Please unblock shorewall-perl/4.0.14-4, shorewall-common/4.0.14-3. Here are the relevant changelog entries: shorewall-perl (4.0.14-4) unstable; urgency=medium . * Patch for point release (4.0.14.2) (Closes: #501467) shorewall-common (4.0.14-3) unstable; urgency=medium . * Patch for point release (4.0.14.2) The debdiffs are attached. The reason for the additional point release is that the first point release (uploaded as shorewall-perl/4.0.14-2 and shorewall-common/4.0.14-2) missed some parts of the fix due to operator error. The second point release completes the fix. Also, I have an outstanding unblock request for shorewall-doc/4.0.14-2: http://lists.debian.org/debian-release/2008/10/msg01082.html Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
diff -u shorewall-common-4.0.14/debian/changelog shorewall-common-4.0.14/debian/changelog
--- shorewall-common-4.0.14/debian/changelog
+++ shorewall-common-4.0.14/debian/changelog
@@ -1,3 +1,9 @@
+shorewall-common (4.0.14-3) unstable; urgency=medium
+
+ * Patch for point release (4.0.14.2)
+
+ -- Roberto C. Sanchez <roberto@connexer.com> Thu, 30 Oct 2008 21:01:22 -0400
+
shorewall-common (4.0.14-2) unstable; urgency=low
* Patch for point release (4.0.14.1)
diff -u shorewall-common-4.0.14/debian/patches/00list shorewall-common-4.0.14/debian/patches/00list
--- shorewall-common-4.0.14/debian/patches/00list
+++ shorewall-common-4.0.14/debian/patches/00list
@@ -1,4 +1,5 @@
02_point_release_1
+03_point_release_2
07_enable_startup
10_sh_to_dash
99_lockfile_relocation
only in patch2:
unchanged:
--- shorewall-common-4.0.14.orig/debian/patches/03_point_release_2.dpatch
+++ shorewall-common-4.0.14/debian/patches/03_point_release_2.dpatch
@@ -0,0 +1,94 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03_point_release_2.dpatch by <roberto@connexer.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Point release 2
+
+@DPATCH@
+
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/fallback.sh shorewall-common-4.0.14.2/fallback.sh
+--- shorewall-common-4.0.14.1/fallback.sh 2008-10-13 10:36:50.000000000 -0700
++++ shorewall-common-4.0.14.2/fallback.sh 2008-10-30 16:39:08.000000000 -0700
+@@ -28,7 +28,7 @@
+ # shown below. Simply run this script to revert to your prior version of
+ # Shoreline Firewall.
+
+-VERSION=4.0.14.1
++VERSION=4.0.14.2
+
+ usage() # $1 = exit status
+ {
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/install.sh shorewall-common-4.0.14.2/install.sh
+--- shorewall-common-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700
++++ shorewall-common-4.0.14.2/install.sh 2008-10-30 16:39:08.000000000 -0700
+@@ -22,7 +22,7 @@
+ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ #
+
+-VERSION=4.0.14.1
++VERSION=4.0.14.2
+
+ usage() # $1 = exit status
+ {
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/lib.base shorewall-common-4.0.14.2/lib.base
+--- shorewall-common-4.0.14.1/lib.base 2008-10-13 09:55:02.000000000 -0700
++++ shorewall-common-4.0.14.2/lib.base 2008-10-30 16:39:08.000000000 -0700
+@@ -979,6 +979,7 @@
+ qt $IPTABLES -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED=
+
+ CONNTRACK_MATCH=
++ NEW_CONNTRACK_MATCH=
+ MULTIPORT=
+ XMULTIPORT=
+ POLICY_MATCH=
+@@ -1026,6 +1027,10 @@
+
+ qt $IPTABLES -A $chain -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
+
++ if [ -n "$CONNTRACK_MATCH" ]; then
++ qt $IPTABLES -A $chain -m conntrack ! --ctorigdst 192.168.1.1 -j ACCEPT && NEW_CONNTRACK_MATCH=Yes
++ fi
++
+ if qt $IPTABLES -A $chain -p tcp -m multiport --dports 21,22 -j ACCEPT; then
+ MULTIPORT=Yes
+ qt $IPTABLES -A $chain -p tcp -m multiport --sports 60 -m multiport --dports 99 -j ACCEPT && KLUDEFREE=Yes
+@@ -1126,6 +1131,7 @@
+ report_capability "Multi-port Match" $MULTIPORT
