summaryrefslogtreecommitdiff
path: root/network/shorewall/patch-4.4.7.1
diff options
context:
space:
mode:
Diffstat (limited to 'network/shorewall/patch-4.4.7.1')
-rw-r--r--network/shorewall/patch-4.4.7.1167
1 files changed, 0 insertions, 167 deletions
diff --git a/network/shorewall/patch-4.4.7.1 b/network/shorewall/patch-4.4.7.1
deleted file mode 100644
index 966e83c3cf..0000000000
--- a/network/shorewall/patch-4.4.7.1
+++ /dev/null
@@ -1,167 +0,0 @@
-diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/changelog.txt shorewall-4.4.7.1/changelog.txt
---- shorewall-4.4.7/changelog.txt 2010-02-11 07:29:41.000000000 -0800
-+++ shorewall-4.4.7.1/changelog.txt 2010-02-13 07:28:22.000000000 -0800
-@@ -1,3 +1,7 @@
-+Changes in Shorewall 4.4.7-1
-+
-+1) Don't apply rate limiting twice in NAT rules.
-+
- Changes in Shorewall 4.4.7
-
- 1) Backport optimization changes from 4.5.
-diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/install.sh shorewall-4.4.7.1/install.sh
---- shorewall-4.4.7/install.sh 2010-02-11 07:29:41.000000000 -0800
-+++ shorewall-4.4.7.1/install.sh 2010-02-13 07:28:22.000000000 -0800
-@@ -22,7 +22,7 @@
- # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- #
-
--VERSION=4.4.7
-+VERSION=4.4.7.1
-
- usage() # $1 = exit status
- {
-diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/known_problems.txt shorewall-4.4.7.1/known_problems.txt
---- shorewall-4.4.7/known_problems.txt 2010-02-11 07:29:41.000000000 -0800
-+++ shorewall-4.4.7.1/known_problems.txt 2010-02-13 07:28:22.000000000 -0800
-@@ -1 +1,5 @@
--There are no known problems in Shorewall 4.4.7.
-+1) All versions of Shorewall-perl mishandle per-IP rate limiting in
-+ REDIRECT and DNAT rules. The effective rate and burst are 1/2 of
-+ the values given in the rule.
-+
-+ Corrected in 4.4.7.1
-diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/Perl/Shorewall/Config.pm shorewall-4.4.7.1/Perl/Shorewall/Config.pm
---- shorewall-4.4.7/Perl/Shorewall/Config.pm 2010-02-11 07:29:41.000000000 -0800
-+++ shorewall-4.4.7.1/Perl/Shorewall/Config.pm 2010-02-13 07:28:22.000000000 -0800
-@@ -337,7 +337,7 @@
- TC_SCRIPT => '',
- EXPORT => 0,
- UNTRACKED => 0,
-- VERSION => "4.4.7",
-+ VERSION => "4.4.7.1",
- CAPVERSION => 40407 ,
- );
-
-diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/Perl/Shorewall/Rules.pm shorewall-4.4.7.1/Perl/Shorewall/Rules.pm
---- shorewall-4.4.7/Perl/Shorewall/Rules.pm 2010-02-11 07:29:41.000000000 -0800
-+++ shorewall-4.4.7.1/Perl/Shorewall/Rules.pm 2010-02-13 07:28:22.000000000 -0800
-@@ -1182,13 +1182,25 @@
- #
- # Generate Fixed part of the rule
- #
-- $rule = join( '',
-- do_proto($proto, $ports, $sports),
-- do_ratelimit( $ratelimit, $basictarget ) ,
-- do_user( $user ) ,
-- do_test( $mark , $globals{TC_MASK} ) ,
-- do_connlimit( $connlimit ),
-- do_time( $time ) );
-+ if ( ( $actiontype & ( NATRULE | NATONLY ) ) == NATRULE ) {
-+ #
-+ # Don't apply rate limiting twice
-+ #
-+ $rule = join( '',
-+ do_proto($proto, $ports, $sports),
-+ do_user( $user ) ,
-+ do_test( $mark , $globals{TC_MASK} ) ,
-+ do_connlimit( $connlimit ),
-+ do_time( $time ) );
-+ } else {
-+ $rule = join( '',
-+ do_proto($proto, $ports, $sports),
-+ do_ratelimit( $ratelimit, $basictarget ) ,
-+ do_user( $user ) ,
-+ do_test( $mark , $globals{TC_MASK} ) ,
-+ do_connlimit( $connlimit ),
-+ do_time( $time ) );
-+ }
-
- unless ( $section eq 'NEW' ) {
- fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT};
-diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/releasenotes.txt shorewall-4.4.7.1/releasenotes.txt
---- shorewall-4.4.7/releasenotes.txt 2010-02-11 07:29:41.000000000 -0800
-+++ shorewall-4.4.7.1/releasenotes.txt 2010-02-13 07:28:22.000000000 -0800
-@@ -1,4 +1,4 @@
--Shorewall 4.4.7
-+Shorewall 4.4.7 Patch Release 1.
-
- ----------------------------------------------------------------------------
- R E L E A S E 4 . 4 H I G H L I G H T S
-@@ -184,7 +184,15 @@
- one from the release (not recommended).
-
- ----------------------------------------------------------------------------
-- P R O B L E M S C O R R E C T E D I N 4 . 4 . 7
-+ P R O B L E M S C O R R E C T E D I N 4 . 4 . 7 . 1
-+----------------------------------------------------------------------------
-+
-+1) All versions of Shorewall-perl mishandle per-IP rate limiting in
-+ REDIRECT and DNAT rules. The effective rate and burst are 1/2 of
-+ the values given in the rule.
-+
-+----------------------------------------------------------------------------
-+ P R O B L E M S C O R R E C T E D I N 4 . 4 . 7
- ----------------------------------------------------------------------------
-
- 1) The tcinterfaces and tcpri files are now installed by the
-@@ -211,12 +219,19 @@
-
- 5) Previously, specifying a TYPE in /etc/shorewall/tcinterfaces would
- cause start/restart to fail on systems lacking 'flow' classifier
-- support. While we currently know of no safe way to test for that
-- support, in Shorewall 4.4.7 we use other hints to surmise that the
-- installed toolset is likely to be too old to support 'flow' and
-- simply ignore the TYPE setting. In particular, RHEL5 and
-- derivatives no lonter experience a startup failure when TYPE is
-- specified.
-+ support. In Shorewall 4.4.7, we detect the ability of the 'tc'
-+ utility to support that classifier.
-+
-+ There are two caveats:
-+
-+ - 'tc' may support 'flow' but the kernel does not. In that case,
-+ start/restart will still fail.
-+
-+ - If you use a capabilities file, you will need to regenerate the
-+ file using shorewall-lite 4.4.7 in order for 'flow' to be
-+ accurately detected. If you do not regenerate the file, the
-+ compiler will use other hints to try to determine if 'flow' is
-+ available.
-
- ----------------------------------------------------------------------------
- K N O W N P R O B L E M S R E M A I N I N G
-diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/shorewall.spec shorewall-4.4.7.1/shorewall.spec
---- shorewall-4.4.7/shorewall.spec 2010-02-11 07:29:41.000000000 -0800
-+++ shorewall-4.4.7.1/shorewall.spec 2010-02-13 07:28:22.000000000 -0800
-@@ -1,6 +1,6 @@
- %define name shorewall
- %define version 4.4.7
--%define release 0base
-+%define release 1
-
- Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
- Name: %{name}
-@@ -107,6 +107,10 @@
- %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
-
- %changelog
-+* Sat Feb 13 2010 Tom Eastep tom@shorewall.net
-+- Updated to 4.4.7-1
-+* Thu Feb 11 2010 Tom Eastep tom@shorewall.net
-+- Updated to 4.4.7-0base
- * Fri Feb 05 2010 Tom Eastep tom@shorewall.net
- - Updated to 4.4.7-0base
- * Tue Feb 02 2010 Tom Eastep tom@shorewall.net
-diff -Naur -X /usr/local/bin/exclude.txt shorewall-4.4.7/uninstall.sh shorewall-4.4.7.1/uninstall.sh
---- shorewall-4.4.7/uninstall.sh 2010-02-11 07:29:41.000000000 -0800
-+++ shorewall-4.4.7.1/uninstall.sh 2010-02-13 07:28:22.000000000 -0800
-@@ -26,7 +26,7 @@
- # You may only use this script to uninstall the version
- # shown below. Simply run this script to remove Shorewall Firewall
-
--VERSION=4.4.7
-+VERSION=4.4.7.1
-
- usage() # $1 = exit status
- {