Hello community, here is the log from the commit of package shorewall for openSUSE:Factory checked in at 2020-04-23 18:33:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shorewall (Old) and /work/SRC/openSUSE:Factory/.shorewall.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shorewall" Thu Apr 23 18:33:41 2020 rev:114 rq:796435 version:5.2.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/shorewall/shorewall.changes 2020-04-15 19:55:05.353615066 +0200 +++ /work/SRC/openSUSE:Factory/.shorewall.new.2738/shorewall.changes 2020-04-23 18:33:54.120485396 +0200 @@ -1,0 +2,19 @@ +Wed Apr 22 14:50:24 UTC 2020 - Bruno Friedmann <[email protected]> + +- Update to version 5.2.4.2 + https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt + + Fixes for debian +- Update to version 5.2.4.1 + + Fixes for openSUSE shorewall-init + will now ignore 'start' and 'stop' commands, for running firewalls + + Spurious messages have been removed +- Packaging + + Move /usr/sbin/shorewall to shorewall-core so -lite version + doesn't need main shorewall package + + To make shorewall remote-* command working we patch lib.cli-std + to use /usr/sbin instead of /sbin + commented spec + + Desactivate for the moment the upgrade warning. we need to + find a 100% working solution. + + use %{var} form everywhere + +------------------------------------------------------------------- Old: ---- shorewall-5.2.4.tar.bz2 shorewall-core-5.2.4.tar.bz2 shorewall-docs-html-5.2.4.tar.bz2 shorewall-init-5.2.4.tar.bz2 shorewall-lite-5.2.4.tar.bz2 shorewall6-5.2.4.tar.bz2 shorewall6-lite-5.2.4.tar.bz2 New: ---- shorewall-5.2.4.2.tar.bz2 shorewall-core-5.2.4.2.tar.bz2 shorewall-docs-html-5.2.4.2.tar.bz2 shorewall-init-5.2.4.2.tar.bz2 shorewall-lite-5.2.4.2.tar.bz2 shorewall6-5.2.4.2.tar.bz2 shorewall6-lite-5.2.4.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shorewall.spec ++++++ --- /var/tmp/diff_new_pack.lQtMHX/_old 2020-04-23 18:33:58.724494204 +0200 +++ /var/tmp/diff_new_pack.lQtMHX/_new 2020-04-23 18:33:58.724494204 +0200 @@ -20,13 +20,13 @@ %define dmaj 5.2 %define dmin 5.2.4 # Warn users for upgrading configuration but only on major or minor version changes -%define conf_need_update 1 +%define conf_need_update 0 #2017+ New fillup location %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: shorewall -Version: 5.2.4 +Version: 5.2.4.2 Release: 0 Summary: An iptables-based firewall for Linux systems License: GPL-2.0-only @@ -175,29 +175,34 @@ %prep %setup -q -c -a1 -a2 -a3 -a4 -a5 -a6 # Patch for fillup -pushd %{name}-init-%version +pushd %{name}-init-%{version} %patch1 -p1 popd -pushd %{name}-%version +pushd %{name}-%{version} %patch2 -p1 popd -pushd %{name}6-%version +pushd %{name}6-%{version} %patch2 -p1 popd -pushd %{name}-lite-%version +pushd %{name}-lite-%{version} %patch3 -p1 popd -pushd %{name}6-lite-%version +pushd %{name}6-lite-%{version} %patch3 -p1 popd -chmod -x %{name}-docs-html-%version/images/*.png -chmod -x %{name}6-%version/tunnel -chmod -x %{name}6-%version/ipv6 -chmod -x %{name}-%version/Contrib/swping.init -chmod -x %{name}-%version/Contrib/tunnel - -cp %{SOURCE8} %{name}-%version/. +chmod -x %{name}-docs-html-%{version}/images/*.png +chmod -x %{name}6-%{version}/tunnel +chmod -x %{name}6-%{version}/ipv6 +chmod -x %{name}-%{version}/Contrib/swping.init +chmod -x %{name}-%{version}/Contrib/tunnel + +cp %{SOURCE8} %{name}-%{version}/. + +# We don't have /sbin /bin merged on /usr so symlinks can't work. +# so we dynamically patch last /sbin calls in lib.cli-std +# and make shorewall remote working without hacks +sed -i 's#/sbin/shorewall#/usr/sbin/shorewall#g' %{name}-%{version}/lib.cli-std %build @@ -219,9 +224,9 @@ for i in $targets; do pushd ${i}-%{version} ./configure \ - vendor=%_vendor \ - host=%_vendor \ - prefix=%_prefix \ + vendor=%{_vendor} \ + host=%{_vendor} \ + prefix=%{_prefix} \ perllibdir=%{perl_vendorlib} \ libexecdir=%{_libexecdir} \ sbindir=%{_sbindir} \ @@ -231,7 +236,8 @@ %endif sharedir=%{_datadir} - if [ $i != shorewall-init ];then + if [ $i != shorewall-init ]; + then DESTDIR=%{buildroot} FILLUPDIR=%{_fillupdir} ./install.sh shorewallrc else install -d %buildroot/%{_sysconfdir}/NetworkManager/dispatcher.d @@ -247,7 +253,6 @@ done fi fi - popd done @@ -373,7 +378,6 @@ %defattr(-,root,root,-) %doc %{name}-%version/{COPYING,changelog.txt,releasenotes.txt,README.openSUSE} %{_sbindir}/rc%{name} -%{_sbindir}/%{name} %{_fillupdir}/sysconfig.%{name} %dir %{_sysconfdir}/%{name} %ghost %{_sysconfdir}/%{name}/isusable @@ -407,11 +411,9 @@ %files lite %defattr(-,root,root,-) %doc %{name}-lite-%version/{COPYING,changelog.txt,releasenotes.txt} -# FIXME %{_fillupdir}/sysconfig.%{name}-lite %dir %{_sysconfdir}/%{name}-lite -%config(noreplace) %{_sysconfdir}/%{name}-lite/%{name}-lite.conf -# FIXME +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}-lite/%{name}-lite.conf %{_sbindir}/rc%{name}-lite %{_sbindir}/%{name}-lite %dir %{_datadir}/%{name}-lite @@ -422,7 +424,6 @@ %{_datadir}/%{name}-lite/configpath %attr(- ,root,root) %{_datadir}/%{name}-lite/functions %{_datadir}/%{name}-lite/lib.base -# Removed in 5.2.3 %%{_datadir}/%%{name}-lite/modules* %{_datadir}/%{name}-lite/helpers %attr(0544,root,root) %{_libexecdir}/%{name}-lite/shorecap %{_mandir}/man5/%{name}-lite*.5* @@ -465,7 +466,7 @@ %doc %{name}6-lite-%version/{COPYING,changelog.txt,releasenotes.txt} %{_fillupdir}/sysconfig.%{name}6-lite %dir %{_sysconfdir}/%{name}6-lite -%config(noreplace) %{_sysconfdir}/%{name}6-lite/%{name}6-lite.conf +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}6-lite/%{name}6-lite.conf %{_sbindir}/rc%{name}6-lite %{_sbindir}/%{name}6-lite %dir %{_datadir}/%{name}6-lite @@ -502,6 +503,7 @@ %files core %defattr(-,root,root,-) %doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt} +%{_sbindir}/%{name} %dir %{_datadir}/shorewall/ %{_datadir}/shorewall/coreversion %{_datadir}/shorewall/functions ++++++ shorewall-5.2.4.tar.bz2 -> shorewall-5.2.4.2.tar.bz2 ++++++ ++++ 5513 lines of diff (skipped) ++++++ shorewall-core-5.2.4.tar.bz2 -> shorewall-core-5.2.4.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/INSTALL new/shorewall-core-5.2.4.2/INSTALL --- old/shorewall-core-5.2.4/INSTALL 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/INSTALL 2020-04-18 21:44:19.000000000 +0200 @@ -18,7 +18,7 @@ --------------------------------------------------------------------------- -Please see http://www.shorewall.org/Install.htm for installation +Please see https://shorewall.org/Install.htm for installation instructions. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/Shorewall-core-targetname new/shorewall-core-5.2.4.2/Shorewall-core-targetname --- old/shorewall-core-5.2.4/Shorewall-core-targetname 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/Shorewall-core-targetname 2020-04-18 21:44:19.000000000 +0200 @@ -1 +1 @@ -5.2.4-Beta1 \ No newline at end of file +5.2.4.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/changelog.txt new/shorewall-core-5.2.4.2/changelog.txt --- old/shorewall-core-5.2.4/changelog.txt 2020-03-21 22:40:32.000000000 +0100 +++ new/shorewall-core-5.2.4.2/changelog.txt 2020-04-19 18:08:48.000000000 +0200 @@ -1,3 +1,33 @@ +Changes in 5.2.4.2 + +1) Update release documents + +2) Correct handling of 'down' events on Debian where IFUPDOWN=1 + in the Shorewall-init configuration file + (/etc/default/shorewall-init). + +3) Avoid dupicate 'up' events when a dual-stack interface comes + on Debian with Shorewall-init IFUPDOWN=1. + +Changes in 5.2.4.1 + +1) Update release documents + +2) Correct HTTP links to point to the current project website. + +3) Use relative links in the website. + +4) Change URLs to point to the current web site. + +5) Sort specific hash keys and values if -t is specified. + +6) Add cautions to the ipsets document. + +7) Prevent firewalls from being cleared/stopped during OpenSuSE + upgrades. + +8) Avoid ifupdown extraneous log messages. + Changes in 5.2.4 Final 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/configure new/shorewall-core-5.2.4.2/configure --- old/shorewall-core-5.2.4/configure 2020-03-21 22:40:32.000000000 +0100 +++ new/shorewall-core-5.2.4.2/configure 2020-04-19 18:08:48.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2012,2014,2017 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=5.2.4 +VERSION=5.2.4.2 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/configure.pl new/shorewall-core-5.2.4.2/configure.pl --- old/shorewall-core-5.2.4/configure.pl 2020-03-21 22:40:32.000000000 +0100 +++ new/shorewall-core-5.2.4.2/configure.pl 2020-04-19 18:08:48.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2012, 2014 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '5.2.4' + VERSION => '5.2.4.2' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/install.sh new/shorewall-core-5.2.4.2/install.sh --- old/shorewall-core-5.2.4/install.sh 2020-03-21 22:40:32.000000000 +0100 +++ new/shorewall-core-5.2.4.2/install.sh 2020-04-19 18:08:48.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2000-2018 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -22,7 +22,7 @@ # along with this program; if not, see <http://www.gnu.org/licenses/>. # -VERSION=5.2.4 +VERSION=5.2.4.2 PRODUCT=shorewall-core Product="Shorewall Core" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/known_problems.txt new/shorewall-core-5.2.4.2/known_problems.txt --- old/shorewall-core-5.2.4/known_problems.txt 2020-03-21 22:40:32.000000000 +0100 +++ new/shorewall-core-5.2.4.2/known_problems.txt 2020-04-19 18:08:48.000000000 +0200 @@ -12,3 +12,47 @@ such routes. Beginning with Shorewall6 5.0.15, the generated script uses a "delete..add.." sequence on these routes rather than a single "replace" command. + +4) On Debian-derived systems, when DOCKER=Yes, the 'systemctl restart + shorewall' command looses Docker rules. + + Workaround (courtesy of J Cliff Armstrong): + + Type (as root): + + `systemctl edit shorewall.service`. + + This will open the default terminal editor to a blank file in + which you can paste the following: + + [Service] + # reset ExecStop + ExecStop= + # set ExecStop to "stop" instead of "clear" + ExecStop=/sbin/shorewall $OPTIONS stop + + Then type `systemctl daemon-reload` to activate the changes. This + change will survive future updates of the shorewall package from apt + repositories. The override file itself will be saved to + `/etc/systemd/system/shorewall.service.d/`. + +5) OpenSuSE users running systemd complain that the firewalls are + stopped after a Shorewall product upgrade. + + Corrected in 5.2.4.1. + +6) On Redhat-based systems and on OpenSuSE, the Shoewall-init log + contains spurious log messages regarding invalid commands. These + messages are harmless. + + Corrected in 5.2.4.1. + +7) There are two problems associated with Debian Shorewall-init when + IFUPDOWN=1 in the Shorewall-init configuration file + (/etc/default/shorewall-init). + + a) Down events are ignored when Network Manager is being used. + + b) Up events are processed twice on dual-stack interfaces. + + Corrected in 5.2.4.2. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/lib.base new/shorewall-core-5.2.4.2/lib.base --- old/shorewall-core-5.2.4/lib.base 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/lib.base 2020-04-18 21:44:19.000000000 +0200 @@ -3,7 +3,7 @@ # # (c) 1999-2017 - Tom Eastep ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/lib.cli new/shorewall-core-5.2.4.2/lib.cli --- old/shorewall-core-5.2.4/lib.cli 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/lib.cli 2020-04-18 21:44:19.000000000 +0200 @@ -3,7 +3,7 @@ # # (c) 1999-2018 - Tom Eastep ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/lib.common new/shorewall-core-5.2.4.2/lib.common --- old/shorewall-core-5.2.4/lib.common 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/lib.common 2020-04-18 21:44:19.000000000 +0200 @@ -3,7 +3,7 @@ # # (c) 2010-2018 - Tom Eastep ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/lib.core new/shorewall-core-5.2.4.2/lib.core --- old/shorewall-core-5.2.4/lib.core 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/lib.core 2020-04-18 21:44:19.000000000 +0200 @@ -3,7 +3,7 @@ # # (c) 1999-2017 - Tom Eastep ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/lib.installer new/shorewall-core-5.2.4.2/lib.installer --- old/shorewall-core-5.2.4/lib.installer 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/lib.installer 2020-04-18 21:44:19.000000000 +0200 @@ -4,7 +4,7 @@ # (c) 2017 - Tom Eastep ([email protected]) # (c) 2017 - Matt Darfeuille ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/lib.uninstaller new/shorewall-core-5.2.4.2/lib.uninstaller --- old/shorewall-core-5.2.4/lib.uninstaller 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/lib.uninstaller 2020-04-18 21:44:19.000000000 +0200 @@ -4,7 +4,7 @@ # (c) 2017 - Tom Eastep ([email protected]) # (c) 2017 - Matt Darfeuille ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/manpages/shorewall.8 new/shorewall-core-5.2.4.2/manpages/shorewall.8 --- old/shorewall-core-5.2.4/manpages/shorewall.8 2020-03-21 22:42:12.000000000 +0100 +++ new/shorewall-core-5.2.4.2/manpages/shorewall.8 2020-04-19 18:10:28.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 03/21/2020 +.\" Date: 04/19/2020 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL" "8" "03/21/2020" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL" "8" "04/19/2020" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -2083,7 +2083,7 @@ /etc/shorewall6/* .SH "SEE ALSO" .RS 4 -\m[blue]\fBhttp://www\&.shorewall\&.org/starting_and_stopping_shorewall\&.htm\fR\m[]\&\s-2\u[9]\d\s+2 +\m[blue]\fBhttps://shorewall\&.org/starting_and_stopping_shorewall\&.htm\fR\m[]\&\s-2\u[9]\d\s+2 \- Describes operational aspects of Shorewall\&. .RE .RS 4 @@ -2113,70 +2113,70 @@ .IP " 1." 4 shorewall.conf .RS 4 -\%https://shorewall.org/manpages/shorewall.conf.html +\%https://shorewall.org/manpages//manpages/shorewall.conf.html .RE .IP " 2." 4 shorewall-interfaces .RS 4 -\%https://shorewall.org/manpages/shorewall-interfaces.html +\%https://shorewall.org/manpages//manpages/shorewall-interfaces.html .RE .IP " 3." 4 shorewall-zones .RS 4 -\%https://shorewall.org/manpages/shorewall-zones.html +\%https://shorewall.org/manpages//manpages/shorewall-zones.html .RE .IP " 4." 4 shorewall-routes .RS 4 -\%https://shorewall.org/manpages/shorewall-routes.html +\%https://shorewall.org/manpages//manpages/shorewall-routes.html .RE .IP " 5." 4 logging backend .RS 4 -\%https://shorewall.org/shorewall_logging.html#Backends +\%https://shorewall.org/manpages//shorewall_logging.html#Backends .RE .IP " 6." 4 shorewall.conf .RS 4 -\%https://shorewall.orgshorewall.conf.html +\%https://shorewall.org/manpages/shorewall.conf.html .RE .IP " 7." 4 shorewall-accounting .RS 4 -\%https://shorewall.org/manpages/shorewall-accounting.html +\%https://shorewall.org/manpages//manpages/shorewall-accounting.html .RE .IP " 8." 4 shorewall-routestopped .RS 4 -\%https://shorewall.org/manpages/shorewall-routestopped.html +\%https://shorewall.org/manpages//manpages/shorewall-routestopped.html .RE .IP " 9." 4 -http://www.shorewall.org/starting_and_stopping_shorewall.htm +https://shorewall.org/starting_and_stopping_shorewall.htm .RS 4 -\%https://shorewall.org/starting_and_stopping_shorewall.htm +\%https://shorewall.org/manpages//starting_and_stopping_shorewall.htm .RE .IP "10." 4 shorewall-files(5) .RS 4 -\%https://shorewall.orgshorewall-files.html +\%https://shorewall.org/manpages/shorewall-files.html .RE .IP "11." 4 shorewall-names(5) .RS 4 -\%https://shorewall.orgshorewall-names.html +\%https://shorewall.org/manpages/shorewall-names.html .RE .IP "12." 4 shorewall-addresses(5) .RS 4 -\%https://shorewall.orgshorewall-addresses.html +\%https://shorewall.org/manpages/shorewall-addresses.html .RE .IP "13." 4 shorewall-exclusion(5) .RS 4 -\%https://shorewall.orgshorewall-exclusion.html +\%https://shorewall.org/manpages/shorewall-exclusion.html .RE .IP "14." 4 shorewall-nesting(5) .RS 4 -\%https://shorewall.orgshorewall-nesting.html +\%https://shorewall.org/manpages/shorewall-nesting.html .RE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/releasenotes.txt new/shorewall-core-5.2.4.2/releasenotes.txt --- old/shorewall-core-5.2.4/releasenotes.txt 2020-03-21 22:40:32.000000000 +0100 +++ new/shorewall-core-5.2.4.2/releasenotes.txt 2020-04-19 18:08:48.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 5 . 2 . 4 + S H O R E W A L L 5 . 2 . 4 . 2 ------------------------------- - M A R C H 2 4 , 2 0 1 9 + A P R I L 2 0 , 2 0 1 9 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -13,6 +13,46 @@ ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +5.2.4.2 + +1) This release corrects two problems associated with Debian + Shorewall-init when IFUPDOWN=1 in the Shorewall-init + configuration file (/etc/default/shorewall-init): + + a) Down events were ignored when Network Manager was being used. + + b) Up events were processed twice when a dual-stack interface + was brought up. + + Both problems have been corrected. To make the fixes effective, + it is necessary to recompile the firewall script (shorewall[6] + compile, start, restart or reload). + +5.2.4.1 + +1) The web site and documentation have been improved to correct some + invalid links in the manpages (including the manpages released + in Shorewall components) and to link directly to the current + website at https://shorewall.org. (Tuomo Soini) + +2) Cautions regarding SAVE_IPSETS have been added to the ipsets + article. + +3) OpenSuSE users running systemd have complained that the firewalls + are stopped after a Shorewall product upgrade. The problem is that + OpenSuSE restarts all running products that have been + upgraded. Recall that 'systemctl restart' is equivalent to + 'systemctl stop && systemctl start'. But starting Shorewall-init + results in the firewall products specified in the Shorewall-init + config file to be stopped. To address this issue, Shorewall-init + will now ignore 'start' and 'stop' commands, for running firewalls + (Tuomo Soini). + +4) On Redhat-based system and on OpenSuSE, extraneous Shorewall-init + log messages regarding invalid commands were being issued. These + harmless messages are now suppressed (Tuomo Soini). + +5.2.4 Final 1) Previously, when a Shorewall6 firewall was placed into the 'stopped' state, ICMP6 packets required by RFC 4890 were not diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/shorewall new/shorewall-core-5.2.4.2/shorewall --- old/shorewall-core-5.2.4/shorewall 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/shorewall 2020-04-18 21:44:19.000000000 +0200 @@ -5,7 +5,7 @@ # (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014,2015-2017 # Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/shorewall-core.spec new/shorewall-core-5.2.4.2/shorewall-core.spec --- old/shorewall-core-5.2.4/shorewall-core.spec 2020-03-21 22:40:32.000000000 +0100 +++ new/shorewall-core-5.2.4.2/shorewall-core.spec 2020-04-19 18:08:48.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-core %define version 5.2.4 -%define release 0base +%define release 2 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -69,6 +69,10 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt %changelog +* Sat Apr 18 2020 Tom Eastep <[email protected]> +- Updated to 5.2.4-2 +* Fri Mar 27 2020 Tom Eastep <[email protected]> +- Updated to 5.2.4-1 * Tue Mar 17 2020 Tom Eastep <[email protected]> - Updated to 5.2.4-0base * Sat Mar 14 2020 Tom Eastep <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/uninstall.sh new/shorewall-core-5.2.4.2/uninstall.sh --- old/shorewall-core-5.2.4/uninstall.sh 2020-03-21 22:40:32.000000000 +0100 +++ new/shorewall-core-5.2.4.2/uninstall.sh 2020-04-19 18:08:48.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2000-2016 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=5.2.4 +VERSION=5.2.4.2 PRODUCT=shorewall-core Product="Shorewall Core" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-5.2.4/wait4ifup new/shorewall-core-5.2.4.2/wait4ifup --- old/shorewall-core-5.2.4/wait4ifup 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-core-5.2.4.2/wait4ifup 2020-04-18 21:44:19.000000000 +0200 @@ -6,7 +6,7 @@ # # This file is installed in /usr/share/shorewall/wait4ifup # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # ++++++ shorewall-docs-html-5.2.4.tar.bz2 -> shorewall-docs-html-5.2.4.2.tar.bz2 ++++++ ++++ 4190 lines of diff (skipped) ++++++ shorewall-init-5.2.4.tar.bz2 -> shorewall-init-5.2.4.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/changelog.txt new/shorewall-init-5.2.4.2/changelog.txt --- old/shorewall-init-5.2.4/changelog.txt 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/changelog.txt 2020-04-19 18:08:49.000000000 +0200 @@ -1,3 +1,33 @@ +Changes in 5.2.4.2 + +1) Update release documents + +2) Correct handling of 'down' events on Debian where IFUPDOWN=1 + in the Shorewall-init configuration file + (/etc/default/shorewall-init). + +3) Avoid dupicate 'up' events when a dual-stack interface comes + on Debian with Shorewall-init IFUPDOWN=1. + +Changes in 5.2.4.1 + +1) Update release documents + +2) Correct HTTP links to point to the current project website. + +3) Use relative links in the website. + +4) Change URLs to point to the current web site. + +5) Sort specific hash keys and values if -t is specified. + +6) Add cautions to the ipsets document. + +7) Prevent firewalls from being cleared/stopped during OpenSuSE + upgrades. + +8) Avoid ifupdown extraneous log messages. + Changes in 5.2.4 Final 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/configure new/shorewall-init-5.2.4.2/configure --- old/shorewall-init-5.2.4/configure 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/configure 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2012,2014,2017 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=5.2.4 +VERSION=5.2.4.2 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/configure.pl new/shorewall-init-5.2.4.2/configure.pl --- old/shorewall-init-5.2.4/configure.pl 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/configure.pl 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2012, 2014 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '5.2.4' + VERSION => '5.2.4.2' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/ifupdown.debian.sh new/shorewall-init-5.2.4.2/ifupdown.debian.sh --- old/shorewall-init-5.2.4/ifupdown.debian.sh 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-init-5.2.4.2/ifupdown.debian.sh 2020-04-18 21:44:19.000000000 +0200 @@ -6,7 +6,7 @@ # # (c) 2010,2013 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License @@ -110,7 +110,7 @@ ;; *) # - # Debian ifupdown system + # Debian ifupdown system - MODE and INTERFACE inherited from the environment # INTERFACE="$IFACE" @@ -127,6 +127,17 @@ [ -n "$LOGFILE" ] || LOGFILE=/dev/null for PRODUCT in $PRODUCTS; do + if [ -n "$ADDRFAM" -a ${COMMAND} = up ]; then + case $PRODUCT in + *6*) + [ ${ADDRFAM} = inet6 ] || continue + ;; + *) + [ ${ADDRFAM} = inet ] || continue + ;; + esac + fi + setstatedir if [ -x $VARLIB/$PRODUCT/firewall ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/ifupdown.fedora.sh new/shorewall-init-5.2.4.2/ifupdown.fedora.sh --- old/shorewall-init-5.2.4/ifupdown.fedora.sh 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-init-5.2.4.2/ifupdown.fedora.sh 2020-04-18 21:44:19.000000000 +0200 @@ -6,7 +6,7 @@ # # (c) 2010,2013 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License @@ -90,7 +90,14 @@ COMMAND=down ;; *dispatcher.d*) - COMMAND="$2" + case "$2" in + up|down) + COMMAND="$2" + ;; + *) + exit 0 + ;; + esac ;; *) exit 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/ifupdown.suse.sh new/shorewall-init-5.2.4.2/ifupdown.suse.sh --- old/shorewall-init-5.2.4/ifupdown.suse.sh 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-init-5.2.4.2/ifupdown.suse.sh 2020-04-18 21:44:19.000000000 +0200 @@ -6,7 +6,7 @@ # # (c) 2010,2013 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License @@ -120,7 +120,14 @@ case $0 in *dispatcher.d*) INTERFACE="$1" - COMMAND="$2" + case "$2" in + up|down) + COMMAND="$2" + ;; + *) + exit 0 + ;; + esac ;; *if-up.d*) COMMAND=up diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/init.debian.sh new/shorewall-init-5.2.4.2/init.debian.sh --- old/shorewall-init-5.2.4/init.debian.sh 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-init-5.2.4.2/init.debian.sh 2020-04-18 21:44:19.000000000 +0200 @@ -8,7 +8,7 @@ # # On most distributions, this file should be called /etc/init.d/shorewall. # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/init.suse.sh new/shorewall-init-5.2.4.2/init.suse.sh --- old/shorewall-init-5.2.4/init.suse.sh 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-init-5.2.4.2/init.suse.sh 2020-04-18 21:44:19.000000000 +0200 @@ -7,7 +7,7 @@ # # On most distributions, this file should be called /etc/init.d/shorewall. # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/install.sh new/shorewall-init-5.2.4.2/install.sh --- old/shorewall-init-5.2.4/install.sh 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/install.sh 2020-04-19 18:08:48.000000000 +0200 @@ -5,7 +5,7 @@ # (c) 2000-2016 - Tom Eastep ([email protected]) # (c) 2010 - Roberto C. Sanchez ([email protected]) # -# Shorewall documentation is available at http://shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -27,7 +27,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=5.2.4 +VERSION=5.2.4.2 PRODUCT=shorewall-init Product="Shorewall Init" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/lib.installer new/shorewall-init-5.2.4.2/lib.installer --- old/shorewall-init-5.2.4/lib.installer 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/lib.installer 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # (c) 2017 - Tom Eastep ([email protected]) # (c) 2017 - Matt Darfeuille ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/lib.uninstaller new/shorewall-init-5.2.4.2/lib.uninstaller --- old/shorewall-init-5.2.4/lib.uninstaller 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/lib.uninstaller 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # (c) 2017 - Tom Eastep ([email protected]) # (c) 2017 - Matt Darfeuille ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/releasenotes.txt new/shorewall-init-5.2.4.2/releasenotes.txt --- old/shorewall-init-5.2.4/releasenotes.txt 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/releasenotes.txt 2020-04-19 18:08:49.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 5 . 2 . 4 + S H O R E W A L L 5 . 2 . 4 . 2 ------------------------------- - M A R C H 2 4 , 2 0 1 9 + A P R I L 2 0 , 2 0 1 9 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -13,6 +13,46 @@ ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +5.2.4.2 + +1) This release corrects two problems associated with Debian + Shorewall-init when IFUPDOWN=1 in the Shorewall-init + configuration file (/etc/default/shorewall-init): + + a) Down events were ignored when Network Manager was being used. + + b) Up events were processed twice when a dual-stack interface + was brought up. + + Both problems have been corrected. To make the fixes effective, + it is necessary to recompile the firewall script (shorewall[6] + compile, start, restart or reload). + +5.2.4.1 + +1) The web site and documentation have been improved to correct some + invalid links in the manpages (including the manpages released + in Shorewall components) and to link directly to the current + website at https://shorewall.org. (Tuomo Soini) + +2) Cautions regarding SAVE_IPSETS have been added to the ipsets + article. + +3) OpenSuSE users running systemd have complained that the firewalls + are stopped after a Shorewall product upgrade. The problem is that + OpenSuSE restarts all running products that have been + upgraded. Recall that 'systemctl restart' is equivalent to + 'systemctl stop && systemctl start'. But starting Shorewall-init + results in the firewall products specified in the Shorewall-init + config file to be stopped. To address this issue, Shorewall-init + will now ignore 'start' and 'stop' commands, for running firewalls + (Tuomo Soini). + +4) On Redhat-based system and on OpenSuSE, extraneous Shorewall-init + log messages regarding invalid commands were being issued. These + harmless messages are now suppressed (Tuomo Soini). + +5.2.4 Final 1) Previously, when a Shorewall6 firewall was placed into the 'stopped' state, ICMP6 packets required by RFC 4890 were not diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/shorewall-init new/shorewall-init-5.2.4.2/shorewall-init --- old/shorewall-init-5.2.4/shorewall-init 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-init-5.2.4.2/shorewall-init 2020-04-18 21:44:19.000000000 +0200 @@ -6,7 +6,7 @@ # On most distributions, this file should be called # /etc/init.d/shorewall. # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -93,7 +93,14 @@ printf "Clearing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do if setstatedir; then - ${STATEDIR}/firewall ${OPTIONS} clear + # + # Run in sub-shell to avoid name collisions + # + ( + if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then + ${STATEDIR}/firewall ${OPTIONS} clear + fi + ) fi done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/shorewall-init.spec new/shorewall-init-5.2.4.2/shorewall-init.spec --- old/shorewall-init-5.2.4/shorewall-init.spec 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/shorewall-init.spec 2020-04-19 18:08:49.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-init %define version 5.2.4 -%define release 0base +%define release 2 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -135,6 +135,10 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Apr 18 2020 Tom Eastep <[email protected]> +- Updated to 5.2.4-2 +* Fri Mar 27 2020 Tom Eastep <[email protected]> +- Updated to 5.2.4-1 * Tue Mar 17 2020 Tom Eastep <[email protected]> - Updated to 5.2.4-0base * Sat Mar 14 2020 Tom Eastep <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-5.2.4/uninstall.sh new/shorewall-init-5.2.4.2/uninstall.sh --- old/shorewall-init-5.2.4/uninstall.sh 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-init-5.2.4.2/uninstall.sh 2020-04-19 18:08:49.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=5.2.4 +VERSION=5.2.4.2 PRODUCT=shorewall-init Product="Shorewall Init" ++++++ shorewall-lite-5.2.4.tar.bz2 -> shorewall-lite-5.2.4.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/Shorewall-lite-targetname new/shorewall-lite-5.2.4.2/Shorewall-lite-targetname --- old/shorewall-lite-5.2.4/Shorewall-lite-targetname 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/Shorewall-lite-targetname 2020-04-18 21:44:19.000000000 +0200 @@ -1 +1 @@ -5.2.4-Beta1 \ No newline at end of file +5.2.4.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/changelog.txt new/shorewall-lite-5.2.4.2/changelog.txt --- old/shorewall-lite-5.2.4/changelog.txt 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/changelog.txt 2020-04-19 18:08:49.000000000 +0200 @@ -1,3 +1,33 @@ +Changes in 5.2.4.2 + +1) Update release documents + +2) Correct handling of 'down' events on Debian where IFUPDOWN=1 + in the Shorewall-init configuration file + (/etc/default/shorewall-init). + +3) Avoid dupicate 'up' events when a dual-stack interface comes + on Debian with Shorewall-init IFUPDOWN=1. + +Changes in 5.2.4.1 + +1) Update release documents + +2) Correct HTTP links to point to the current project website. + +3) Use relative links in the website. + +4) Change URLs to point to the current web site. + +5) Sort specific hash keys and values if -t is specified. + +6) Add cautions to the ipsets document. + +7) Prevent firewalls from being cleared/stopped during OpenSuSE + upgrades. + +8) Avoid ifupdown extraneous log messages. + Changes in 5.2.4 Final 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/configure new/shorewall-lite-5.2.4.2/configure --- old/shorewall-lite-5.2.4/configure 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/configure 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2012,2014,2017 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=5.2.4 +VERSION=5.2.4.2 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/configure.pl new/shorewall-lite-5.2.4.2/configure.pl --- old/shorewall-lite-5.2.4/configure.pl 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/configure.pl 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2012, 2014 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://www.shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '5.2.4' + VERSION => '5.2.4.2' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/init.openwrt.sh new/shorewall-lite-5.2.4.2/init.openwrt.sh --- old/shorewall-lite-5.2.4/init.openwrt.sh 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/init.openwrt.sh 2020-04-18 21:44:19.000000000 +0200 @@ -7,7 +7,7 @@ # # On most distributions, this file should be called /etc/init.d/shorewall. # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/init.sh new/shorewall-lite-5.2.4.2/init.sh --- old/shorewall-lite-5.2.4/init.sh 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/init.sh 2020-04-18 21:44:19.000000000 +0200 @@ -7,7 +7,7 @@ # # On most distributions, this file should be called /etc/init.d/shorewall. # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/init.suse.sh new/shorewall-lite-5.2.4.2/init.suse.sh --- old/shorewall-lite-5.2.4/init.suse.sh 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/init.suse.sh 2020-04-18 21:44:19.000000000 +0200 @@ -8,7 +8,7 @@ # # On most distributions, this file should be called /etc/init.d/shorewall. # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/install.sh new/shorewall-lite-5.2.4.2/install.sh --- old/shorewall-lite-5.2.4/install.sh 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/install.sh 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # # (c) 2000-2016 - Tom Eastep ([email protected]) # -# Shorewall documentation is available at http://shorewall.org +# Shorewall documentation is available at https://shorewall.org # # This program is part of Shorewall. # @@ -22,7 +22,7 @@ # along with this program; if not, see <http://www.gnu.org/licenses/>. # -VERSION=5.2.4 +VERSION=5.2.4.2 usage() # $1 = exit status { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/lib.base new/shorewall-lite-5.2.4.2/lib.base --- old/shorewall-lite-5.2.4/lib.base 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/lib.base 2020-04-18 21:44:19.000000000 +0200 @@ -3,7 +3,7 @@ # # (c) 2011,2014 - Tom Eastep ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/lib.installer new/shorewall-lite-5.2.4.2/lib.installer --- old/shorewall-lite-5.2.4/lib.installer 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/lib.installer 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # (c) 2017 - Tom Eastep ([email protected]) # (c) 2017 - Matt Darfeuille ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/lib.uninstaller new/shorewall-lite-5.2.4.2/lib.uninstaller --- old/shorewall-lite-5.2.4/lib.uninstaller 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/lib.uninstaller 2020-04-19 18:08:49.000000000 +0200 @@ -4,7 +4,7 @@ # (c) 2017 - Tom Eastep ([email protected]) # (c) 2017 - Matt Darfeuille ([email protected]) # -# Complete documentation is available at http://shorewall.org +# Complete documentation is available at https://shorewall.org # # This program is part of Shorewall. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/manpages/shorewall-lite-vardir.5 new/shorewall-lite-5.2.4.2/manpages/shorewall-lite-vardir.5 --- old/shorewall-lite-5.2.4/manpages/shorewall-lite-vardir.5 2020-03-21 22:42:04.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/manpages/shorewall-lite-vardir.5 2020-04-19 18:10:19.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 03/21/2020 +.\" Date: 04/19/2020 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\-VAR" "5" "03/21/2020" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\-VAR" "5" "04/19/2020" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/manpages/shorewall-lite.8 new/shorewall-lite-5.2.4.2/manpages/shorewall-lite.8 --- old/shorewall-lite-5.2.4/manpages/shorewall-lite.8 2020-03-21 22:42:05.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/manpages/shorewall-lite.8 2020-04-19 18:10:20.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 03/21/2020 +.\" Date: 04/19/2020 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-LITE" "8" "03/21/2020" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-LITE" "8" "04/19/2020" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -50,5 +50,5 @@ .IP " 1." 4 shorewall .RS 4 -\%https://shorewall.org/manpages/shorewall.html +\%https://shorewall.org/manpages//manpages/shorewall.html .RE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/manpages/shorewall-lite.conf.5 new/shorewall-lite-5.2.4.2/manpages/shorewall-lite.conf.5 --- old/shorewall-lite-5.2.4/manpages/shorewall-lite.conf.5 2020-03-21 22:42:04.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/manpages/shorewall-lite.conf.5 2020-04-19 18:10:19.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 03/21/2020 +.\" Date: 04/19/2020 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\&.CO" "5" "03/21/2020" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\&.CO" "5" "04/19/2020" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -123,6 +123,6 @@ /etc/shorewall\-lite/shorewall\&.conf .SH "SEE ALSO" .PP -\m[blue]\fBhttp://www\&.shorewall\&.org/Documentation_Index\&.html\fR\m[] +\m[blue]\fBhttps://shorewall\&.org/Documentation_Index\&.html\fR\m[] .PP shorewall\-lite(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall\-interfaces(5), shorewall\-ipsec(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-route_rules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/manpages/shorewall-lite.conf.xml new/shorewall-lite-5.2.4.2/manpages/shorewall-lite.conf.xml --- old/shorewall-lite-5.2.4/manpages/shorewall-lite.conf.xml 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/manpages/shorewall-lite.conf.xml 2020-04-18 21:44:19.000000000 +0200 @@ -183,7 +183,7 @@ <title>See ALSO</title> <para><ulink - url="http://www.shorewall.org/Documentation_Index.html";>http://www.shorewall.org/Documentation_Index.html</ulink></para> + url="https://shorewall.org/Documentation_Index.html";>https://shorewall.org/Documentation_Index.html</ulink></para> <para>shorewall-lite(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/releasenotes.txt new/shorewall-lite-5.2.4.2/releasenotes.txt --- old/shorewall-lite-5.2.4/releasenotes.txt 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/releasenotes.txt 2020-04-19 18:08:49.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 5 . 2 . 4 + S H O R E W A L L 5 . 2 . 4 . 2 ------------------------------- - M A R C H 2 4 , 2 0 1 9 + A P R I L 2 0 , 2 0 1 9 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -13,6 +13,46 @@ ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +5.2.4.2 + +1) This release corrects two problems associated with Debian + Shorewall-init when IFUPDOWN=1 in the Shorewall-init + configuration file (/etc/default/shorewall-init): + + a) Down events were ignored when Network Manager was being used. + + b) Up events were processed twice when a dual-stack interface + was brought up. + + Both problems have been corrected. To make the fixes effective, + it is necessary to recompile the firewall script (shorewall[6] + compile, start, restart or reload). + +5.2.4.1 + +1) The web site and documentation have been improved to correct some + invalid links in the manpages (including the manpages released + in Shorewall components) and to link directly to the current + website at https://shorewall.org. (Tuomo Soini) + +2) Cautions regarding SAVE_IPSETS have been added to the ipsets + article. + +3) OpenSuSE users running systemd have complained that the firewalls + are stopped after a Shorewall product upgrade. The problem is that + OpenSuSE restarts all running products that have been + upgraded. Recall that 'systemctl restart' is equivalent to + 'systemctl stop && systemctl start'. But starting Shorewall-init + results in the firewall products specified in the Shorewall-init + config file to be stopped. To address this issue, Shorewall-init + will now ignore 'start' and 'stop' commands, for running firewalls + (Tuomo Soini). + +4) On Redhat-based system and on OpenSuSE, extraneous Shorewall-init + log messages regarding invalid commands were being issued. These + harmless messages are now suppressed (Tuomo Soini). + +5.2.4 Final 1) Previously, when a Shorewall6 firewall was placed into the 'stopped' state, ICMP6 packets required by RFC 4890 were not diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/shorewall-lite.conf new/shorewall-lite-5.2.4.2/shorewall-lite.conf --- old/shorewall-lite-5.2.4/shorewall-lite.conf 2020-03-21 22:37:59.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/shorewall-lite.conf 2020-04-18 21:44:19.000000000 +0200 @@ -8,7 +8,7 @@ # "man shorewall-lite.conf" # # Manpage also online at -# http://www.shorewall.org/manpages/shorewall-lite.conf.html +# https://shorewall.org/manpages/shorewall-lite.conf.html ############################################################################### # N 0 T E ############################################################################### diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/shorewall-lite.spec new/shorewall-lite-5.2.4.2/shorewall-lite.spec --- old/shorewall-lite-5.2.4/shorewall-lite.spec 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/shorewall-lite.spec 2020-04-19 18:08:49.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 5.2.4 -%define release 0base +%define release 2 %define initdir /etc/init.d Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. @@ -114,6 +114,10 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Apr 18 2020 Tom Eastep <[email protected]> +- Updated to 5.2.4-2 +* Fri Mar 27 2020 Tom Eastep <[email protected]> +- Updated to 5.2.4-1 * Tue Mar 17 2020 Tom Eastep <[email protected]> - Updated to 5.2.4-0base * Sat Mar 14 2020 Tom Eastep <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-5.2.4/uninstall.sh new/shorewall-lite-5.2.4.2/uninstall.sh --- old/shorewall-lite-5.2.4/uninstall.sh 2020-03-21 22:40:33.000000000 +0100 +++ new/shorewall-lite-5.2.4.2/uninstall.sh 2020-04-19 18:08:49.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=5.2.4 +VERSION=5.2.4.2 usage() # $1 = exit status { ++++++ shorewall-5.2.4.tar.bz2 -> shorewall6-5.2.4.2.tar.bz2 ++++++ ++++ 122218 lines of diff (skipped) ++++++ shorewall-lite-5.2.4.tar.bz2 -> shorewall6-lite-5.2.4.2.tar.bz2 ++++++ ++++ 3160 lines of diff (skipped)