+ [ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT
+ report_capability "Connection Tracking Match" $CONNTRACK_MATCH
++ report_capability "New Connection Tracking Match Syntax" $NEW_CONNTRACK_MATCH
+ report_capability "Packet Type Match" $USEPKTTYPE
+ report_capability "Policy Match" $POLICY_MATCH
+ report_capability "Physdev Match" $PHYSDEV_MATCH
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/shorewall-common.spec shorewall-common-4.0.14.2/shorewall-common.spec
+--- shorewall-common-4.0.14.1/shorewall-common.spec 2008-10-13 10:36:50.000000000 -0700
++++ shorewall-common-4.0.14.2/shorewall-common.spec 2008-10-30 16:39:08.000000000 -0700
+@@ -1,6 +1,6 @@
+ %define name shorewall-common
+ %define version 4.0.14
+-%define release 1
++%define release 2
+
+ Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
+ Name: %{name}
+@@ -244,6 +244,8 @@
+ %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples
+
+ %changelog
++* Thu Oct 30 2008 Tom Eastep tom@shorewall.net
++- Updated to 4.0.14-2
+ * Mon Oct 13 2008 Tom Eastep tom@shorewall.net
+ - Updated to 4.0.14-1
+ * Mon Sep 22 2008 Tom Eastep tom@shorewall.net
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/uninstall.sh shorewall-common-4.0.14.2/uninstall.sh
+--- shorewall-common-4.0.14.1/uninstall.sh 2008-10-13 10:36:50.000000000 -0700
++++ shorewall-common-4.0.14.2/uninstall.sh 2008-10-30 16:39:08.000000000 -0700
+@@ -26,7 +26,7 @@
+ # You may only use this script to uninstall the version
+ # shown below. Simply run this script to remove Shorewall Firewall
+
+-VERSION=4.0.14.1
++VERSION=4.0.14.2
+
+ usage() # $1 = exit status
+ {
diff -u shorewall-perl-4.0.14/debian/changelog shorewall-perl-4.0.14/debian/changelog
--- shorewall-perl-4.0.14/debian/changelog
+++ shorewall-perl-4.0.14/debian/changelog
@@ -1,3 +1,9 @@
+shorewall-perl (4.0.14-4) unstable; urgency=medium
+
+ * Patch for point release (4.0.14.2) (Closes: #501467)
+
+ -- Roberto C. Sanchez <roberto@connexer.com> Thu, 30 Oct 2008 21:03:06 -0400
+
shorewall-perl (4.0.14-3) unstable; urgency=low
* Observe the length paramter in tcrules (thanks to Lennart Sorensen)
reverted:
--- shorewall-perl-4.0.14/debian/patches/03_observe_tcrules_length.dpatch
+++ shorewall-perl-4.0.14.orig/debian/patches/03_observe_tcrules_length.dpatch
@@ -1,50 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 03_observe_tcrules_length.dpatch by <roberto@connexer.com>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Observe the length parameter in tcrules
-
-@DPATCH@
-
-Index: Shorewall-perl/Shorewall/Chains.pm
-===================================================================
---- Shorewall-perl/Shorewall/Chains.pm (revision 8785)
-+++ Shorewall-perl/Shorewall/Chains.pm (working copy)
-@@ -110,6 +110,7 @@
- do_test
- do_ratelimit
- do_user
-+ do_length
- do_tos
- match_source_dev
- match_dest_dev
-@@ -1212,6 +1213,16 @@
- }
-
- #
-+# Create a "-m length" match for the passed TOS
-+#
-+sub do_length( $ ) {
-+ my $length = $_[0];
-+
-+ require_capability( 'LENGTH_MATCH' , 'Your kernel and/or iptables does not have length match support.' , '' );
-+ $length ne '-' ? "-m length --length $length " : '';
-+}
-+
-+#
- # Match Source Interface
- #
- sub match_source_dev( $ ) {
-Index: Shorewall-perl/Shorewall/Tc.pm
-===================================================================
---- Shorewall-perl/Shorewall/Tc.pm (revision 8785)
-+++ Shorewall-perl/Shorewall/Tc.pm (working copy)
-@@ -271,7 +271,7 @@
-
- if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
- $restrictions{$chain} ,
-- do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) ,
-+ do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_length( $length ) . do_tos( $tos ) ,
- $source ,
- $dest ,
- '' ,
diff -u shorewall-perl-4.0.14/debian/patches/00list shorewall-perl-4.0.14/debian/patches/00list
--- shorewall-perl-4.0.14/debian/patches/00list
+++ shorewall-perl-4.0.14/debian/patches/00list
@@ -2 +2 @@
-03_observe_tcrules_length.dpatch
+03_point_release_2.dpatch
only in patch2:
unchanged:
--- shorewall-perl-4.0.14.orig/debian/patches/03_point_release_2.dpatch
+++ shorewall-perl-4.0.14/debian/patches/03_point_release_2.dpatch
@@ -0,0 +1,98 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_point_release_2.dpatch by <roberto@connexer.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Point release 2
+
+@DPATCH@
+
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/install.sh shorewall-perl-4.0.14.2/install.sh
+--- shorewall-perl-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700
++++ shorewall-perl-4.0.14.2/install.sh 2008-10-30 16:39:08.000000000 -0700
+@@ -22,7 +22,7 @@
+ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ #
+
+-VERSION=4.0.14.1
++VERSION=4.0.14.2
+
+ usage() # $1 = exit status
+ {
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/Shorewall/Chains.pm shorewall-perl-4.0.14.2/Shorewall/Chains.pm
+--- shorewall-perl-4.0.14.1/Shorewall/Chains.pm 2008-10-13 09:55:02.000000000 -0700
++++ shorewall-perl-4.0.14.2/Shorewall/Chains.pm 2008-10-30 16:39:08.000000000 -0700
+@@ -110,6 +110,7 @@
+ do_test
+ do_ratelimit
+ do_user
++ do_length
+ do_tos
+ match_source_dev
+ match_dest_dev
+@@ -421,7 +422,7 @@
+ if ( $expandports && $rule =~ '^(.* --dports\s+)([^ ]+)(.*)$' ) {
+ my ($first, $ports, $rest) = ( $1, $2, $3 );
+
+- if ( ( $ports =~ tr/:,/:,/ ) > 15 ) {
++ if ( ( $ports =~ tr/:,/:,/ ) > 14 ) {
+ my @ports = split '([,:])', $ports;
+
+ while ( @ports ) {
+@@ -1212,6 +1213,16 @@
+ }
+
+ #
++# Create a "-m length" match for the passed TOS
++#
++sub do_length( $ ) {
++ my $length = $_[0];
++
++ require_capability( 'LENGTH_MATCH' , 'A non-empty LENGTH' , 's' );
++ $length ne '-' ? "-m length --length $length " : '';
++}
++
++#
+ # Match Source Interface
+ #
+ sub match_source_dev( $ ) {
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/Shorewall/Config.pm shorewall-perl-4.0.14.2/Shorewall/Config.pm
+--- shorewall-perl-4.0.14.1/Shorewall/Config.pm 2008-10-13 10:36:50.000000000 -0700
++++ shorewall-perl-4.0.14.2/Shorewall/Config.pm 2008-10-30 16:42:11.000000000 -0700
+@@ -246,7 +246,7 @@
+ ORIGINAL_POLICY_MATCH => '',
+ LOGPARMS => '',
+ TC_SCRIPT => '',
+- VERSION => "4.0.14.1",
++ VERSION => "4.0.14.2",
+ CAPVERSION => 40015 ,
+ );
+ #
+@@ -1372,7 +1372,7 @@
+
+ $capabilities{CONNTRACK_MATCH} = qt1( "$iptables -A $sillyname -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT" );
+
+- if ( $capabilities{CONNTRACL_MATCH} ) {
++ if ( $capabilities{CONNTRACK_MATCH} ) {
+ $capabilities{NEW_CONNTRACK_MATCH} = qt1( "$iptables -A $sillyname -m conntrack ! --ctorigdst 192.168.1.1 -j ACCEPT" );
+ }
+
+diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/shorewall-perl.spec shorewall-perl-4.0.14.2/shorewall-perl.spec
+--- shorewall-perl-4.0.14.1/shorewall-perl.spec 2008-10-13 10:36:50.000000000 -0700
++++ shorewall-perl-4.0.14.2/shorewall-perl.spec 2008-10-30 16:39:08.000000000 -0700
+@@ -1,6 +1,6 @@
+ %define name shorewall-perl
+ %define version 4.0.14
+-%define release 1
++%define release 2
+
+ Summary: Shoreline Firewall Perl-based compiler.
+ Name: %{name}
+@@ -64,6 +64,8 @@
+ %doc COPYING releasenotes.txt
+
+ %changelog
++* Thu Oct 30 2008 Tom Eastep tom@shorewall.net
++- Updated to 4.0.14-2
+ * Mon Oct 13 2008 Tom Eastep tom@shorewall.net
+ - Updated to 4.0.14-1
+ * Mon Sep 22 2008 Tom Eastep tom@shorewall.net
Attachment:
signature.asc
Description: Digital signature