A bug in recent versions of Shorewall can result in rules that are wider
in scope than intended.
If a zone name begins with ''all'', then rules referring to that
zone are
incorrectly handled as if the keyword ''all'' had been entered
rather than
the zone name.
Shorewall releases affected are 4.4.13 - 4.4.22.
The attached patch applies to all of these releases.
a) Save the patch
b) As root, execute this command:
patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch
The patch will apply with an offset on releases prior to 4.4.22.
Example (4.4.13):
patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch
patching file /usr/share/shorewall/Shorewall/Rules.pm
Hunk #1 succeeded at 1548 (offset -704 lines).
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
After applying this patch, Shorewall6 startup fails as follows:
[root@ipv6tunl Shorewall]# shorewall6 start
Compiling...
Subroutine insert_irule redefined at /usr/share/shorewall/Shorewall/Rules.pm
line 517.
Subroutine imatch_source_dev redefined at
/usr/share/shorewall/Shorewall/Rules.pm line 2485.
Global symbol "$comment" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 536.
Global symbol "$comment" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 537.
Global symbol "$iprangematch" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 549.
Global symbol "%capabilities" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 1490.
Compilation failed in require at /usr/share/shorewall/Shorewall/Tunnels.pm line
31.
BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Tunnels.pm
line 31.
Compilation failed in require at /usr/share/shorewall/Shorewall/Compiler.pm line
32.
BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Compiler.pm
line 32.
Compilation failed in require at /usr/share/shorewall/compiler.pl line 44.
BEGIN failed--compilation aborted at /usr/share/shorewall/compiler.pl line 44.
[root@ipv6tunl Shorewall]#
-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Tuesday, August 02, 2011 9:38 AM
To: Shorewall Users; Shorewall Announcements; Shorewall Development
Subject: [Shorewall-users] [PATCH] Nasty bug
A bug in recent versions of Shorewall can result in rules that are wider in
scope than intended.
If a zone name begins with ''all'', then rules referring to that
zone are incorrectly handled as if the keyword ''all'' had been
entered rather than the zone name.
Shorewall releases affected are 4.4.13 - 4.4.22.
The attached patch applies to all of these releases.
a) Save the patch
b) As root, execute this command:
patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch
The patch will apply with an offset on releases prior to 4.4.22.
Example (4.4.13):
patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch
patching file /usr/share/shorewall/Shorewall/Rules.pm
Hunk #1 succeeded at 1548 (offset -704 lines).
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
Sorry if that wasn''t clear, I should''ve mentioned that this
occurs applying
the patch to the existing (latest) 4.4.22 build.
-----Original Message-----
From: Andrew Silverman [mailto:andrewsi@i2ac.com]
Sent: Tuesday, August 02, 2011 12:17 PM
To: ''Shorewall Users''
Subject: Re: [Shorewall-users] [PATCH] Nasty bug
After applying this patch, Shorewall6 startup fails as follows:
[root@ipv6tunl Shorewall]# shorewall6 start Compiling...
Subroutine insert_irule redefined at /usr/share/shorewall/Shorewall/Rules.pm
line 517.
Subroutine imatch_source_dev redefined at
/usr/share/shorewall/Shorewall/Rules.pm line 2485.
Global symbol "$comment" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 536.
Global symbol "$comment" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 537.
Global symbol "$iprangematch" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 549.
Global symbol "%capabilities" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 1490.
Compilation failed in require at /usr/share/shorewall/Shorewall/Tunnels.pm
line 31.
BEGIN failed--compilation aborted at
/usr/share/shorewall/Shorewall/Tunnels.pm line 31.
Compilation failed in require at /usr/share/shorewall/Shorewall/Compiler.pm
line 32.
BEGIN failed--compilation aborted at
/usr/share/shorewall/Shorewall/Compiler.pm line 32.
Compilation failed in require at /usr/share/shorewall/compiler.pl line 44.
BEGIN failed--compilation aborted at /usr/share/shorewall/compiler.pl line
44.
[root@ipv6tunl Shorewall]#
-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Tuesday, August 02, 2011 9:38 AM
To: Shorewall Users; Shorewall Announcements; Shorewall Development
Subject: [Shorewall-users] [PATCH] Nasty bug
A bug in recent versions of Shorewall can result in rules that are wider in
scope than intended.
