network/shorewall: Updated for version 4.4.8.1.

2010-04-14 20:57:09 -04:00 · 2010-04-14 20:57:09 -04:00 · 9923e8cdca
parent 15a6ca2d18
commit 9923e8cdca
3 changed files with 231 additions and 5 deletions
--- a/network/shorewall/patch-4.4.8.1
+++ b/network/shorewall/patch-4.4.8.1
@ -0,0 +1,224 @@
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/changelog.txt shorewall-4.4.8.1/changelog.txt
+--- shorewall-4.4.8/changelog.txt	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/changelog.txt	2010-04-07 14:49:33.000000000 -0700
+@@ -1,3 +1,12 @@
+Changes in Shorewall 4.4.8.1
+
+1)  Correct handling of a logical interface name in the EXTERNAL column
+    of proxyarp.
+
+2)  Fix find_first_interface_address() error reporting.
+
+3)  Fix propagation of zero-valued config variables.
+
+ Changes in Shorewall 4.4.8
+ 
+ 1)  Correct handling of RATE LIMIT on NAT rules.
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/configfiles/shorewall.conf shorewall-4.4.8.1/configfiles/shorewall.conf
+--- shorewall-4.4.8/configfiles/shorewall.conf	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/configfiles/shorewall.conf	2010-04-07 14:49:33.000000000 -0700
+@@ -1,19 +1,10 @@
+ ###############################################################################
+-#  /etc/shorewall/shorewall.conf Version 4 - Change the following variables to
+-#  match your setup
+ #
+-#  This program is under GPL
+-#  [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+-#
+-#  This file should be placed in /etc/shorewall
+-#
+-#  (c) 1999,2000,2001,2002,2003,2004,2005,
+-#      2006,2007,2008 - Tom Eastep (teastep@shorewall.net)
+#  Shorewall Version 4 -- /etc/shorewall/shorewall.conf
+ #
+ #  For information about the settings in this file, type "man shorewall.conf"
+ #
+-#  Additional information is available at 
+-#  http://www.shorewall.net/Documentation.htm#Conf
+#  Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
+ ###############################################################################
+ #		       S T A R T U P   E N A B L E D
+ ###############################################################################
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/install.sh shorewall-4.4.8.1/install.sh
+--- shorewall-4.4.8/install.sh	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/install.sh	2010-04-07 14:49:33.000000000 -0700
+@@ -22,7 +22,7 @@
+ #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ #
+ 
+-VERSION=4.4.8
+VERSION=4.4.8.1
+ 
+ usage() # $1 = exit status
+ {
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/known_problems.txt shorewall-4.4.8.1/known_problems.txt
+--- shorewall-4.4.8/known_problems.txt	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/known_problems.txt	2010-04-07 14:49:33.000000000 -0700
+@@ -1 +1,23 @@
+-There are no known problems in Shorewall 4.4.8
+1)  Logical interface names in the EXTERNAL column of
+    /etc/shorewall/proxyarp were previously not mapped to their
+    corresponding physical interface names. This could cause 'start' or
+    'restart' to fail.
+
+    Corrected in Shorewall 4.4.8.1
+
+2)  If find_first_interface_address() cannot determine the address of
+    the passed interface, the following message is issued and the
+    process continues:
+
+    	    /usr/share/shorewall/lib.common: line 438:
+                startup_error: command not found
+
+    Corrected in Shorewall 4.4.8.1
+
+3)  If LOG_VERBOSITY=0 in shorewall.conf, then when the compiled script
+    is executed, messages such as the following will be issued:
+
+       /var/lib/shorewall6/.restart: line 65: [: -gt: unary operator
+                                              expected
+
+    Corrected in Shorewall 4.4.8.1
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/Perl/Shorewall/Config.pm shorewall-4.4.8.1/Perl/Shorewall/Config.pm
+--- shorewall-4.4.8/Perl/Shorewall/Config.pm	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/Perl/Shorewall/Config.pm	2010-04-07 14:49:33.000000000 -0700
+@@ -338,7 +338,7 @@
+ 		    TC_SCRIPT => '',
+ 		    EXPORT => 0,
+ 		    UNTRACKED => 0,
+-		    VERSION => "4.4.8",
+		    VERSION => "4.4.8.1",
+ 		    CAPVERSION => 40408 ,
+ 		  );
+ 
+@@ -3050,7 +3050,8 @@
+ #
+ sub propagateconfig() {
+     for my $option ( @propagateconfig ) {
+-	my $value = $config{$option} || '';
+	my $value = $config{$option};
+	$value = '' unless defined $value;
+ 	emit "$option=\"$value\"";
+     }
+ }
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/Perl/Shorewall/Proxyarp.pm shorewall-4.4.8.1/Perl/Shorewall/Proxyarp.pm
+--- shorewall-4.4.8/Perl/Shorewall/Proxyarp.pm	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/Perl/Shorewall/Proxyarp.pm	2010-04-07 14:49:33.000000000 -0700
+@@ -118,6 +118,7 @@
+ 		}
+ 
+ 		$interface = get_physical $interface;
+		$external  = get_physical $external;
+ 
+ 		$set{$interface}  = 1;
+ 		$reset{$external} = 1 unless $set{$external};
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/releasenotes.txt shorewall-4.4.8.1/releasenotes.txt
+--- shorewall-4.4.8/releasenotes.txt	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/releasenotes.txt	2010-04-07 14:49:33.000000000 -0700
+@@ -1,5 +1,5 @@
+ ----------------------------------------------------------------------------
+-                       S H O R E W A L L  4 . 4 . 8
+                      S H O R E W A L L  4 . 4 . 8 . 1
+ ----------------------------------------------------------------------------
+ 
+ I.    RELEASE 4.4 HIGHLIGHTS
+@@ -218,6 +218,27 @@
+ I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
+ ----------------------------------------------------------------------------
+ 
+4.4.8.1 
+
+1)  Logical interface names in the EXTERNAL column of
+    /etc/shorewall/proxyarp were previously not mapped to their
+    corresponding physical interface names. This could cause 'start' or
+    'restart' to fail.
