Bug#691075: marked as done (unblock: shorewall/4.5.5.3-3, shorewall-core/4.5.5.3-3)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 21 Oct 2012 11:29:57 +0100
with message-id <1350815397.8831.32.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#691075: unblock: shorewall/4.5.5.3-3, shorewall-core/4.5.5.3-3
has caused the Debian Bug report #691075,
regarding unblock: shorewall/4.5.5.3-3, shorewall-core/4.5.5.3-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
691075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691075
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: shorewall/4.5.5.3-3, shorewall-core/4.5.5.3-3
• From: "Roberto C. Sanchez" <roberto@connexer.com>
• Date: Sat, 20 Oct 2012 22:49:36 -0400
• Message-id: <[🔎] 20121021024936.19008.59402.reportbug@miami.connexer.com>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock packages shorewall and shorewall-core

The recent 4.5.5.3-3 versions of shorewall and shorewall-core correct
two significant issues reported to me by upstream.  Please see attached
debdiffs for details.

Regards,

- -Roberto

unblock shorewall/4.5.5.3-3
unblock shorewall-core/4.5.5.3-3

- -- System Information:
Debian Release: 6.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJQg2K/AAoJECzXeF7dp7IPQjMP/1Y4L0tm17q0rsYUY9g7w/Dn
o750IlPcWAMUDYPHknJvQXFKTV+gpbt+e5a6mufnS3RLR03h7m75cQowdf06L3fG
rTyXSR9nO/GkOAs+aGnyh3ahMs1kek8RgKufep0kV6cDdYekJy2tS0sjXYceNm3Z
jlfLrun8Sy0w5WSZObEef4ajKvfD5qfVul8DKgIVlloYBws3J/pqcymLLzs6QsVE
52diXveShl6ShERmmHvI2bGi27F4SiEv0pKvkpGarOVFmU0mVnmrP+Tvcrw44rmp
QiKjLmZ0tIwwJq3m7pdHx6N/FtmRVIbDz2NkyE3OtAzjySsBU6sZ2ImxpMrDVbrq
NeArowyrN2Nc156M6yKbQUQqY7wa8jhIy0Onp5vjIiC2tUzFoLHl4MLE0bBE+G6O
ZJVehEbzYp5wEKMa/XhoD8fTz21/2XiQBx04khzLsj7uVPQ7ESjcSQaCEEK25unP
BZZb9iSBmNufs7aIUHMXGEKPwY4CTgACV8EvDAgode+7+ezkI8S4dB0BwqVC7Z8z
Js6MnVjBbZADfkvNwXNaqtrW54cka2j5HfIdsexGL6tq/6hnpA5AURFTc89vghjA
i6b/9qCijmiVqTtHEukL0adtXG/WiQ3Ehy7QcCJxYcqNfHcAi6MCxFrxvpq9IY19
DlJ2tcolzxY2poP6hB/9
=lIZ5
-----END PGP SIGNATURE-----

diff -Nru shorewall-4.5.5.3/debian/changelog shorewall-4.5.5.3/debian/changelog
--- shorewall-4.5.5.3/debian/changelog	2012-09-15 17:18:54.000000000 -0400
+++ shorewall-4.5.5.3/debian/changelog	2012-10-20 21:37:12.000000000 -0400
@@ -1,3 +1,9 @@
+shorewall (4.5.5.3-3) unstable; urgency=low
+
+  * Correct deficient behavior in handling of DNAT and SNAT packets
+
+ -- Roberto C. Sanchez <roberto@connexer.com>  Sat, 20 Oct 2012 21:36:27 -0400
+
 shorewall (4.5.5.3-2) unstable; urgency=low
 
   * Update README.Debian to identify correct location for default
diff -Nru shorewall-4.5.5.3/debian/patches/02_correct_dnat_snat_behavior.patch shorewall-4.5.5.3/debian/patches/02_correct_dnat_snat_behavior.patch
--- shorewall-4.5.5.3/debian/patches/02_correct_dnat_snat_behavior.patch	1969-12-31 19:00:00.000000000 -0500
+++ shorewall-4.5.5.3/debian/patches/02_correct_dnat_snat_behavior.patch	2012-10-20 21:37:12.000000000 -0400
@@ -0,0 +1,15 @@
+diff --git a/Perl/Shorewall/Misc.pm b/Perl/Shorewall/Misc.pm
+index 8c2f55c..58322ba 100644
+--- a/Perl/Shorewall/Misc.pm
++++ b/Perl/Shorewall/Misc.pm
+@@ -1375,9 +1375,9 @@ sub add_interface_jumps {
+ 	addnatjump 'POSTROUTING' , snat_chain( $interface ), imatch_dest_dev( $interface );
+     }
+ 
++    addnatjump 'PREROUTING', 'dnat';
+     addnatjump 'PREROUTING'  , 'nat_in';
+     addnatjump 'POSTROUTING' , 'nat_out';
+-    addnatjump 'PREROUTING', 'dnat';
+ 
+     for my $interface ( @interfaces  ) {
+ 	addnatjump 'PREROUTING'  , input_chain( $interface )  , imatch_source_dev( $interface );
diff -Nru shorewall-4.5.5.3/debian/patches/series shorewall-4.5.5.3/debian/patches/series
--- shorewall-4.5.5.3/debian/patches/series	2012-09-15 17:18:54.000000000 -0400
+++ shorewall-4.5.5.3/debian/patches/series	2012-10-20 21:37:12.000000000 -0400
@@ -1 +1,2 @@
 01_debian_configuration.patch
+02_correct_dnat_snat_behavior.patch