If a zone name begins with ''all'', then rules referring to that
zone are
incorrectly handled as if the keyword ''all'' had been entered
rather than the
zone name.
Shorewall releases affected are 4.4.13 - 4.4.22.
The attached patch applies to all of these releases.
a) Save the patch
b) As root, execute this command:
patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch
The patch will apply with an offset on releases prior to 4.4.22.
Example (4.4.13):
patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch
patching file /usr/share/shorewall/Shorewall/Rules.pm
Hunk #1 succeeded at 1548 (offset -704 lines).
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
----------------------------------------------------------------------------
--
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The
must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
Which Shorewall version? -Tom On Tue, 2011-08-02 at 12:16 -0700, Andrew Silverman wrote:> After applying this patch, Shorewall6 startup fails as follows: > > [root@ipv6tunl Shorewall]# shorewall6 start > Compiling... > Subroutine insert_irule redefined at /usr/share/shorewall/Shorewall/Rules.pm line 517. > Subroutine imatch_source_dev redefined at /usr/share/shorewall/Shorewall/Rules.pm line 2485. > Global symbol "$comment" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 536. > Global symbol "$comment" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 537. > Global symbol "$iprangematch" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 549. > Global symbol "%capabilities" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 1490. > Compilation failed in require at /usr/share/shorewall/Shorewall/Tunnels.pm line 31. > BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Tunnels.pm line 31. > Compilation failed in require at /usr/share/shorewall/Shorewall/Compiler.pm line 32. > BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Compiler.pm line 32. > Compilation failed in require at /usr/share/shorewall/compiler.pl line 44. > BEGIN failed--compilation aborted at /usr/share/shorewall/compiler.pl line 44. > [root@ipv6tunl Shorewall]# > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Tuesday, August 02, 2011 9:38 AM > To: Shorewall Users; Shorewall Announcements; Shorewall Development > Subject: [Shorewall-users] [PATCH] Nasty bug > > A bug in recent versions of Shorewall can result in rules that are wider in scope than intended. > > If a zone name begins with ''all'', then rules referring to that zone are incorrectly handled as if the keyword ''all'' had been entered rather than the zone name. > > Shorewall releases affected are 4.4.13 - 4.4.22. > > The attached patch applies to all of these releases. > > a) Save the patch > b) As root, execute this command: > > patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch > > The patch will apply with an offset on releases prior to 4.4.22. > > Example (4.4.13): > > patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch > patching file /usr/share/shorewall/Shorewall/Rules.pm > Hunk #1 succeeded at 1548 (offset -704 lines). > > -Tom-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
4.4.22. For the moment I’ve reverted by forcing reinstallation of the 4.4.22
rpms and that put it back in working order.
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Tuesday, August 02, 2011 12:24 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] [PATCH] Nasty bug
Which Shorewall version?
-Tom
On Tue, 2011-08-02 at 12:16 -0700, Andrew Silverman wrote:
After applying this patch, Shorewall6 startup fails as follows:
[root@ipv6tunl Shorewall]# shorewall6 start
Compiling...
Subroutine insert_irule redefined at /usr/share/shorewall/Shorewall/Rules.pm
line 517.
Subroutine imatch_source_dev redefined at
/usr/share/shorewall/Shorewall/Rules.pm line 2485.
Global symbol "$comment" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 536.
Global symbol "$comment" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 537.
Global symbol "$iprangematch" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 549.
Global symbol "%capabilities" requires explicit package name at
/usr/share/shorewall/Shorewall/Rules.pm line 1490.
Compilation failed in require at /usr/share/shorewall/Shorewall/Tunnels.pm line
31.
BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Tunnels.pm
line 31.
Compilation failed in require at /usr/share/shorewall/Shorewall/Compiler.pm line
32.
BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Compiler.pm
line 32.
Compilation failed in require at /usr/share/shorewall/compiler.pl line 44.
BEGIN failed--compilation aborted at /usr/share/shorewall/compiler.pl line 44.
[root@ipv6tunl Shorewall]#
-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Tuesday, August 02, 2011 9:38 AM
To: Shorewall Users; Shorewall Announcements; Shorewall Development
Subject: [Shorewall-users] [PATCH] Nasty bug
A bug in recent versions of Shorewall can result in rules that are wider in
scope than intended.
