Bug#691075: unblock: shorewall/4.5.5.3-3, shorewall-core/4.5.5.3-3

["Roberto C. Sanchez" <roberto@connexer.com>]

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock packages shorewall and shorewall-core

The recent 4.5.5.3-3 versions of shorewall and shorewall-core correct
two significant issues reported to me by upstream.  Please see attached
debdiffs for details.

Regards,

- -Roberto

unblock shorewall/4.5.5.3-3
unblock shorewall-core/4.5.5.3-3

- -- System Information:
Debian Release: 6.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJQg2K/AAoJECzXeF7dp7IPQjMP/1Y4L0tm17q0rsYUY9g7w/Dn
o750IlPcWAMUDYPHknJvQXFKTV+gpbt+e5a6mufnS3RLR03h7m75cQowdf06L3fG
rTyXSR9nO/GkOAs+aGnyh3ahMs1kek8RgKufep0kV6cDdYekJy2tS0sjXYceNm3Z
jlfLrun8Sy0w5WSZObEef4ajKvfD5qfVul8DKgIVlloYBws3J/pqcymLLzs6QsVE
52diXveShl6ShERmmHvI2bGi27F4SiEv0pKvkpGarOVFmU0mVnmrP+Tvcrw44rmp
QiKjLmZ0tIwwJq3m7pdHx6N/FtmRVIbDz2NkyE3OtAzjySsBU6sZ2ImxpMrDVbrq
NeArowyrN2Nc156M6yKbQUQqY7wa8jhIy0Onp5vjIiC2tUzFoLHl4MLE0bBE+G6O
ZJVehEbzYp5wEKMa/XhoD8fTz21/2XiQBx04khzLsj7uVPQ7ESjcSQaCEEK25unP
BZZb9iSBmNufs7aIUHMXGEKPwY4CTgACV8EvDAgode+7+ezkI8S4dB0BwqVC7Z8z
Js6MnVjBbZADfkvNwXNaqtrW54cka2j5HfIdsexGL6tq/6hnpA5AURFTc89vghjA
i6b/9qCijmiVqTtHEukL0adtXG/WiQ3Ehy7QcCJxYcqNfHcAi6MCxFrxvpq9IY19
DlJ2tcolzxY2poP6hB/9
=lIZ5
-----END PGP SIGNATURE-----

diff -Nru shorewall-4.5.5.3/debian/changelog shorewall-4.5.5.3/debian/changelog
--- shorewall-4.5.5.3/debian/changelog	2012-09-15 17:18:54.000000000 -0400
+++ shorewall-4.5.5.3/debian/changelog	2012-10-20 21:37:12.000000000 -0400
@@ -1,3 +1,9 @@
+shorewall (4.5.5.3-3) unstable; urgency=low
+
+  * Correct deficient behavior in handling of DNAT and SNAT packets
+
+ -- Roberto C. Sanchez <roberto@connexer.com>  Sat, 20 Oct 2012 21:36:27 -0400
+
 shorewall (4.5.5.3-2) unstable; urgency=low
 
   * Update README.Debian to identify correct location for default
diff -Nru shorewall-4.5.5.3/debian/patches/02_correct_dnat_snat_behavior.patch shorewall-4.5.5.3/debian/patches/02_correct_dnat_snat_behavior.patch
--- shorewall-4.5.5.3/debian/patches/02_correct_dnat_snat_behavior.patch	1969-12-31 19:00:00.000000000 -0500
+++ shorewall-4.5.5.3/debian/patches/02_correct_dnat_snat_behavior.patch	2012-10-20 21:37:12.000000000 -0400
@@ -0,0 +1,15 @@
+diff --git a/Perl/Shorewall/Misc.pm b/Perl/Shorewall/Misc.pm
+index 8c2f55c..58322ba 100644
+--- a/Perl/Shorewall/Misc.pm
++++ b/Perl/Shorewall/Misc.pm
+@@ -1375,9 +1375,9 @@ sub add_interface_jumps {
+ 	addnatjump 'POSTROUTING' , snat_chain( $interface ), imatch_dest_dev( $interface );
+     }
+ 
++    addnatjump 'PREROUTING', 'dnat';
+     addnatjump 'PREROUTING'  , 'nat_in';
+     addnatjump 'POSTROUTING' , 'nat_out';
+-    addnatjump 'PREROUTING', 'dnat';
+ 
+     for my $interface ( @interfaces  ) {
+ 	addnatjump 'PREROUTING'  , input_chain( $interface )  , imatch_source_dev( $interface );
diff -Nru shorewall-4.5.5.3/debian/patches/series shorewall-4.5.5.3/debian/patches/series
--- shorewall-4.5.5.3/debian/patches/series	2012-09-15 17:18:54.000000000 -0400
+++ shorewall-4.5.5.3/debian/patches/series	2012-10-20 21:37:12.000000000 -0400
@@ -1 +1,2 @@
 01_debian_configuration.patch
+02_correct_dnat_snat_behavior.patch

diff -Nru shorewall-core-4.5.5.3/debian/changelog shorewall-core-4.5.5.3/debian/changelog
--- shorewall-core-4.5.5.3/debian/changelog	2012-09-15 15:10:57.000000000 -0400
+++ shorewall-core-4.5.5.3/debian/changelog	2012-10-20 21:39:50.000000000 -0400
@@ -1,3 +1,9 @@
+shorewall-core (4.5.5.3-3) unstable; urgency=low
+
+  * Correct dynamic zone handling
+
+ -- Roberto C. Sanchez <roberto@connexer.com>  Sat, 20 Oct 2012 21:39:18 -0400
+
 shorewall-core (4.5.5.3-2) unstable; urgency=low
 
   * Update lockfile relocation patch
diff -Nru shorewall-core-4.5.5.3/debian/patches/01_correct_dynamic_zone_handling.patch shorewall-core-4.5.5.3/debian/patches/01_correct_dynamic_zone_handling.patch
--- shorewall-core-4.5.5.3/debian/patches/01_correct_dynamic_zone_handling.patch	1969-12-31 19:00:00.000000000 -0500
+++ shorewall-core-4.5.5.3/debian/patches/01_correct_dynamic_zone_handling.patch	2012-10-20 21:39:50.000000000 -0400
@@ -0,0 +1,28 @@
+diff --git a/lib.cli b/lib.cli
+index 86361d4..ae5b5e3 100644
+--- a/lib.cli
++++ b/lib.cli
+@@ -507,7 +507,7 @@ find_sets() {
+     local junk
+     local setname
+ 
+-    ipset -L -n | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
++    ipset -L | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
+ }
+ 
+ list_zone() {
+@@ -516,11 +516,11 @@ list_zone() {
+     local setname
+ 
+     [ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
+-
++    
+     if [ $g_family -eq 4 ]; then
+-	sets=$(ipset -L -n | grep '^$1_');
++	sets=$(ipset -L | grep "^$1_");
+      else
+-	sets=$(ipset -L -n | grep "^6_$1_")
++	sets=$(ipset -L | grep "^6_$1_")
+     fi
+ 
+     [ -n "$sets" ] || sets=$(find_sets $1)
diff -Nru shorewall-core-4.5.5.3/debian/patches/series shorewall-core-4.5.5.3/debian/patches/series
--- shorewall-core-4.5.5.3/debian/patches/series	2012-09-15 15:10:57.000000000 -0400
+++ shorewall-core-4.5.5.3/debian/patches/series	2012-10-20 21:39:50.000000000 -0400
@@ -1 +1,2 @@
+01_correct_dynamic_zone_handling.patch
 99_lockfile_relocation.patch