diff options
author | ArTourter <artourter@gmail.com> | 2010-05-14 23:51:01 +0200 |
---|---|---|
committer | Robby Workman <rworkman@slackware.com> | 2010-05-14 23:51:01 +0200 |
commit | 5f8b368610025af5758465c796eb0e3639a7a4b8 (patch) | |
tree | e942438eef24ca3b7818926b08081f01475a775c /network/shorewall | |
parent | 811dedec60f9a8368e0f80597f752b192b800988 (diff) |
network/shorewall: Updated for version 4.4.8.
Diffstat (limited to 'network/shorewall')
-rw-r--r-- | network/shorewall/patch-4.4.7.1 | 167 | ||||
-rw-r--r-- | network/shorewall/shorewall.SlackBuild | 4 | ||||
-rw-r--r-- | network/shorewall/shorewall.info | 10 |
3 files changed, 6 insertions, 175 deletions
diff --git a/network/shorewall/patch-4.4.7.1 b/network/shorewall/patch-4.4.7.1 deleted file mode 100644 index 966e83c3cfcc2..0000000000000 --- a/network/shorewall/patch-4.4.7.1 +++ /dev/null @@ -1,167 +0,0 @@ -diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/changelog.txt shorewall-4.4.7.1/changelog.txt ---- shorewall-4.4.7/changelog.txt 2010-02-11 07:29:41.000000000 -0800 -+++ shorewall-4.4.7.1/changelog.txt 2010-02-13 07:28:22.000000000 -0800 -@@ -1,3 +1,7 @@ -+Changes in Shorewall 4.4.7-1 -+ -+1) Don't apply rate limiting twice in NAT rules. -+ - Changes in Shorewall 4.4.7 - - 1) Backport optimization changes from 4.5. -diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/install.sh shorewall-4.4.7.1/install.sh ---- shorewall-4.4.7/install.sh 2010-02-11 07:29:41.000000000 -0800 -+++ shorewall-4.4.7.1/install.sh 2010-02-13 07:28:22.000000000 -0800 -@@ -22,7 +22,7 @@ - # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - # - --VERSION=4.4.7 -+VERSION=4.4.7.1 - - usage() # $1 = exit status - { -diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/known_problems.txt shorewall-4.4.7.1/known_problems.txt ---- shorewall-4.4.7/known_problems.txt 2010-02-11 07:29:41.000000000 -0800 -+++ shorewall-4.4.7.1/known_problems.txt 2010-02-13 07:28:22.000000000 -0800 -@@ -1 +1,5 @@ --There are no known problems in Shorewall 4.4.7. -+1) All versions of Shorewall-perl mishandle per-IP rate limiting in -+ REDIRECT and DNAT rules. The effective rate and burst are 1/2 of -+ the values given in the rule. -+ -+ Corrected in 4.4.7.1 -diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/Perl/Shorewall/Config.pm shorewall-4.4.7.1/Perl/Shorewall/Config.pm ---- shorewall-4.4.7/Perl/Shorewall/Config.pm 2010-02-11 07:29:41.000000000 -0800 -+++ shorewall-4.4.7.1/Perl/Shorewall/Config.pm 2010-02-13 07:28:22.000000000 -0800 -@@ -337,7 +337,7 @@ - TC_SCRIPT => '', - EXPORT => 0, - UNTRACKED => 0, -- VERSION => "4.4.7", -+ VERSION => "4.4.7.1", - CAPVERSION => 40407 , - ); - -diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/Perl/Shorewall/Rules.pm shorewall-4.4.7.1/Perl/Shorewall/Rules.pm ---- shorewall-4.4.7/Perl/Shorewall/Rules.pm 2010-02-11 07:29:41.000000000 -0800 -+++ shorewall-4.4.7.1/Perl/Shorewall/Rules.pm 2010-02-13 07:28:22.000000000 -0800 -@@ -1182,13 +1182,25 @@ - # - # Generate Fixed part of the rule - # -- $rule = join( '', -- do_proto($proto, $ports, $sports), -- do_ratelimit( $ratelimit, $basictarget ) , -- do_user( $user ) , -- do_test( $mark , $globals{TC_MASK} ) , -- do_connlimit( $connlimit ), -- do_time( $time ) ); -+ if ( ( $actiontype & ( NATRULE | NATONLY ) ) == NATRULE ) { -+ # -+ # Don't apply rate limiting twice -+ # -+ $rule = join( '', -+ do_proto($proto, $ports, $sports), -+ do_user( $user ) , -+ do_test( $mark , $globals{TC_MASK} ) , -+ do_connlimit( $connlimit ), -+ do_time( $time ) ); -+ } else { -+ $rule = join( '', -+ do_proto($proto, $ports, $sports), -+ do_ratelimit( $ratelimit, $basictarget ) , -+ do_user( $user ) , -+ do_test( $mark , $globals{TC_MASK} ) , -+ do_connlimit( $connlimit ), -+ do_time( $time ) ); -+ } - - unless ( $section eq 'NEW' ) { - fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT}; -diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/releasenotes.txt shorewall-4.4.7.1/releasenotes.txt ---- shorewall-4.4.7/releasenotes.txt 2010-02-11 07:29:41.000000000 -0800 -+++ shorewall-4.4.7.1/releasenotes.txt 2010-02-13 07:28:22.000000000 -0800 -@@ -1,4 +1,4 @@ --Shorewall 4.4.7 -+Shorewall 4.4.7 Patch Release 1. - - ---------------------------------------------------------------------------- - R E L E A S E 4 . 