If a zone name begins with ''all'', then rules referring to that
zone are incorrectly handled as if the keyword ''all'' had been
entered rather than the zone name.
Shorewall releases affected are 4.4.13 - 4.4.22.
The attached patch applies to all of these releases.
a) Save the patch
b) As root, execute this command:
patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch
The patch will apply with an offset on releases prior to 4.4.22.
Example (4.4.13):
patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch
patching file /usr/share/shorewall/Shorewall/Rules.pm
Hunk #1 succeeded at 1548 (offset -704 lines).
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
On Tue, 2011-08-02 at 12:16 -0700, Andrew Silverman wrote:> After applying this patch, Shorewall6 startup fails as follows: > > [root@ipv6tunl Shorewall]# shorewall6 start > Compiling... > Subroutine insert_irule redefined at /usr/share/shorewall/Shorewall/Rules.pm line 517. > Subroutine imatch_source_dev redefined at /usr/share/shorewall/Shorewall/Rules.pm line 2485. > Global symbol "$comment" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 536. > Global symbol "$comment" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 537. > Global symbol "$iprangematch" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 549. > Global symbol "%capabilities" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 1490. > Compilation failed in require at /usr/share/shorewall/Shorewall/Tunnels.pm line 31. > BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Tunnels.pm line 31. > Compilation failed in require at /usr/share/shorewall/Shorewall/Compiler.pm line 32. > BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Compiler.pm line 32. > Compilation failed in require at /usr/share/shorewall/compiler.pl line 44. > BEGIN failed--compilation aborted at /usr/share/shorewall/compiler.pl line 44. > [root@ipv6tunl Shorewall]#Looking back in the recent ''SELinux'' thread, you mentioned running 4.4.21.1. I patched that version of Rules.pm with the patch and it compiles fine. I really don''t see how ALL.patch can generate the above errors. It adds a single ''$'' at the end of a regular expression. The errors you are seeing appear to be caused by mismatched parentheses or braces. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
On Tue, 2011-08-02 at 12:23 -0700, Andrew Silverman wrote:> Sorry if that wasn''t clear, I should''ve mentioned that this occurs applying > the patch to the existing (latest) 4.4.22 build.Please send me the patched Rules.pm privately -- I want to see what went wrong. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
Yes, this morning I upgraded the RPMs to the 4.4.22 version using rpm -Uvh <2 base RPM files> as described in the docs. This went fine. I then took the patch from your email, which applied successfully, and a shorewall6 restart/start produces the errors described. Note that I have never used the IPv4 shorewall on this system and have not edited its files previously as I am using only the ipv6 firewall, however due to the dependencies the ipv4 RPMs are installed. It''s not really that big a deal since I think the bug dealt with in the patch doesn''t apply to my config anyway, and I''ll just upgrade to the 22-1 when it''s available. I''ll send you the patched file privately as you asked. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, August 02, 2011 12:33 PM To: Shorewall Users Subject: Re: [Shorewall-users] [PATCH] Nasty bug On Tue, 2011-08-02 at 12:16 -0700, Andrew Silverman wrote:> After applying this patch, Shorewall6 startup fails as follows: > > [root@ipv6tunl Shorewall]# shorewall6 start Compiling... > Subroutine insert_irule redefined at /usr/share/shorewall/Shorewall/Rules.pm line 517. > Subroutine imatch_source_dev redefined at /usr/share/shorewall/Shorewall/Rules.pm line 2485. > Global symbol "$comment" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 536. > Global symbol "$comment" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 537. > Global symbol "$iprangematch" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 549. > Global symbol "%capabilities" requires explicit package name at /usr/share/shorewall/Shorewall/Rules.pm line 1490. > Compilation failed in require at /usr/share/shorewall/Shorewall/Tunnels.pm line 31. > BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Tunnels.pm line 31. > Compilation failed in require at /usr/share/shorewall/Shorewall/Compiler.pm line 32. > BEGIN failed--compilation aborted at /usr/share/shorewall/Shorewall/Compiler.pm line 32. > Compilation failed in require at /usr/share/shorewall/compiler.pl line 44. > BEGIN failed--compilation aborted at /usr/share/shorewall/compiler.pl line 44. > [root@ipv6tunl Shorewall]#Looking back in the recent ''SELinux'' thread, you mentioned running 4.4.21.1. I patched that version of Rules.pm with the patch and it compiles fine. I really don''t see how ALL.patch can generate the above errors. It adds a single ''$'' at the end of a regular expression. The errors you are seeing appear to be caused by mismatched parentheses or braces. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