+
+2)  If find_first_interface_address() cannot determine the address of
+    the passed interface, the following message is issued and the
+    process continues:
+
+    	    /usr/share/shorewall/lib.common: line 438:
+                startup_error: command not found
+
+3)  If LOG_VERBOSITY=0 in shorewall.conf, then when the compiled script
+    was executed, messages such as the following would be issued:
+
+       /var/lib/shorewall6/.restart: line 65: [: -gt: unary operator
+                                              expected
+4.4.8
+
+ 1)  A CONTINUE rule specifying a log level would cause the compiler to 
+     generate an incorrect rule sequence. The packet would be logged
+     but the CONTINUE action would not occur.
+@@ -286,6 +307,11 @@
+     'shorewall refresh' executed, those new changes would not be included
+     in the active ruleset.
+ 
+12) In 4.4.7, it was documented that setting the 'bridge' option in an
+    interfaces file entry also set 'routeback'. That feature was
+    incomplete with the result that 'routeback' still needed to be
+    specified.
+
+ ----------------------------------------------------------------------------
+            I V. K N O W N   P R O B L E M S   R E M A I N I N G
+ ----------------------------------------------------------------------------
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/shorewall shorewall-4.4.8.1/shorewall
+--- shorewall-4.4.8/shorewall	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/shorewall	2010-04-07 14:49:33.000000000 -0700
+@@ -301,14 +301,19 @@
+ }
+ 
+ #
+# Fatal error
+#
+startup_error() {
+    echo "   ERROR: $@" >&2
+    kill $$
+    exit 1
+}
+
+#
+ # Run the compiler
+ #
+ compiler() {
+-    startup_error() {
+-	echo "   ERROR: $@" >&2
+-	exit 1
+-    }
+-    
+   
+     if [ $(id -u) -ne 0 ]; then
+ 	if [ -z "$SHOREWALL_DIR" -o "$SHOREWALL_DIR" = /etc/shorewall ]; then
+ 	    startup_error "Ordinary users may not compile the /etc/shorewall configuration"
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/shorewall.spec shorewall-4.4.8.1/shorewall.spec
+--- shorewall-4.4.8/shorewall.spec	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/shorewall.spec	2010-04-07 14:49:33.000000000 -0700
+@@ -1,6 +1,6 @@
+ %define name shorewall
+ %define version 4.4.8
+-%define release 0base
+%define release 1
+ 
+ Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
+ Name: %{name}
+@@ -108,6 +108,8 @@
+ %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
+ 
+ %changelog
+* Thu Mar 25 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.8-1
+ * Fri Mar 19 2010 Tom Eastep tom@shorewall.net
+ - Updated to 4.4.8-0base
+ * Tue Mar 16 2010 Tom Eastep tom@shorewall.net
+diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/uninstall.sh shorewall-4.4.8.1/uninstall.sh
+--- shorewall-4.4.8/uninstall.sh	2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/uninstall.sh	2010-04-07 14:49:33.000000000 -0700
+@@ -26,7 +26,7 @@
+ #       You may only use this script to uninstall the version
+ #       shown below. Simply run this script to remove Shorewall Firewall
+ 
+-VERSION=4.4.8
+VERSION=4.4.8.1
+ 
+ usage() # $1 = exit status
+ {
--- a/network/shorewall/shorewall.SlackBuild
+++ b/network/shorewall/shorewall.SlackBuild
@ -24,7 +24,7 @@
 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 PRGNAM=shorewall
-VERSION=${VERSION:-4.4.8}
+VERSION=${VERSION:-4.4.8.1}
 ARCH=noarch
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
--- a/network/shorewall/shorewall.info
+++ b/network/shorewall/shorewall.info
@ -1,10 +1,12 @@
 PRGNAM="shorewall"
-VERSION="4.4.8"
+VERSION="4.4.8.1"
 HOMEPAGE="http://www.shorewall.net"
-DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.8/base/shorewall-4.4.8.tar.bz2"
-MD5SUM="900a1017bd5696403d1d840fd01d67c0"
+DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.8/base/shorewall-4.4.8.tar.bz2 \
+	http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.8/patch-4.4.8.1"
+MD5SUM="900a1017bd5696403d1d840fd01d67c0 \
+	b153bd9fc22ddcf10311ec39586ea13f"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 MAINTAINER="ArTourter"
 EMAIL="artourter@gmail.com"
-APPROVED="rworkman"
+APPROVED="dsomero"