Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Thu, 2011-11-03 at 08:35 +, Adam D. Barratt wrote: [...] On Sat, Oct 29, 2011 at 12:16:00PM -0400, Roberto C. Sánchez wrote: [...] Please see attached debdiffs. [...] Okay. In that case, please go ahead; thanks. For the record, these were uploaded and accepted. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1320502003.14556.15.ca...@hathi.jungle.funky-badger.org
Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Sat, Nov 05, 2011 at 02:06:42PM +, Adam D. Barratt wrote: On Thu, 2011-11-03 at 08:35 +, Adam D. Barratt wrote: [...] On Sat, Oct 29, 2011 at 12:16:00PM -0400, Roberto C. Sánchez wrote: [...] Please see attached debdiffs. [...] Okay. In that case, please go ahead; thanks. For the record, these were uploaded and accepted. For the record, thanks very much for your assistance in this. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Wed, 2011-11-02 at 22:07 -0400, Roberto C. Sánchez wrote: On Wed, Nov 02, 2011 at 09:35:36PM +, Adam D. Barratt wrote: On Sat, 2011-10-29 at 20:48 -0400, Roberto C. Sánchez wrote: On Sat, Oct 29, 2011 at 12:16:00PM -0400, Roberto C. Sánchez wrote: [...] Please see attached debdiffs. Thanks. Diffs of packages with debian-changes-$version auto-patches are somewhat annoying to review. :-/ I agree. However, to minmize the +squeez1 diff for shorewall, I made the updates in the upstream files, instead of including them in a Debian-specific patch. At least that is my recollection of it. At least there is only the one. Yes, it was the right approach for a stable update. Please note that for shorewall-lite and shorewall6-lite I had to include the helpers file from a newer release. Because of an upstream bug, that file was missing from every release until 4.4.18.1. Is the resulting file correct / sane for 4.4.11? Yes. It was the one that was developed for 4.4.11, but leaft out due to an upstream packaging error. Okay. In that case, please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1320309303.6262.9.ca...@hathi.jungle.funky-badger.org
Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Sat, 2011-10-29 at 20:48 -0400, Roberto C. Sánchez wrote: On Sat, Oct 29, 2011 at 12:16:00PM -0400, Roberto C. Sánchez wrote: I'd like to see debdiffs before a final ACK, but I'd be inclined to say yes based on the information provided so far. OK. I will prepare the uploads and send the debdiffs for final approval prior to uploading. Please see attached debdiffs. Thanks. Diffs of packages with debian-changes-$version auto-patches are somewhat annoying to review. :-/ Please note that for shorewall-lite and shorewall6-lite I had to include the helpers file from a newer release. Because of an upstream bug, that file was missing from every release until 4.4.18.1. Is the resulting file correct / sane for 4.4.11? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1320269736.6262.7.ca...@hathi.jungle.funky-badger.org
Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Wed, Nov 02, 2011 at 09:35:36PM +, Adam D. Barratt wrote: On Sat, 2011-10-29 at 20:48 -0400, Roberto C. Sánchez wrote: On Sat, Oct 29, 2011 at 12:16:00PM -0400, Roberto C. Sánchez wrote: I'd like to see debdiffs before a final ACK, but I'd be inclined to say yes based on the information provided so far. OK. I will prepare the uploads and send the debdiffs for final approval prior to uploading. Please see attached debdiffs. Thanks. Diffs of packages with debian-changes-$version auto-patches are somewhat annoying to review. :-/ I agree. However, to minmize the +squeez1 diff for shorewall, I made the updates in the upstream files, instead of including them in a Debian-specific patch. At least that is my recollection of it. At least there is only the one. Please note that for shorewall-lite and shorewall6-lite I had to include the helpers file from a newer release. Because of an upstream bug, that file was missing from every release until 4.4.18.1. Is the resulting file correct / sane for 4.4.11? Yes. It was the one that was developed for 4.4.11, but leaft out due to an upstream packaging error. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Sat, 2011-10-22 at 16:35 -0400, Roberto C. Sánchez wrote: As a result of #646112, it has come to my attention that I made a packaging error in the shorewall{,6,-lite,6-lite} packages that released with Squeeze. Incidentally, the problem also affects shorewall-lite and shorewall6-lite in Sid. I have already fixed the latest version in the git repository and the fix will go into unstable at the next upload. [...] Would this be something that the stable release manager's might consider for the next point release? If so, can I proceed wth an upload to s-p-u? I'd like to see debdiffs before a final ACK, but I'd be inclined to say yes based on the information provided so far. Does this also affect the version of shorewall-lite in lenny? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1319897527.26970.6.ca...@hathi.jungle.funky-badger.org
Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Sat, Oct 29, 2011 at 03:12:06PM +0100, Adam D. Barratt wrote: On Sat, 2011-10-22 at 16:35 -0400, Roberto C. Sánchez wrote: As a result of #646112, it has come to my attention that I made a packaging error in the shorewall{,6,-lite,6-lite} packages that released with Squeeze. Incidentally, the problem also affects shorewall-lite and shorewall6-lite in Sid. I have already fixed the latest version in the git repository and the fix will go into unstable at the next upload. [...] Would this be something that the stable release manager's might consider for the next point release? If so, can I proceed wth an upload to s-p-u? I'd like to see debdiffs before a final ACK, but I'd be inclined to say yes based on the information provided so far. OK. I will prepare the uploads and send the debdiffs for final approval prior to uploading. Does this also affect the version of shorewall-lite in lenny? The lenny version is not affected. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Sat, Oct 29, 2011 at 12:16:00PM -0400, Roberto C. Sánchez wrote: I'd like to see debdiffs before a final ACK, but I'd be inclined to say yes based on the information provided so far. OK. I will prepare the uploads and send the debdiffs for final approval prior to uploading. Please see attached debdiffs. Please note that for shorewall-lite and shorewall6-lite I had to include the helpers file from a newer release. Because of an upstream bug, that file was missing from every release until 4.4.18.1. As soon as I receive approval, I will upload. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com diff -Nru shorewall-4.4.11.6/debian/changelog shorewall-4.4.11.6/debian/changelog --- shorewall-4.4.11.6/debian/changelog 2010-11-28 21:36:22.0 -0500 +++ shorewall-4.4.11.6/debian/changelog 2011-10-29 14:15:28.0 -0400 @@ -1,3 +1,9 @@ +shorewall (4.4.11.6-3+squeeze1) stable-proposed-updates; urgency=low + + * Install missing /usr/share/shorewall/helpers (Closes: #646112) + + -- Roberto C. Sanchez robe...@connexer.com Sat, 29 Oct 2011 14:14:21 -0400 + shorewall (4.4.11.6-3) unstable; urgency=low * Fix macro.JAP to correct nested macro call. diff -Nru shorewall-4.4.11.6/debian/patches/debian-changes-4.4.11.6-3 shorewall-4.4.11.6/debian/patches/debian-changes-4.4.11.6-3 --- shorewall-4.4.11.6/debian/patches/debian-changes-4.4.11.6-3 2010-11-28 21:39:09.0 -0500 +++ shorewall-4.4.11.6/debian/patches/debian-changes-4.4.11.6-3 1969-12-31 19:00:00.0 -0500 @@ -1,105 +0,0 @@ -Description: Upstream changes introduced in version 4.4.11.6-3 - This patch has been created by dpkg-source during the package build. - Here's the last changelog entry, hopefully it gives details on why - those changes were made: - . - shorewall (4.4.11.6-3) unstable; urgency=low - . - * Fix macro.JAP to correct nested macro call. - . - The person named in the Author field signed this changelog entry. -Author: Roberto C. Sanchez robe...@connexer.com - -The information above should follow the Patch Tagging Guidelines, please -checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here -are templates for supplementary fields that you might want to add: - -Origin: vendor|upstream|other, url of original patch -Bug: url in upstream bugtracker -Bug-Debian: http://bugs.debian.org/bugnumber -Bug-Ubuntu: https://launchpad.net/bugs/bugnumber -Forwarded: no|not-needed|url proving that it has been forwarded -Reviewed-By: name and email of someone who approved the patch -Last-Update: -MM-DD - shorewall-4.4.11.6.orig/known_problems.txt -+++ shorewall-4.4.11.6/known_problems.txt -@@ -147,3 +147,17 @@ - showed an empty log when issued to one of the -lite packages. - - Corrected in Shorewall 4.4.11.6 -+ -+22) If 10 or more interfaces are configured in Complex Traffic Shaping -+(/etc/shorewall/tcdevices), the following compilation diagnostic -+is issued: -+ -+Argument a isn't numeric in sprintf at -+ /usr/share/shorewall/Shorewall/Config.pm line 893. -+ -+and an invalid TC configuration is generated. -+ -+A fix is available at -+http://shorewall.git.sourceforge.net/git/gitweb.cgi?p=shorewall/shorewall;a=commitdiff;h=20bb781874c739c01b798d2db31b6c1d9cfefe96 -+ -+ shorewall-4.4.11.6.orig/releasenotes.txt -+++ shorewall-4.4.11.6/releasenotes.txt -@@ -218,6 +218,17 @@ VI. PROBLEMS CORRECTED AND NEW FEATURE - I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E - - -+Post-4.4.11.6 -+ -+1) Previously, if 10 or more interfaces were configured in Complex -+Traffic Shaping (/etc/shorewall/tcdevices), the following -+compilation diagnostic was generated: -+ -+Argument a isn't numeric in sprintf at -+ /usr/share/shorewall/Shorewall/Config.pm line 893. -+ -+and an invalid TC configuration was generated. -+ - 4.4.11.6 - - 1) The Shorewall-lite and Shorewall6-lite Debian init scripts contained a shorewall-4.4.11.6.orig/changelog.txt -+++ shorewall-4.4.11.6/changelog.txt -@@ -1,3 +1,7 @@ -+Changes post 4.4.11.6 -+ -+1) Fix 10+ TC Interfaces. -+ - Changes in Shorewall 4.4.11.6 - - 1) Fix log reading in -lite packages. shorewall-4.4.11.6.orig/Perl/Shorewall/Tc.pm -+++ shorewall-4.4.11.6/Perl/Shorewall/Tc.pm -@@ -1279,7 +1279,7 @@ sub setup_traffic_shaping() { - my $tcref= $tcclasses{$device}{$decimalclassnum}; - my $mark = $tcref-{mark}; - my $devicenumber = in_hexp $devref-{number}; -- my $classid = join( ':', in_hexp $devicenumber, $classnum); -+ my $classid = join( ':', $devicenumber, $classnum); - my $rate = $tcref-{rate}kbit; - my $quantum = calculate_quantum $rate, calculate_r2q( $devref-{out_bandwidth} ); - -@@ -1304,15 +1304,15 @@ sub setup_traffic_shaping() { - emit ( [ \$${dev}_mtu -gt $quantum ] quantum=\$${dev}_mtu || quantum=$quantum ); -
[SRM] shorewall{,6,-lite,6-lite} update for stable?
As a result of #646112, it has come to my attention that I made a packaging error in the shorewall{,6,-lite,6-lite} packages that released with Squeeze. Incidentally, the problem also affects shorewall-lite and shorewall6-lite in Sid. I have already fixed the latest version in the git repository and the fix will go into unstable at the next upload. The result of this issue is that there is some brokenness for specific users. This occurs when a particular setting is enabled in the respective package's configuration file to restrict the kernel modules that got loaded to only those listed in the helpers file. The packaging error that I made was to not include the default helpers file. I have attached the two helpers files that would need to be included in the update. The first file would be included in shorewall and shorewall-lite and the second file in shorewall6 and shorewall6-lite. The files are already shipped in the respective .orig.tar.gz that are in the archive. The packaging change would be to install the file into /usr/share/shorewall{,6,-lite,6-lite} in the binary packages. Would this be something that the stable release manager's might consider for the next point release? If so, can I proceed wth an upload to s-p-u? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: [SRM] shorewall{,6,-lite,6-lite} update for stable?
On Sat, Oct 22, 2011 at 04:35:49PM -0400, Roberto C. Sánchez wrote: I have attached the two helpers files that would need to be included in the update. The first file would be included in shorewall and shorewall-lite and the second file in shorewall6 and shorewall6-lite. I cleverly forgot the attachments the first time, so here they are this time. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com # # Shorewall version 4 - Helpers File # # /usr/share/shorewall/helpers # # This file loads the kernel helper modules. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # If you need to modify this file, copy it to /etc/shorewall and modify the # copy. # ### # Helpers # loadmodule ip_conntrack_amanda loadmodule ip_conntrack_ftp loadmodule ip_conntrack_h323 loadmodule ip_conntrack_irc loadmodule ip_conntrack_netbios_ns loadmodule ip_conntrack_pptp loadmodule ip_conntrack_sip loadmodule ip_conntrack_tftp loadmodule ip_nat_amanda loadmodule ip_nat_ftp loadmodule ip_nat_h323 loadmodule ip_nat_irc loadmodule ip_nat_pptp loadmodule ip_nat_sip loadmodule ip_nat_snmp_basic loadmodule ip_nat_tftp loadmodule ip_set loadmodule ip_set_iphash loadmodule ip_set_ipmap loadmodule ip_set_macipmap loadmodule ip_set_portmap # # 2.6.20+ helpers # loadmodule nf_conntrack_ftp loadmodule nf_conntrack_h323 loadmodule nf_conntrack_irc loadmodule nf_conntrack_netbios_ns loadmodule nf_conntrack_netlink loadmodule nf_conntrack_pptp loadmodule nf_conntrack_proto_gre loadmodule nf_conntrack_proto_sctp loadmodule nf_conntrack_sip sip_direct_media=0 loadmodule nf_conntrack_tftp loadmodule nf_conntrack_sane loadmodule nf_nat_amanda loadmodule nf_nat_ftp loadmodule nf_nat_h323 loadmodule nf_nat_irc loadmodule nf_nat loadmodule nf_nat_pptp loadmodule nf_nat_proto_gre loadmodule nf_nat_sip loadmodule nf_nat_snmp_basic loadmodule nf_nat_tftp # # Shorewall6 version 4 - Helpers File # # /usr/share/shorewall6/helpers # # This file loads the modules that may be needed by the firewall. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # If you need to modify this file, copy it to /etc/shorewall and modify the # copy. # ### # # Helpers # loadmodule nf_conntrack_amanda loadmodule nf_conntrack_ftp loadmodule nf_conntrack_h323 loadmodule nf_conntrack_irc loadmodule nf_conntrack_netbios_ns loadmodule nf_conntrack_netbios_ns loadmodule nf_conntrack_netlink loadmodule nf_conntrack_pptp loadmodule nf_conntrack_proto_sctp loadmodule nf_conntrack_proto_udplite loadmodule nf_conntrack_sane loadmodule nf_conntrack_sip sip_direct_media=0 loadmodule nf_conntrack_pptp loadmodule nf_conntrack_proto_gre loadmodule nf_conntrack_proto_sctp loadmodule nf_conntrack_sip loadmodule nf_conntrack_tftp loadmodule nf_conntrack_sane signature.asc Description: Digital signature