diff -Nru shorewall-core-4.5.5.3/debian/changelog shorewall-core-4.5.5.3/debian/changelog
--- shorewall-core-4.5.5.3/debian/changelog	2012-09-15 15:10:57.000000000 -0400
+++ shorewall-core-4.5.5.3/debian/changelog	2012-10-20 21:39:50.000000000 -0400
@@ -1,3 +1,9 @@
+shorewall-core (4.5.5.3-3) unstable; urgency=low
+
+  * Correct dynamic zone handling
+
+ -- Roberto C. Sanchez <roberto@connexer.com>  Sat, 20 Oct 2012 21:39:18 -0400
+
 shorewall-core (4.5.5.3-2) unstable; urgency=low
 
   * Update lockfile relocation patch
diff -Nru shorewall-core-4.5.5.3/debian/patches/01_correct_dynamic_zone_handling.patch shorewall-core-4.5.5.3/debian/patches/01_correct_dynamic_zone_handling.patch
--- shorewall-core-4.5.5.3/debian/patches/01_correct_dynamic_zone_handling.patch	1969-12-31 19:00:00.000000000 -0500
+++ shorewall-core-4.5.5.3/debian/patches/01_correct_dynamic_zone_handling.patch	2012-10-20 21:39:50.000000000 -0400
@@ -0,0 +1,28 @@
+diff --git a/lib.cli b/lib.cli
+index 86361d4..ae5b5e3 100644
+--- a/lib.cli
++++ b/lib.cli
+@@ -507,7 +507,7 @@ find_sets() {
+     local junk
+     local setname
+ 
+-    ipset -L -n | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
++    ipset -L | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
+ }
+ 
+ list_zone() {
+@@ -516,11 +516,11 @@ list_zone() {
+     local setname
+ 
+     [ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
+-
++    
+     if [ $g_family -eq 4 ]; then
+-	sets=$(ipset -L -n | grep '^$1_');
++	sets=$(ipset -L | grep "^$1_");
+      else
+-	sets=$(ipset -L -n | grep "^6_$1_")
++	sets=$(ipset -L | grep "^6_$1_")
+     fi
+ 
+     [ -n "$sets" ] || sets=$(find_sets $1)
diff -Nru shorewall-core-4.5.5.3/debian/patches/series shorewall-core-4.5.5.3/debian/patches/series
--- shorewall-core-4.5.5.3/debian/patches/series	2012-09-15 15:10:57.000000000 -0400
+++ shorewall-core-4.5.5.3/debian/patches/series	2012-10-20 21:39:50.000000000 -0400
@@ -1 +1,2 @@
+01_correct_dynamic_zone_handling.patch
 99_lockfile_relocation.patch

--- End Message ---

--- Begin Message ---

• To: "Roberto C. Sanchez" <roberto@connexer.com>, 691075-done@bugs.debian.org
• Subject: Re: Bug#691075: unblock: shorewall/4.5.5.3-3, shorewall-core/4.5.5.3-3
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sun, 21 Oct 2012 11:29:57 +0100
• Message-id: <1350815397.8831.32.camel@jacala.jungle.funky-badger.org>
• In-reply-to: <[🔎] 20121021024936.19008.59402.reportbug@miami.connexer.com>
• References: <[🔎] 20121021024936.19008.59402.reportbug@miami.connexer.com>

On Sat, 2012-10-20 at 22:49 -0400, Roberto C. Sanchez wrote:
> Please unblock packages shorewall and shorewall-core
> 
> The recent 4.5.5.3-3 versions of shorewall and shorewall-core correct
> two significant issues reported to me by upstream.  Please see attached
> debdiffs for details.

Unblocked.

Regards,

Adam

--- End Message ---