Please unblock arno-iptable-firewall 1.9.2.k-3
Hi,
to prevent an unnecessarily delay in fixing #594326 I have uploaded
1.9.2.k-3 that only fixes this bug and a bug in debian/control (full
diff against current version in squeeze is attached). Please allow this
version to transition into testing.
I'm nevertheless awaiting your decision on whether you'd be willing to
accept a full upstream bugfix release (see previous messages).
Thanks in advance,
Michael
--
GPG key: 1024D/3144BE0F Michael Hanke
http://mih.voxindeserto.de
diff --git a/debian/changelog b/debian/changelog
index 27298fd..dac7bf3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+arno-iptables-firewall (1.9.2.k-3) unstable; urgency=low
+
+ * Hosts were open to IPv6 connections, even when the firewall was up
+ (Closes: #594326). Thanks to Tim Small for reporting.
+ * Fix typo in debian/control that caused misc:Depends to be dropped.
+
+ -- Michael Hanke <michael.hanke@gmail.com> Sat, 28 Aug 2010 10:03:15 -0400
+
arno-iptables-firewall (1.9.2.k-2) unstable; urgency=low
* Move iproute from recommended to a dependency (Closes: #566117). Thanks to
diff --git a/debian/control b/debian/control
index 4454f8d..00b0cb9 100644
--- a/debian/control
+++ b/debian/control
@@ -11,7 +11,7 @@ XS-DM-Upload-Allowed: yes
Package: arno-iptables-firewall
Architecture: all
-Depends: iptables (>=1.2.11), gawk, debconf (>=1.3.22) | cdebconf (>= 0.43), ${misc:Dependsa}, iproute
+Depends: iptables (>=1.2.11), gawk, debconf (>=1.3.22) | cdebconf (>= 0.43), ${misc:Depends}, iproute
Recommends: lynx, dnsutils
Description: single- and multi-homed firewall script with DSL/ADSL support
Unlike other lean iptables frontends in Debian, arno-iptables-firewall
diff --git a/debian/patches/ipv6_block b/debian/patches/ipv6_block
new file mode 100644
index 0000000..407b83a
--- /dev/null
+++ b/debian/patches/ipv6_block
@@ -0,0 +1,30 @@
+From: Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl>
+Subject: Block ipv6 traffic also when the firewall is up.
+Origin: upstream, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594326#25
+Bug-Debian: http://bugs.debian.org/594326
+--- a/share/arno-iptables-firewall/environment
++++ b/share/arno-iptables-firewall/environment
+@@ -391,7 +391,11 @@
+ printf "\033[40m\033[1;31msysctl $@: ($retval) $result\033[0m\n" >&2
+ return $retval
+ fi
+- echo "${INDENT}sysctl $@"
++
++ if [ -n "$result" ]; then
++ echo "${INDENT}$result"
++ fi
++
+ return 0
+ }
+
+@@ -424,7 +428,9 @@
+ retval=$?
+
+ if [ "$retval" = "0" ]; then
+- echo "${INDENT}${sysctl_commandline}"
++ if [ -n "$result" ]; then
++ echo "${INDENT}$result"
++ fi
+ return 0
+ else
+ printf "\033[40m\033[1;31m${sysctl_commandline}: ($retval) $result\033[0m\n" >&2
diff --git a/debian/patches/series b/debian/patches/series
index d61375e..58ef11a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
+ipv6_block
debconf_layer
init.d_depfix
Reply to: