openSUSE Commits
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
October 2012
- 1 participants
- 1367 discussions
Hello community,
here is the log from the commit of package blender for openSUSE:Factory checked in at 2012-10-31 13:46:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/blender (Old)
and /work/SRC/openSUSE:Factory/.blender.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "blender", Maintainer is "PNemec(a)novell.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/blender/blender.changes 2012-08-01 06:59:35.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.blender.new/blender.changes 2012-10-31 13:46:42.000000000 +0100
@@ -1,0 +2,18 @@
+Mon Oct 29 16:08:44 UTC 2012 - p.drouand(a)gmail.com
+
+- Update to version 2.64a:
+ + See
+ http://www.blender.org/development/release-logs/blender-263/
+ for upstream changes.
+- Update fix-locale-files-path patch for 2.64 version
+- Remove unneeded fedora conditional macros
+- Add python3 version option on configure cmake
+- Add a patch to correct python development files on Factory
+- Fix build for Factory
+
+-------------------------------------------------------------------
+Fri Sep 21 08:44:42 UTC 2012 - idonmez(a)suse.com
+
+- Add explicit glu dependency
+
+-------------------------------------------------------------------
Old:
----
blender-2.63a.tar.gz
blender-fix-locale-files-path.patch
New:
----
blender-2.58-python_include.patch
blender-2.64a-fix-locale-files-path.patch
blender-2.64a.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ blender.spec ++++++
--- /var/tmp/diff_new_pack.SZiK7x/_old 2012-10-31 13:46:48.000000000 +0100
+++ /var/tmp/diff_new_pack.SZiK7x/_new 2012-10-31 13:46:48.000000000 +0100
@@ -15,12 +15,6 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-
-%global __python %{__python3}
-
-# [Fedora] Turn off the brp-python-bytecompile script
-%global __os_install_post %(echo '%{__os_install_post}' | sed -e 's!/usr/lib[^[:space:]]*/brp-python-bytecompile[[:space:]].*$!!g')
-
%define collada 1
%define wplayer 1
%define documentation 0
@@ -28,12 +22,10 @@
# Use rpmbuild -D 'DISTRIBUTABLE 0' to build original code.
%define DISTRIBUTABLE 1
-%global svnrev 44995
-
Name: blender
-Version: 2.63a
+Version: 2.64a
Release: 0
-%define _version 2.63
+%define _version 2.64
Summary: A 3D Modelling And Rendering Package
License: GPL-2.0+
Group: Productivity/Graphics/3D Editors
@@ -48,21 +40,8 @@
Source6: blender.xpm
Source7: x-blend.desktop
Source8: blender-getversion.py
-Patch0: blender-fix-locale-files-path.patch
-%if 0%{?fedora}
-BuildRequires: expat-devel
-BuildRequires: fftw-devel
-BuildRequires: freetype-devel
-BuildRequires: gcc-c++
-BuildRequires: gettext
-BuildRequires: libX11-devel
-BuildRequires: libXi-devel
-BuildRequires: libstdc++-devel
-BuildRequires: mesa-libGLw-devel
-BuildRequires: pkgconfig
-BuildRequires: python3-devel
-BuildRequires: xorg-x11-proto-devel
-%else
+Patch0: blender-%{version}-fix-locale-files-path.patch
+Patch1: blender-2.58-python_include.patch
BuildRequires: gettext-tools
%if 0%{?suse_version} > 1210
BuildRequires: libGLw-devel
@@ -77,7 +56,6 @@
%if %documentation == 1
Recommends: blender-doc
%endif
-%endif
# libquicktime-devel
BuildRequires: OpenEXR-devel
BuildRequires: SDL-devel
@@ -104,6 +82,7 @@
BuildRequires: libtool
BuildRequires: libvorbis-devel
BuildRequires: lzo-devel
+BuildRequires: libjpeg8-devel
BuildRequires: openal-soft-devel
BuildRequires: openssl-devel
BuildRequires: openssl-devel
@@ -117,12 +96,8 @@
BuildRequires: xz-devel
BuildRequires: yasm
BuildRequires: yasm-devel
+BuildRequires: pkgconfig(glu)
BuildRequires: pkgconfig(libxml-2.0)
-%if 0%{?fedora} >= 14
-BuildRequires: libjpeg62-devel
-%else
-BuildRequires: libjpeg-devel
-%endif
%if 0%{?collada} == 1
BuildRequires: openCOLLADA-devel >= svn838
%endif
@@ -130,9 +105,6 @@
BuildRequires: liblcms-devel
# See bnc#713346
Requires: python3-xml
-%if %DISTRIBUTABLE <= 0
-BuildRequires: libffmpeg-devel
-%endif
%description
Blender is a 3D modelling and rendering package. It is the in-house
@@ -173,6 +145,7 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%if %DISTRIBUTABLE == 1
rm -rf release/scripts/presets/ffmpeg
@@ -203,20 +176,17 @@
-DWITH_PYTHON:BOOL=on \
-DWITH_PYTHON_INSTALL:BOOL=off \
-DWITH_GAMEENGINE:BOOL=ON \
-%if %DISTRIBUTABLE == 1
- -DWITH_CODEC_FFMPEG:BOOL=off \
-%else
- -DWITH_CODEC_FFMPEG:BOOL=on \
-%endif
- -DWITH_CXX_GUARDEDALLOC:BOOL=off \
-%if %wplayer == 1
+ -DWITH_CYCLES:BOOL=OFF \
-DWITH_PLAYER:BOOL=on \
-%else
- -DWITH_PLAYER:BOOL=off \
-%endif
-DWITH_INSTALL_PORTABLE:BOOL=OFF \
-DWITH_BUILTIN_GLEW:BOOL=OFF \
-DWITH_MOD_OCEANSIM:BOOL=OFF \
+%if 0%{?suse_version} > 1220
+ -DPYTHON_VERSION=3.3 \
+ -DPYTHON_LIBPATH=/usr/lib \
+ -DPYTHON_LIBRARY=python3.3m \
+ -DPYTHON_INCLUDE_DIRS=/usr/include/python3.3m \
+%endif
-DCMAKE_INSTALL_PREFIX:PATH=%{_prefix}
make %{?_smp_mflags}
++++++ blender-2.58-python_include.patch ++++++
diff -Naur blender-2.58.orig/CMakeLists.txt blender-2.58/CMakeLists.txt
--- blender-2.58.orig/CMakeLists.txt 2011-08-05 14:45:26.776618379 -0500
+++ blender-2.58/CMakeLists.txt 2011-08-05 14:47:21.562887635 -0500
@@ -307,6 +307,7 @@
# Use our own instead, since wothout py is such a rare case,
# require this package
find_package(PythonLibsUnix REQUIRED)
+ set(PYTHON_INCLUDE_DIRS ${PYTHON_INCLUDE_DIR})
endif()
++++++ blender-2.64a-fix-locale-files-path.patch ++++++
Index: blender-2.64a/source/creator/CMakeLists.txt
===================================================================
--- blender-2.64a.orig/source/creator/CMakeLists.txt
+++ blender-2.64a/source/creator/CMakeLists.txt
@@ -294,11 +294,16 @@
if(WITH_INTERNATIONAL)
install(
DIRECTORY
- ${CMAKE_SOURCE_DIR}/release/datafiles/locale
${CMAKE_SOURCE_DIR}/release/datafiles/fonts
DESTINATION ${TARGETDIR_VER}/datafiles
PATTERN ".svn" EXCLUDE
)
+ install(
+ DIRECTORY
+ ${CMAKE_SOURCE_DIR}/release/datafiles/locale
+ DESTINATION ${CMAKE_INSTALL_PREFIX}/share
+ PATTERN ".svn" EXCLUDE
+ )
endif()
# color management
Index: blender-2.64a/release/environment-unix
===================================================================
--- blender-2.64a.orig/release/environment-unix
+++ blender-2.64a/release/environment-unix
@@ -11,7 +11,7 @@
BLENDER_USER_BASE=${HOME}/.blender/${BLENDER_VERSION}
BLENDER_SYSTEM_BASE=${BLENDER_SHARE}/${BLENDER_VERSION}
BLENDER_USER_DATAFILES=${HOME}/.blender/${BLENDER_VERSION}/datafiles
-BLENDER_SYSTEM_DATAFILES=${BLENDER_SHARE}/${BLENDER_VERSION}/datafiles
+BLENDER_SYSTEM_DATAFILES=/usr/share
BLENDER_USER_PY=${HOME}/.blender/${BLENDER_VERSION}/py
BLENDER_SYSTEM_PY=${BLENDER_SHARE}/${BLENDER_VERSION}/py
BLENDER_USER_PLUGINS=${HOME}/.blender/${BLENDER_VERSION}/plugins
Index: blender-2.63a/source/blender/blenfont/intern/blf_lang.c
===================================================================
--- blender-2.64a.orig/source/blender/blenfont/intern/blf_lang.c
+++ blender-2.64a/source/blender/blenfont/intern/blf_lang.c
@@ -113,17 +113,7 @@
void BLF_lang_init(void)
{
- char *messagepath = BLI_get_folder(BLENDER_DATAFILES, "locale");
-
- BLI_strncpy(global_encoding_name, SYSTEM_ENCODING_DEFAULT, sizeof(global_encoding_name));
-
- if (messagepath) {
- BLI_strncpy(global_messagepath, messagepath, sizeof(global_messagepath));
- }
- else {
- printf("%s: 'locale' data path for translations not found, continuing\n", __func__);
- global_messagepath[0] = '\0';
- }
+ *global_messagepath = "/usr/share/locale/";
}
/* Get LANG/LANGUAGE environment variable. */
Index: blender-2.64a/source/blender/blenlib/intern/path_util.c
===================================================================
--- blender-2.64a.orig/source/blender/blenlib/intern/path_util.c
+++ blender-2.64a/source/blender/blenlib/intern/path_util.c
@@ -983,38 +983,6 @@
char system_path[FILE_MAX];
const char *system_base_path;
-
- /* first allow developer only overrides to the system path
- * these are only used when running blender from source */
- char cwd[FILE_MAX];
- char relfolder[FILE_MAX];
-
- if (folder_name) {
- if (subfolder_name) {
- BLI_join_dirfile(relfolder, sizeof(relfolder), folder_name, subfolder_name);
- }
- else {
- BLI_strncpy(relfolder, folder_name, sizeof(relfolder));
- }
- }
- else {
- relfolder[0] = '\0';
- }
-
- /* try CWD/release/folder_name */
- if (BLI_current_working_dir(cwd, sizeof(cwd))) {
- if (test_path(targetpath, cwd, "release", relfolder)) {
- return 1;
- }
- }
-
- /* try EXECUTABLE_DIR/release/folder_name */
- if (test_path(targetpath, bprogdir, "release", relfolder))
- return 1;
- /* end developer overrides */
-
-
-
system_path[0] = '\0';
if (test_env_path(system_path, envvar)) {
++++++ blender-2.63a.tar.gz -> blender-2.64a.tar.gz ++++++
/work/SRC/openSUSE:Factory/blender/blender-2.63a.tar.gz /work/SRC/openSUSE:Factory/.blender.new/blender-2.64a.tar.gz differ: char 5, line 1
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package yast2 for openSUSE:Factory checked in at 2012-10-31 07:04:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2 (Old)
and /work/SRC/openSUSE:Factory/.yast2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2", Maintainer is "jsrain(a)suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2/yast2.changes 2012-10-26 17:38:04.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.yast2.new/yast2.changes 2012-10-31 07:04:43.000000000 +0100
@@ -1,0 +2,14 @@
+Tue Oct 30 08:26:28 CET 2012 - jsuchome(a)suse.cz
+
+- Kernel::InformAboutKernelChange - always return boolean
+- fixed build dependencies
+- 2.23.10
+
+-------------------------------------------------------------------
+Mon Oct 29 14:52:40 CET 2012 - jsuchome(a)suse.cz
+
+- use Kernel::InformAboutKernelChange after package installation
+- do not read SuSEconfig log
+- 2.23.9
+
+-------------------------------------------------------------------
Old:
----
yast2-2.23.8.tar.bz2
New:
----
yast2-2.23.10.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2.spec ++++++
--- /var/tmp/diff_new_pack.UuZOfT/_old 2012-10-31 07:04:44.000000000 +0100
+++ /var/tmp/diff_new_pack.UuZOfT/_new 2012-10-31 07:04:44.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2
-Version: 2.23.8
+Version: 2.23.10
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-2.23.8.tar.bz2 -> yast2-2.23.10.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/VERSION new/yast2-2.23.10/VERSION
--- old/yast2-2.23.8/VERSION 2012-10-25 14:13:13.000000000 +0200
+++ new/yast2-2.23.10/VERSION 2012-10-30 08:00:46.000000000 +0100
@@ -1 +1 @@
-2.23.8
+2.23.10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/configure new/yast2-2.23.10/configure
--- old/yast2-2.23.8/configure 2012-10-18 14:54:04.000000000 +0200
+++ new/yast2-2.23.10/configure 2012-10-30 08:05:18.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for yast2 2.23.6.
+# Generated by GNU Autoconf 2.69 for yast2 2.23.10.
#
# Report bugs to <http://bugs.opensuse.org/>.
#
@@ -579,8 +579,8 @@
# Identity of this package.
PACKAGE_NAME='yast2'
PACKAGE_TARNAME='yast2'
-PACKAGE_VERSION='2.23.6'
-PACKAGE_STRING='yast2 2.23.6'
+PACKAGE_VERSION='2.23.10'
+PACKAGE_STRING='yast2 2.23.10'
PACKAGE_BUGREPORT='http://bugs.opensuse.org/'
PACKAGE_URL=''
@@ -1250,7 +1250,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures yast2 2.23.6 to adapt to many kinds of systems.
+\`configure' configures yast2 2.23.10 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1321,7 +1321,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of yast2 2.23.6:";;
+ short | recursive ) echo "Configuration of yast2 2.23.10:";;
esac
cat <<\_ACEOF
@@ -1401,7 +1401,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-yast2 configure 2.23.6
+yast2 configure 2.23.10
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1418,7 +1418,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by yast2 $as_me 2.23.6, which was
+It was created by yast2 $as_me 2.23.10, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2357,7 +2357,7 @@
# Define the identity of the package.
PACKAGE='yast2'
- VERSION='2.23.6'
+ VERSION='2.23.10'
cat >>confdefs.h <<_ACEOF
@@ -2480,7 +2480,7 @@
-VERSION="2.23.6"
+VERSION="2.23.10"
RPMNAME="yast2"
MAINTAINER="Jiri Srain <jsrain(a)suse.cz>"
@@ -3522,7 +3522,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by yast2 $as_me 2.23.6, which was
+This file was extended by yast2 $as_me 2.23.10, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -3575,7 +3575,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-yast2 config.status 2.23.6
+yast2 config.status 2.23.10
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/configure.in new/yast2-2.23.10/configure.in
--- old/yast2-2.23.8/configure.in 2012-10-18 14:54:00.000000000 +0200
+++ new/yast2-2.23.10/configure.in 2012-10-30 08:05:14.000000000 +0100
@@ -3,7 +3,7 @@
dnl -- This file is generated by y2autoconf 2.23.0 - DO NOT EDIT! --
dnl (edit configure.in.in instead)
-AC_INIT(yast2, 2.23.6, http://bugs.opensuse.org/, yast2)
+AC_INIT(yast2, 2.23.10, http://bugs.opensuse.org/, yast2)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])
@@ -18,7 +18,7 @@
AM_INIT_AUTOMAKE(tar-ustar -Wno-portability)
dnl Important YaST2 variables
-VERSION="2.23.6"
+VERSION="2.23.10"
RPMNAME="yast2"
MAINTAINER="Jiri Srain <jsrain(a)suse.cz>"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/library/modules/Version.ycp new/yast2-2.23.10/library/modules/Version.ycp
--- old/yast2-2.23.8/library/modules/Version.ycp 2012-10-25 14:13:17.000000000 +0200
+++ new/yast2-2.23.10/library/modules/Version.ycp 2012-10-30 08:05:24.000000000 +0100
@@ -20,7 +20,7 @@
/**
* Version of the yast2 package
*/
-global string yast2 = "2.23.8";
+global string yast2 = "2.23.10";
/* EOF */
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/library/network/src/Makefile.am new/yast2-2.23.10/library/network/src/Makefile.am
--- old/yast2-2.23.8/library/network/src/Makefile.am 2012-10-18 10:31:39.000000000 +0200
+++ new/yast2-2.23.10/library/network/src/Makefile.am 2012-10-30 08:26:03.000000000 +0100
@@ -10,6 +10,6 @@
EXTRA_DIST = $(client_DATA) $(ynclude_DATA) $(module_DATA)
-# runlevel: Service, wizard: Report, Progress
-YCPCFLAGS = -M ../../types/src -M ../../modules -M ../../runlevel/src -M ../../wizard/src -M ../../cwm/src -M ../../control/src -M ../../xml/src -M ../../commandline/src -M ../../packages/src -M ../../desktop/src
+# runlevel: Service, wizard: Report, Progress, system: Kernel
+YCPCFLAGS = -M ../../types/src -M ../../modules -M ../../runlevel/src -M ../../wizard/src -M ../../cwm/src -M ../../control/src -M ../../xml/src -M ../../commandline/src -M ../../packages/src -M ../../desktop/src -M ../../system/src
include $(top_srcdir)/Makefile.am.common
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/library/network/src/Makefile.in new/yast2-2.23.10/library/network/src/Makefile.in
--- old/yast2-2.23.8/library/network/src/Makefile.in 2012-10-18 14:54:06.000000000 +0200
+++ new/yast2-2.23.10/library/network/src/Makefile.in 2012-10-30 08:26:14.000000000 +0100
@@ -231,8 +231,8 @@
module_DATA = $(wildcard [[:upper:]]*.ycp [[:upper:]]*.pm)
EXTRA_DIST = $(client_DATA) $(ynclude_DATA) $(module_DATA)
-# runlevel: Service, wizard: Report, Progress
-YCPCFLAGS = -M ../../types/src -M ../../modules -M ../../runlevel/src -M ../../wizard/src -M ../../cwm/src -M ../../control/src -M ../../xml/src -M ../../commandline/src -M ../../packages/src -M ../../desktop/src
+# runlevel: Service, wizard: Report, Progress, system: Kernel
+YCPCFLAGS = -M ../../types/src -M ../../modules -M ../../runlevel/src -M ../../wizard/src -M ../../cwm/src -M ../../control/src -M ../../xml/src -M ../../commandline/src -M ../../packages/src -M ../../desktop/src -M ../../system/src
modulebin_DATA = $(patsubst %.ycp,%.ybc,$(module_DATA))
modulebindir = $(moduledir)
ybcfiles = $(filter %.ybc,$(modulebin_DATA))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/library/packages/src/PackageSystem.ycp new/yast2-2.23.10/library/packages/src/PackageSystem.ycp
--- old/yast2-2.23.8/library/packages/src/PackageSystem.ycp 2012-10-18 10:31:39.000000000 +0200
+++ new/yast2-2.23.10/library/packages/src/PackageSystem.ycp 2012-10-26 13:09:28.000000000 +0200
@@ -17,6 +17,7 @@
module "PackageSystem";
textdomain "base";
+import "Kernel";
import "Mode";
import "PackageCallbacks";
import "PackageLock";
@@ -329,6 +330,14 @@
});
if(ok != true) return false;
+ // Show popup when new kernel was installed
+ // But omit it during installation, one is run at its end.
+ // #25071
+ if (!Stage::initial () && !Stage::cont ())
+ {
+ Kernel::InformAboutKernelChange ();
+ }
+
// a package or a patch was installed, may be that there is a new yast agent
if (any_to_install)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/library/packages/src/PackagesUI.ycp new/yast2-2.23.10/library/packages/src/PackagesUI.ycp
--- old/yast2-2.23.8/library/packages/src/PackagesUI.ycp 2012-10-18 10:31:39.000000000 +0200
+++ new/yast2-2.23.10/library/packages/src/PackagesUI.ycp 2012-10-26 13:01:49.000000000 +0200
@@ -478,11 +478,6 @@
items = add(items, HTML::Link(_("Installation log"), "install_log"));
}
- if (haskey(summary, "postinstall_log"))
- {
- items = add(items, HTML::Link(_("Post-Installation log (SUSEconfig)"), "postinstall_log"));
- }
-
if (size(items) > 0)
{
ret = ret + HTML::Para(
@@ -550,11 +545,6 @@
{
ShowDetailsString(_("Installation log"), summary["install_log"]:"");
}
- // display post-installation log (suseconfig)
- else if (result == "postinstall_log")
- {
- ShowDetailsString(_("Post-Installation log (SUSEconfig)"), summary["postinstall_log"]:"");
- }
else if (result == "installed_packages")
{
ShowDetailsList(_("Installed Packages"), summary["installed_list"]:[]);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.23.8/library/system/src/Kernel.ycp new/yast2-2.23.10/library/system/src/Kernel.ycp
--- old/yast2-2.23.8/library/system/src/Kernel.ycp 2012-10-25 14:08:06.000000000 +0200
+++ new/yast2-2.23.10/library/system/src/Kernel.ycp 2012-10-30 08:34:27.000000000 +0100
@@ -730,8 +730,8 @@
Popup::Message(_("Reboot your system
to activate the new kernel.
"));
- return inform_about_kernel_change;
}
+ return inform_about_kernel_change;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package xtables-addons for openSUSE:Factory checked in at 2012-10-31 07:04:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xtables-addons (Old)
and /work/SRC/openSUSE:Factory/.xtables-addons.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xtables-addons", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/xtables-addons/xtables-addons.changes 2012-08-24 13:53:18.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xtables-addons.new/xtables-addons.changes 2012-10-31 07:04:34.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Oct 15 18:08:54 UTC 2012 - jengelh(a)inai.de
+
+- Update to new upstream release 1.47.1
+* Support for IPv6 in xt_psd
+
+-------------------------------------------------------------------
Old:
----
xtables-addons-1.46.tar.xz
xtables-addons-1.46.tar.xz.asc
New:
----
xtables-addons-1.47.1.tar.xz
xtables-addons-1.47.1.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xtables-addons.spec ++++++
--- /var/tmp/diff_new_pack.dW6sXF/_old 2012-10-31 07:04:35.000000000 +0100
+++ /var/tmp/diff_new_pack.dW6sXF/_new 2012-10-31 07:04:35.000000000 +0100
@@ -17,7 +17,7 @@
Name: xtables-addons
-Version: 1.46
+Version: 1.47.1
Release: 0
Summary: IP Packet Filter Administration Extensions
License: GPL-2.0 ; GPL-2.0+
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package xorg-x11-server for openSUSE:Factory checked in at 2012-10-31 07:04:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xorg-x11-server (Old)
and /work/SRC/openSUSE:Factory/.xorg-x11-server.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xorg-x11-server", Maintainer is "sndirsch(a)suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/xorg-x11-server/xorg-x11-server.changes 2012-10-16 12:58:48.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xorg-x11-server.new/xorg-x11-server.changes 2012-10-31 07:04:25.000000000 +0100
@@ -1,0 +2,11 @@
+Tue Oct 30 10:45:57 UTC 2012 - sndirsch(a)suse.com
+
+- U_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.patch
+ Track source/mask pixmaps more explicitly for Composite fallback regions.
+ In particular, make sure pExaScr->src/maskPix are cleared when the
+ corresponding pictures aren't associated with drawables, i.e. solid or
+ gradient pictures. Without this, we would in some cases associate the
+ source/mask region with unrelated pixmaps from previous Composite
+ fallbacks, resulting in random corruption. (bnc#786153, fdo#47266)
+
+-------------------------------------------------------------------
New:
----
U_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xorg-x11-server.spec ++++++
--- /var/tmp/diff_new_pack.mmtfN3/_old 2012-10-31 07:04:27.000000000 +0100
+++ /var/tmp/diff_new_pack.mmtfN3/_new 2012-10-31 07:04:27.000000000 +0100
@@ -175,6 +175,7 @@
Patch222: N_sync-fix.patch
Patch225: u_Do-not-use-intel-driver-on-Poulsbo-Oaktrail-Medfield.patch
Patch226: u_vgaHW-no-legacy.patch
+Patch227: U_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.patch
%description
This package contains the X.Org Server.
@@ -293,6 +294,7 @@
#%patch222 -p1
%patch225 -p1
%patch226 -p0
+%patch227 -p1
%build
autoreconf -fi
++++++ U_EXA-Track-source-mask-pixmaps-more-explicitly-for-Co.patch ++++++
>From 1ca096d5e07221025c4c4110528772b7d94f15ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michel=20D=C3=A4nzer?= <michel.daenzer(a)amd.com>
Date: Mon, 29 Oct 2012 12:57:54 +0100
Subject: [PATCH] EXA: Track source/mask pixmaps more explicitly for Composite fallback regions.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In particular, make sure pExaScr->src/maskPix are cleared when the
corresponding pictures aren't associated with drawables, i.e. solid or gradient
pictures. Without this, we would in some cases associate the source/mask region
with unrelated pixmaps from previous Composite fallbacks, resulting in random
corruption.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=47266
Signed-off-by: Michel Dänzer <michel.daenzer(a)amd.com>
Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com>
Signed-off-by: Keith Packard <keithp(a)keithp.com>
---
exa/exa_priv.h | 1 +
exa/exa_unaccel.c | 16 ++++++++++++----
2 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/exa/exa_priv.h b/exa/exa_priv.h
index 7007578..1f56056 100644
--- a/exa/exa_priv.h
+++ b/exa/exa_priv.h
@@ -208,6 +208,7 @@ typedef struct {
RegionRec srcReg;
RegionRec maskReg;
PixmapPtr srcPix;
+ PixmapPtr maskPix;
DevPrivateKeyRec pixmapPrivateKeyRec;
DevPrivateKeyRec gcPrivateKeyRec;
diff --git a/exa/exa_unaccel.c b/exa/exa_unaccel.c
index 5716138..b0a0011 100644
--- a/exa/exa_unaccel.c
+++ b/exa/exa_unaccel.c
@@ -442,6 +442,13 @@ ExaSrcValidate(DrawablePtr pDrawable,
RegionPtr dst;
int xoff, yoff;
+ if (pExaScr->srcPix == pPix)
+ dst = &pExaScr->srcReg;
+ else if (pExaScr->maskPix == pPix)
+ dst = &pExaScr->maskReg;
+ else
+ return;
+
exaGetDrawableDeltas(pDrawable, pPix, &xoff, &yoff);
box.x1 = x + xoff;
@@ -449,8 +456,6 @@ ExaSrcValidate(DrawablePtr pDrawable,
box.x2 = box.x1 + width;
box.y2 = box.y1 + height;
- dst = (pExaScr->srcPix == pPix) ? &pExaScr->srcReg : &pExaScr->maskReg;
-
RegionInit(®, &box, 1);
RegionUnion(dst, dst, ®);
RegionUninit(®);
@@ -495,16 +500,19 @@ ExaPrepareCompositeReg(ScreenPtr pScreen,
if (pSrc != pDst)
RegionTranslate(pSrc->pCompositeClip,
-pSrc->pDrawable->x, -pSrc->pDrawable->y);
- }
+ } else
+ pExaScr->srcPix = NULL;
if (pMask && pMask->pDrawable) {
pMaskPix = exaGetDrawablePixmap(pMask->pDrawable);
RegionNull(&pExaScr->maskReg);
maskReg = &pExaScr->maskReg;
+ pExaScr->maskPix = pMaskPix;
if (pMask != pDst && pMask != pSrc)
RegionTranslate(pMask->pCompositeClip,
-pMask->pDrawable->x, -pMask->pDrawable->y);
- }
+ } else
+ pExaScr->maskPix = NULL;
RegionTranslate(pDst->pCompositeClip,
-pDst->pDrawable->x, -pDst->pDrawable->y);
--
1.7.3.4
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package valencia for openSUSE:Factory checked in at 2012-10-31 07:04:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/valencia (Old)
and /work/SRC/openSUSE:Factory/.valencia.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "valencia", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/valencia/valencia.changes 2012-01-20 20:27:27.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.valencia.new/valencia.changes 2012-10-31 07:04:14.000000000 +0100
@@ -1,0 +2,10 @@
+Tue Oct 23 17:24:39 UTC 2012 - dimstar(a)opensuse.org
+
+- Add valencia-vala-0.18.patch: Change Makefile to look for
+ libvala-0.18. Patch is only conditionally applied, when
+ pkg-config --exists libvala-0.18 succeeds.
+- Add pkgconfig(libvala-0.18) BuildRequires on openSUSE > 12.2.
+- Add valencia-gtk36.patch: Fix build with GTK+ 3.6, which has
+ VBox and HBox deprecated.
+
+-------------------------------------------------------------------
New:
----
valencia-gtk36.patch
valencia-vala-0.18.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ valencia.spec ++++++
--- /var/tmp/diff_new_pack.SIfy6t/_old 2012-10-31 07:04:15.000000000 +0100
+++ /var/tmp/diff_new_pack.SIfy6t/_new 2012-10-31 07:04:15.000000000 +0100
@@ -42,6 +42,10 @@
Patch1: valencia-gedit3.patch
# PATCH-FIX-UPSTREAM valencia-vala-0.16.patch vuntz(a)opensuse.org -- Build against vala 0.15/0.16, taken from git (master branch, from 80815271 up to d6504e0c)
Patch2: valencia-vala-0.16.patch
+# PATCH-FIX-UPSTREAM valencia-vala-0.18.patch dimstar(a)opensuse.org -- Build with vala 0.17/0.18, taken from git (commit e8a0f500 and e75e9be0)
+Patch3: valencia-vala-0.18.patch
+# PATCH-FIX-UPSTREAM valencia-gtk36.patch dimstar(a)opensuse.org -- Fix build with gtk+ 3.6, taken from git 97087fc
+Patch4: valencia-gtk36.patch
BuildRequires: pkgconfig(gee-1.0)
%if 0%{?favor_gtk2}
BuildRequires: pkgconfig(gedit-2.20)
@@ -56,6 +60,9 @@
BuildRequires: pkgconfig(gedit)
BuildRequires: pkgconfig(gtk+-3.0)
BuildRequires: pkgconfig(gtksourceview-3.0)
+%if 0%{?suse_version} > 1220
+BuildRequires: pkgconfig(libvala-0.18)
+%else
%if 0%{?suse_version} > 1210
BuildRequires: pkgconfig(libvala-0.16)
%else
@@ -65,10 +72,11 @@
BuildRequires: pkgconfig(libvala-0.12)
%endif
%endif
+%endif
BuildRequires: pkgconfig(vte-2.90)
%endif
-BuildRequires: vala
BuildRequires: update-desktop-files
+BuildRequires: vala
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -110,6 +118,10 @@
%patch2 -p1
%endif
%endif
+if pkg-config --exists libvala-0.18; then
+%patch3 -p1
+fi
+%patch4 -p1
%build
export CFLAGS="%{optflags}"
++++++ valencia-gtk36.patch ++++++
diff --git a/browser.vala b/browser.vala
index 0500e57..32bc625 100644
--- a/browser.vala
+++ b/browser.vala
@@ -12,7 +12,7 @@ class SymbolBrowser {
Gtk.Entry find_entry;
ListViewString list;
- Gtk.VBox symbol_vbox;
+ Gtk.Box symbol_vbox;
bool visible;
@@ -29,7 +29,7 @@ class SymbolBrowser {
list.row_activated.connect(on_list_activated);
list.received_focus.connect(on_list_receive_focus);
- symbol_vbox = new Gtk.VBox(false, 6);
+ symbol_vbox = new Gtk.Box(Gtk.Orientation.VERTICAL, 6);
symbol_vbox.pack_start(find_entry, false, false, 0);
symbol_vbox.pack_start(list.scrolled_window, true, true, 0);
symbol_vbox.show_all();
diff --git a/gtk_util.vala b/gtk_util.vala
index fb1e74b..e57f47e 100644
--- a/gtk_util.vala
+++ b/gtk_util.vala
@@ -126,9 +126,10 @@ class Tooltip {
window.set_transient_for(parent);
window.set_destroy_with_parent(true);
- Gdk.Color background;
- Gdk.Color.parse("#FFFF99", out background);
- window.modify_bg(Gtk.StateType.NORMAL, background);
+ Gdk.RGBA background = Gdk.RGBA();
+ if (!background.parse("#FFFF99"))
+ error("can't parse color");
+ window.override_background_color(Gtk.StateFlags.NORMAL, background);
}
public void show(string qualified_method_name, string prototype, int method_pos) {
@@ -190,15 +191,14 @@ class ProgressBarDialog : Gtk.Window {
public ProgressBarDialog(Gtk.Window parent_win, string text) {
bar = new Gtk.ProgressBar();
- Gtk.VBox vbox = new Gtk.VBox(true, 0);
- Gtk.HBox hbox = new Gtk.HBox(true, 0);
+ Gtk.Box vbox = new Gtk.Box(Gtk.Orientation.VERTICAL, 0);
+ Gtk.Box hbox = new Gtk.Box(Gtk.Orientation.HORIZONTAL, 0);
- bar.set_text(text);
bar.set_size_request(226, 25);
set_size_request(250, 49);
vbox.pack_start(bar, true, false, 0);
- hbox.pack_start(vbox, true, false, 0);
+ hbox.pack_start(vbox, true, false, 0);
add(hbox);
set_title(text);
diff --git a/settings.vala b/settings.vala
index 12175de..afadaee 100644
--- a/settings.vala
+++ b/settings.vala
@@ -22,6 +22,7 @@ class ProjectSettingsDialog : Object {
Gtk.Label build_command_label = new Gtk.Label("Build command:");
build_entry = new Gtk.Entry();
build_entry.activate.connect(on_entry_activated);
+ build_entry.hexpand = true;
Gtk.Alignment align_build_label = new Gtk.Alignment(0.0f, 0.5f, 0.0f, 0.0f);
align_build_label.add(build_command_label);
@@ -29,26 +30,23 @@ class ProjectSettingsDialog : Object {
Gtk.Label clean_command_label = new Gtk.Label("Clean command:");
clean_entry = new Gtk.Entry();
clean_entry.activate.connect(on_entry_activated);
+ clean_entry.hexpand = true;
Gtk.Alignment align_clean_label = new Gtk.Alignment(0.0f, 0.5f, 0.0f, 0.0f);
align_clean_label.add(clean_command_label);
- Gtk.Table table = new Gtk.Table(2, 2, false);
- table.set_col_spacings(12);
- table.set_row_spacings(6);
+ Gtk.Grid grid = new Gtk.Grid();
+ grid.set_column_spacing(12);
+ grid.set_row_spacing(6);
- table.attach(align_build_label, 0, 1, 0, 1,
- Gtk.AttachOptions.FILL, Gtk.AttachOptions.FILL, 0, 0);
- table.attach(align_clean_label, 0, 1, 1, 2,
- Gtk.AttachOptions.FILL, Gtk.AttachOptions.FILL, 0, 0);
- table.attach(build_entry, 1, 2, 0, 1, Gtk.AttachOptions.FILL | Gtk.AttachOptions.EXPAND,
- Gtk.AttachOptions.FILL, 0, 0);
- table.attach(clean_entry, 1, 2, 1, 2, Gtk.AttachOptions.FILL | Gtk.AttachOptions.EXPAND,
- Gtk.AttachOptions.FILL, 0, 0);
+ grid.attach(align_build_label, 0, 0, 1, 1);
+ grid.attach(align_clean_label, 0, 1, 1, 1);
+ grid.attach(build_entry, 1, 0, 1, 1);
+ grid.attach(clean_entry, 1, 1, 1, 1);
Gtk.Alignment alignment_box = new Gtk.Alignment(0.5f, 0.5f, 1.0f, 1.0f);
alignment_box.set_padding(5, 6, 6, 5);
- alignment_box.add(table);
+ alignment_box.add(grid);
dialog = new Gtk.Dialog.with_buttons("Settings", parent_win, Gtk.DialogFlags.MODAL |
Gtk.DialogFlags.DESTROY_WITH_PARENT,
diff --git a/valencia.vala b/valencia.vala
index 71c9b3b..4356c8c 100644
--- a/valencia.vala
+++ b/valencia.vala
@@ -259,7 +259,7 @@ public class Instance : Peas.ExtensionBase, Gedit.WindowActivatable {
output_view.set_editable(false);
output_view.set_cursor_visible(false);
Pango.FontDescription font = Pango.FontDescription.from_string("Monospace");
- output_view.modify_font(font);
+ output_view.override_font(font);
output_view.button_press_event.connect(on_button_press);
output_pane = new Gtk.ScrolledWindow(null, null);
++++++ valencia-vala-0.18.patch ++++++
Index: valencia-0.3.0/Makefile
===================================================================
--- valencia-0.3.0.orig/Makefile
+++ valencia-0.3.0/Makefile
@@ -9,14 +9,14 @@ SOURCES = autocomplete.vala browser.vala
scanner.vala settings.vala util.vala valencia.vala
PACKAGES = --pkg gedit --pkg gee-1.0 --pkg gtk+-3.0 --pkg gtksourceview-3.0 \
- --pkg libpeas-1.0 --pkg libvala-0.16 --pkg vte-2.90
+ --pkg libpeas-1.0 --pkg libvala-0.18 --pkg vte-2.90
PACKAGE_VERSIONS = \
gedit >= 2.91.0 \
gee-1.0 >= 0.1.3 \
gtksourceview-3.0 >= 3.0.0 \
gtk+-3.0 >= 3.0.0 \
- libvala-0.16 >= 0.15.0 \
+ libvala-0.18 >= 0.17.0 \
vte-2.90 >= 0.27.90
OUTPUTS = libvalencia.so valencia.plugin
Index: valencia-0.3.0/valencia.vala
===================================================================
--- valencia-0.3.0.orig/valencia.vala
+++ valencia-0.3.0/valencia.vala
@@ -1280,7 +1280,7 @@ public class Instance : Peas.ExtensionBa
}
void on_run_child_exit() {
- run_terminal.feed("\r\nThe program exited.\r\n", -1);
+ run_terminal.feed("\r\nThe program exited.\r\n".data);
child_process_running = false;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package tracker for openSUSE:Factory checked in at 2012-10-31 07:03:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tracker (Old)
and /work/SRC/openSUSE:Factory/.tracker.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tracker", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/tracker/tracker-extras.changes 2012-10-03 15:11:17.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.tracker.new/tracker-extras.changes 2012-10-31 07:04:12.000000000 +0100
@@ -1,0 +2,30 @@
+Wed Oct 24 19:03:14 UTC 2012 - dimstar(a)opensuse.org
+
+- Update to version 0.14.3:
+ + build:
+ - Add SQLite3 version check and warning for crashes with
+ complex queries
+ - Default to icu over unistring when automatically guessing
+ unicode support
+ + functional-tests:
+ - office test files should always be included in dist
+ - include missing tiff files in dist
+ + libtracker-common: Consistently use long in get_memory_total
+ + libtracker-fts: ICU cannot handle complex locale descriptions
+ + libtracker-extract: Fixed EXIF extractor due to changes by
+ libexif
+ + tracker-extract-pdf: Fix crash if mmap() fails
+ + tracker-extract-playlist:
+ - Don't error when to_metadata hash table is NULL
+ - Log message for ignoring playlists with > 1k entries
+ + tracker-info: Added --plain-text-content || -c option
+ + tracker-miner-fs:
+ - Make building this optional
+ - Ignore XDG directories set to $HOME
+ + tracker-needle: Fix double free
+ + Bugs fixed: bgo#628857, bgo#666749, bgo#675660, bgo#680172,
+ bgo#680350, bgo#680897, bgo#685253, bgo#686071.
+ + Updated translations.
+- Drop libtracker-fts-ICU-complx-locale.patch: fixed upstream.
+
+-------------------------------------------------------------------
tracker.changes: same change
Old:
----
libtracker-fts-ICU-complx-locale.patch
tracker-0.14.2.tar.xz
New:
----
tracker-0.14.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tracker-extras.spec ++++++
--- /var/tmp/diff_new_pack.2ld9rt/_old 2012-10-31 07:04:14.000000000 +0100
+++ /var/tmp/diff_new_pack.2ld9rt/_new 2012-10-31 07:04:14.000000000 +0100
@@ -49,7 +49,7 @@
# Do not edit this auto generated file! Edit tracker.spec.
Name: tracker-extras
%define _name tracker
-Version: 0.14.2
+Version: 0.14.3
Release: 0
Summary: Powerful object database, tag/metadata database, search tool and indexer
License: GPL-2.0+
@@ -66,8 +66,6 @@
Patch3: tracker-libgrss-0.5.patch
# PATCH-FIX-UPSTREAM tracker-evo-implicit.patch bgo#675413 dimstar(a)opensuse.org -- Include email-backend.h; fixes brp checks.
Patch4: tracker-evo-implicit.patch
-# PATCH-FIX-UPSTREAM libtracker-fts-ICU-complx-locale.patch bnc#780614 bgo#675660 zaitor(a)opensuse.org -- libtracker-fts: ICU cannot handle complex locale descriptions, patch taken from upstream git.
-Patch5: libtracker-fts-ICU-complx-locale.patch
BuildRequires: NetworkManager-devel >= 0.8
BuildRequires: enca-devel
BuildRequires: fdupes
@@ -523,7 +521,6 @@
%endif
%patch3 -p1
%patch4 -p1
-%patch5 -p1
cp %{S:1} src/miners/flickr/README.SUSE
cp %{S:2} src/miners/rss/README.SUSE
++++++ tracker.spec ++++++
--- /var/tmp/diff_new_pack.2ld9rt/_old 2012-10-31 07:04:14.000000000 +0100
+++ /var/tmp/diff_new_pack.2ld9rt/_new 2012-10-31 07:04:14.000000000 +0100
@@ -48,7 +48,7 @@
Name: tracker
%define _name tracker
-Version: 0.14.2
+Version: 0.14.3
Release: 0
Summary: Powerful object database, tag/metadata database, search tool and indexer
License: GPL-2.0+
@@ -65,8 +65,6 @@
Patch3: tracker-libgrss-0.5.patch
# PATCH-FIX-UPSTREAM tracker-evo-implicit.patch bgo#675413 dimstar(a)opensuse.org -- Include email-backend.h; fixes brp checks.
Patch4: tracker-evo-implicit.patch
-# PATCH-FIX-UPSTREAM libtracker-fts-ICU-complx-locale.patch bnc#780614 bgo#675660 zaitor(a)opensuse.org -- libtracker-fts: ICU cannot handle complex locale descriptions, patch taken from upstream git.
-Patch5: libtracker-fts-ICU-complx-locale.patch
BuildRequires: NetworkManager-devel >= 0.8
BuildRequires: enca-devel
BuildRequires: fdupes
@@ -522,7 +520,6 @@
%endif
%patch3 -p1
%patch4 -p1
-%patch5 -p1
cp %{S:1} src/miners/flickr/README.SUSE
cp %{S:2} src/miners/rss/README.SUSE
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package totem for openSUSE:Factory checked in at 2012-10-31 07:03:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/totem (Old)
and /work/SRC/openSUSE:Factory/.totem.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "totem", Maintainer is "gnome-maintainers(a)suse.de"
Changes:
--------
--- /work/SRC/openSUSE:Factory/totem/totem.changes 2012-10-06 18:44:29.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.totem.new/totem.changes 2012-10-31 07:03:52.000000000 +0100
@@ -1,0 +2,18 @@
+Thu Oct 25 16:05:09 UTC 2012 - dimstar(a)opensuse.org
+
+- Update to version 3.6.2:
+ + Make Ogg video streaming work again (the soundpitch plugin in
+ gst-plugins-bad is broken).
+ + Fix memory leaks when using download buffering.
+- Changes from version 3.6.1:
+ + Movie Player:
+ - Fix spinning cursor when launching videos from the file
+ manager.
+ - Fix bugs in video searches.
+ + Browser Plugin:
+ - Fix screensaver not being inhibited.
+ - Fix some streams' video canvas being hidden.
+- Add pkgconfig(gstreamer-plugins-bad-1.0) BuildRequires: new
+ verified dependency, so it can be versioned.
+
+-------------------------------------------------------------------
Old:
----
totem-3.6.0.tar.xz
New:
----
totem-3.6.2.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ totem.spec ++++++
--- /var/tmp/diff_new_pack.qLCplo/_old 2012-10-31 07:03:53.000000000 +0100
+++ /var/tmp/diff_new_pack.qLCplo/_new 2012-10-31 07:03:53.000000000 +0100
@@ -19,7 +19,7 @@
%define build_zeitgeist_plugin 1
Name: totem
-Version: 3.6.0
+Version: 3.6.2
Release: 0
# FIXME: Check if --disable-maintainer-mode can be dropped from configure. Last checked with 3.2.0
Url: http://www.gnome.org/projects/totem/
@@ -49,6 +49,7 @@
BuildRequires: pkgconfig(grilo-0.2) >= 0.1.16
BuildRequires: pkgconfig(gsettings-desktop-schemas)
BuildRequires: pkgconfig(gstreamer-1.0) >= 0.11.93
+BuildRequires: pkgconfig(gstreamer-plugins-bad-1.0) >= 1.0.2
BuildRequires: pkgconfig(gstreamer-plugins-base-1.0)
BuildRequires: pkgconfig(gstreamer-tag-1.0)
BuildRequires: pkgconfig(gtk+-3.0) >= 3.5.2
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package texcad for openSUSE:Factory checked in at 2012-10-31 07:03:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/texcad (Old)
and /work/SRC/openSUSE:Factory/.texcad.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "texcad", Maintainer is "werner(a)suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/texcad/texcad.changes 2011-09-23 12:47:43.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.texcad.new/texcad.changes 2012-10-31 07:03:40.000000000 +0100
@@ -1,0 +2,5 @@
+Sat Oct 27 06:04:23 UTC 2012 - coolo(a)suse.com
+
+- explict buildrequire groff for man pages
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ texcad.spec ++++++
--- /var/tmp/diff_new_pack.XgAROE/_old 2012-10-31 07:03:40.000000000 +0100
+++ /var/tmp/diff_new_pack.XgAROE/_new 2012-10-31 07:03:40.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package texcad (Version 2.4)
+# spec file for package texcad
#
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,18 +15,19 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
-
Name: texcad
-BuildRequires: flex xorg-x11 xorg-x11-devel
-License: Any Noncommercial
-Group: Productivity/Publishing/TeX/Utilities
-Provides: texcad12 xtexcad
-AutoReqProv: on
+BuildRequires: flex
+BuildRequires: groff
+BuildRequires: xorg-x11
+BuildRequires: xorg-x11-devel
+Provides: texcad12
+Provides: xtexcad
Version: 2.4
-Release: 1224
+Release: 0
Summary: Drawing program for LaTeX pictures
+License: Any Noncommercial
+Group: Productivity/Publishing/TeX/Utilities
Source: xtexcad-2.4.tar.gz
Patch: xtexcad-2.4-flex.patch
Patch1: xtexcad-2.4.diff
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package shorewall for openSUSE:Factory checked in at 2012-10-31 07:03:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shorewall (Old)
and /work/SRC/openSUSE:Factory/.shorewall.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shorewall", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/shorewall/shorewall.changes 2012-10-13 21:03:37.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.shorewall.new/shorewall.changes 2012-10-31 07:03:32.000000000 +0100
@@ -1,0 +2,28 @@
+Tue Oct 30 08:20:38 UTC 2012 - toganm(a)opensuse.org
+
+- Update to 4.5.9 For more details see changelog.txt and
+ releasenotes.txt
+
+ * This release contains all defect repair from Shorewall 4.5.8.2.
+
+ * A typo has been corrected in the shorewallrc.default file.
+
+ * Beginning with Shorewall 4.5.7.2, Shorewall unconditionally
+ restores the provider mark as the first rule in the mangle
+ table OUTPUT and PREROUTING chains. Previously, the provider
+ mark was restored only if it was non-zero.
+
+ It has become clear that some users need it one way while
+ others need it the other way. To resolve this issue, a
+ RESTORE_ROUTEMARKS option has been added to shorewall.conf and
+ shorewall6.conf. When this option is set to Yes (the default),
+ the 4.5.7.2 approach is used (always restore the mark, even if
+ it is zero); when it is set to No, the pre-4.5.7.2 behavior is
+ retained (only restore the mark if it is non-zero).
+
+ * Two error messages produced by the RST action have been
+ corrected. They previously referred to errors in the NotSyn
+ action rather than RST.
+
+
+-------------------------------------------------------------------
Old:
----
shorewall-4.5.8.2.tar.bz2
shorewall-core-4.5.8.2.tar.bz2
shorewall-docs-html-4.5.8.2.tar.bz2
shorewall-init-4.5.8.2.tar.bz2
shorewall-lite-4.5.8.2.tar.bz2
shorewall6-4.5.8.2.tar.bz2
shorewall6-lite-4.5.8.2.tar.bz2
New:
----
shorewall-4.5.9.tar.bz2
shorewall-core-4.5.9.tar.bz2
shorewall-docs-html-4.5.9.tar.bz2
shorewall-init-4.5.9.tar.bz2
shorewall-lite-4.5.9.tar.bz2
shorewall6-4.5.9.tar.bz2
shorewall6-lite-4.5.9.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shorewall.spec ++++++
--- /var/tmp/diff_new_pack.CTxe1W/_old 2012-10-31 07:03:35.000000000 +0100
+++ /var/tmp/diff_new_pack.CTxe1W/_new 2012-10-31 07:03:35.000000000 +0100
@@ -20,19 +20,19 @@
%define have_systemd 1
Name: shorewall
-Version: 4.5.8.2
+Version: 4.5.9
Release: 0
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems
License: GPL-2.0
Group: Productivity/Networking/Security
Url: http://www.shorewall.net/
-Source: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.8/%name-%version.t…
-Source1: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.8/%name-core-%vers…
-Source2: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.8/%name-lite-%vers…
-Source3: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.8/%name-init-%vers…
-Source4: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.8/%{name}6-lite-%v…
-Source5: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.8/%{name}6-%versio…
-Source6: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.8/%name-docs-html-…
+Source: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.9/%name-%version.t…
+Source1: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.9/%name-core-%vers…
+Source2: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.9/%name-lite-%vers…
+Source3: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.9/%name-init-%vers…
+Source4: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.9/%{name}6-lite-%v…
+Source5: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.9/%{name}6-%versio…
+Source6: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.9/%name-docs-html-…
Source7: %name-4.4.22.rpmlintrc
Source8: README.openSUSE
# PATCH-FIX-UPSTREAM toganm(a)opensuse.org Shorewall-lite init.suse.sh Required Stop
++++++ shorewall-4.5.8.2.tar.bz2 -> shorewall-4.5.9.tar.bz2 ++++++
++++ 3791 lines of diff (skipped)
++++++ shorewall-core-4.5.8.2.tar.bz2 -> shorewall-core-4.5.9.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/changelog.txt new/shorewall-core-4.5.9/changelog.txt
--- old/shorewall-core-4.5.8.2/changelog.txt 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-core-4.5.9/changelog.txt 2012-10-29 19:26:27.000000000 +0100
@@ -1,40 +1,72 @@
-Changes in 4.5.8.2
+Changes in 4.5.9 Final
1) Update release documents.
-2) Correct IPv4 'show dynamic'
+2) Small wording change in the release notes description of CHECKSUM.
+ The text copied from iptables(8) didn't read quite right.
-3) Re-enable IP ranges and IPV6 IPSETS in the hosts file.
+Changes in 4.5.9 RC 1
-4) Make handling of SYSTEMD and INITFILE consistent.
+1) Update release documents.
+
+2) Add Terado Macro (Paul Gear).
+
+3) Don't display naked chain heading when -b
+
+4) Add CHECKSUM action in tcrules.
+
+5) Sort IPv6 routing tables
-Changes in 4.5.8.1
+6) Allow mark range in /etc/shorewall/tcrules.
+
+Changes in 4.5.9 Beta 3
1) Update release documents.
-2) Complete the implementation of new IPv6 net syntax.
+2) Apply Paul Gear's typo correction
-3) Correct dynamic zones with ipset V5.
+3) Add Pupet Macro (Paul Gear).
-4) Don't suppress '-' in generated ipset names.
+4) Don't shout in compiler directives in lib.core.
-5) Correct an error message.
+5) Don't include IPv6-specific code in the IPv4 checkkernelversion()
+ function.
-6) Eliminate syntax error in Shorewall-init installer.
+6) Rename crvsn -> vlsm in sort_routes() (lib.core)
-Changes in 4.5.8 Final.
+7) Add the Shorewall Logging URL to the "Log doesn't exist" message.
+
+8) Correct a typo in a comment in get_params()
+
+9) Allow quotes in paremeter to run_iptables()
+
+10) Correct error messages in action.RST.
+
+11) Apply Paul Gear's '-b' option patchset.
+
+Changes in 4.5.9 Beta 2
+
+1) Update release documents.
+
+2) More 'show dynamic fixes'
+
+3) Implement 'dynamic_shared' zone option.
+
+4) Implement RESTORE_ROUTEMARKS option in shorewall[6].conf.
+
+Changes in 4.5.9 Beta 1
1) Update release documents.
-2) Don't unconditionally detect helpers on 3.5 kernels.
+2) Allow [...]/vlsm for IPv6 Nets.
-3) Correct PPTP control port in conntrack files.
+3) Don't suppress '-' in generated ipset names.
-4) Correct typo in the PPtP Macro.
+4) Expunge some of the g_* variables.
-5) Correct handling of {+-}0 in TTL and HL tcrules.
+Changes in 4.5.8 Final.
-6) Modify the .service files based on the setting of ${SBINDIR}
+1) Update release documents.
Changes in 4.5.8 RC 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/configure new/shorewall-core-4.5.9/configure
--- old/shorewall-core-4.5.8.2/configure 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-core-4.5.9/configure 2012-10-29 19:26:27.000000000 +0100
@@ -28,7 +28,7 @@
#
# Build updates this
#
-VERSION=4.5.8.2
+VERSION=4.5.9
case "$BASH_VERSION" in
[4-9].*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/configure.pl new/shorewall-core-4.5.9/configure.pl
--- old/shorewall-core-4.5.8.2/configure.pl 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-core-4.5.9/configure.pl 2012-10-29 19:26:27.000000000 +0100
@@ -31,7 +31,7 @@
# Build updates this
#
use constant {
- VERSION => '4.5.8.2'
+ VERSION => '4.5.9'
};
my %params;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/install.sh new/shorewall-core-4.5.9/install.sh
--- old/shorewall-core-4.5.8.2/install.sh 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-core-4.5.9/install.sh 2012-10-29 19:26:27.000000000 +0100
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.5.8.2
+VERSION=4.5.9
usage() # $1 = exit status
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/known_problems.txt new/shorewall-core-4.5.9/known_problems.txt
--- old/shorewall-core-4.5.8.2/known_problems.txt 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-core-4.5.9/known_problems.txt 2012-10-29 19:26:27.000000000 +0100
@@ -1,39 +1,2 @@
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
-
-2) The 'shorewall show dynamic <zone>' command produces no output.
-
- Workaround: Use the ipset '-L' command.
-
- Corrected in 4.5.8.2.
-
-3) With ipset version 5 or later, the 'add' command fails with this
- error message:
-
- Zone <zone>, interface <interface> does not have a dynamic
- host list"
-
- Corrected in 4.5.8.1
-
-4) When generating ipset names for dynamic zones, the compiler is
- dropping dashes ('-') from the interface name and adding a
- unique suffix. For example the ipset for zone 'foo' and interface
- 'bar-if' might be 'foo_barif_1'. This means that the 'add' and
- 'delete' commands work strangely, requiring 'barif_1' to be
- specified for the interface name.
-
- Although dash is documented as being an accepted character in ipset
- names, but names containing a dash generate an error in some
- contexts.
-
- Corrected in 4.5.8.1
-
-5) In 4.5.8, a shell syntax error occurs when installing on a system
- running systemd.
-
- Corrected in 4.5.8.1
-
-6) Release 4.5.8.1 broke the ability to specify an ipset or an address
- range in the HOST(S) column of the hosts file.
-
- Corrected in 4.5.8.2.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/lib.base new/shorewall-core-4.5.9/lib.base
--- old/shorewall-core-4.5.8.2/lib.base 2012-10-08 17:55:20.000000000 +0200
+++ new/shorewall-core-4.5.9/lib.base 2012-10-29 15:18:28.000000000 +0100
@@ -20,15 +20,11 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-# This library contains the code common to all Shorewall components.
-#
-# - It is loaded by /sbin/shorewall.
-# - It is released as part of Shorewall[6] Lite where it is used by /sbin/shorewall[6]-lite
-# and /usr/share/shorewall[6]-lite/shorecap.
+# This library contains the code common to all Shorewall components except the
+# generated scripts.
#
-SHOREWALL_LIBVERSION=40502
-SHOREWALL_CAPVERSION=40507
+SHOREWALL_LIBVERSION=40509
[ -n "${g_program:=shorewall}" ]
@@ -38,10 +34,7 @@
#
. /usr/share/shorewall/shorewallrc
- g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"/$g_program
- g_sbindir="$SBINDIR"
- g_perllib="$PERLLIBDIR"
g_confdir="$CONFDIR"/$g_program
g_readrc=1
fi
@@ -52,13 +45,13 @@
shorewall)
g_product="Shorewall"
g_family=4
- g_tool=
+ g_tool=iptables
g_lite=
;;
shorewall6)
g_product="Shorewall6"
g_family=6
- g_tool=
+ g_tool=ip6tables
g_lite=
;;
shorewall-lite)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/lib.cli new/shorewall-core-4.5.9/lib.cli
--- old/shorewall-core-4.5.8.2/lib.cli 2012-10-08 17:55:20.000000000 +0200
+++ new/shorewall-core-4.5.9/lib.cli 2012-10-29 15:18:28.000000000 +0100
@@ -21,20 +21,21 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# This library contains the command processing code common to /sbin/shorewall[6] and
-# /sbin/shorewall[6]-lite.
+# /sbin/shorewall[6]-lite. In Shorewall and Shorewall6, the lib.cli-std library is
+# loaded after this one and replaces some of the functions declared here.
#
+SHOREWALL_CAPVERSION=40509
+
+[ -n "${g_program:=shorewall}" ]
+
if [ -z "$g_readrc" ]; then
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
- g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"/$g_program
- g_sbindir="$SBINDIR"
- g_perllib="$PERLLIBDIR"
- g_vardir="$VARDIR"
g_confdir="$CONFDIR"/$g_program
g_readrc=1
fi
@@ -435,21 +436,42 @@
#
sort_routes() {
local dest
+ local second
local rest
- local crvsn
+ local vlsm
+ local maxvlsm
+ local rule
- while read dest rest; do
+ if [ $g_family -eq 4 ]; then
+ maxvlsm=032
+ else
+ maxvlsm=128
+ fi
+
+ while read dest second rest; do
if [ -n "$dest" ]; then
+ rule="$dest $second $rest"
case "$dest" in
default)
- echo "00 $dest $rest"
+ echo "000 $rule"
+ ;;
+ blackhole|local)
+ case "$second" in
+ */*)
+ vlsm=${second#*/}
+ printf "%03d %s\n" $vlsm "$rule"
+ ;;
+ *)
+ echo "$maxvlsm $rule"
+ ;;
+ esac
;;
*/*)
- crvsn=${dest#*/}
- printf "%02d %s\n" $crvsn "$dest $rest"
+ vlsm=${dest#*/}
+ printf "%03d %s\n" $vlsm "$rule"
;;
*)
- echo "32 $dest $rest"
+ echo "$maxvlsm $rule"
;;
esac
fi
@@ -480,7 +502,7 @@
ip -$g_family rule list | find_tables | sort -u | while read table; do
heading "Table $table:"
if [ $g_family -eq 6 ]; then
- ip -$g_family -o route list table $table | fgrep -v cache
+ ip -$g_family -o route list table $table | fgrep -v cache | sort_routes
else
ip -4 -o route list table $table | sort_routes
fi
@@ -493,7 +515,7 @@
else
heading "Routing Table"
if [ $g_family -eq 6 ]; then
- ip -$g_family -o route list | fgrep -v cache
+ ip -$g_family -o route list | fgrep -v cache | sort_routes
else
ip -4 -o route list table $table | sort_routes
fi
@@ -527,7 +549,7 @@
local junk
local setname
- $IPSETN -L | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
+ $IPSETN -L | egrep "^Name: ${1}(_.+)?$" | while read junk setname; do echo $setname; done
}
list_zone() {
@@ -538,9 +560,9 @@
determine_ipset_version
if [ $g_family -eq 4 ]; then
- sets=$($IPSETN -L | grep "^$1_");
+ sets=$($IPSETN -L | egrep "^$1(_.+)?");
else
- sets=$($IPSETN -L | grep "^6_$1_")
+ sets=$($IPSETN -L | egrep "^6_$1(_.+)?")
fi
[ -n "$sets" ] || sets=$(find_sets $1)
@@ -659,6 +681,8 @@
table=filter
local table_given
table_given=
+ local output_filter
+ output_filter=cat
show_macro() {
foo=`grep 'This macro' $macro | sed 's/This macro //'`
@@ -673,6 +697,16 @@
fi
}
+ # eliminates rules which have not been used from ip*tables' output
+ brief_output() {
+ awk \
+ '/^Chain / { heading1 = $0; getline heading2; printed = 0; next; };
+ /^ +0 +0 / { next; };
+ /^$/ { if ( printed == 1 ) { print $0; }; next; };
+ { if ( printed == 0 ) { print heading1; print heading2; printed = 1 }; };
+ { print; }';
+ }
+
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
@@ -725,6 +759,10 @@
g_routecache=Yes
option=${option#c}
;;
+ b*)
+ output_filter=brief_output
+ option=${option#b}
+ ;;
*)
usage 1
;;
@@ -742,6 +780,7 @@
[ -n "$g_debugging" ] && set -x
+
case "$1" in
connections)
[ $# -gt 1 ] && usage 1
@@ -785,28 +824,28 @@
echo "$g_product $SHOREWALL_VERSION NAT Table at $g_hostname - $(date)"
echo
show_reset
- $g_tool -t nat -L $g_ipt_options
+ $g_tool -t nat -L $g_ipt_options | $output_filter
;;
raw)
[ $# -gt 1 ] && usage 1
echo "$g_product $SHOREWALL_VERSION RAW Table at $g_hostname - $(date)"
echo
show_reset
- $g_tool -t raw -L $g_ipt_options
+ $g_tool -t raw -L $g_ipt_options | $output_filter
;;
rawpost)
[ $# -gt 1 ] && usage 1
echo "$g_product $SHOREWALL_VERSION RAWPOST Table at $g_hostname - $(date)"
echo
show_reset
- $g_tool -t rawpost -L $g_ipt_options
+ $g_tool -t rawpost -L $g_ipt_options | $output_filter
;;
tos|mangle)
[ $# -gt 1 ] && usage 1
echo "$g_product $SHOREWALL_VERSION Mangle Table at $g_hostname - $(date)"
echo
show_reset
- $g_tool -t mangle -L $g_ipt_options
+ $g_tool -t mangle -L $g_ipt_options | $output_filter
;;
log)
[ $# -gt 2 ] && usage 1
@@ -842,7 +881,7 @@
shift
if [ -z "$1" ]; then
- $g_tool -t mangle -L -n -v
+ $g_tool -t mangle -L -n -v | $output_filter
echo
fi
@@ -905,15 +944,15 @@
if [ -n "$g_filemode" ]; then
echo "CONFIG_PATH=$CONFIG_PATH"
echo "VARDIR=$VARDIR"
- echo "LIBEXEC=$g_libexec"
- echo "SBINDIR=$g_sbindir"
+ echo "LIBEXEC=${LIBEXECDIR}"
+ echo "SBINDIR=${SBINDIR}"
echo "CONFDIR=${CONFDIR}"
[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR=${VARDIR}"
else
echo "Default CONFIG_PATH is $CONFIG_PATH"
echo "Default VARDIR is /var/lib/$g_program"
- echo "LIBEXEC is $g_libexec"
- echo "SBINDIR is $g_sbindir"
+ echo "LIBEXEC is ${LIBEXECDIR}"
+ echo "SBINDIR is ${SBINDIR}"
echo "CONFDIR is ${CONFDIR}"
[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}"
fi
@@ -925,11 +964,11 @@
show_reset
if [ $# -gt 0 ]; then
for chain in $*; do
- $g_tool -t $table -L $chain $g_ipt_options
+ $g_tool -t $table -L $chain $g_ipt_options | $output_filter
echo
done
else
- $g_tool -t $table -L $g_ipt_options
+ $g_tool -t $table -L $g_ipt_options | $output_filter
fi
;;
vardir)
@@ -1047,14 +1086,14 @@
echo
show_reset
for chain in $*; do
- $g_tool -t $table -L $chain $g_ipt_options
+ $g_tool -t $table -L $chain $g_ipt_options | $output_filter
echo
done
else
echo "$g_product $SHOREWALL_VERSION $table Table at $g_hostname - $(date)"
echo
show_reset
- $g_tool -t $table -L $g_ipt_options
+ $g_tool -t $table -L $g_ipt_options | $output_filter
fi
;;
esac
@@ -1167,7 +1206,7 @@
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
- echo "LOGFILE ($LOGFILE) does not exist!" >&2
+ echo "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html" >&2
exit 2
fi
fi
@@ -1611,53 +1650,82 @@
fi
determine_ipset_version
- #
- # Normalize host list
- #
- while [ $# -gt 1 ]; do
- interface=${1%%:*}
- host=${1#*:}
- [ "$host" = "$1" ] && host=
- if [ -z "$host" ]; then
- if [ $g_family -eq 4 ]; then
- hostlist="$hostlist $interface:0.0.0.0/0"
- else
- hostlist="$hostlist $interface:::/0"
- fi
- else
- for h in $(separate_list $host); do
- hostlist="$hostlist $interface:$h"
- done
- fi
+ case $1 in
+ *:*)
+ while [ $# -gt 1 ]; do
+ if [ $g_family -eq 4 ]; then
+ interface=${1%%:*}
+ host=${1#*:}
+ else
+ interface=${1%%|*}
+ host=${1#*|}
+ fi
- shift
- done
+ [ "$host" = "$1" ] && host=
+
+ if [ -z "$host" ]; then
+ if [ $g_family -eq 4 ]; then
+ hostlist="$hostlist $interface:0.0.0.0/0"
+ else
+ hostlist="$hostlist $interface:::/0"
+ fi
+ else
+ for h in $(separate_list $host); do
+ hostlist="$hostlist $interface:$h"
+ done
+ fi
+
+ shift
+ done
+ ;;
+ *)
+ ipset=$1
+ shift
+ while [ $# -gt 0 ]; do
+ for h in $(separate_list $1); do
+ hostlist="$hostlist $h"
+ done
+ shift
+ done
+ ;;
+ esac
zone=$1
- for host in $hostlist; do
- if [ $g_family -eq 4 ]; then
- interface=${host%:*}
- ipset=${zone}_${interface};
- else
- interface=${host%%:*}
- ipset=6_${zone}_${interface};
- fi
+ if [ -n "$zone" ]; then
+ for host in $hostlist; do
+ if [ $g_family -eq 4 ]; then
+ interface=${host%:*}
+ ipset=${zone}_${interface};
+ else
+ interface=${host%%:*}
+ ipset=6_${zone}_${interface};
+ fi
- if ! qt $IPSET -L $ipset; then
- fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
- fi
+ if ! qt $IPSET -L $ipset; then
+ fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
+ fi
- host=${host#*:}
+ host=${host#*:}
- if $IPSET -A $ipset $host; then
- echo "Host $interface:$host added to zone $zone"
- else
- fatal_error "Unable to add $interface:$host to zone $zone"
- fi
- done
+ if $IPSET -A $ipset $host; then
+ echo "Host $interface:$host added to zone $zone"
+ else
+ fatal_error "Unable to add $interface:$host to zone $zone"
+ fi
+ done
+ else
+ qt $IPSET -L $ipset || fatal_error "Zone $ipset is not dynamic"
+ for host in $hostlist; do
+ if $IPSET -A $ipset $host; then
+ echo "Host $host added to zone $ipset"
+ else
+ fatal_error "Unable to add $host to zone $ipset"
+ fi
+ done
+ fi
}
#
@@ -1671,53 +1739,82 @@
fi
determine_ipset_version
- #
- # Normalize host list
- #
- while [ $# -gt 1 ]; do
- interface=${1%%:*}
- host=${1#*:}
- [ "$host" = "$1" ] && host=
- if [ -z "$host" ]; then
- if [ $g_family -eq 4 ]; then
- hostlist="$hostlist $interface:0.0.0.0/0"
- else
- hostlist="$hostlist $interface:::/0"
- fi
- else
- for h in $(separate_list $host); do
- hostlist="$hostlist $interface:$h"
- done
- fi
+ case $1 in
+ *:*)
+ while [ $# -gt 1 ]; do
+ if [ $g_family -eq 4 ]; then
+ interface=${1%%:*}
+ host=${1#*:}
+ else
+ interface=${1%%|*}
+ host=${1#*|}
+ fi
- shift
- done
+ [ "$host" = "$1" ] && host=
+
+ if [ -z "$host" ]; then
+ if [ $g_family -eq 4 ]; then
+ hostlist="$hostlist $interface:0.0.0.0/0"
+ else
+ hostlist="$hostlist $interface:::/0"
+ fi
+ else
+ for h in $(separate_list $host); do
+ hostlist="$hostlist $interface:$h"
+ done
+ fi
+
+ shift
+ done
+ ;;
+ *)
+ ipset=$1
+ shift
+ while [ $# -gt 0 ]; do
+ for h in $(separate_list $1); do
+ hostlist="$hostlist $h"
+ done
+ shift
+ done
+ ;;
+ esac
zone=$1
- for hostent in $hostlist; do
- if [ $g_family -eq 4 ]; then
- interface=${hostent%:*}
- ipset=${zone}_${interface};
- else
- interface=${hostent%%:*}
- ipset=6_${zone}_${interface};
- fi
+ if [ -n "$zone" ]; then
+ for host in $hostlist; do
+ if [ $g_family -eq 4 ]; then
+ interface=${host%:*}
+ ipset=${zone}_${interface};
+ else
+ interface=${host%%:*}
+ ipset=6_${zone}_${interface};
+ fi
- if ! qt $IPSET -L $ipset -n; then
- fatal_error "Zone $zone, interface $interface is does not have a dynamic host list"
- fi
+ if ! qt $IPSET -L $ipset -n; then
+ fatal_error "Zone $zone, interface $interface does not have a dynamic host list"
+ fi
- host=${hostent#*:}
+ host=${host#*:}
- if $IPSET -D $ipset $host; then
- echo "Host $hostent deleted from zone $zone"
- else
- echo " WARNING: Unable to delete host $hostent to zone $zone" >&2
- fi
- done
+ if $IPSET -D $ipset $host; then
+ echo "Host $host deleted from zone $zone"
+ else
+ echo " WARNING: Unable to delete host $hostent to zone $zone" >&2
+ fi
+ done
+ else
+ qt $IPSET -L $ipset -n || fatal_error "Zone $ipset is not dynamic"
+ for host in $hostlist; do
+ if $IPSET -D $ipset $host; then
+ echo "Host $host deleted from to zone $ipset"
+ else
+ echo " WARNING: Unable to delete host $host from zone $zone" >&2
+ fi
+ done
+ fi
}
#
@@ -2027,6 +2124,7 @@
GEOIP_MATCH=
RPFILTER_MATCH=
NFACCT_MATCH=
+ CHECKSUM_TARGET=
AMANDA_HELPER=
FTP_HELPER=
FTP0_HELPER=
@@ -2188,6 +2286,7 @@
qt $g_tool -t mangle -A $chain -m dscp --dscp 0 && DSCP_MATCH=Yes
qt $g_tool -t mangle -A $chain -j DSCP --set-dscp 0 && DSCP_TARGET=Yes
qt $g_tool -t mangle -A $chain -m rpfilter && RPFILTER_MATCH=Yes
+ qt $g_tool -t mangle -A $chain -j CHECKSUM --checksum-fill && CHECKSUM_TARGET=Yes
qt $g_tool -t mangle -F $chain
qt $g_tool -t mangle -X $chain
@@ -2424,6 +2523,8 @@
report_capability "Geo IP match" $GEOIP_MATCH
report_capability "RPFilter match" $RPFILTER_MATCH
report_capability "NFAcct match" $NFACCT_MATCH
+ report_capability "Checksum Target" $CHECKSUM_TARGET
+
report_capability "Amanda Helper" $AMANDA_HELPER
report_capability "FTP Helper" $FTP_HELPER
report_capability "FTP-0 Helper" $FTP0_HELPER
@@ -2535,6 +2636,8 @@
report_capability1 GEOIP_MATCH
report_capability1 RPFILTER_MATCH
report_capability1 NFACCT_MATCH
+ report_capability1 CHECKSUM_TARGET
+
report_capability1 AMANDA_HELPER
report_capability1 FTP_HELPER
report_capability1 FTP0_HELPER
@@ -2853,6 +2956,27 @@
fi
fi
+ if [ -n "$IPSET" ]; then
+ case "$IPSET" in
+ */*)
+ if [ ! -x "$IPSET" ] ; then
+ echo " ERROR: The program specified in IPSET ($IPSET) does not exist or is not executable" >&2
+ exit 2
+ fi
+ ;;
+ *)
+ prog="$(mywhich $IPSET 2> /dev/null)"
+ if [ -z "$prog" ] ; then
+ echo " ERROR: Can't find $IPSET executable" >&2
+ exit 2
+ fi
+ IPSET=$prog
+ ;;
+ esac
+ else
+ IPSET='ipset'
+ fi
+
[ -n "$RESTOREFILE" ] || RESTOREFILE=restore
validate_restorefile RESTOREFILE
@@ -3099,7 +3223,7 @@
echo " restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]"
echo " save [ <file name> ]"
- echo " show [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
+ echo " show [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
echo " show [ -f ] capabilities"
echo " show classifiers"
echo " show config"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/releasenotes.txt new/shorewall-core-4.5.9/releasenotes.txt
--- old/shorewall-core-4.5.8.2/releasenotes.txt 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-core-4.5.9/releasenotes.txt 2012-10-29 19:26:27.000000000 +0100
@@ -1,7 +1,7 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 5 . 8 . 2
+ S H O R E W A L L 4 . 5 . 9
------------------------------------
- O c t o b e r 0 9 , 2 0 1 2
+ N o v e m b e r 0 2 , 2 0 1 2
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -15,6 +15,256 @@
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+1) This release contains all defect repair from Shorewall 4.5.8.2.
+
+2) A typo has been corrected in the shorewallrc.default file.
+
+3) Beginning with Shorewall 4.5.7.2, Shorewall unconditionally
+ restores the provider mark as the first rule in the mangle table
+ OUTPUT and PREROUTING chains. Previously, the provider mark was
+ restored only if it was non-zero.
+
+ It has become clear that some users need it one way while others
+ need it the other way. To resolve this issue, a RESTORE_ROUTEMARKS
+ option has been added to shorewall.conf and shorewall6.conf. When
+ this option is set to Yes (the default), the 4.5.7.2 approach is
+ used (always restore the mark, even if it is zero); when it is set
+ to No, the pre-4.5.7.2 behavior is retained (only restore the mark
+ if it is non-zero).
+
+4) Two error messages produced by the RST action have been
+ corrected. They previously referred to errors in the NotSyn action
+ rather than RST.
+
+----------------------------------------------------------------------------
+ I I. K N O W N P R O B L E M S R E M A I N I N G
+----------------------------------------------------------------------------
+
+1) On systems running Upstart, shorewall-init cannot reliably secure
+ the firewall before interfaces are brought up.
+
+----------------------------------------------------------------------------
+ I I I. N E W F E A T U R E S I N T H I S R E L E A S E
+----------------------------------------------------------------------------
+
+1) Prior to this release, if a dynamic zone was associated with more
+ than one interface, then Shorewall created a separate ipset for
+ each interface. This meant that multiple 'add' and 'delete'
+ commands might be required to change the zone composition.
+
+ This release introduces a 'dynamic_shared' zone option. When that
+ option is specified, a single ipset is generated regardless of the
+ number of entries the zone has in the hosts file.
+
+ The 'dynamic_shared' option may only be specified in the OPTIONS
+ column of the zones file.
+
+ The syntax of the 'add' and 'delete' commands is changed for zones
+ having the 'dynamic_shared' option:
+
+ add <zone> <address>[,<address> ... ]
+
+ delete <zone> <address>[,<address> ... ]
+
+ Example:
+
+ shorewall add direct 172.20.1.99
+
+ The syntax for 'add' and 'delete' for zones not having the
+ 'dynamic_shared' option is unchanged.
+
+2) Puppet and Teredo macros have been contributed by Paul Gear.
+
+3) The 'show' command now supports a -b (brief) option that suppresses
+ listing of rules that have zero packet count and omits chains that
+ have no rules listed (Paul Gear).
+
+4) A CHECKSUM action has been added to the tcrules files. This action
+ computes and fills in the checksum in a packet that lacks one.
+ This is particularly useful if you need to work around old
+ applications, such as dhcp clients, that do not work well with
+ checksum offloads, but you don't want to disable checksum offload
+ in your device.
+
+ As part of this change, a new 'Checksum Target' capability has been
+ added, so if you use a capabilities file, it needs to be
+ re-generated after you install this release.
+
+5) The 'shorewall6 show routing' command now sorts the contents of
+ each routing table in the same way as 'shorewall show routing'.
+
+6) It is now possible to specify a mark range in the ACTION column of
+ the tcrules file. This causes the generated ruleset to assign marks
+ in the range in round-robin fashion. As part of this change, a
+ STATE column is also added that allows marks to be assigned only to
+ packets that are in one of the specified states (NEW, RELATED,
+ ESTABLISHED, etc.). Specifying NEW in this column along with
+ a range in the ACTION column allows for load-balancing SNAT rules
+ over a number of different external addresses.
+
+ Example:
+
+ /etc/shorewall/tcrules
+
+ #ACTION SOURCE DEST ...
+ 1-3:CF eth1 172.20.1.0/24 ; state=NEW
+
+ /etc/shorewall/masq
+
+ #INTERFACE SOURCE ADDRESS ...
+ eth0 192.168.1.0/24 1.1.1.1 ; mark=1:C
+ eth0 192.168.1.0/24 1.1.1.5 ; mark=2:C
+ eth0 192.168.1.0/24 1.1.1.9 ; mark=3:C
+
+ Specifying a mark range require the 'Statistics Match' capability
+ in your iptables and kernel.
+
+----------------------------------------------------------------------------
+ V. M I G R A T I O N I S S U E S
+----------------------------------------------------------------------------
+
+1) If you are migrating from Shorewall 4.2.x or earlier, please see
+ http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt
+
+2) The BLACKLIST section of the rules file has been eliminated.
+ If you have entries in that file section, you must move them to the
+ blrules file.
+
+3) This version of Shorewall requires either the Digest::SHA1 or
+ Digest::SHA Perl module.
+
+ Debian: libdigest-sha1-perl or libdigest-sha-perl
+ Fedora: perl-Digest-SHA1 or perl-Digest-SHA
+ OpenSuSE: perl-Digest-SHA1 or perl-Digest-SHA
+
+4) The generated firewall script now maintains the
+ /var/lib/shorewall[6][-lite]/interface.status files used by SWPING
+ and by LSM.
+
+ If you have optional providers and do not run a link monitor like
+ SWPING or LSM that updates these files, then you should remove
+ /etc/shorewall[6]/isusable if it is installed.
+
+ Beginning with Shorewall 4.5.3.1:
+
+ - The 'disable' command stores a 1 in the interface's .status file.
+ - The .status file is ignored on 'enable' but not on 'start',
+ 'restart', 'restore' and 'refresh'.
+
+ This means that a disabled interface can only be re-enabled using
+ the 'enable' command.
+
+5) The /etc/shorewall[6]/tos file is now deprecated in favor of the
+ TOS() action in /etc/shorewall[6]/tcrules.
+
+6) The MARK/CLASSIFY column in /etc/shorewall[6]/tcrules has been
+ renamed ACTION to reflect the expanded set of actions that can be
+ specified in the column. There is no change to existing
+ functionality.
+
+7) Beginning with Shorewall 4.5.2, using /etc/shorewall-lite/vardir
+ and /etc/shorewall6-lite/vardir to specify VARDIR is deprecated in
+ favor of the VARDIR setting in shorewallrc.
+
+ NOTE: While the name of the variable remains VARDIR, the
+ meaning is slightly different. When set in shorewallrc,
+ each product (shorewall-lite, and shorewall6-lite) will
+ create a directory under the specified path name to
+ hold state information.
+
+ Example:
+
+ VARDIR=/opt/var/
+
+ The state directory for shorewall-lite will be
+ /opt/var/shorewall-lite/ and the directory for
+ shorewall6-lite will be /opt/var/shorewall6-lite.
+
+ When VARDIR is set in /etc/shorewall[6]/vardir, the
+ product will save its state directly in the specified
+ directory.
+
+ In Shorewall 4.5.8, a VARLIB variable was added to the shorewallrc
+ file and the meaning of VARDIR is once again consistent. The
+ default setting of VARDIR for a particular product is
+ ${VARLIB}/$product. There is an entry of that form in the
+ shorewallrc file. Because there is a single shorewallrc file for
+ all installed products, the /etc/shorewall[6]-lite/vardir file
+ provides the only means for overriding this default.
+
+8) Begining with Shorewall 4.5.6, the tcrules file is processed if
+ MANGLE_ENABLED=Yes, independent of the setting of TC_ENABLED. This
+ allows actions like TTL and TPROXY to be used without enabling
+ traffic shaping.
+
+ If you have rules in your tcrules file that you only want processed
+ when TC_ENABLED is other than 'No', then enclose them in
+
+ ?IF $TC_ENABLED
+ ...
+ ?ENDIF
+
+ If they are to be processed only if TC_ENABLED=Internal, then enclose
+ them in
+
+ ?IF TC_ENABLED eq 'Internal'
+ ...
+ ?ENDIF
+
+9) Beginning with Shorewall 4.5.7, the deprecated
+ /etc/shorewall[6]/blacklist files are no longer installed. Existing
+ files are still processed by the compiler. Note that blacklist
+ files may be converted to equivalent blrules files using
+ 'shorewall[6] update -b'.
+
+10) In Shorewall 4.5.7, the /etc/shorewall[6]/notrack file was renamed
+ /etc/shorewall[6]/conntrack. When upgrading to a release >= 4.5.7,
+ the conntrack file will be installed along side of an existing
+ notrack file. When both files exist, a compiler warning is
+ generated:
+
+ WARNING: Both notrack and conntrack exist; conntrack is ignored
+
+ This warning may be eliminated by moving any entries in the notrack
+ file to the conntrack file and removing the notrack file.
+
+11) In Shorewall 4.5.8, the /etc/shorewall[6]/routestopped files were
+ deprecated if favor of new /etc/shorewall[6]/stoppedrules
+ counterparts. The new files have much more familiar and
+ straightforward semantics. Once a stoppedrules file is populated,
+ the compiler will process that file and will ignore the
+ corresponding routestopped file.
+
+12) In Shorewall 4.5.8, a new variable (VARLIB) was added to the
+ shorewallrc file. This variable assumes the role formerly played by
+ VARDIR, and VARDIR now designates the configuration directory for a
+ particular product.
+
+ This change should be transparent to all users:
+
+ a) If VARDIR is set in an existing shorewallrc file and VARLIB is
+ not, then VARLIB is set to ${VARDIR} and VARDIR is set to
+ ${VARLIB}/${PRODUCT}.
+
+ b) If VARLIB is set in a shorewallrc file and VARDIR is not, then
+ VARDIR is set to ${VARLIB}/${PRODUCT}.
+
+ The Shorewall-core installer will automatically update
+ ~/.shorewallrc and save the original in ~/.shorewallrc.bak
+
+13) Previously, the macro.SNMP macro opened both UDP ports 161 and 162
+ from SOURCE to DEST. This is against the usual practice of opening
+ these ports in the opposite direction. Beginning with Shorewall
+ 4.5.8, the SNMP macro opens port 161 from SOURCE to DEST as before,
+ and a new SNMPTrap macro is added that opens port 162 (from SOURCE
+ to DEST).
+
+----------------------------------------------------------------------------
+ V I. N O T E S F R O M O T H E R 4 . 5 R E L E A S E S
+----------------------------------------------------------------------------
+ P R O B L E M S C O R R E C T E D I N 4 . 5 . 8
+----------------------------------------------------------------------------
+
4.5.8.2
1) The 'shorewall show' command previously produced no output. That
@@ -68,8 +318,8 @@
3) Previously, the macro.SNMP macro opened both UDP ports 161 and 162
from SOURCE to DEST. This is against the usual practice of opening
these ports in the opposite direction. Beginning with this release,
- the SNMP macro opens port 162 from SOURCE to DEST as before, and a
- new SNMPTrap macro is added that opens port 162 (from SOURCE to
+ macro.SNMP opens port 161 from SOURCE to DEST as before, and a new
+ SNMPTrap macro is added that opens port 162 (from SOURCE to
DEST).
4) Previously, when compiling for export, both
@@ -115,17 +365,10 @@
is flagged as an error.
----------------------------------------------------------------------------
- I I. K N O W N P R O B L E M S R E M A I N I N G
+ N E W F E A T U R E S I N 4 . 5 . 8
----------------------------------------------------------------------------
-1) On systems running Upstart, shorewall-init cannot reliably secure
- the firewall before interfaces are brought up.
-
-----------------------------------------------------------------------------
- I I I. N E W F E A T U R E S I N T H I S R E L E A S E
-----------------------------------------------------------------------------
-
-1) This release attempts to alleviate the confusion that results
+1) This release attempts to alleviate the confustion that results
from different usage of the VARDIR variable name.
Beginning with Shorewall 4.5.2, 'VARDIR' became a variable in the
@@ -231,165 +474,6 @@
must be specified for the MARK value and for the 'tcp-ack' and
'tos*' options if those are used.
-Added in 4.5.8.1.
-
-10) In most contexts, Shorewall6 has required IPv6 addresses to be
- enclosed in either angled brackets ( <....> , deprecated) or in
- square brackets ([....]). This includes network addresses, where
- both the IPv6 address and the VLSM are required to be within the
- brackets (e.g., [2001;470:b:787::/64]). This differs from the
- industry-standard network form in which the IPv6 address is
- enclosed in square brackets and the VLSM is outside of the brackets
- (e.g., [2001:470:b:787::]/64). Beginning with this release, the
- industry-standard representation is also accepted by Shorewall6.
-
- Note: Those of you who read the patches will probably have
- noticed that much of this change was actually in 4.5.8; because the
- change was commited late in the 4.5.8 release cycle, we chose not
- to document the change until it had undergone additional testing.
-
-----------------------------------------------------------------------------
- V. M I G R A T I O N I S S U E S
-----------------------------------------------------------------------------
-
-1) If you are migrating from Shorewall 4.2.x or earlier, please see
- http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt
-
-2) The BLACKLIST section of the rules file has been eliminated.
- If you have entries in that file section, you must move them to the
- blrules file.
-
-3) This version of Shorewall requires either the Digest::SHA1 or
- Digest::SHA Perl module.
-
- Debian: libdigest-sha1-perl or libdigest-sha-perl
- Fedora: perl-Digest-SHA1 or perl-Digest-SHA
- OpenSuSE: perl-Digest-SHA1 or perl-Digest-SHA
-
-4) The generated firewall script now maintains the
- /var/lib/shorewall[6][-lite]/interface.status files used by SWPING
- and by LSM.
-
- If you have optional providers and to not run a link monitor like
- SWPING or LSM that updates these files, then you should remove
- /etc/shorewall[6]/isusable if it is installed.
-
- Beginning with Shorewall 4.5.3.1:
-
- - The 'disable' command stores a 1 in the interface's .status file.
- - The .status file is ignored on 'enable' but not on 'start',
- 'restart', 'restore' and 'refresh'.
-
- This means that a disabled interface can only be re-enabled using
- the 'enable' command.
-
-5) The /etc/shorewall[6]/tos file is now deprecated in favor of the
- TOS() action in /etc/shorewall[6]/tcrules.
-
-6) The MARK/CLASSIFY column in /etc/shorewall[6]/tcrules has been
- renamed ACTION to reflect the expanded set of actions that can be
- specified in the column. There is no change to existing
- functionality.
-
-7) Beginning with Shorewall 4.5.2, using /etc/shorewall-lite/vardir
- and /etc/shorewall6-lite/vardir to specify VARDIR is deprecated in
- favor of the VARDIR setting in shorewallrc.
-
- NOTE: While the name of the variable remains VARDIR, the
- meaning is slightly different. When set in shorewallrc,
- each product (shorewall-lite, and shorewall6-lite) will
- create a directory under the specified path name to
- hold state information.
-
- Example:
-
- VARDIR=/opt/var/
-
- The state directory for shorewall-lite will be
- /opt/var/shorewall-lite/ and the directory for
- shorewall6-lite will be /opt/var/shorewall6-lite.
-
- When VARDIR is set in /etc/shorewall[6]/vardir, the
- product will save its state directly in the specified
- directory.
-
- In Shorewall 4.5.8, a VARLIB variable was added to the shorewallrc
- file and the meaning of VARDIR is once again consistent. The
- default setting of VARDIR for a particular product is
- ${VARLIB}/$product. There is an entry of that form in the
- shorewallrc file. Because there is a single shorewallrc file for
- all installed products, the /etc/shorewall[6]-lite/vardir file
- provides the only means for overriding this default.
-
-8) Begining with Shorewall 4.5.6, the tcrules file is processed if
- MANGLE_ENABLED=Yes, independent of the setting of TC_ENABLED. This
- allows actions like TTL and TPROXY to be used without enabling
- traffic shaping.
-
- If you have rules in your tcrules file that you only want processed
- when TC_ENABLED is other than 'No', then enclose them in
-
- ?IF $TC_ENABLED
- ...
- ?ENDIF
-
- If they are to be processed only if TC_ENABLED=Internal, then enclose
- them in
-
- ?IF TC_ENABLED eq 'Internal'
- ...
- ?ENDIF
-
-9) Beginning with Shorewall 4.5.7, the deprecated
- /etc/shorewall[6]/blacklist files are no longer installed. Existing
- files are still processed by the compiler. Note that blacklist
- files may be converted to equivalent blrules files using
- 'shorewall[6] update -b'.
-
-10) In Shorewall 4.5.7, the /etc/shorewall[6]/notrack file was renamed
- /etc/shorewall[6]/conntrack. When upgrading to a release >= 4.5.7,
- the conntrack file will be installed along side of an existing
- notrack file. When both files exist, a compiler warning is
- generated:
-
- WARNING: Both notrack and conntrack exist; conntrack is ignored
-
- This warning may be eliminated by moving any entries in the notrack
- file to the conntrack file and removing the notrack file.
-
-11) In Shorewall 4.5.8, the /etc/shorewall[6]/routestopped files were
- deprecated if favor of new /etc/shorewall[6]/stoppedrules
- counterparts. The new files have much more familiar and
- straightforward semantics. Once a stoppedrules file is populated,
- the compiler will process that file and will ignore the
- corresponding routestopped file.
-
-12) In Shorewall 4.5.8, a new variable (VARLIB) was added to the
- shorewallrc file. This variable assumes the role formerly played by
- VARDIR, and VARDIR now designates the configuration directory for a
- particular product.
-
- This change should be transparent to all users:
-
- a) If VARDIR is set in an existing shorewallrc file and VARLIB is
- not, then VARLIB is set to ${VARDIR} and VARDIR is set to
- ${VARLIB}/${PRODUCT}.
-
- b) If VARLIB is set in a shorewallrc file and VARDIR is not, then
- VARDIR is set to ${VARLIB}/${PRODUCT}.
-
- The Shoreawll-core will automatically update ~/.shorewallrc and
- save the original in ~/.shorewallrc.bak
-
-13) Prior to Shorewall 4.5.8, the macro.SNMP macro opened both UDP
- ports 161 and 162 from SOURCE to DEST. This is against the usual
- practice of opening these ports in the opposite
- direction. Beginning with Shorewall 4.5.8, the SNMP macro opens
- port 161 from SOURCE to DEST as before, and a new SNMPTrap macro
- has been added that opens port 162 (from SOURCE to DEST).
-
-----------------------------------------------------------------------------
- V I. N O T E S F R O M O T H E R 4 . 5 R E L E A S E S
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 5 . 7
----------------------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/shorewall-core.spec new/shorewall-core-4.5.9/shorewall-core.spec
--- old/shorewall-core-4.5.8.2/shorewall-core.spec 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-core-4.5.9/shorewall-core.spec 2012-10-29 19:26:27.000000000 +0100
@@ -1,6 +1,6 @@
%define name shorewall-core
-%define version 4.5.8
-%define release 2
+%define version 4.5.9
+%define release 0base
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@@ -62,10 +62,16 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt
%changelog
-* Sun Oct 07 2012 Tom Eastep tom(a)shorewall.net
-- Updated to 4.5.8-2
-* Wed Sep 26 2012 Tom Eastep tom(a)shorewall.net
-- Updated to 4.5.8-1
+* Fri Oct 26 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0base
+* Sun Oct 21 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0RC1
+* Tue Oct 16 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta3
+* Thu Oct 04 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta2
+* Thu Sep 20 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta1
* Wed Sep 19 2012 Tom Eastep tom(a)shorewall.net
- Updated to 4.5.8-0base
* Thu Sep 13 2012 Tom Eastep tom(a)shorewall.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/shorewallrc.default new/shorewall-core-4.5.9/shorewallrc.default
--- old/shorewall-core-4.5.8.2/shorewallrc.default 2012-10-08 17:55:20.000000000 +0200
+++ new/shorewall-core-4.5.9/shorewallrc.default 2012-10-29 15:18:28.000000000 +0100
@@ -10,7 +10,7 @@
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${PREFIX}/man #Directory where manpages are installed.
-INITDIR=etc/init.d #Directory where SysV init scripts are installed.
+INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's installed SysV init script
INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.8.2/uninstall.sh new/shorewall-core-4.5.9/uninstall.sh
--- old/shorewall-core-4.5.8.2/uninstall.sh 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-core-4.5.9/uninstall.sh 2012-10-29 19:26:27.000000000 +0100
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.5.8.2
+VERSION=4.5.9
usage() # $1 = exit status
{
++++++ shorewall-docs-html-4.5.8.2.tar.bz2 -> shorewall-docs-html-4.5.9.tar.bz2 ++++++
++++ 7866 lines of diff (skipped)
++++++ shorewall-init-4.5.8.2.tar.bz2 -> shorewall-init-4.5.9.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.8.2/changelog.txt new/shorewall-init-4.5.9/changelog.txt
--- old/shorewall-init-4.5.8.2/changelog.txt 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-init-4.5.9/changelog.txt 2012-10-29 19:26:28.000000000 +0100
@@ -1,40 +1,72 @@
-Changes in 4.5.8.2
+Changes in 4.5.9 Final
1) Update release documents.
-2) Correct IPv4 'show dynamic'
+2) Small wording change in the release notes description of CHECKSUM.
+ The text copied from iptables(8) didn't read quite right.
-3) Re-enable IP ranges and IPV6 IPSETS in the hosts file.
+Changes in 4.5.9 RC 1
-4) Make handling of SYSTEMD and INITFILE consistent.
+1) Update release documents.
+
+2) Add Terado Macro (Paul Gear).
+
+3) Don't display naked chain heading when -b
+
+4) Add CHECKSUM action in tcrules.
+
+5) Sort IPv6 routing tables
-Changes in 4.5.8.1
+6) Allow mark range in /etc/shorewall/tcrules.
+
+Changes in 4.5.9 Beta 3
1) Update release documents.
-2) Complete the implementation of new IPv6 net syntax.
+2) Apply Paul Gear's typo correction
-3) Correct dynamic zones with ipset V5.
+3) Add Pupet Macro (Paul Gear).
-4) Don't suppress '-' in generated ipset names.
+4) Don't shout in compiler directives in lib.core.
-5) Correct an error message.
+5) Don't include IPv6-specific code in the IPv4 checkkernelversion()
+ function.
-6) Eliminate syntax error in Shorewall-init installer.
+6) Rename crvsn -> vlsm in sort_routes() (lib.core)
-Changes in 4.5.8 Final.
+7) Add the Shorewall Logging URL to the "Log doesn't exist" message.
+
+8) Correct a typo in a comment in get_params()
+
+9) Allow quotes in paremeter to run_iptables()
+
+10) Correct error messages in action.RST.
+
+11) Apply Paul Gear's '-b' option patchset.
+
+Changes in 4.5.9 Beta 2
+
+1) Update release documents.
+
+2) More 'show dynamic fixes'
+
+3) Implement 'dynamic_shared' zone option.
+
+4) Implement RESTORE_ROUTEMARKS option in shorewall[6].conf.
+
+Changes in 4.5.9 Beta 1
1) Update release documents.
-2) Don't unconditionally detect helpers on 3.5 kernels.
+2) Allow [...]/vlsm for IPv6 Nets.
-3) Correct PPTP control port in conntrack files.
+3) Don't suppress '-' in generated ipset names.
-4) Correct typo in the PPtP Macro.
+4) Expunge some of the g_* variables.
-5) Correct handling of {+-}0 in TTL and HL tcrules.
+Changes in 4.5.8 Final.
-6) Modify the .service files based on the setting of ${SBINDIR}
+1) Update release documents.
Changes in 4.5.8 RC 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.8.2/configure new/shorewall-init-4.5.9/configure
--- old/shorewall-init-4.5.8.2/configure 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-init-4.5.9/configure 2012-10-29 19:26:28.000000000 +0100
@@ -28,7 +28,7 @@
#
# Build updates this
#
-VERSION=4.5.8.2
+VERSION=4.5.9
case "$BASH_VERSION" in
[4-9].*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.8.2/configure.pl new/shorewall-init-4.5.9/configure.pl
--- old/shorewall-init-4.5.8.2/configure.pl 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-init-4.5.9/configure.pl 2012-10-29 19:26:28.000000000 +0100
@@ -31,7 +31,7 @@
# Build updates this
#
use constant {
- VERSION => '4.5.8.2'
+ VERSION => '4.5.9'
};
my %params;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.8.2/install.sh new/shorewall-init-4.5.9/install.sh
--- old/shorewall-init-4.5.8.2/install.sh 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-init-4.5.9/install.sh 2012-10-29 19:26:28.000000000 +0100
@@ -23,7 +23,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.5.8.2
+VERSION=4.5.9
usage() # $1 = exit status
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.8.2/releasenotes.txt new/shorewall-init-4.5.9/releasenotes.txt
--- old/shorewall-init-4.5.8.2/releasenotes.txt 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-init-4.5.9/releasenotes.txt 2012-10-29 19:26:28.000000000 +0100
@@ -1,7 +1,7 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 5 . 8 . 2
+ S H O R E W A L L 4 . 5 . 9
------------------------------------
- O c t o b e r 0 9 , 2 0 1 2
+ N o v e m b e r 0 2 , 2 0 1 2
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -15,6 +15,256 @@
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+1) This release contains all defect repair from Shorewall 4.5.8.2.
+
+2) A typo has been corrected in the shorewallrc.default file.
+
+3) Beginning with Shorewall 4.5.7.2, Shorewall unconditionally
+ restores the provider mark as the first rule in the mangle table
+ OUTPUT and PREROUTING chains. Previously, the provider mark was
+ restored only if it was non-zero.
+
+ It has become clear that some users need it one way while others
+ need it the other way. To resolve this issue, a RESTORE_ROUTEMARKS
+ option has been added to shorewall.conf and shorewall6.conf. When
+ this option is set to Yes (the default), the 4.5.7.2 approach is
+ used (always restore the mark, even if it is zero); when it is set
+ to No, the pre-4.5.7.2 behavior is retained (only restore the mark
+ if it is non-zero).
+
+4) Two error messages produced by the RST action have been
+ corrected. They previously referred to errors in the NotSyn action
+ rather than RST.
+
+----------------------------------------------------------------------------
+ I I. K N O W N P R O B L E M S R E M A I N I N G
+----------------------------------------------------------------------------
+
+1) On systems running Upstart, shorewall-init cannot reliably secure
+ the firewall before interfaces are brought up.
+
+----------------------------------------------------------------------------
+ I I I. N E W F E A T U R E S I N T H I S R E L E A S E
+----------------------------------------------------------------------------
+
+1) Prior to this release, if a dynamic zone was associated with more
+ than one interface, then Shorewall created a separate ipset for
+ each interface. This meant that multiple 'add' and 'delete'
+ commands might be required to change the zone composition.
+
+ This release introduces a 'dynamic_shared' zone option. When that
+ option is specified, a single ipset is generated regardless of the
+ number of entries the zone has in the hosts file.
+
+ The 'dynamic_shared' option may only be specified in the OPTIONS
+ column of the zones file.
+
+ The syntax of the 'add' and 'delete' commands is changed for zones
+ having the 'dynamic_shared' option:
+
+ add <zone> <address>[,<address> ... ]
+
+ delete <zone> <address>[,<address> ... ]
+
+ Example:
+
+ shorewall add direct 172.20.1.99
+
+ The syntax for 'add' and 'delete' for zones not having the
+ 'dynamic_shared' option is unchanged.
+
+2) Puppet and Teredo macros have been contributed by Paul Gear.
+
+3) The 'show' command now supports a -b (brief) option that suppresses
+ listing of rules that have zero packet count and omits chains that
+ have no rules listed (Paul Gear).
+
+4) A CHECKSUM action has been added to the tcrules files. This action
+ computes and fills in the checksum in a packet that lacks one.
+ This is particularly useful if you need to work around old
+ applications, such as dhcp clients, that do not work well with
+ checksum offloads, but you don't want to disable checksum offload
+ in your device.
+
+ As part of this change, a new 'Checksum Target' capability has been
+ added, so if you use a capabilities file, it needs to be
+ re-generated after you install this release.
+
+5) The 'shorewall6 show routing' command now sorts the contents of
+ each routing table in the same way as 'shorewall show routing'.
+
+6) It is now possible to specify a mark range in the ACTION column of
+ the tcrules file. This causes the generated ruleset to assign marks
+ in the range in round-robin fashion. As part of this change, a
+ STATE column is also added that allows marks to be assigned only to
+ packets that are in one of the specified states (NEW, RELATED,
+ ESTABLISHED, etc.). Specifying NEW in this column along with
+ a range in the ACTION column allows for load-balancing SNAT rules
+ over a number of different external addresses.
+
+ Example:
+
+ /etc/shorewall/tcrules
+
+ #ACTION SOURCE DEST ...
+ 1-3:CF eth1 172.20.1.0/24 ; state=NEW
+
+ /etc/shorewall/masq
+
+ #INTERFACE SOURCE ADDRESS ...
+ eth0 192.168.1.0/24 1.1.1.1 ; mark=1:C
+ eth0 192.168.1.0/24 1.1.1.5 ; mark=2:C
+ eth0 192.168.1.0/24 1.1.1.9 ; mark=3:C
+
+ Specifying a mark range require the 'Statistics Match' capability
+ in your iptables and kernel.
+
+----------------------------------------------------------------------------
+ V. M I G R A T I O N I S S U E S
+----------------------------------------------------------------------------
+
+1) If you are migrating from Shorewall 4.2.x or earlier, please see
+ http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt
+
+2) The BLACKLIST section of the rules file has been eliminated.
+ If you have entries in that file section, you must move them to the
+ blrules file.
+
+3) This version of Shorewall requires either the Digest::SHA1 or
+ Digest::SHA Perl module.
+
+ Debian: libdigest-sha1-perl or libdigest-sha-perl
+ Fedora: perl-Digest-SHA1 or perl-Digest-SHA
+ OpenSuSE: perl-Digest-SHA1 or perl-Digest-SHA
+
+4) The generated firewall script now maintains the
+ /var/lib/shorewall[6][-lite]/interface.status files used by SWPING
+ and by LSM.
+
+ If you have optional providers and do not run a link monitor like
+ SWPING or LSM that updates these files, then you should remove
+ /etc/shorewall[6]/isusable if it is installed.
+
+ Beginning with Shorewall 4.5.3.1:
+
+ - The 'disable' command stores a 1 in the interface's .status file.
+ - The .status file is ignored on 'enable' but not on 'start',
+ 'restart', 'restore' and 'refresh'.
+
+ This means that a disabled interface can only be re-enabled using
+ the 'enable' command.
+
+5) The /etc/shorewall[6]/tos file is now deprecated in favor of the
+ TOS() action in /etc/shorewall[6]/tcrules.
+
+6) The MARK/CLASSIFY column in /etc/shorewall[6]/tcrules has been
+ renamed ACTION to reflect the expanded set of actions that can be
+ specified in the column. There is no change to existing
+ functionality.
+
+7) Beginning with Shorewall 4.5.2, using /etc/shorewall-lite/vardir
+ and /etc/shorewall6-lite/vardir to specify VARDIR is deprecated in
+ favor of the VARDIR setting in shorewallrc.
+
+ NOTE: While the name of the variable remains VARDIR, the
+ meaning is slightly different. When set in shorewallrc,
+ each product (shorewall-lite, and shorewall6-lite) will
+ create a directory under the specified path name to
+ hold state information.
+
+ Example:
+
+ VARDIR=/opt/var/
+
+ The state directory for shorewall-lite will be
+ /opt/var/shorewall-lite/ and the directory for
+ shorewall6-lite will be /opt/var/shorewall6-lite.
+
+ When VARDIR is set in /etc/shorewall[6]/vardir, the
+ product will save its state directly in the specified
+ directory.
+
+ In Shorewall 4.5.8, a VARLIB variable was added to the shorewallrc
+ file and the meaning of VARDIR is once again consistent. The
+ default setting of VARDIR for a particular product is
+ ${VARLIB}/$product. There is an entry of that form in the
+ shorewallrc file. Because there is a single shorewallrc file for
+ all installed products, the /etc/shorewall[6]-lite/vardir file
+ provides the only means for overriding this default.
+
+8) Begining with Shorewall 4.5.6, the tcrules file is processed if
+ MANGLE_ENABLED=Yes, independent of the setting of TC_ENABLED. This
+ allows actions like TTL and TPROXY to be used without enabling
+ traffic shaping.
+
+ If you have rules in your tcrules file that you only want processed
+ when TC_ENABLED is other than 'No', then enclose them in
+
+ ?IF $TC_ENABLED
+ ...
+ ?ENDIF
+
+ If they are to be processed only if TC_ENABLED=Internal, then enclose
+ them in
+
+ ?IF TC_ENABLED eq 'Internal'
+ ...
+ ?ENDIF
+
+9) Beginning with Shorewall 4.5.7, the deprecated
+ /etc/shorewall[6]/blacklist files are no longer installed. Existing
+ files are still processed by the compiler. Note that blacklist
+ files may be converted to equivalent blrules files using
+ 'shorewall[6] update -b'.
+
+10) In Shorewall 4.5.7, the /etc/shorewall[6]/notrack file was renamed
+ /etc/shorewall[6]/conntrack. When upgrading to a release >= 4.5.7,
+ the conntrack file will be installed along side of an existing
+ notrack file. When both files exist, a compiler warning is
+ generated:
+
+ WARNING: Both notrack and conntrack exist; conntrack is ignored
+
+ This warning may be eliminated by moving any entries in the notrack
+ file to the conntrack file and removing the notrack file.
+
+11) In Shorewall 4.5.8, the /etc/shorewall[6]/routestopped files were
+ deprecated if favor of new /etc/shorewall[6]/stoppedrules
+ counterparts. The new files have much more familiar and
+ straightforward semantics. Once a stoppedrules file is populated,
+ the compiler will process that file and will ignore the
+ corresponding routestopped file.
+
+12) In Shorewall 4.5.8, a new variable (VARLIB) was added to the
+ shorewallrc file. This variable assumes the role formerly played by
+ VARDIR, and VARDIR now designates the configuration directory for a
+ particular product.
+
+ This change should be transparent to all users:
+
+ a) If VARDIR is set in an existing shorewallrc file and VARLIB is
+ not, then VARLIB is set to ${VARDIR} and VARDIR is set to
+ ${VARLIB}/${PRODUCT}.
+
+ b) If VARLIB is set in a shorewallrc file and VARDIR is not, then
+ VARDIR is set to ${VARLIB}/${PRODUCT}.
+
+ The Shorewall-core installer will automatically update
+ ~/.shorewallrc and save the original in ~/.shorewallrc.bak
+
+13) Previously, the macro.SNMP macro opened both UDP ports 161 and 162
+ from SOURCE to DEST. This is against the usual practice of opening
+ these ports in the opposite direction. Beginning with Shorewall
+ 4.5.8, the SNMP macro opens port 161 from SOURCE to DEST as before,
+ and a new SNMPTrap macro is added that opens port 162 (from SOURCE
+ to DEST).
+
+----------------------------------------------------------------------------
+ V I. N O T E S F R O M O T H E R 4 . 5 R E L E A S E S
+----------------------------------------------------------------------------
+ P R O B L E M S C O R R E C T E D I N 4 . 5 . 8
+----------------------------------------------------------------------------
+
4.5.8.2
1) The 'shorewall show' command previously produced no output. That
@@ -68,8 +318,8 @@
3) Previously, the macro.SNMP macro opened both UDP ports 161 and 162
from SOURCE to DEST. This is against the usual practice of opening
these ports in the opposite direction. Beginning with this release,
- the SNMP macro opens port 162 from SOURCE to DEST as before, and a
- new SNMPTrap macro is added that opens port 162 (from SOURCE to
+ macro.SNMP opens port 161 from SOURCE to DEST as before, and a new
+ SNMPTrap macro is added that opens port 162 (from SOURCE to
DEST).
4) Previously, when compiling for export, both
@@ -115,17 +365,10 @@
is flagged as an error.
----------------------------------------------------------------------------
- I I. K N O W N P R O B L E M S R E M A I N I N G
+ N E W F E A T U R E S I N 4 . 5 . 8
----------------------------------------------------------------------------
-1) On systems running Upstart, shorewall-init cannot reliably secure
- the firewall before interfaces are brought up.
-
-----------------------------------------------------------------------------
- I I I. N E W F E A T U R E S I N T H I S R E L E A S E
-----------------------------------------------------------------------------
-
-1) This release attempts to alleviate the confusion that results
+1) This release attempts to alleviate the confustion that results
from different usage of the VARDIR variable name.
Beginning with Shorewall 4.5.2, 'VARDIR' became a variable in the
@@ -231,165 +474,6 @@
must be specified for the MARK value and for the 'tcp-ack' and
'tos*' options if those are used.
-Added in 4.5.8.1.
-
-10) In most contexts, Shorewall6 has required IPv6 addresses to be
- enclosed in either angled brackets ( <....> , deprecated) or in
- square brackets ([....]). This includes network addresses, where
- both the IPv6 address and the VLSM are required to be within the
- brackets (e.g., [2001;470:b:787::/64]). This differs from the
- industry-standard network form in which the IPv6 address is
- enclosed in square brackets and the VLSM is outside of the brackets
- (e.g., [2001:470:b:787::]/64). Beginning with this release, the
- industry-standard representation is also accepted by Shorewall6.
-
- Note: Those of you who read the patches will probably have
- noticed that much of this change was actually in 4.5.8; because the
- change was commited late in the 4.5.8 release cycle, we chose not
- to document the change until it had undergone additional testing.
-
-----------------------------------------------------------------------------
- V. M I G R A T I O N I S S U E S
-----------------------------------------------------------------------------
-
-1) If you are migrating from Shorewall 4.2.x or earlier, please see
- http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt
-
-2) The BLACKLIST section of the rules file has been eliminated.
- If you have entries in that file section, you must move them to the
- blrules file.
-
-3) This version of Shorewall requires either the Digest::SHA1 or
- Digest::SHA Perl module.
-
- Debian: libdigest-sha1-perl or libdigest-sha-perl
- Fedora: perl-Digest-SHA1 or perl-Digest-SHA
- OpenSuSE: perl-Digest-SHA1 or perl-Digest-SHA
-
-4) The generated firewall script now maintains the
- /var/lib/shorewall[6][-lite]/interface.status files used by SWPING
- and by LSM.
-
- If you have optional providers and to not run a link monitor like
- SWPING or LSM that updates these files, then you should remove
- /etc/shorewall[6]/isusable if it is installed.
-
- Beginning with Shorewall 4.5.3.1:
-
- - The 'disable' command stores a 1 in the interface's .status file.
- - The .status file is ignored on 'enable' but not on 'start',
- 'restart', 'restore' and 'refresh'.
-
- This means that a disabled interface can only be re-enabled using
- the 'enable' command.
-
-5) The /etc/shorewall[6]/tos file is now deprecated in favor of the
- TOS() action in /etc/shorewall[6]/tcrules.
-
-6) The MARK/CLASSIFY column in /etc/shorewall[6]/tcrules has been
- renamed ACTION to reflect the expanded set of actions that can be
- specified in the column. There is no change to existing
- functionality.
-
-7) Beginning with Shorewall 4.5.2, using /etc/shorewall-lite/vardir
- and /etc/shorewall6-lite/vardir to specify VARDIR is deprecated in
- favor of the VARDIR setting in shorewallrc.
-
- NOTE: While the name of the variable remains VARDIR, the
- meaning is slightly different. When set in shorewallrc,
- each product (shorewall-lite, and shorewall6-lite) will
- create a directory under the specified path name to
- hold state information.
-
- Example:
-
- VARDIR=/opt/var/
-
- The state directory for shorewall-lite will be
- /opt/var/shorewall-lite/ and the directory for
- shorewall6-lite will be /opt/var/shorewall6-lite.
-
- When VARDIR is set in /etc/shorewall[6]/vardir, the
- product will save its state directly in the specified
- directory.
-
- In Shorewall 4.5.8, a VARLIB variable was added to the shorewallrc
- file and the meaning of VARDIR is once again consistent. The
- default setting of VARDIR for a particular product is
- ${VARLIB}/$product. There is an entry of that form in the
- shorewallrc file. Because there is a single shorewallrc file for
- all installed products, the /etc/shorewall[6]-lite/vardir file
- provides the only means for overriding this default.
-
-8) Begining with Shorewall 4.5.6, the tcrules file is processed if
- MANGLE_ENABLED=Yes, independent of the setting of TC_ENABLED. This
- allows actions like TTL and TPROXY to be used without enabling
- traffic shaping.
-
- If you have rules in your tcrules file that you only want processed
- when TC_ENABLED is other than 'No', then enclose them in
-
- ?IF $TC_ENABLED
- ...
- ?ENDIF
-
- If they are to be processed only if TC_ENABLED=Internal, then enclose
- them in
-
- ?IF TC_ENABLED eq 'Internal'
- ...
- ?ENDIF
-
-9) Beginning with Shorewall 4.5.7, the deprecated
- /etc/shorewall[6]/blacklist files are no longer installed. Existing
- files are still processed by the compiler. Note that blacklist
- files may be converted to equivalent blrules files using
- 'shorewall[6] update -b'.
-
-10) In Shorewall 4.5.7, the /etc/shorewall[6]/notrack file was renamed
- /etc/shorewall[6]/conntrack. When upgrading to a release >= 4.5.7,
- the conntrack file will be installed along side of an existing
- notrack file. When both files exist, a compiler warning is
- generated:
-
- WARNING: Both notrack and conntrack exist; conntrack is ignored
-
- This warning may be eliminated by moving any entries in the notrack
- file to the conntrack file and removing the notrack file.
-
-11) In Shorewall 4.5.8, the /etc/shorewall[6]/routestopped files were
- deprecated if favor of new /etc/shorewall[6]/stoppedrules
- counterparts. The new files have much more familiar and
- straightforward semantics. Once a stoppedrules file is populated,
- the compiler will process that file and will ignore the
- corresponding routestopped file.
-
-12) In Shorewall 4.5.8, a new variable (VARLIB) was added to the
- shorewallrc file. This variable assumes the role formerly played by
- VARDIR, and VARDIR now designates the configuration directory for a
- particular product.
-
- This change should be transparent to all users:
-
- a) If VARDIR is set in an existing shorewallrc file and VARLIB is
- not, then VARLIB is set to ${VARDIR} and VARDIR is set to
- ${VARLIB}/${PRODUCT}.
-
- b) If VARLIB is set in a shorewallrc file and VARDIR is not, then
- VARDIR is set to ${VARLIB}/${PRODUCT}.
-
- The Shoreawll-core will automatically update ~/.shorewallrc and
- save the original in ~/.shorewallrc.bak
-
-13) Prior to Shorewall 4.5.8, the macro.SNMP macro opened both UDP
- ports 161 and 162 from SOURCE to DEST. This is against the usual
- practice of opening these ports in the opposite
- direction. Beginning with Shorewall 4.5.8, the SNMP macro opens
- port 161 from SOURCE to DEST as before, and a new SNMPTrap macro
- has been added that opens port 162 (from SOURCE to DEST).
-
-----------------------------------------------------------------------------
- V I. N O T E S F R O M O T H E R 4 . 5 R E L E A S E S
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 5 . 7
----------------------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.8.2/shorewall-init.spec new/shorewall-init-4.5.9/shorewall-init.spec
--- old/shorewall-init-4.5.8.2/shorewall-init.spec 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-init-4.5.9/shorewall-init.spec 2012-10-29 19:26:28.000000000 +0100
@@ -1,6 +1,6 @@
%define name shorewall-init
-%define version 4.5.8
-%define release 2
+%define version 4.5.9
+%define release 0base
Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
Name: %{name}
@@ -125,10 +125,16 @@
%doc COPYING changelog.txt releasenotes.txt
%changelog
-* Sun Oct 07 2012 Tom Eastep tom(a)shorewall.net
-- Updated to 4.5.8-2
-* Wed Sep 26 2012 Tom Eastep tom(a)shorewall.net
-- Updated to 4.5.8-1
+* Fri Oct 26 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0base
+* Sun Oct 21 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0RC1
+* Tue Oct 16 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta3
+* Thu Oct 04 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta2
+* Thu Sep 20 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta1
* Wed Sep 19 2012 Tom Eastep tom(a)shorewall.net
- Updated to 4.5.8-0base
* Thu Sep 13 2012 Tom Eastep tom(a)shorewall.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.8.2/shorewallrc.default new/shorewall-init-4.5.9/shorewallrc.default
--- old/shorewall-init-4.5.8.2/shorewallrc.default 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-init-4.5.9/shorewallrc.default 2012-10-29 19:26:28.000000000 +0100
@@ -10,7 +10,7 @@
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${PREFIX}/man #Directory where manpages are installed.
-INITDIR=etc/init.d #Directory where SysV init scripts are installed.
+INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's installed SysV init script
INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.8.2/uninstall.sh new/shorewall-init-4.5.9/uninstall.sh
--- old/shorewall-init-4.5.8.2/uninstall.sh 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-init-4.5.9/uninstall.sh 2012-10-29 19:26:28.000000000 +0100
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.5.8.2
+VERSION=4.5.9
usage() # $1 = exit status
{
++++++ shorewall-lite-4.5.8.2.tar.bz2 -> shorewall-lite-4.5.9.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/changelog.txt new/shorewall-lite-4.5.9/changelog.txt
--- old/shorewall-lite-4.5.8.2/changelog.txt 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-lite-4.5.9/changelog.txt 2012-10-29 19:26:28.000000000 +0100
@@ -1,40 +1,72 @@
-Changes in 4.5.8.2
+Changes in 4.5.9 Final
1) Update release documents.
-2) Correct IPv4 'show dynamic'
+2) Small wording change in the release notes description of CHECKSUM.
+ The text copied from iptables(8) didn't read quite right.
-3) Re-enable IP ranges and IPV6 IPSETS in the hosts file.
+Changes in 4.5.9 RC 1
-4) Make handling of SYSTEMD and INITFILE consistent.
+1) Update release documents.
+
+2) Add Terado Macro (Paul Gear).
+
+3) Don't display naked chain heading when -b
+
+4) Add CHECKSUM action in tcrules.
+
+5) Sort IPv6 routing tables
-Changes in 4.5.8.1
+6) Allow mark range in /etc/shorewall/tcrules.
+
+Changes in 4.5.9 Beta 3
1) Update release documents.
-2) Complete the implementation of new IPv6 net syntax.
+2) Apply Paul Gear's typo correction
-3) Correct dynamic zones with ipset V5.
+3) Add Pupet Macro (Paul Gear).
-4) Don't suppress '-' in generated ipset names.
+4) Don't shout in compiler directives in lib.core.
-5) Correct an error message.
+5) Don't include IPv6-specific code in the IPv4 checkkernelversion()
+ function.
-6) Eliminate syntax error in Shorewall-init installer.
+6) Rename crvsn -> vlsm in sort_routes() (lib.core)
-Changes in 4.5.8 Final.
+7) Add the Shorewall Logging URL to the "Log doesn't exist" message.
+
+8) Correct a typo in a comment in get_params()
+
+9) Allow quotes in paremeter to run_iptables()
+
+10) Correct error messages in action.RST.
+
+11) Apply Paul Gear's '-b' option patchset.
+
+Changes in 4.5.9 Beta 2
+
+1) Update release documents.
+
+2) More 'show dynamic fixes'
+
+3) Implement 'dynamic_shared' zone option.
+
+4) Implement RESTORE_ROUTEMARKS option in shorewall[6].conf.
+
+Changes in 4.5.9 Beta 1
1) Update release documents.
-2) Don't unconditionally detect helpers on 3.5 kernels.
+2) Allow [...]/vlsm for IPv6 Nets.
-3) Correct PPTP control port in conntrack files.
+3) Don't suppress '-' in generated ipset names.
-4) Correct typo in the PPtP Macro.
+4) Expunge some of the g_* variables.
-5) Correct handling of {+-}0 in TTL and HL tcrules.
+Changes in 4.5.8 Final.
-6) Modify the .service files based on the setting of ${SBINDIR}
+1) Update release documents.
Changes in 4.5.8 RC 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/configure new/shorewall-lite-4.5.9/configure
--- old/shorewall-lite-4.5.8.2/configure 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-lite-4.5.9/configure 2012-10-29 19:26:28.000000000 +0100
@@ -28,7 +28,7 @@
#
# Build updates this
#
-VERSION=4.5.8.2
+VERSION=4.5.9
case "$BASH_VERSION" in
[4-9].*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/configure.pl new/shorewall-lite-4.5.9/configure.pl
--- old/shorewall-lite-4.5.8.2/configure.pl 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-lite-4.5.9/configure.pl 2012-10-29 19:26:28.000000000 +0100
@@ -31,7 +31,7 @@
# Build updates this
#
use constant {
- VERSION => '4.5.8.2'
+ VERSION => '4.5.9'
};
my %params;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/install.sh new/shorewall-lite-4.5.9/install.sh
--- old/shorewall-lite-4.5.8.2/install.sh 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-lite-4.5.9/install.sh 2012-10-29 19:26:28.000000000 +0100
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.5.8.2
+VERSION=4.5.9
usage() # $1 = exit status
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/manpages/shorewall-lite-vardir.5 new/shorewall-lite-4.5.9/manpages/shorewall-lite-vardir.5
--- old/shorewall-lite-4.5.8.2/manpages/shorewall-lite-vardir.5 2012-10-08 22:10:59.000000000 +0200
+++ new/shorewall-lite-4.5.9/manpages/shorewall-lite-vardir.5 2012-10-29 19:32:03.000000000 +0100
@@ -2,12 +2,12 @@
.\" Title: shorewall-lite-vardir
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\" Date: 10/08/2012
+.\" Date: 10/29/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-LITE\-VAR" "5" "10/08/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-LITE\-VAR" "5" "10/29/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/manpages/shorewall-lite.8 new/shorewall-lite-4.5.9/manpages/shorewall-lite.8
--- old/shorewall-lite-4.5.8.2/manpages/shorewall-lite.8 2012-10-08 22:11:01.000000000 +0200
+++ new/shorewall-lite-4.5.9/manpages/shorewall-lite.8 2012-10-29 19:32:05.000000000 +0100
@@ -2,12 +2,12 @@
.\" Title: shorewall-lite
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\" Date: 10/08/2012
+.\" Date: 10/29/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-LITE" "8" "10/08/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-LITE" "8" "10/29/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -77,7 +77,7 @@
.HP \w'\fBshorewall\-lite\fR\ 'u
\fBshorewall\-lite\fR [\fBtrace\fR|\fBdebug\fR\ [\fBnolock\fR]] [\-\fIoptions\fR] \fBsave\fR [\fIfilename\fR]
.HP \w'\fBshorewall\-lite\fR\ 'u
-\fBshorewall\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR [\fB\-x\fR] [\fB\-l\fR] [\fB\-t\fR\ {\fBfilter\fR|\fBmangle\fR|\fBnat\fR|\fBraw|rawpost\fR}] [[\fBchain\fR]\ \fIchain\fR...]
+\fBshorewall\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR [\fB\-b\fR] [\fB\-x\fR] [\fB\-l\fR] [\fB\-t\fR\ {\fBfilter\fR|\fBmangle\fR|\fBnat\fR|\fBraw|rawpost\fR}] [[\fBchain\fR]\ \fIchain\fR...]
.HP \w'\fBshorewall\-lite\fR\ 'u
\fBshorewall\-lite\fR [\fBtrace\fR|\fBdebug\fR] [\-\fIoptions\fR] \fBshow\fR [\fB\-f\fR] \fBcapabilities\fR
.HP \w'\fBshorewall\-lite\fR\ 'u
@@ -411,6 +411,10 @@
\fBfilter\fR\&.
.sp
The
+\fB\-b\fR
+(\*(Aqbrief\*(Aq) option causes rules which have not been used (i\&.e\&. which have zero packet and byte counts) to be omitted from the output\&. Chains with no rules displayed are also omitted from the output\&.
+.sp
+The
\fB\-l\fR
option causes the rule number for each Netfilter rule to be displayed\&.
.sp
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/manpages/shorewall-lite.conf.5 new/shorewall-lite-4.5.9/manpages/shorewall-lite.conf.5
--- old/shorewall-lite-4.5.8.2/manpages/shorewall-lite.conf.5 2012-10-08 22:10:57.000000000 +0200
+++ new/shorewall-lite-4.5.9/manpages/shorewall-lite.conf.5 2012-10-29 19:32:01.000000000 +0100
@@ -2,12 +2,12 @@
.\" Title: shorewall-lite.conf
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\" Date: 10/08/2012
+.\" Date: 10/29/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-LITE\&.CO" "5" "10/08/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-LITE\&.CO" "5" "10/29/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/manpages/shorewall-lite.xml new/shorewall-lite-4.5.9/manpages/shorewall-lite.xml
--- old/shorewall-lite-4.5.8.2/manpages/shorewall-lite.xml 2012-10-08 22:11:02.000000000 +0200
+++ new/shorewall-lite-4.5.9/manpages/shorewall-lite.xml 2012-10-29 19:32:05.000000000 +0100
@@ -337,6 +337,8 @@
<arg choice="plain"><option>show</option></arg>
+ <arg><option>-b</option></arg>
+
<arg><option>-x</option></arg>
<arg><option>-l</option></arg>
@@ -841,6 +843,12 @@
Netfilter table to display. The default is <emphasis
role="bold">filter</emphasis>.</para>
+ <para>The <emphasis role="bold">-b</emphasis> ('brief') option
+ causes rules which have not been used (i.e. which have zero
+ packet and byte counts) to be omitted from the output. Chains
+ with no rules displayed are also omitted from the
+ output.</para>
+
<para>The <emphasis role="bold">-l</emphasis> option causes
the rule number for each Netfilter rule to be
displayed.</para>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/releasenotes.txt new/shorewall-lite-4.5.9/releasenotes.txt
--- old/shorewall-lite-4.5.8.2/releasenotes.txt 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-lite-4.5.9/releasenotes.txt 2012-10-29 19:26:28.000000000 +0100
@@ -1,7 +1,7 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 5 . 8 . 2
+ S H O R E W A L L 4 . 5 . 9
------------------------------------
- O c t o b e r 0 9 , 2 0 1 2
+ N o v e m b e r 0 2 , 2 0 1 2
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -15,6 +15,256 @@
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+1) This release contains all defect repair from Shorewall 4.5.8.2.
+
+2) A typo has been corrected in the shorewallrc.default file.
+
+3) Beginning with Shorewall 4.5.7.2, Shorewall unconditionally
+ restores the provider mark as the first rule in the mangle table
+ OUTPUT and PREROUTING chains. Previously, the provider mark was
+ restored only if it was non-zero.
+
+ It has become clear that some users need it one way while others
+ need it the other way. To resolve this issue, a RESTORE_ROUTEMARKS
+ option has been added to shorewall.conf and shorewall6.conf. When
+ this option is set to Yes (the default), the 4.5.7.2 approach is
+ used (always restore the mark, even if it is zero); when it is set
+ to No, the pre-4.5.7.2 behavior is retained (only restore the mark
+ if it is non-zero).
+
+4) Two error messages produced by the RST action have been
+ corrected. They previously referred to errors in the NotSyn action
+ rather than RST.
+
+----------------------------------------------------------------------------
+ I I. K N O W N P R O B L E M S R E M A I N I N G
+----------------------------------------------------------------------------
+
+1) On systems running Upstart, shorewall-init cannot reliably secure
+ the firewall before interfaces are brought up.
+
+----------------------------------------------------------------------------
+ I I I. N E W F E A T U R E S I N T H I S R E L E A S E
+----------------------------------------------------------------------------
+
+1) Prior to this release, if a dynamic zone was associated with more
+ than one interface, then Shorewall created a separate ipset for
+ each interface. This meant that multiple 'add' and 'delete'
+ commands might be required to change the zone composition.
+
+ This release introduces a 'dynamic_shared' zone option. When that
+ option is specified, a single ipset is generated regardless of the
+ number of entries the zone has in the hosts file.
+
+ The 'dynamic_shared' option may only be specified in the OPTIONS
+ column of the zones file.
+
+ The syntax of the 'add' and 'delete' commands is changed for zones
+ having the 'dynamic_shared' option:
+
+ add <zone> <address>[,<address> ... ]
+
+ delete <zone> <address>[,<address> ... ]
+
+ Example:
+
+ shorewall add direct 172.20.1.99
+
+ The syntax for 'add' and 'delete' for zones not having the
+ 'dynamic_shared' option is unchanged.
+
+2) Puppet and Teredo macros have been contributed by Paul Gear.
+
+3) The 'show' command now supports a -b (brief) option that suppresses
+ listing of rules that have zero packet count and omits chains that
+ have no rules listed (Paul Gear).
+
+4) A CHECKSUM action has been added to the tcrules files. This action
+ computes and fills in the checksum in a packet that lacks one.
+ This is particularly useful if you need to work around old
+ applications, such as dhcp clients, that do not work well with
+ checksum offloads, but you don't want to disable checksum offload
+ in your device.
+
+ As part of this change, a new 'Checksum Target' capability has been
+ added, so if you use a capabilities file, it needs to be
+ re-generated after you install this release.
+
+5) The 'shorewall6 show routing' command now sorts the contents of
+ each routing table in the same way as 'shorewall show routing'.
+
+6) It is now possible to specify a mark range in the ACTION column of
+ the tcrules file. This causes the generated ruleset to assign marks
+ in the range in round-robin fashion. As part of this change, a
+ STATE column is also added that allows marks to be assigned only to
+ packets that are in one of the specified states (NEW, RELATED,
+ ESTABLISHED, etc.). Specifying NEW in this column along with
+ a range in the ACTION column allows for load-balancing SNAT rules
+ over a number of different external addresses.
+
+ Example:
+
+ /etc/shorewall/tcrules
+
+ #ACTION SOURCE DEST ...
+ 1-3:CF eth1 172.20.1.0/24 ; state=NEW
+
+ /etc/shorewall/masq
+
+ #INTERFACE SOURCE ADDRESS ...
+ eth0 192.168.1.0/24 1.1.1.1 ; mark=1:C
+ eth0 192.168.1.0/24 1.1.1.5 ; mark=2:C
+ eth0 192.168.1.0/24 1.1.1.9 ; mark=3:C
+
+ Specifying a mark range require the 'Statistics Match' capability
+ in your iptables and kernel.
+
+----------------------------------------------------------------------------
+ V. M I G R A T I O N I S S U E S
+----------------------------------------------------------------------------
+
+1) If you are migrating from Shorewall 4.2.x or earlier, please see
+ http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt
+
+2) The BLACKLIST section of the rules file has been eliminated.
+ If you have entries in that file section, you must move them to the
+ blrules file.
+
+3) This version of Shorewall requires either the Digest::SHA1 or
+ Digest::SHA Perl module.
+
+ Debian: libdigest-sha1-perl or libdigest-sha-perl
+ Fedora: perl-Digest-SHA1 or perl-Digest-SHA
+ OpenSuSE: perl-Digest-SHA1 or perl-Digest-SHA
+
+4) The generated firewall script now maintains the
+ /var/lib/shorewall[6][-lite]/interface.status files used by SWPING
+ and by LSM.
+
+ If you have optional providers and do not run a link monitor like
+ SWPING or LSM that updates these files, then you should remove
+ /etc/shorewall[6]/isusable if it is installed.
+
+ Beginning with Shorewall 4.5.3.1:
+
+ - The 'disable' command stores a 1 in the interface's .status file.
+ - The .status file is ignored on 'enable' but not on 'start',
+ 'restart', 'restore' and 'refresh'.
+
+ This means that a disabled interface can only be re-enabled using
+ the 'enable' command.
+
+5) The /etc/shorewall[6]/tos file is now deprecated in favor of the
+ TOS() action in /etc/shorewall[6]/tcrules.
+
+6) The MARK/CLASSIFY column in /etc/shorewall[6]/tcrules has been
+ renamed ACTION to reflect the expanded set of actions that can be
+ specified in the column. There is no change to existing
+ functionality.
+
+7) Beginning with Shorewall 4.5.2, using /etc/shorewall-lite/vardir
+ and /etc/shorewall6-lite/vardir to specify VARDIR is deprecated in
+ favor of the VARDIR setting in shorewallrc.
+
+ NOTE: While the name of the variable remains VARDIR, the
+ meaning is slightly different. When set in shorewallrc,
+ each product (shorewall-lite, and shorewall6-lite) will
+ create a directory under the specified path name to
+ hold state information.
+
+ Example:
+
+ VARDIR=/opt/var/
+
+ The state directory for shorewall-lite will be
+ /opt/var/shorewall-lite/ and the directory for
+ shorewall6-lite will be /opt/var/shorewall6-lite.
+
+ When VARDIR is set in /etc/shorewall[6]/vardir, the
+ product will save its state directly in the specified
+ directory.
+
+ In Shorewall 4.5.8, a VARLIB variable was added to the shorewallrc
+ file and the meaning of VARDIR is once again consistent. The
+ default setting of VARDIR for a particular product is
+ ${VARLIB}/$product. There is an entry of that form in the
+ shorewallrc file. Because there is a single shorewallrc file for
+ all installed products, the /etc/shorewall[6]-lite/vardir file
+ provides the only means for overriding this default.
+
+8) Begining with Shorewall 4.5.6, the tcrules file is processed if
+ MANGLE_ENABLED=Yes, independent of the setting of TC_ENABLED. This
+ allows actions like TTL and TPROXY to be used without enabling
+ traffic shaping.
+
+ If you have rules in your tcrules file that you only want processed
+ when TC_ENABLED is other than 'No', then enclose them in
+
+ ?IF $TC_ENABLED
+ ...
+ ?ENDIF
+
+ If they are to be processed only if TC_ENABLED=Internal, then enclose
+ them in
+
+ ?IF TC_ENABLED eq 'Internal'
+ ...
+ ?ENDIF
+
+9) Beginning with Shorewall 4.5.7, the deprecated
+ /etc/shorewall[6]/blacklist files are no longer installed. Existing
+ files are still processed by the compiler. Note that blacklist
+ files may be converted to equivalent blrules files using
+ 'shorewall[6] update -b'.
+
+10) In Shorewall 4.5.7, the /etc/shorewall[6]/notrack file was renamed
+ /etc/shorewall[6]/conntrack. When upgrading to a release >= 4.5.7,
+ the conntrack file will be installed along side of an existing
+ notrack file. When both files exist, a compiler warning is
+ generated:
+
+ WARNING: Both notrack and conntrack exist; conntrack is ignored
+
+ This warning may be eliminated by moving any entries in the notrack
+ file to the conntrack file and removing the notrack file.
+
+11) In Shorewall 4.5.8, the /etc/shorewall[6]/routestopped files were
+ deprecated if favor of new /etc/shorewall[6]/stoppedrules
+ counterparts. The new files have much more familiar and
+ straightforward semantics. Once a stoppedrules file is populated,
+ the compiler will process that file and will ignore the
+ corresponding routestopped file.
+
+12) In Shorewall 4.5.8, a new variable (VARLIB) was added to the
+ shorewallrc file. This variable assumes the role formerly played by
+ VARDIR, and VARDIR now designates the configuration directory for a
+ particular product.
+
+ This change should be transparent to all users:
+
+ a) If VARDIR is set in an existing shorewallrc file and VARLIB is
+ not, then VARLIB is set to ${VARDIR} and VARDIR is set to
+ ${VARLIB}/${PRODUCT}.
+
+ b) If VARLIB is set in a shorewallrc file and VARDIR is not, then
+ VARDIR is set to ${VARLIB}/${PRODUCT}.
+
+ The Shorewall-core installer will automatically update
+ ~/.shorewallrc and save the original in ~/.shorewallrc.bak
+
+13) Previously, the macro.SNMP macro opened both UDP ports 161 and 162
+ from SOURCE to DEST. This is against the usual practice of opening
+ these ports in the opposite direction. Beginning with Shorewall
+ 4.5.8, the SNMP macro opens port 161 from SOURCE to DEST as before,
+ and a new SNMPTrap macro is added that opens port 162 (from SOURCE
+ to DEST).
+
+----------------------------------------------------------------------------
+ V I. N O T E S F R O M O T H E R 4 . 5 R E L E A S E S
+----------------------------------------------------------------------------
+ P R O B L E M S C O R R E C T E D I N 4 . 5 . 8
+----------------------------------------------------------------------------
+
4.5.8.2
1) The 'shorewall show' command previously produced no output. That
@@ -68,8 +318,8 @@
3) Previously, the macro.SNMP macro opened both UDP ports 161 and 162
from SOURCE to DEST. This is against the usual practice of opening
these ports in the opposite direction. Beginning with this release,
- the SNMP macro opens port 162 from SOURCE to DEST as before, and a
- new SNMPTrap macro is added that opens port 162 (from SOURCE to
+ macro.SNMP opens port 161 from SOURCE to DEST as before, and a new
+ SNMPTrap macro is added that opens port 162 (from SOURCE to
DEST).
4) Previously, when compiling for export, both
@@ -115,17 +365,10 @@
is flagged as an error.
----------------------------------------------------------------------------
- I I. K N O W N P R O B L E M S R E M A I N I N G
+ N E W F E A T U R E S I N 4 . 5 . 8
----------------------------------------------------------------------------
-1) On systems running Upstart, shorewall-init cannot reliably secure
- the firewall before interfaces are brought up.
-
-----------------------------------------------------------------------------
- I I I. N E W F E A T U R E S I N T H I S R E L E A S E
-----------------------------------------------------------------------------
-
-1) This release attempts to alleviate the confusion that results
+1) This release attempts to alleviate the confustion that results
from different usage of the VARDIR variable name.
Beginning with Shorewall 4.5.2, 'VARDIR' became a variable in the
@@ -231,165 +474,6 @@
must be specified for the MARK value and for the 'tcp-ack' and
'tos*' options if those are used.
-Added in 4.5.8.1.
-
-10) In most contexts, Shorewall6 has required IPv6 addresses to be
- enclosed in either angled brackets ( <....> , deprecated) or in
- square brackets ([....]). This includes network addresses, where
- both the IPv6 address and the VLSM are required to be within the
- brackets (e.g., [2001;470:b:787::/64]). This differs from the
- industry-standard network form in which the IPv6 address is
- enclosed in square brackets and the VLSM is outside of the brackets
- (e.g., [2001:470:b:787::]/64). Beginning with this release, the
- industry-standard representation is also accepted by Shorewall6.
-
- Note: Those of you who read the patches will probably have
- noticed that much of this change was actually in 4.5.8; because the
- change was commited late in the 4.5.8 release cycle, we chose not
- to document the change until it had undergone additional testing.
-
-----------------------------------------------------------------------------
- V. M I G R A T I O N I S S U E S
-----------------------------------------------------------------------------
-
-1) If you are migrating from Shorewall 4.2.x or earlier, please see
- http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt
-
-2) The BLACKLIST section of the rules file has been eliminated.
- If you have entries in that file section, you must move them to the
- blrules file.
-
-3) This version of Shorewall requires either the Digest::SHA1 or
- Digest::SHA Perl module.
-
- Debian: libdigest-sha1-perl or libdigest-sha-perl
- Fedora: perl-Digest-SHA1 or perl-Digest-SHA
- OpenSuSE: perl-Digest-SHA1 or perl-Digest-SHA
-
-4) The generated firewall script now maintains the
- /var/lib/shorewall[6][-lite]/interface.status files used by SWPING
- and by LSM.
-
- If you have optional providers and to not run a link monitor like
- SWPING or LSM that updates these files, then you should remove
- /etc/shorewall[6]/isusable if it is installed.
-
- Beginning with Shorewall 4.5.3.1:
-
- - The 'disable' command stores a 1 in the interface's .status file.
- - The .status file is ignored on 'enable' but not on 'start',
- 'restart', 'restore' and 'refresh'.
-
- This means that a disabled interface can only be re-enabled using
- the 'enable' command.
-
-5) The /etc/shorewall[6]/tos file is now deprecated in favor of the
- TOS() action in /etc/shorewall[6]/tcrules.
-
-6) The MARK/CLASSIFY column in /etc/shorewall[6]/tcrules has been
- renamed ACTION to reflect the expanded set of actions that can be
- specified in the column. There is no change to existing
- functionality.
-
-7) Beginning with Shorewall 4.5.2, using /etc/shorewall-lite/vardir
- and /etc/shorewall6-lite/vardir to specify VARDIR is deprecated in
- favor of the VARDIR setting in shorewallrc.
-
- NOTE: While the name of the variable remains VARDIR, the
- meaning is slightly different. When set in shorewallrc,
- each product (shorewall-lite, and shorewall6-lite) will
- create a directory under the specified path name to
- hold state information.
-
- Example:
-
- VARDIR=/opt/var/
-
- The state directory for shorewall-lite will be
- /opt/var/shorewall-lite/ and the directory for
- shorewall6-lite will be /opt/var/shorewall6-lite.
-
- When VARDIR is set in /etc/shorewall[6]/vardir, the
- product will save its state directly in the specified
- directory.
-
- In Shorewall 4.5.8, a VARLIB variable was added to the shorewallrc
- file and the meaning of VARDIR is once again consistent. The
- default setting of VARDIR for a particular product is
- ${VARLIB}/$product. There is an entry of that form in the
- shorewallrc file. Because there is a single shorewallrc file for
- all installed products, the /etc/shorewall[6]-lite/vardir file
- provides the only means for overriding this default.
-
-8) Begining with Shorewall 4.5.6, the tcrules file is processed if
- MANGLE_ENABLED=Yes, independent of the setting of TC_ENABLED. This
- allows actions like TTL and TPROXY to be used without enabling
- traffic shaping.
-
- If you have rules in your tcrules file that you only want processed
- when TC_ENABLED is other than 'No', then enclose them in
-
- ?IF $TC_ENABLED
- ...
- ?ENDIF
-
- If they are to be processed only if TC_ENABLED=Internal, then enclose
- them in
-
- ?IF TC_ENABLED eq 'Internal'
- ...
- ?ENDIF
-
-9) Beginning with Shorewall 4.5.7, the deprecated
- /etc/shorewall[6]/blacklist files are no longer installed. Existing
- files are still processed by the compiler. Note that blacklist
- files may be converted to equivalent blrules files using
- 'shorewall[6] update -b'.
-
-10) In Shorewall 4.5.7, the /etc/shorewall[6]/notrack file was renamed
- /etc/shorewall[6]/conntrack. When upgrading to a release >= 4.5.7,
- the conntrack file will be installed along side of an existing
- notrack file. When both files exist, a compiler warning is
- generated:
-
- WARNING: Both notrack and conntrack exist; conntrack is ignored
-
- This warning may be eliminated by moving any entries in the notrack
- file to the conntrack file and removing the notrack file.
-
-11) In Shorewall 4.5.8, the /etc/shorewall[6]/routestopped files were
- deprecated if favor of new /etc/shorewall[6]/stoppedrules
- counterparts. The new files have much more familiar and
- straightforward semantics. Once a stoppedrules file is populated,
- the compiler will process that file and will ignore the
- corresponding routestopped file.
-
-12) In Shorewall 4.5.8, a new variable (VARLIB) was added to the
- shorewallrc file. This variable assumes the role formerly played by
- VARDIR, and VARDIR now designates the configuration directory for a
- particular product.
-
- This change should be transparent to all users:
-
- a) If VARDIR is set in an existing shorewallrc file and VARLIB is
- not, then VARLIB is set to ${VARDIR} and VARDIR is set to
- ${VARLIB}/${PRODUCT}.
-
- b) If VARLIB is set in a shorewallrc file and VARDIR is not, then
- VARDIR is set to ${VARLIB}/${PRODUCT}.
-
- The Shoreawll-core will automatically update ~/.shorewallrc and
- save the original in ~/.shorewallrc.bak
-
-13) Prior to Shorewall 4.5.8, the macro.SNMP macro opened both UDP
- ports 161 and 162 from SOURCE to DEST. This is against the usual
- practice of opening these ports in the opposite
- direction. Beginning with Shorewall 4.5.8, the SNMP macro opens
- port 161 from SOURCE to DEST as before, and a new SNMPTrap macro
- has been added that opens port 162 (from SOURCE to DEST).
-
-----------------------------------------------------------------------------
- V I. N O T E S F R O M O T H E R 4 . 5 R E L E A S E S
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 5 . 7
----------------------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/shorecap new/shorewall-lite-4.5.9/shorecap
--- old/shorewall-lite-4.5.8.2/shorecap 2012-10-08 17:55:20.000000000 +0200
+++ new/shorewall-lite-4.5.9/shorecap 2012-10-29 15:18:28.000000000 +0100
@@ -53,10 +53,7 @@
#
. /usr/share/shorewall/shorewallrc
-g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"/shorewall-lite
-g_sbindir="$SBINDIR"
-g_vardir="$VARDIR"
g_confdir="$CONFDIR"/shorewall-lite
g_readrc=1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/shorewall-lite new/shorewall-lite-4.5.9/shorewall-lite
--- old/shorewall-lite-4.5.8.2/shorewall-lite 2012-10-08 17:55:20.000000000 +0200
+++ new/shorewall-lite-4.5.9/shorewall-lite 2012-10-29 15:18:28.000000000 +0100
@@ -33,9 +33,7 @@
. /usr/share/shorewall/shorewallrc
g_program=$PRODUCT
-g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"/shorewall-lite
-g_sbindir="$SBINDIR"
g_confdir="$CONFDIR"/shorewall-lite
g_readrc=1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/shorewall-lite.service new/shorewall-lite-4.5.9/shorewall-lite.service
--- old/shorewall-lite-4.5.8.2/shorewall-lite.service 2012-10-08 17:55:20.000000000 +0200
+++ new/shorewall-lite-4.5.9/shorewall-lite.service 2012-10-29 15:18:28.000000000 +0100
@@ -13,8 +13,8 @@
RemainAfterExit=yes
EnvironmentFile=-/etc/sysconfig/shorewall-lite
StandardOutput=syslog
-ExecStart=/sbin/shorewall-lite $OPTIONS start
-ExecStop=/sbin/shorewall-lite $OPTIONS stop
+ExecStart=/usr/sbin/shorewall-lite $OPTIONS start
+ExecStop=/usr/sbin/shorewall-lite $OPTIONS stop
[Install]
WantedBy=multi-user.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/shorewall-lite.spec new/shorewall-lite-4.5.9/shorewall-lite.spec
--- old/shorewall-lite-4.5.8.2/shorewall-lite.spec 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-lite-4.5.9/shorewall-lite.spec 2012-10-29 19:26:28.000000000 +0100
@@ -1,6 +1,6 @@
%define name shorewall-lite
-%define version 4.5.8
-%define release 2
+%define version 4.5.9
+%define release 0base
%define initdir /etc/init.d
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
@@ -105,10 +105,16 @@
%doc COPYING changelog.txt releasenotes.txt
%changelog
-* Sun Oct 07 2012 Tom Eastep tom(a)shorewall.net
-- Updated to 4.5.8-2
-* Wed Sep 26 2012 Tom Eastep tom(a)shorewall.net
-- Updated to 4.5.8-1
+* Fri Oct 26 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0base
+* Sun Oct 21 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0RC1
+* Tue Oct 16 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta3
+* Thu Oct 04 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta2
+* Thu Sep 20 2012 Tom Eastep tom(a)shorewall.net
+- Updated to 4.5.9-0Beta1
* Wed Sep 19 2012 Tom Eastep tom(a)shorewall.net
- Updated to 4.5.8-0base
* Thu Sep 13 2012 Tom Eastep tom(a)shorewall.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/shorewallrc.default new/shorewall-lite-4.5.9/shorewallrc.default
--- old/shorewall-lite-4.5.8.2/shorewallrc.default 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-lite-4.5.9/shorewallrc.default 2012-10-29 19:26:28.000000000 +0100
@@ -10,7 +10,7 @@
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${PREFIX}/man #Directory where manpages are installed.
-INITDIR=etc/init.d #Directory where SysV init scripts are installed.
+INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's installed SysV init script
INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.8.2/uninstall.sh new/shorewall-lite-4.5.9/uninstall.sh
--- old/shorewall-lite-4.5.8.2/uninstall.sh 2012-10-08 22:05:18.000000000 +0200
+++ new/shorewall-lite-4.5.9/uninstall.sh 2012-10-29 19:26:28.000000000 +0100
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.5.8.2
+VERSION=4.5.9
usage() # $1 = exit status
{
++++++ shorewall-4.5.8.2.tar.bz2 -> shorewall6-4.5.9.tar.bz2 ++++++
++++ 105224 lines of diff (skipped)
++++++ shorewall-lite-4.5.8.2.tar.bz2 -> shorewall6-lite-4.5.9.tar.bz2 ++++++
++++ 7337 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package scsirastools for openSUSE:Factory checked in at 2012-10-31 07:03:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/scsirastools (Old)
and /work/SRC/openSUSE:Factory/.scsirastools.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "scsirastools", Maintainer is "hare(a)suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/scsirastools/scsirastools.changes 2012-04-20 15:21:22.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.scsirastools.new/scsirastools.changes 2012-10-31 07:03:18.000000000 +0100
@@ -1,0 +2,17 @@
+Fri Oct 26 17:38:20 UTC 2012 - lduncan(a)suse.com
+
+- Added scsirastools-stop-using-var-lock-subsys.patch: remove use
+ of /var/lock/subsys in service init files (bnc#714645)
+
+-------------------------------------------------------------------
+Wed Oct 24 17:07:03 UTC 2012 - meissner(a)suse.com
+
+- added URL to Source0.
+
+-------------------------------------------------------------------
+Fri Oct 19 23:37:41 EDT 2012 - david.bahi(a)emc.com
+
+- updated the scsirastools-1.4.9-SUSE.diff patch to scsirastools-1.6.4-SUSE.diff
+ + corrected the sysvinit scripts for proper status behavior/output
+
+-------------------------------------------------------------------
Old:
----
scsirastools-1.4.9-SuSE.diff
scsirastools-1.6.4.tar.bz2
New:
----
scsirastools-1.6.4-SUSE.diff
scsirastools-1.6.4.tar.gz
scsirastools-stop-using-var-lock-subsys.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ scsirastools.spec ++++++
--- /var/tmp/diff_new_pack.DBmZh4/_old 2012-10-31 07:03:19.000000000 +0100
+++ /var/tmp/diff_new_pack.DBmZh4/_new 2012-10-31 07:03:19.000000000 +0100
@@ -16,23 +16,20 @@
#
-
Name: scsirastools
Version: 1.6.4
-Release: 0
-License: BSD-3-Clause
-Group: Hardware/Other
+Release: 17.11
BuildRequires: automake
Requires: mdadm
Summary: Serviceability for SCSI Disks and Arrays
-# Normally available from http://downloads.sourceforge.net/project/scsirastools/%%{name}-%%{version}.…
-# But version 1.5.8 is not anymore available
-Source: %{name}/%{name}-%{version}.tar.bz2
-Patch: %{name}-1.4.9-SuSE.diff
+License: BSD-3-Clause
+Group: Hardware/Other
+Source: http://downloads.sourceforge.net/project/%{name}/%{name}-%{version}.tar.gz
+Patch: %{name}-1.6.4-SUSE.diff
Patch2: %{name}-install
Patch3: %{name}-single-dev.diff
+Patch4: %{name}-stop-using-var-lock-subsys.patch
Url: http://scsirastools.sourceforge.net/
-#Prefix: /usr
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -77,6 +74,7 @@
%patch -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%build
autoreconf -fi
++++++ scsirastools-1.6.4-SUSE.diff ++++++
diff -Naurp scsirastools-1.6.4.orig/doc/Makefile.am scsirastools-1.6.4/doc/Makefile.am
--- scsirastools-1.6.4.orig/doc/Makefile.am 2011-08-23 13:26:05.000000000 +0000
+++ scsirastools-1.6.4/doc/Makefile.am 2012-10-15 14:10:14.289365169 +0000
@@ -13,8 +13,10 @@ exe_prefix =
datadir = ${prefix}/share
mandir = ${prefix}/share/man
sysconfdir = ${exe_prefix}/etc
+docdir = ${datadir}/doc/packages
sbindir = ${exe_prefix}/sbin
datato = ${DESTDIR}${datadir}/scsirastools
+docto = ${DESTDIR}${docdir}/scsirastools
sbin_PROGRAMS =
@@ -34,9 +36,10 @@ install:
${INSTALL_DATA_CMD} $(fromd)/sgraidmon.8 ${DESTDIR}${mandir}/man8
${INSTALL_DATA_CMD} $(fromd)/sgdiskmon.8 ${DESTDIR}${mandir}/man8
${INSTALL_DATA_CMD} $(fromd)/sgsafte.8 ${DESTDIR}${mandir}/man8
- ${INSTALL_DATA_CMD} $(fromd)/UserGuide ${datato}
- ${INSTALL_DATA_CMD} $(TOPDIR)/README ${datato}
- ${INSTALL_DATA_CMD} $(TOPDIR)/COPYING ${datato}
- ${INSTALL_DATA_CMD} $(TOPDIR)/kern/SCSIRAS ${datato}
+ $(MKDIR) ${docto}
+ ${INSTALL_DATA_CMD} $(fromd)/UserGuide ${docto}
+ ${INSTALL_DATA_CMD} $(TOPDIR)/README ${docto}
+ ${INSTALL_DATA_CMD} $(TOPDIR)/COPYING ${docto}
+ ${INSTALL_DATA_CMD} $(TOPDIR)/kern/SCSIRAS ${docto}
EXTRA_DIST =
diff -Naurp scsirastools-1.6.4.orig/files/sgdisk scsirastools-1.6.4/files/sgdisk
--- scsirastools-1.6.4.orig/files/sgdisk 2011-08-23 13:26:05.000000000 +0000
+++ scsirastools-1.6.4/files/sgdisk 2012-10-15 14:10:14.289365169 +0000
@@ -5,11 +5,13 @@
# processname: sgdiskmon
# description: sgdisk is used to start/stop the sgdiskmon software raid1 daemon
#
-### BEGIN SLES INIT INFO
+### BEGIN INIT INFO
# Provides: sgdisk
# Required-Start: $local_fs
-# Default-Start: 3 4 5
+# Required-Stop: $local_fs
+# Default-Start: 3 5
# Default-Stop: 0 1 2 6
+# Short-Description: sgdiskmon daemon
# Description: sgdisk is used to start/stop the sgdiskmon software raid1 daemon
### END INIT INFO
@@ -24,15 +26,16 @@ else
fi
# Dont need functions any more
-#if [ $osver = suse ]
-#then
-# . /etc/rc.status
+if [ $osver = suse ]
+then
+ . /etc/rc.status
#else
# . /etc/init.d/functions
-#fi
+fi
case "$1" in
"start")
+ echo -n "Starting sgdiskmon "
# Is sg module loaded?
lsmod | grep sg >/dev/null
if [ $? -ne 0 ]
@@ -44,18 +47,34 @@ case "$1" in
if [ "${rpid}" != "" ]
then
echo "sgdiskmon is already started"
- exit 1
+ rc_status -v
+ rc_exit
fi
sgdiskmon -b
+ rc_status -v
touch /var/lock/subsys/sgdiskmon
;;
"stop")
+ echo -n "Stopping sgdiskmon "
rpid=`ps -ef |grep sgdiskmon |grep -v grep |awk '{print $2}'`
if [ "${rpid}" != "" ]
then
+ echo -n "(pid $rpid) "
kill $rpid
fi
rm -f /var/lock/subsys/sgdiskmon
+ rc_status -v
+ ;;
+"status")
+ echo -n "Checking for sgdiskmon "
+ rpid=`ps -ef |grep sgdiskmon |grep -v grep |awk '{print $2}'`
+ if [ "${rpid}" != "" ]
+ then
+ echo "(pid $rpid)"
+ else
+ rc_failed 3
+ fi
+ rc_status -v
;;
*)
echo "Usage: $0 start|stop"
@@ -63,4 +82,4 @@ case "$1" in
;;
esac
-exit 0
+rc_exit
diff -Naurp scsirastools-1.6.4.orig/files/sgraid scsirastools-1.6.4/files/sgraid
--- scsirastools-1.6.4.orig/files/sgraid 2011-08-23 13:26:05.000000000 +0000
+++ scsirastools-1.6.4/files/sgraid 2012-10-15 14:14:26.409827836 +0000
@@ -5,11 +5,13 @@
# processname: sgraidmon
# description: sgraid is used to start/stop the sgraidmon software raid1 daemon
#
-### BEGIN SLES INIT INFO
+### BEGIN INIT INFO
# Provides: sgraid
# Required-Start: $local_fs
-# Default-Start: 3 4 5
+# Required-Stop: $local_fs
+# Default-Start: 3 5
# Default-Stop: 0 1 2 6
+# Short-Description: sgraidmon daemon
# Description: sgraid is used to start/stop the sgraidmon software raid1 daemon
### END INIT INFO
@@ -24,15 +26,16 @@ else
fi
# Dont need functions any more
-#if [ $osver = suse ]
-#then
-# . /etc/rc.status
-#else
-# . /etc/init.d/functions
-#fi
+if [ $osver = suse ]
+then
+ . /etc/rc.status
+else
+ . /etc/init.d/functions
+fi
case "$1" in
"start")
+ echo -n "Starting sgraidmon "
# Is sg module loaded?
lsmod | grep sg >/dev/null
if [ $? -ne 0 ]
@@ -44,7 +47,9 @@ case "$1" in
if [ "${rpid}" != "" ]
then
echo "sgraidmon is already started"
- exit 1
+ rc_failed 1
+ rc_status -v
+ rc_exit
fi
# Could probably skip the 'mdevt Save' if it was already done once.
# Get the first disk device configured in /etc/raidtab via getmd
@@ -62,15 +67,29 @@ case "$1" in
mdevt Save /dev/$rdev
fi
sgraidmon -b
+ rc_status -v
touch /var/lock/subsys/sgraidmon
;;
"stop")
+ echo -n "Stopping sgraidmon "
rpid=`ps -ef |grep sgraidmon |grep -v grep |awk '{print $2}'`
if [ "${rpid}" != "" ]
then
kill $rpid
fi
rm -f /var/lock/subsys/sgraidmon
+ rc_status -v
+ ;;
+"status")
+ echo -n "Checking for sgraidmon "
+ rpid=`ps -ef |grep sgraidmon |grep -v grep |awk '{print $2}'`
+ if [ "${rpid}" != "" ]
+ then
+ echo -n "(pid $rpid)"
+ else
+ rc_failed 3
+ fi
+ rc_status -v
;;
*)
echo "Usage: $0 start|stop"
@@ -78,4 +97,5 @@ case "$1" in
;;
esac
-exit 0
+rc_exit
+
diff -Naurp scsirastools-1.6.4.orig/Makefile.am scsirastools-1.6.4/Makefile.am
--- scsirastools-1.6.4.orig/Makefile.am 2011-08-23 13:26:05.000000000 +0000
+++ scsirastools-1.6.4/Makefile.am 2012-10-15 14:10:14.293365177 +0000
@@ -1,5 +1,5 @@
-SUBDIRS = mdadm.d src files doc
+SUBDIRS = src files doc
PKGDIR = /usr/src/redhat
SOURCEDIR = $(PKGDIR)/SOURCES
BUILDDIR = $(PKGDIR)/BUILD
++++++ scsirastools-stop-using-var-lock-subsys.patch ++++++
diff -Naurp scsirastools-1.6.4.orig/files/sgdisk scsirastools-1.6.4/files/sgdisk
--- scsirastools-1.6.4.orig/files/sgdisk 2012-10-26 22:42:37.149405573 +0200
+++ scsirastools-1.6.4/files/sgdisk 2012-10-26 22:43:14.591209370 +0200
@@ -52,7 +52,6 @@ case "$1" in
fi
sgdiskmon -b
rc_status -v
- touch /var/lock/subsys/sgdiskmon
;;
"stop")
echo -n "Stopping sgdiskmon "
@@ -62,7 +61,6 @@ case "$1" in
echo -n "(pid $rpid) "
kill $rpid
fi
- rm -f /var/lock/subsys/sgdiskmon
rc_status -v
;;
"status")
diff -Naurp scsirastools-1.6.4.orig/files/sgraid scsirastools-1.6.4/files/sgraid
--- scsirastools-1.6.4.orig/files/sgraid 2012-10-26 22:42:37.149405573 +0200
+++ scsirastools-1.6.4/files/sgraid 2012-10-26 22:43:08.884086862 +0200
@@ -68,7 +68,6 @@ case "$1" in
fi
sgraidmon -b
rc_status -v
- touch /var/lock/subsys/sgraidmon
;;
"stop")
echo -n "Stopping sgraidmon "
@@ -77,7 +76,6 @@ case "$1" in
then
kill $rpid
fi
- rm -f /var/lock/subsys/sgraidmon
rc_status -v
;;
"status")
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0