arno-iptable-firewall: bugfix backport or new upstream service release for squeeze?
Dear Release Team,
one of my packages (arno-iptables-firewall) just got a bugreport
that it leave machines open to IPv6 connections. It could be argued that
#594326 is an RC-bug instead of "just" important -- what it is now.
A fix has been made upstream. My question is now whether you'd prefer a
backported bugfix for squeeze (which would be trivial), or whether you'd
support a new upstream _bugfix_ release that also addresses this and a
number of other bugs of lower severity? See e.g. #594345 and this
changelog excerpt:
* BusyBox doesn't understand grep -x, so use ^$ instead + dots should be
escaped (thanks Lonnie)
* Slightly safer check on whether we have IPv6 on the system we're
running
* IPv6 detection failed due to our systctl wrapper function being to
verbose. This caused IPv6 to always be "open" on systems having IPv6
connectivity (Debug bug #594326, thanks to Tim Small for reporting this)
* From now on explicitly set all variables for sysctl wildcard variables
(like "net.ipv4.conf.*.rp_filter") since newer kernels handle those
differently now (Thanks to Klemen Mihevc)
* Don't "unset IFS" immediately after "local IFS" declaration in functions,
this breaks older shells
* Modprobe didn't work properly for old modprobe/distros when modules were
compiled in-kernel
Thanks,
Michael
--
GPG key: 1024D/3144BE0F Michael Hanke
http://mih.voxindeserto.de
Reply to: