Hello community, here is the log from the commit of package shorewall for openSUSE:Factory checked in at 2020-01-23 15:55:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shorewall (Old) and /work/SRC/openSUSE:Factory/.shorewall.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shorewall" Thu Jan 23 15:55:33 2020 rev:109 rq:766579 version:5.2.3.5 Changes: -------- --- /work/SRC/openSUSE:Factory/shorewall/shorewall.changes 2019-09-13 15:00:06.953281806 +0200 +++ /work/SRC/openSUSE:Factory/.shorewall.new.26092/shorewall.changes 2020-01-23 15:55:54.159126955 +0100 @@ -1,0 +2,23 @@ +Thu Jan 23 07:27:41 UTC 2020 - Bruno Friedmann <br...@ioda-net.ch> + +- Update to bugfix minor 5.2.3.5 + + A typo in the FTP documentation has been corrected. + + The recommended mss setting when using IPSec with ipcomp + has been corrected. + + A number of incorrect links in the manpages have been + corrected. + + The 'bypass' option is now allowed when specifying an + NFQUEUE policy. Previously, specifying that option resulted + in an error. + + Corrected IPv6 Address Range parsing. + + Previously, such ranges were required to be of the form + [<addr1>-<addr2>] rather than the more standard form + [<addr1>]-[<addr2>]. In the snat file (and in nat actions), + the latter form was actually flagged as an error while in + other contexts, it resulted in a less obvious error being + raised. + + The manpages have been updated to refer to + https://shorewall.org rather than http://www.shorewall.org. +- Refresh spec file + +------------------------------------------------------------------- Old: ---- shorewall-5.2.3.4.tar.bz2 shorewall-core-5.2.3.4.tar.bz2 shorewall-docs-html-5.2.3.4.tar.bz2 shorewall-init-5.2.3.4.tar.bz2 shorewall-lite-5.2.3.4.tar.bz2 shorewall6-5.2.3.4.tar.bz2 shorewall6-lite-5.2.3.4.tar.bz2 New: ---- shorewall-5.2.3.5.tar.bz2 shorewall-core-5.2.3.5.tar.bz2 shorewall-docs-html-5.2.3.5.tar.bz2 shorewall-init-5.2.3.5.tar.bz2 shorewall-lite-5.2.3.5.tar.bz2 shorewall6-5.2.3.5.tar.bz2 shorewall6-lite-5.2.3.5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shorewall.spec ++++++ --- /var/tmp/diff_new_pack.Mv6Ztw/_old 2020-01-23 15:55:56.643128297 +0100 +++ /var/tmp/diff_new_pack.Mv6Ztw/_new 2020-01-23 15:55:56.643128297 +0100 @@ -1,7 +1,7 @@ # # spec file for package shorewall # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: shorewall -Version: 5.2.3.4 +Version: 5.2.3.5 Release: 0 Summary: An iptables-based firewall for Linux systems License: GPL-2.0-only ++++++ shorewall-5.2.3.4.tar.bz2 -> shorewall-5.2.3.5.tar.bz2 ++++++ ++++ 3252 lines of diff (skipped) ++++++ shorewall-core-5.2.3.4.tar.bz2 -> shorewall-core-5.2.3.5.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/changelog.txt new/shorewall-core-5.2.3.5/changelog.txt --- old/shorewall-core-5.2.3.4/changelog.txt 2019-08-27 02:55:56.000000000 +0200 +++ new/shorewall-core-5.2.3.5/changelog.txt 2020-01-15 22:06:14.000000000 +0100 @@ -1,3 +1,17 @@ +Changes in 5.2.3.5 + +1) Correct typo in FTP.xml. + +2) Correct recommended mss with ipcomp. + +3) Correct manpage links in documentation and manpages. + +4) Allow the bypass option in an NFQUEUE policy. + +5) Correct IPv6 Address Range parsing. + +6) Correct documentation links. + Changes in 5.2.3.4 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/configure new/shorewall-core-5.2.3.5/configure --- old/shorewall-core-5.2.3.4/configure 2019-08-27 02:55:56.000000000 +0200 +++ new/shorewall-core-5.2.3.5/configure 2020-01-15 22:06:14.000000000 +0100 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=5.2.3.4 +VERSION=5.2.3.5 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/configure.pl new/shorewall-core-5.2.3.5/configure.pl --- old/shorewall-core-5.2.3.4/configure.pl 2019-08-27 02:55:56.000000000 +0200 +++ new/shorewall-core-5.2.3.5/configure.pl 2020-01-15 22:06:14.000000000 +0100 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '5.2.3.4' + VERSION => '5.2.3.5' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/install.sh new/shorewall-core-5.2.3.5/install.sh --- old/shorewall-core-5.2.3.4/install.sh 2019-08-27 02:55:56.000000000 +0200 +++ new/shorewall-core-5.2.3.5/install.sh 2020-01-15 22:06:14.000000000 +0100 @@ -22,7 +22,7 @@ # along with this program; if not, see <http://www.gnu.org/licenses/>. # -VERSION=5.2.3.4 +VERSION=5.2.3.5 PRODUCT=shorewall-core Product="Shorewall Core" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/known_problems.txt new/shorewall-core-5.2.3.5/known_problems.txt --- old/shorewall-core-5.2.3.4/known_problems.txt 2019-08-27 02:55:56.000000000 +0200 +++ new/shorewall-core-5.2.3.5/known_problems.txt 2020-01-15 22:06:14.000000000 +0100 @@ -76,3 +76,13 @@ Corrected in 5.2.3.4. +11) An error is raised if the 'bypass' option is given when specifying + an NFQUEUE policy. + + Corrected in 5.2.3.5. + +12) When an IPv6 address range is specified, it must be of the form + [<addr1>-<addr2>] rather than in the more standard form + [<addr1>]-[<addr2>]. + + Corrected in 5.2.3.5. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/manpages/shorewall.8 new/shorewall-core-5.2.3.5/manpages/shorewall.8 --- old/shorewall-core-5.2.3.4/manpages/shorewall.8 2019-04-12 04:07:53.000000000 +0200 +++ new/shorewall-core-5.2.3.5/manpages/shorewall.8 2020-01-15 22:08:13.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 04/11/2019 +.\" Date: 01/15/2020 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL" "8" "04/11/2019" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL" "8" "01/15/2020" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -263,7 +263,7 @@ nor \fB\-q\fR option are specified, the amount of output is determined by the VERBOSITY setting in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. .sp When no \fIverbosity\fR @@ -282,7 +282,7 @@ nor \fB\-q\fR option are specified, the amount of output is determined by the VERBOSITY setting in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. .sp Each instance of this option causes 1 to be subtracted from the effective verbosity\&. .RE @@ -302,7 +302,7 @@ The \fIinterface\fR argument names an interface defined in the -\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5) (\m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[5]\d\s+2(5))file\&. A +\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[3]\d\s+2(5) (\m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[3]\d\s+2(5))file\&. A \fIhost\-list\fR is comma\-separated list whose elements are host or network addresses\&..if n \{\ .sp @@ -331,7 +331,7 @@ .sp Beginning with Shorewall 4\&.5\&.9, the \fBdynamic_shared\fR -zone option (\m[blue]\fBshorewall\-zones\fR\m[]\&\s-2\u[6]\d\s+2(5),\m[blue]\fBshorewall6\-zones\fR\m[]\&\s-2\u[7]\d\s+2(5)) allows a single ipset to handle entries for multiple interfaces\&. When that option is specified for a zone, the +zone option (\m[blue]\fBshorewall\-zones\fR\m[]\&\s-2\u[4]\d\s+2(5),\m[blue]\fBshorewall6\-zones\fR\m[]\&\s-2\u[4]\d\s+2(5)) allows a single ipset to handle entries for multiple interfaces\&. When that option is specified for a zone, the \fBadd\fR command has the alternative syntax in which the \fIzone\fR @@ -439,7 +439,7 @@ The \fB\-i\fR option was added in Shorewall 4\&.6\&.0 and causes a warning message to be issued if the current line contains alternative input specifications following a semicolon (";")\&. Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. .RE .PP \fBclear\fR [\-\fBf\fR] @@ -530,7 +530,7 @@ The \fB\-i\fR option was added in Shorewall 4\&.6\&.0 and causes a warning message to be issued if the current line contains alternative input specifications following a semicolon (";")\&. Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. .RE .PP \fBdelete \fR{ \fIinterface\fR[:\fIhost\-list\fR]\&.\&.\&. \fIzone\fR | \fIzone\fR \fIhost\-list\fR } @@ -542,14 +542,14 @@ The \fIinterface\fR argument names an interface defined in the -\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[4]\d\s+2(5) (\m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[5]\d\s+2(5) file\&. A +\m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[3]\d\s+2(5) (\m[blue]\fBshorewall6\-interfaces\fR\m[]\&\s-2\u[3]\d\s+2(5) file\&. A \fIhost\-list\fR is comma\-separated list whose elements are a host or network address\&. .sp Beginning with Shorewall 4\&.5\&.9, the \fBdynamic_shared\fR -zone option (\m[blue]\fBshorewall\-zones\fR\m[]\&\s-2\u[6]\d\s+2(5), -\m[blue]\fBshorewall6\-zones\fR\m[]\&\s-2\u[8]\d\s+2(5)) allows a single ipset to handle entries for multiple interfaces\&. When that option is specified for a zone, the +zone option (\m[blue]\fBshorewall\-zones\fR\m[]\&\s-2\u[4]\d\s+2(5), +\m[blue]\fBshorewall6\-zones\fR\m[]\&\s-2\u[4]\d\s+2(5)) allows a single ipset to handle entries for multiple interfaces\&. When that option is specified for a zone, the \fBdelete\fR command has the alternative syntax in which the \fIzone\fR @@ -569,7 +569,7 @@ Beginning with Shorewall 4\&.5\&.10, this command may be used with any optional network interface\&. \fIinterface\fR may be either the logical or physical name of the interface\&. The command removes any routes added from -\m[blue]\fBshorewall\-routes\fR\m[]\&\s-2\u[9]\d\s+2(5) (\m[blue]\fBshorewall6\-routes\fR\m[]\&\s-2\u[10]\d\s+2(5))and any traffic shaping configuration for the interface\&. +\m[blue]\fBshorewall\-routes\fR\m[]\&\s-2\u[5]\d\s+2(5) (\m[blue]\fBshorewall6\-routes\fR\m[]\&\s-2\u[5]\d\s+2(5))and any traffic shaping configuration for the interface\&. .RE .PP \fBdrop\fR \fIaddress\fR @@ -614,7 +614,7 @@ may be either the logical or physical name of the interface\&. The command sets /proc entries for the interface, adds any route specified in -\m[blue]\fBshorewall\-routes\fR\m[]\&\s-2\u[9]\d\s+2(5) (\m[blue]\fBshorewall6\-routes\fR\m[]\&\s-2\u[10]\d\s+2(5)) and installs the interface\*(Aqs traffic shaping configuration, if any\&. +\m[blue]\fBshorewall\-routes\fR\m[]\&\s-2\u[5]\d\s+2(5) (\m[blue]\fBshorewall6\-routes\fR\m[]\&\s-2\u[5]\d\s+2(5)) and installs the interface\*(Aqs traffic shaping configuration, if any\&. .RE .PP \fBexport \fR[\fI directory1\fR ] [\fI user\fR@]\fIsystem\fR[:\fIdirectory2\fR ] @@ -649,7 +649,7 @@ and /var/lib/shorewall/save\&. If no \fIfilename\fR is given then the file specified by RESTOREFILE in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5)) is assumed\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5)) is assumed\&. .RE .PP \fBhelp\fR @@ -683,7 +683,7 @@ must be one or more matches that may appear in both the raw table OUTPUT and raw table PREROUTING chains\&. .sp The log message destination is determined by the currently\-selected IPv4 or IPv6 -\m[blue]\fBlogging backend\fR\m[]\&\s-2\u[11]\d\s+2\&. +\m[blue]\fBlogging backend\fR\m[]\&\s-2\u[6]\d\s+2\&. .RE .PP \fBlist\fR @@ -699,14 +699,14 @@ Causes traffic from the listed \fIaddress\fRes to be logged then discarded\&. Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL setting in \m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2 -(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. This command requires that the firewall be in the started state and that DYNAMIC_BLACKLIST=Yes in +(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. This command requires that the firewall be in the started state and that DYNAMIC_BLACKLIST=Yes in \m[blue]\fBshorewall\&.conf (5)\fR\m[]\&\s-2\u[2]\d\s+2\&. .RE .PP \fBlogwatch \fR[\-\fBm\fR] [\fI refresh\-interval \fR] .RS 4 Monitors the log file specified by the LOGFILE option in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5)) and produces an audible alarm when new Shorewall messages are logged\&. The +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5)) and produces an audible alarm when new Shorewall messages are logged\&. The \fB\-m\fR option causes the MAC address of each packet source to be displayed if that information is available\&. The \fIrefresh\-interval\fR @@ -719,7 +719,7 @@ Causes traffic from the listed \fIaddress\fRes to be logged then rejected\&. Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL setting in \m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2 -(5), (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. This command requires that the firewall be in the started state and that DYNAMIC_BLACKLIST=Yes in +(5), (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. This command requires that the firewall be in the started state and that DYNAMIC_BLACKLIST=Yes in \m[blue]\fBshorewall\&.conf (5)\fR\m[]\&\s-2\u[2]\d\s+2\&. .RE .PP @@ -865,12 +865,12 @@ The \fB\-i\fR option was added in Shorewall 4\&.6\&.0 and causes a warning message to be issued if the current line contains alternative input specifications following a semicolon (";")\&. Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&.\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&.\&. .sp The \fB\-C\fR option was added in Shorewall 4\&.6\&.5 and is only meaningful when AUTOMAKE=Yes in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. If an existing firewall script is used and if that script was the one that generated the current running configuration, then the running netfilter configuration will be reloaded as is so as to preserve the iptables packet and byte counters\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. If an existing firewall script is used and if that script was the one that generated the current running configuration, then the running netfilter configuration will be reloaded as is so as to preserve the iptables packet and byte counters\&. .RE .PP Shorewall\-lite and Shorewall6\-lite @@ -976,7 +976,7 @@ is started via ssh\&. Beginning with Shorewall 5\&.0\&.13, if \fIsystem\fR is omitted, then the FIREWALL option setting in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[12]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf(5)\fR\m[]\&\s-2\u[3]\d\s+2) is assumed\&. In that case, if you want to specify a +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[7]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf(5)\fR\m[]\&\s-2\u[2]\d\s+2) is assumed\&. In that case, if you want to specify a \fIdirectory\fR, then the \fB\-D\fR option must be given\&. @@ -1041,8 +1041,8 @@ is restarted via ssh\&. Beginning with Shorewall 5\&.0\&.13, if \fIsystem\fR is omitted, then the FIREWALL option setting in -\m[blue]\fBshorewall6\&.conf(5)\fR\m[]\&\s-2\u[13]\d\s+2 -(\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5)) is assumed\&. In that case, if you want to specify a +\m[blue]\fBshorewall6\&.conf(5)\fR\m[]\&\s-2\u[2]\d\s+2 +(\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5)) is assumed\&. In that case, if you want to specify a \fIdirectory\fR, then the \fB\-D\fR option must be given\&. @@ -1078,7 +1078,7 @@ The \fB\-i\fR option was added in Shorewall 4\&.6\&.0 and causes a warning message to be issued if the current line contains alternative input specifications following a semicolon (";")\&. Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. .RE .PP \fBremote\-restart \fR[\-\fBs\fR] [\-\fBc\fR] [\-\fBr\fR \fIroot\-user\-name\fR] [\-\fBT\fR] [\-\fBi\fR] [ [ \-D ] \fIdirectory\fR ] [ \fIsystem\fR ] @@ -1110,8 +1110,8 @@ is restarted via ssh\&. Beginning with Shorewall 5\&.0\&.13, if \fIsystem\fR is omitted, then the FIREWALL option setting in -\m[blue]\fBshorewall6\&.conf(5)\fR\m[]\&\s-2\u[13]\d\s+2 -(\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5)) is assumed\&. In that case, if you want to specify a +\m[blue]\fBshorewall6\&.conf(5)\fR\m[]\&\s-2\u[2]\d\s+2 +(\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5)) is assumed\&. In that case, if you want to specify a \fIdirectory\fR, then the \fB\-D\fR option must be given\&. @@ -1147,7 +1147,7 @@ The \fB\-i\fR option was added in Shorewall 4\&.6\&.0 and causes a warning message to be issued if the current line contains alternative input specifications following a semicolon (";")\&. Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5)\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5)\&. .RE .PP \fBreset [\fR\fB\fIchain\fR\fR\fB, \&.\&.\&.]\fR @@ -1246,7 +1246,7 @@ \fBshorewall save\fR; if no \fIfilename\fR is given then Shorewall will be restored from the file specified by the RESTOREFILE option in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. .if n \{\ .sp .\} @@ -1376,7 +1376,7 @@ command\&. If \fIfilename\fR is not given then the state is saved in the file specified by the RESTOREFILE option in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. .sp The \fB\-C\fR @@ -1389,7 +1389,7 @@ \fBstop\fR command with respect to saving ipsets (see the SAVE_IPSETS option in \m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2 -(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. This command may be used to proactively save your ipset contents in the event that a system failure occurs prior to issuing a +(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. This command may be used to proactively save your ipset contents in the event that a system failure occurs prior to issuing a \fBstop\fR command\&. .RE @@ -1491,9 +1491,9 @@ .PP \fBipa\fR .RS 4 -Added in Shorewall 4\&.4\&.17\&. Displays the per\-IP accounting counters (\m[blue]\fBshorewall\-accounting\fR\m[]\&\s-2\u[14]\d\s+2 +Added in Shorewall 4\&.4\&.17\&. Displays the per\-IP accounting counters (\m[blue]\fBshorewall\-accounting\fR\m[]\&\s-2\u[8]\d\s+2 (5), -\m[blue]\fBshorewall6\-accounting\fR\m[]\&\s-2\u[15]\d\s+2(5))\&. +\m[blue]\fBshorewall6\-accounting\fR\m[]\&\s-2\u[8]\d\s+2(5))\&. .RE .PP \fBipsec\fR @@ -1508,7 +1508,7 @@ [\-\fBm\fR] \fBlog\fR .RS 4 Displays the last 20 Shorewall messages from the log file specified by the LOGFILE option in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. The +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. The \fB\-m\fR option causes the MAC address of each packet source to be displayed if that information is available\&. .RE @@ -1583,7 +1583,7 @@ Added in Shorewall 5\&.2\&.0\&. Lists snapshots created by the \fBsave\fR command\&. Each snapshot is listed with the date and time when it was taken\&. If there is a snapshot with the name specified in the RESTOREFILE option in -\m[blue]\fBshorewall\&.conf(5\fR\m[]\&\s-2\u[12]\d\s+2), that snapshot is listed as the +\m[blue]\fBshorewall\&.conf(5\fR\m[]\&\s-2\u[7]\d\s+2), that snapshot is listed as the \fIdefault\fR snapshot for the \fBrestore\fR @@ -1613,14 +1613,14 @@ first for configuration files\&. If \fB\-f\fR is specified, the saved configuration specified by the RESTOREFILE option in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5)) will be restored if that saved configuration exists and has been modified more recently than the files in /etc/shorewall\&. When +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5)) will be restored if that saved configuration exists and has been modified more recently than the files in /etc/shorewall\&. When \fB\-f\fR is given, a \fIdirectory\fR may not be specified\&. .sp Update: In Shorewall 4\&.4\&.20, a new LEGACY_FASTSTART option was added to -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. When LEGACY_FASTSTART=No, the modification times of files in /etc/shorewall are compared with that of /var/lib/shorewall/firewall (the compiled script that last started/restarted the firewall)\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. When LEGACY_FASTSTART=No, the modification times of files in /etc/shorewall are compared with that of /var/lib/shorewall/firewall (the compiled script that last started/restarted the firewall)\&. .sp The \fB\-n\fR @@ -1635,7 +1635,7 @@ The \fB\-c\fR option was added in Shorewall 4\&.4\&.20 and performs the compilation step unconditionally, overriding the AUTOMAKE setting in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. When both +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5) (\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. When both \fB\-f\fR and \fB\-c\fRare present, the result is determined by the option that appears last\&. @@ -1646,7 +1646,7 @@ .sp The \-i option was added in Shorewall 4\&.6\&.0 and causes a warning message to be issued if the current line contains alternative input specifications following a semicolon (";")\&. Such lines will be handled incorrectly if INLINE_MATCHES is set to Yes in \m[blue]\fBshorewall\&.conf(5)\fR\m[]\&\s-2\u[2]\d\s+2 -(\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5))\&. +(\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&. .sp The \fB\-C\fR @@ -1676,7 +1676,7 @@ The \fB\-f\fR option was added in Shorewall 4\&.6\&.5\&. If the RESTOREFILE named in -\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[12]\d\s+2(5) exists, is executable and is not older than the current filewall script, then that saved configuration is restored\&. +\m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[7]\d\s+2(5) exists, is executable and is not older than the current filewall script, then that saved configuration is restored\&. .sp The \fB\-C\fR @@ -1693,9 +1693,9 @@ \fBstop\fR [\-\fBf\fR] .RS 4 Stops the firewall\&. All existing connections, except those listed in -\m[blue]\fBshorewall\-routestopped\fR\m[]\&\s-2\u[16]\d\s+2(5) or permitted by the ADMINISABSENTMINDED option in +\m[blue]\fBshorewall\-routestopped\fR\m[]\&\s-2\u[9]\d\s+2(5) or permitted by the ADMINISABSENTMINDED option in \m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5), are taken down\&. The only new traffic permitted through the firewall is from systems listed in -\m[blue]\fBshorewall\-routestopped\fR\m[]\&\s-2\u[16]\d\s+2(5) or by ADMINISABSENTMINDED\&. +\m[blue]\fBshorewall\-routestopped\fR\m[]\&\s-2\u[9]\d\s+2(5) or by ADMINISABSENTMINDED\&. .sp If \fB\-f\fR @@ -2003,7 +2003,7 @@ SHOREWALL_INIT_SCRIPT .RS 4 When set to 1, causes Std out to be redirected to the file specified in the STARTUP_LOG option in -\m[blue]\fBshorewall\&.conf(5)\fR\m[]\&\s-2\u[12]\d\s+2\&. +\m[blue]\fBshorewall\&.conf(5)\fR\m[]\&\s-2\u[7]\d\s+2\&. .RE .PP SW_LOGGERTAG @@ -2017,140 +2017,105 @@ /etc/shorewall6/* .SH "SEE ALSO" .RS 4 -\m[blue]\fBhttp://www\&.shorewall\&.net/starting_and_stopping_shorewall\&.htm\fR\m[]\&\s-2\u[17]\d\s+2 +\m[blue]\fBhttp://www\&.shorewall\&.net/starting_and_stopping_shorewall\&.htm\fR\m[]\&\s-2\u[10]\d\s+2 \- Describes operational aspects of Shorewall\&. .RE .RS 4 -\m[blue]\fBshorewall\-files(5)\fR\m[]\&\s-2\u[18]\d\s+2 \- +\m[blue]\fBshorewall\-files(5)\fR\m[]\&\s-2\u[11]\d\s+2 \- Describes the various configuration files along with features and conventions common to those files\&. .RE .RS 4 -\m[blue]\fBshorewall\-names(5)\fR\m[]\&\s-2\u[19]\d\s+2 \- +\m[blue]\fBshorewall\-names(5)\fR\m[]\&\s-2\u[12]\d\s+2 \- Describes naming of objects within a Shorewall configuration\&. .RE .RS 4 -\m[blue]\fBshorewall\-addresses(5)\fR\m[]\&\s-2\u[20]\d\s+2 \- +\m[blue]\fBshorewall\-addresses(5)\fR\m[]\&\s-2\u[13]\d\s+2 \- Describes how to specify addresses within a Shorewall configuration\&. .RE .RS 4 -\m[blue]\fBshorewall\-exclusion(5)\fR\m[]\&\s-2\u[21]\d\s+2 \- +\m[blue]\fBshorewall\-exclusion(5)\fR\m[]\&\s-2\u[14]\d\s+2 \- Describes how to exclude certain hosts and/or networks from matching a rule\&. .RE .RS 4 -\m[blue]\fBshorewall\-nesting(5)\fR\m[]\&\s-2\u[22]\d\s+2 +\m[blue]\fBshorewall\-nesting(5)\fR\m[]\&\s-2\u[15]\d\s+2 \- Describes how to nest one Shorewall zone inside another\&. .RE .SH "NOTES" .IP " 1." 4 http://www.shorewall.net/starting_and_stopping_shorewall.htm#Trace .RS 4 -\%http://www.shorewall.org/starting_and_stopping_shorewall.htm#Trace +\%https://shorewall.org/starting_and_stopping_shorewall.htm#Trace .RE .IP " 2." 4 shorewall.conf .RS 4 -\%http://www.shorewall.org/manpages/shorewall.conf.html +\%https://shorewall.org/manpages/shorewall.conf.html .RE .IP " 3." 4 -shorewall6.conf -.RS 4 -\%http://www.shorewall.org/manpages6/shorewall6.conf.html -.RE -.IP " 4." 4 shorewall-interfaces .RS 4 -\%http://www.shorewall.org/manpages/shorewall-interfaces.html -.RE -.IP " 5." 4 -shorewall6-interfaces -.RS 4 -\%http://www.shorewall.org/manpages6/shorewall6-interfaces.html +\%https://shorewall.org/manpages/shorewall-interfaces.html .RE -.IP " 6." 4 +.IP " 4." 4 shorewall-zones .RS 4 -\%http://www.shorewall.org/manpages/shorewall-zones.html +\%https://shorewall.org/manpages/shorewall-zones.html .RE -.IP " 7." 4 -shorewall6-zones -.RS 4 -\%http://www.shorewall.org??? -.RE -.IP " 8." 4 -shorewall6-zones -.RS 4 -\%http://www.shorewall.org/manpages6/shorewall6-zones.html -.RE -.IP " 9." 4 +.IP " 5." 4 shorewall-routes .RS 4 -\%http://www.shorewall.org/manpages/shorewall-routes.html -.RE -.IP "10." 4 -shorewall6-routes -.RS 4 -\%http://www.shorewall.org/manpages/shorewall6-routes.html +\%https://shorewall.org/manpages/shorewall-routes.html .RE -.IP "11." 4 +.IP " 6." 4 logging backend .RS 4 -\%http://www.shorewall.org/shorewall_logging.html#Backends +\%https://shorewall.org/shorewall_logging.html#Backends .RE -.IP "12." 4 +.IP " 7." 4 shorewall.conf .RS 4 -\%http://www.shorewall.orgshorewall.conf.html -.RE -.IP "13." 4 -shorewall6.conf(5) -.RS 4 -\%http://www.shorewall.orgshorewall6.conf.html +\%https://shorewall.orgshorewall.conf.html .RE -.IP "14." 4 +.IP " 8." 4 shorewall-accounting .RS 4 -\%http://www.shorewall.org/manpages/shorewall-accounting.html +\%https://shorewall.org/manpages/shorewall-accounting.html .RE -.IP "15." 4 -shorewall6-accounting -.RS 4 -\%http://www.shorewall.org/manpages6/shorewall6-accounting.html -.RE -.IP "16." 4 +.IP " 9." 4 shorewall-routestopped .RS 4 -\%http://www.shorewall.org/manpages/shorewall-routestopped.html +\%https://shorewall.org/manpages/shorewall-routestopped.html .RE -.IP "17." 4 +.IP "10." 4 http://www.shorewall.net/starting_and_stopping_shorewall.htm .RS 4 -\%http://www.shorewall.org/starting_and_stopping_shorewall.htm +\%https://shorewall.org/starting_and_stopping_shorewall.htm .RE -.IP "18." 4 +.IP "11." 4 shorewall-files(5) .RS 4 -\%http://www.shorewall.orgshorewall-files.html +\%https://shorewall.orgshorewall-files.html .RE -.IP "19." 4 +.IP "12." 4 shorewall-names(5) .RS 4 -\%http://www.shorewall.orgshorewall-names.html +\%https://shorewall.orgshorewall-names.html .RE -.IP "20." 4 +.IP "13." 4 shorewall-addresses(5) .RS 4 -\%http://www.shorewall.orgshorewall-addresses.html +\%https://shorewall.orgshorewall-addresses.html .RE -.IP "21." 4 +.IP "14." 4 shorewall-exclusion(5) .RS 4 -\%http://www.shorewall.orgshorewall-exclusion.html +\%https://shorewall.orgshorewall-exclusion.html .RE -.IP "22." 4 +.IP "15." 4 shorewall-nesting(5) .RS 4 -\%http://www.shorewall.orgshorewall-nesting.html +\%https://shorewall.orgshorewall-nesting.html .RE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/releasenotes.txt new/shorewall-core-5.2.3.5/releasenotes.txt --- old/shorewall-core-5.2.3.4/releasenotes.txt 2019-08-27 02:55:56.000000000 +0200 +++ new/shorewall-core-5.2.3.5/releasenotes.txt 2020-01-15 22:06:14.000000000 +0100 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 5 . 2 . 3 . 4 + S H O R E W A L L 5 . 2 . 3 . 5 ------------------------------- - A U G U S T 2 5 , 2 0 1 9 + J A N U A R Y 1 5 , 2 0 2 0 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,29 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +5.2.3.5 + +1) A typo in the FTP documentation has been corrected. + +2) The recommended mss setting when using IPSec with ipcomp has been + corrected. + +3) A number of incorrect links in the manpages have been corrected. + +4) The 'bypass' option is now allowed when specifying an NFQUEUE + policy. Previously, specifying that option resulted in an error. + +5) Corrected IPv6 Address Range parsing. + + Previously, such ranges were required to be of the form [<addr1>-<addr2>] + rather than the more standard form [<addr1>]-[<addr2>]. In the snat file + (and in nat actions), the latter form was actually flagged as an error + while in other contexts, it resulted in a less obvious error being + raised. + +6) The manpages have been updated to refer to https://shorewall.org + rather than http://www.shorewall.org. + 5.2.3.4 1) If multi-queue NFQUEUE (e.g., NFQUEUE(0:1) ) WAS used as a policy, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/shorewall-core.spec new/shorewall-core-5.2.3.5/shorewall-core.spec --- old/shorewall-core-5.2.3.4/shorewall-core.spec 2019-08-27 02:55:56.000000000 +0200 +++ new/shorewall-core-5.2.3.5/shorewall-core.spec 2020-01-15 22:06:14.000000000 +0100 @@ -1,6 +1,6 @@ %define name shorewall-core %define version 5.2.3 -%define release 4 +%define release 5 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -69,6 +69,8 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt %changelog +* Wed Jan 15 2020 Tom Eastep <t...@shorewall.net> +- Updated to 5.2.3-5 * Sun Aug 25 2019 Tom Eastep <t...@shorewall.net> - Updated to 5.2.3-4 * Thu Apr 11 2019 Tom Eastep t...@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.3.4/uninstall.sh new/shorewall-core-5.2.3.5/uninstall.sh --- old/shorewall-core-5.2.3.4/uninstall.sh 2019-08-27 02:55:56.000000000 +0200 +++ new/shorewall-core-5.2.3.5/uninstall.sh 2020-01-15 22:06:14.000000000 +0100 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=5.2.3.4 +VERSION=5.2.3.5 PRODUCT=shorewall-core Product="Shorewall Core" ++++++ shorewall-docs-html-5.2.3.4.tar.bz2 -> shorewall-docs-html-5.2.3.5.tar.bz2 ++++++ ++++ 1867 lines of diff (skipped) ++++++ shorewall-init-5.2.3.4.tar.bz2 -> shorewall-init-5.2.3.5.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.3.4/changelog.txt new/shorewall-init-5.2.3.5/changelog.txt --- old/shorewall-init-5.2.3.4/changelog.txt 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-init-5.2.3.5/changelog.txt 2020-01-15 22:06:14.000000000 +0100 @@ -1,3 +1,17 @@ +Changes in 5.2.3.5 + +1) Correct typo in FTP.xml. + +2) Correct recommended mss with ipcomp. + +3) Correct manpage links in documentation and manpages. + +4) Allow the bypass option in an NFQUEUE policy. + +5) Correct IPv6 Address Range parsing. + +6) Correct documentation links. + Changes in 5.2.3.4 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.3.4/configure new/shorewall-init-5.2.3.5/configure --- old/shorewall-init-5.2.3.4/configure 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-init-5.2.3.5/configure 2020-01-15 22:06:14.000000000 +0100 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=5.2.3.4 +VERSION=5.2.3.5 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.3.4/configure.pl new/shorewall-init-5.2.3.5/configure.pl --- old/shorewall-init-5.2.3.4/configure.pl 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-init-5.2.3.5/configure.pl 2020-01-15 22:06:14.000000000 +0100 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '5.2.3.4' + VERSION => '5.2.3.5' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.3.4/install.sh new/shorewall-init-5.2.3.5/install.sh --- old/shorewall-init-5.2.3.4/install.sh 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-init-5.2.3.5/install.sh 2020-01-15 22:06:14.000000000 +0100 @@ -27,7 +27,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=5.2.3.4 +VERSION=5.2.3.5 PRODUCT=shorewall-init Product="Shorewall Init" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.3.4/releasenotes.txt new/shorewall-init-5.2.3.5/releasenotes.txt --- old/shorewall-init-5.2.3.4/releasenotes.txt 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-init-5.2.3.5/releasenotes.txt 2020-01-15 22:06:14.000000000 +0100 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 5 . 2 . 3 . 4 + S H O R E W A L L 5 . 2 . 3 . 5 ------------------------------- - A U G U S T 2 5 , 2 0 1 9 + J A N U A R Y 1 5 , 2 0 2 0 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,29 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +5.2.3.5 + +1) A typo in the FTP documentation has been corrected. + +2) The recommended mss setting when using IPSec with ipcomp has been + corrected. + +3) A number of incorrect links in the manpages have been corrected. + +4) The 'bypass' option is now allowed when specifying an NFQUEUE + policy. Previously, specifying that option resulted in an error. + +5) Corrected IPv6 Address Range parsing. + + Previously, such ranges were required to be of the form [<addr1>-<addr2>] + rather than the more standard form [<addr1>]-[<addr2>]. In the snat file + (and in nat actions), the latter form was actually flagged as an error + while in other contexts, it resulted in a less obvious error being + raised. + +6) The manpages have been updated to refer to https://shorewall.org + rather than http://www.shorewall.org. + 5.2.3.4 1) If multi-queue NFQUEUE (e.g., NFQUEUE(0:1) ) WAS used as a policy, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.3.4/shorewall-init.spec new/shorewall-init-5.2.3.5/shorewall-init.spec --- old/shorewall-init-5.2.3.4/shorewall-init.spec 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-init-5.2.3.5/shorewall-init.spec 2020-01-15 22:06:14.000000000 +0100 @@ -1,6 +1,6 @@ %define name shorewall-init %define version 5.2.3 -%define release 4 +%define release 5 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -135,6 +135,8 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Wed Jan 15 2020 Tom Eastep <t...@shorewall.net> +- Updated to 5.2.3-5 * Sun Aug 25 2019 Tom Eastep <t...@shorewall.net> - Updated to 5.2.3-4 * Thu Apr 11 2019 Tom Eastep t...@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.3.4/uninstall.sh new/shorewall-init-5.2.3.5/uninstall.sh --- old/shorewall-init-5.2.3.4/uninstall.sh 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-init-5.2.3.5/uninstall.sh 2020-01-15 22:06:14.000000000 +0100 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=5.2.3.4 +VERSION=5.2.3.5 PRODUCT=shorewall-init Product="Shorewall Init" ++++++ shorewall-lite-5.2.3.4.tar.bz2 -> shorewall-lite-5.2.3.5.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/changelog.txt new/shorewall-lite-5.2.3.5/changelog.txt --- old/shorewall-lite-5.2.3.4/changelog.txt 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-lite-5.2.3.5/changelog.txt 2020-01-15 22:06:14.000000000 +0100 @@ -1,3 +1,17 @@ +Changes in 5.2.3.5 + +1) Correct typo in FTP.xml. + +2) Correct recommended mss with ipcomp. + +3) Correct manpage links in documentation and manpages. + +4) Allow the bypass option in an NFQUEUE policy. + +5) Correct IPv6 Address Range parsing. + +6) Correct documentation links. + Changes in 5.2.3.4 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/configure new/shorewall-lite-5.2.3.5/configure --- old/shorewall-lite-5.2.3.4/configure 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-lite-5.2.3.5/configure 2020-01-15 22:06:14.000000000 +0100 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=5.2.3.4 +VERSION=5.2.3.5 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/configure.pl new/shorewall-lite-5.2.3.5/configure.pl --- old/shorewall-lite-5.2.3.4/configure.pl 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-lite-5.2.3.5/configure.pl 2020-01-15 22:06:14.000000000 +0100 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '5.2.3.4' + VERSION => '5.2.3.5' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/install.sh new/shorewall-lite-5.2.3.5/install.sh --- old/shorewall-lite-5.2.3.4/install.sh 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-lite-5.2.3.5/install.sh 2020-01-15 22:06:14.000000000 +0100 @@ -22,7 +22,7 @@ # along with this program; if not, see <http://www.gnu.org/licenses/>. # -VERSION=5.2.3.4 +VERSION=5.2.3.5 usage() # $1 = exit status { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/manpages/shorewall-lite-vardir.5 new/shorewall-lite-5.2.3.5/manpages/shorewall-lite-vardir.5 --- old/shorewall-lite-5.2.3.4/manpages/shorewall-lite-vardir.5 2019-02-11 23:50:08.000000000 +0100 +++ new/shorewall-lite-5.2.3.5/manpages/shorewall-lite-vardir.5 2020-01-15 22:08:03.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 02/11/2019 +.\" Date: 01/15/2020 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\-VAR" "5" "02/11/2019" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\-VAR" "5" "01/15/2020" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/manpages/shorewall-lite.8 new/shorewall-lite-5.2.3.5/manpages/shorewall-lite.8 --- old/shorewall-lite-5.2.3.4/manpages/shorewall-lite.8 2019-04-12 04:07:42.000000000 +0200 +++ new/shorewall-lite-5.2.3.5/manpages/shorewall-lite.8 2020-01-15 22:08:03.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 04/11/2019 +.\" Date: 01/15/2020 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-LITE" "8" "04/11/2019" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-LITE" "8" "01/15/2020" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -50,5 +50,5 @@ .IP " 1." 4 shorewall .RS 4 -\%http://www.shorewall.org/manpages/shorewall.html +\%https://shorewall.org/manpages/shorewall.html .RE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/manpages/shorewall-lite.conf.5 new/shorewall-lite-5.2.3.5/manpages/shorewall-lite.conf.5 --- old/shorewall-lite-5.2.3.4/manpages/shorewall-lite.conf.5 2019-02-11 23:50:07.000000000 +0100 +++ new/shorewall-lite-5.2.3.5/manpages/shorewall-lite.conf.5 2020-01-15 22:08:02.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 02/11/2019 +.\" Date: 01/15/2020 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\&.CO" "5" "02/11/2019" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\&.CO" "5" "01/15/2020" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/releasenotes.txt new/shorewall-lite-5.2.3.5/releasenotes.txt --- old/shorewall-lite-5.2.3.4/releasenotes.txt 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-lite-5.2.3.5/releasenotes.txt 2020-01-15 22:06:14.000000000 +0100 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 5 . 2 . 3 . 4 + S H O R E W A L L 5 . 2 . 3 . 5 ------------------------------- - A U G U S T 2 5 , 2 0 1 9 + J A N U A R Y 1 5 , 2 0 2 0 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,29 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +5.2.3.5 + +1) A typo in the FTP documentation has been corrected. + +2) The recommended mss setting when using IPSec with ipcomp has been + corrected. + +3) A number of incorrect links in the manpages have been corrected. + +4) The 'bypass' option is now allowed when specifying an NFQUEUE + policy. Previously, specifying that option resulted in an error. + +5) Corrected IPv6 Address Range parsing. + + Previously, such ranges were required to be of the form [<addr1>-<addr2>] + rather than the more standard form [<addr1>]-[<addr2>]. In the snat file + (and in nat actions), the latter form was actually flagged as an error + while in other contexts, it resulted in a less obvious error being + raised. + +6) The manpages have been updated to refer to https://shorewall.org + rather than http://www.shorewall.org. + 5.2.3.4 1) If multi-queue NFQUEUE (e.g., NFQUEUE(0:1) ) WAS used as a policy, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/shorewall-lite.spec new/shorewall-lite-5.2.3.5/shorewall-lite.spec --- old/shorewall-lite-5.2.3.4/shorewall-lite.spec 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-lite-5.2.3.5/shorewall-lite.spec 2020-01-15 22:06:14.000000000 +0100 @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 5.2.3 -%define release 4 +%define release 5 %define initdir /etc/init.d Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. @@ -114,6 +114,8 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Wed Jan 15 2020 Tom Eastep <t...@shorewall.net> +- Updated to 5.2.3-5 * Sun Aug 25 2019 Tom Eastep <t...@shorewall.net> - Updated to 5.2.3-4 * Thu Apr 11 2019 Tom Eastep t...@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.3.4/uninstall.sh new/shorewall-lite-5.2.3.5/uninstall.sh --- old/shorewall-lite-5.2.3.4/uninstall.sh 2019-08-27 02:55:57.000000000 +0200 +++ new/shorewall-lite-5.2.3.5/uninstall.sh 2020-01-15 22:06:14.000000000 +0100 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=5.2.3.4 +VERSION=5.2.3.5 usage() # $1 = exit status { ++++++ shorewall-5.2.3.4.tar.bz2 -> shorewall6-5.2.3.5.tar.bz2 ++++++ ++++ 121714 lines of diff (skipped) ++++++ shorewall-lite-5.2.3.4.tar.bz2 -> shorewall6-lite-5.2.3.5.tar.bz2 ++++++ ++++ 3037 lines of diff (skipped)