewall-perl-4.0.14.orig/debian/patches/03_observe_tcrules_length.dpatch @@ -1,50 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 03_observe_tcrules_length.dpatch by <roberto@connexer.com> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Observe the length parameter in tcrules - -@DPATCH@ - -Index: Shorewall-perl/Shorewall/Chains.pm -=================================================================== ---- Shorewall-perl/Shorewall/Chains.pm (revision 8785) -+++ Shorewall-perl/Shorewall/Chains.pm (working copy) -@@ -110,6 +110,7 @@ - do_test - do_ratelimit - do_user -+ do_length - do_tos - match_source_dev - match_dest_dev -@@ -1212,6 +1213,16 @@ - } - - # -+# Create a "-m length" match for the passed TOS -+# -+sub do_length( $ ) { -+ my $length = $_[0]; -+ -+ require_capability( 'LENGTH_MATCH' , 'Your kernel and/or iptables does not have length match support.' , '' ); -+ $length ne '-' ? "-m length --length $length " : ''; -+} -+ -+# - # Match Source Interface - # - sub match_source_dev( $ ) { -Index: Shorewall-perl/Shorewall/Tc.pm -=================================================================== ---- Shorewall-perl/Shorewall/Tc.pm (revision 8785) -+++ Shorewall-perl/Shorewall/Tc.pm (working copy) -@@ -271,7 +271,7 @@ - - if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) , - $restrictions{$chain} , -- do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) , -+ do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_length( $length ) . do_tos( $tos ) , - $source , - $dest , - '' , diff -u shorewall-perl-4.0.14/debian/patches/00list shorewall-perl-4.0.14/debian/patches/00list --- shorewall-perl-4.0.14/debian/patches/00list +++ shorewall-perl-4.0.14/debian/patches/00list @@ -2 +2 @@ -03_observe_tcrules_length.dpatch +03_point_release_2.dpatch only in patch2: unchanged: --- shorewall-perl-4.0.14.orig/debian/patches/03_point_release_2.dpatch +++ shorewall-perl-4.0.14/debian/patches/03_point_release_2.dpatch @@ -0,0 +1,98 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_point_release_2.dpatch by <roberto@connexer.com> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Point release 2 + +@DPATCH@ + +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/install.sh shorewall-perl-4.0.14.2/install.sh +--- shorewall-perl-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700 ++++ shorewall-perl-4.0.14.2/install.sh 2008-10-30 16:39:08.000000000 -0700 +@@ -22,7 +22,7 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + # + +-VERSION=4.0.14.1 ++VERSION=4.0.14.2 + + usage() # $1 = exit status + { +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/Shorewall/Chains.pm shorewall-perl-4.0.14.2/Shorewall/Chains.pm +--- shorewall-perl-4.0.14.1/Shorewall/Chains.pm 2008-10-13 09:55:02.000000000 -0700 ++++ shorewall-perl-4.0.14.2/Shorewall/Chains.pm 2008-10-30 16:39:08.000000000 -0700 +@@ -110,6 +110,7 @@ + do_test + do_ratelimit + do_user ++ do_length + do_tos + match_source_dev + match_dest_dev +@@ -421,7 +422,7 @@ + if ( $expandports && $rule =~ '^(.* --dports\s+)([^ ]+)(.*)$' ) { + my ($first, $ports, $rest) = ( $1, $2, $3 ); + +- if ( ( $ports =~ tr/:,/:,/ ) > 15 ) { ++ if ( ( $ports =~ tr/:,/:,/ ) > 14 ) { + my @ports = split '([,:])', $ports; + + while ( @ports ) { +@@ -1212,6 +1213,16 @@ + } + + # ++# Create a "-m length" match for the passed TOS ++# ++sub do_length( $ ) { ++ my $length = $_[0]; ++ ++ require_capability( 'LENGTH_MATCH' , 'A non-empty LENGTH' , 's' ); ++ $length ne '-' ? "-m length --length $length " : ''; ++} ++ ++# + # Match Source Interface + # + sub match_source_dev( $ ) { +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/Shorewall/Config.pm shorewall-perl-4.0.14.2/Shorewall/Config.pm +--- shorewall-perl-4.0.14.1/Shorewall/Config.pm 2008-10-13 10:36:50.000000000 -0700 ++++ shorewall-perl-4.0.14.2/Shorewall/Config.pm 2008-10-30 16:42:11.000000000 -0700 +@@ -246,7 +246,7 @@ + ORIGINAL_POLICY_MATCH => '', + LOGPARMS => '', + TC_SCRIPT => '', +- VERSION => "4.0.14.1", ++ VERSION => "4.0.14.2", + CAPVERSION => 40015 , + ); + # +@@ -1372,7 +1372,7 @@ + + $capabilities{CONNTRACK_MATCH} = qt1( "$iptables -A $sillyname -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT" ); + +- if ( $capabilities{CONNTRACL_MATCH} ) { ++ if ( $capabilities{CONNTRACK_MATCH} ) { + $capabilities{NEW_CONNTRACK_MATCH} = qt1( "$iptables -A $sillyname -m conntrack ! --ctorigdst 192.168.1.1 -j ACCEPT" ); + } + +diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/shorewall-perl.spec shorewall-perl-4.0.14.2/shorewall-perl.spec +--- shorewall-perl-4.0.14.1/shorewall-perl.spec 2008-10-13 10:36:50.000000000 -0700 ++++ shorewall-perl-4.0.14.2/shorewall-perl.spec 2008-10-30 16:39:08.000000000 -0700 +@@ -1,6 +1,6 @@ + %define name shorewall-perl + %define version 4.0.14 +-%define release 1 ++%define release 2 + + Summary: Shoreline Firewall Perl-based compiler. + Name: %{name} +@@ -64,6 +64,8 @@ + %doc COPYING releasenotes.txt + + %changelog ++* Thu Oct 30 2008 Tom Eastep tom@shorewall.net ++- Updated to 4.0.14-2 + * Mon Oct 13 2008 Tom Eastep tom@shorewall.net + - Updated to 4.0.14-1 + * Mon Sep 22 2008 Tom Eastep tom@shorewall.net
Attachment:
signature.asc
Description: Digital signature