4 H I G H L I G H T S -@@ -184,7 +184,15 @@ - one from the release (not recommended). - - ---------------------------------------------------------------------------- -- P R O B L E M S C O R R E C T E D I N 4 . 4 . 7 -+ P R O B L E M S C O R R E C T E D I N 4 . 4 . 7 . 1 -+---------------------------------------------------------------------------- -+ -+1) All versions of Shorewall-perl mishandle per-IP rate limiting in -+ REDIRECT and DNAT rules. The effective rate and burst are 1/2 of -+ the values given in the rule. -+ -+---------------------------------------------------------------------------- -+ P R O B L E M S C O R R E C T E D I N 4 . 4 . 7 - ---------------------------------------------------------------------------- - - 1) The tcinterfaces and tcpri files are now installed by the -@@ -211,12 +219,19 @@ - - 5) Previously, specifying a TYPE in /etc/shorewall/tcinterfaces would - cause start/restart to fail on systems lacking 'flow' classifier -- support. While we currently know of no safe way to test for that -- support, in Shorewall 4.4.7 we use other hints to surmise that the -- installed toolset is likely to be too old to support 'flow' and -- simply ignore the TYPE setting. In particular, RHEL5 and -- derivatives no lonter experience a startup failure when TYPE is -- specified. -+ support. In Shorewall 4.4.7, we detect the ability of the 'tc' -+ utility to support that classifier. -+ -+ There are two caveats: -+ -+ - 'tc' may support 'flow' but the kernel does not. In that case, -+ start/restart will still fail. -+ -+ - If you use a capabilities file, you will need to regenerate the -+ file using shorewall-lite 4.4.7 in order for 'flow' to be -+ accurately detected. If you do not regenerate the file, the -+ compiler will use other hints to try to determine if 'flow' is -+ available. - - ---------------------------------------------------------------------------- - K N O W N P R O B L E M S R E M A I N I N G -diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/shorewall.spec shorewall-4.4.7.1/shorewall.spec ---- shorewall-4.4.7/shorewall.spec 2010-02-11 07:29:41.000000000 -0800 -+++ shorewall-4.4.7.1/shorewall.spec 2010-02-13 07:28:22.000000000 -0800 -@@ -1,6 +1,6 @@ - %define name shorewall - %define version 4.4.7 --%define release 0base -+%define release 1 - - Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. - Name: %{name} -@@ -107,6 +107,10 @@ - %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples - - %changelog -+* Sat Feb 13 2010 Tom Eastep tom@shorewall.net -+- Updated to 4.4.7-1 -+* Thu Feb 11 2010 Tom Eastep tom@shorewall.net -+- Updated to 4.4.7-0base - * Fri Feb 05 2010 Tom Eastep tom@shorewall.net - - Updated to 4.4.7-0base - * Tue Feb 02 2010 Tom Eastep tom@shorewall.net -diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/uninstall.sh shorewall-4.4.7.1/uninstall.sh ---- shorewall-4.4.7/uninstall.sh 2010-02-11 07:29:41.000000000 -0800 -+++ shorewall-4.4.7.1/uninstall.sh 2010-02-13 07:28:22.000000000 -0800 -@@ -26,7 +26,7 @@ - # You may only use this script to uninstall the version - # shown below. Simply run this script to remove Shorewall Firewall - --VERSION=4.4.7 -+VERSION=4.4.7.1 - - usage() # $1 = exit status - { diff --git a/network/shorewall/shorewall.SlackBuild b/network/shorewall/shorewall.SlackBuild index 1c3434a847bb0..23d0bf73f6d5f 100644 --- a/network/shorewall/shorewall.SlackBuild +++ b/network/shorewall/shorewall.SlackBuild @@ -24,12 +24,12 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=shorewall -VERSION=${VERSION:-4.4.7.1} +VERSION=${VERSION:-4.4.8} ARCH=noarch BUILD=${BUILD:-1} TAG=${TAG:-_SBo} -BASEVERS=4.4.7 +BASEVERS=4.4.8 CWD=$(pwd) TMP=${TMP:-/tmp/SBo} diff --git a/network/shorewall/shorewall.info b/network/shorewall/shorewall.info index 5bf8425023e45..36a6e68ce5f65 100644 --- a/network/shorewall/shorewall.info +++ b/network/shorewall/shorewall.info @@ -1,12 +1,10 @@ PRGNAM="shorewall" -VERSION="4.4.7.1" +VERSION="4.4.8" HOMEPAGE="http://www.shorewall.net" -DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.7/base/shorewall-4.4.7.tar.bz2 \ - http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.7/patch-4.4.7.1" -MD5SUM="bbf0ad51faae6c079485f171ce585844 \ - d392606277e325a8bcb7fd04519700da" +DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.8/base/shorewall-4.4.8.tar.bz2" +MD5SUM="900a1017bd5696403d1d840fd01d67c0" DOWNLOAD_x86_64="" MD5SUM_x86_64="" MAINTAINER="ArTourter" EMAIL="artourter@gmail.com" -APPROVED="dsomero" +APPROVED="rworkman" |