OK, ignore this whole thing. Reapplying the patch to my restored 4.4.22 installation seems to have gone smoothly. I really don''t quite understand what went wrong on the first try, but it seems fine now... Sorry for the noise. -----Original Message----- From: Andrew Silverman [mailto:andrewsi@i2ac.com] Sent: Tuesday, August 02, 2011 12:40 PM To: ''Shorewall Users'' Subject: Re: [Shorewall-users] [PATCH] Nasty bug Yes, this morning I upgraded the RPMs to the 4.4.22 version using rpm -Uvh <2 base RPM files> as described in the docs. This went fine. I then took the patch from your email, which applied successfully, and a shorewall6 restart/start produces the errors described. Note that I have never used the IPv4 shorewall on this system and have not edited its files previously as I am using only the ipv6 firewall, however due to the dependencies the ipv4 RPMs are installed. It''s not really that big a deal since I think the bug dealt with in the patch doesn''t apply to my config anyway, and I''ll just upgrade to the 22-1 when it''s available. I''ll send you the patched file privately as you asked. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, August 02, 2011 12:33 PM To: Shorewall Users Subject: Re: [Shorewall-users] [PATCH] Nasty bug On Tue, 2011-08-02 at 12:16 -0700, Andrew Silverman wrote:> After applying this patch, Shorewall6 startup fails as follows: > > [root@ipv6tunl Shorewall]# shorewall6 start Compiling... > Subroutine insert_irule redefined at/usr/share/shorewall/Shorewall/Rules.pm line 517.> Subroutine imatch_source_dev redefined at/usr/share/shorewall/Shorewall/Rules.pm line 2485.> Global symbol "$comment" requires explicit package name at/usr/share/shorewall/Shorewall/Rules.pm line 536.> Global symbol "$comment" requires explicit package name at/usr/share/shorewall/Shorewall/Rules.pm line 537.> Global symbol "$iprangematch" requires explicit package name at/usr/share/shorewall/Shorewall/Rules.pm line 549.> Global symbol "%capabilities" requires explicit package name at/usr/share/shorewall/Shorewall/Rules.pm line 1490.> Compilation failed in require at /usr/share/shorewall/Shorewall/Tunnels.pmline 31.> BEGIN failed--compilation aborted at/usr/share/shorewall/Shorewall/Tunnels.pm line 31.> Compilation failed in require at/usr/share/shorewall/Shorewall/Compiler.pm line 32.> BEGIN failed--compilation aborted at/usr/share/shorewall/Shorewall/Compiler.pm line 32.> Compilation failed in require at /usr/share/shorewall/compiler.pl line 44. > BEGIN failed--compilation aborted at /usr/share/shorewall/compiler.pl line44.> [root@ipv6tunl Shorewall]#Looking back in the recent ''SELinux'' thread, you mentioned running 4.4.21.1. I patched that version of Rules.pm with the patch and it compiles fine. I really don''t see how ALL.patch can generate the above errors. It adds a single ''$'' at the end of a regular expression. The errors you are seeing appear to be caused by mismatched parentheses or braces. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ---------------------------------------------------------------------------- -- BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
Hi Tom, Can you please tell us how we can apply the patch to the source/tar ball so that end-users and developers in this situation can patch it before packaging. THANKS On Tue, Aug 2, 2011 at 9:46 AM, Andrew Silverman <andrewsi@i2ac.com> wrote:> OK, ignore this whole thing. Reapplying the patch to my restored 4.4.22 > installation seems to have gone smoothly. I really don''t quite understand > what went wrong on the first try, but it seems fine now... > > Sorry for the noise. > > -----Original Message----- > From: Andrew Silverman [mailto:andrewsi@i2ac.com] > Sent: Tuesday, August 02, 2011 12:40 PM > To: ''Shorewall Users'' > Subject: Re: [Shorewall-users] [PATCH] Nasty bug > > Yes, this morning I upgraded the RPMs to the 4.4.22 version using rpm -Uvh > <2 base RPM files> as described in the docs. This went fine. > > I then took the patch from your email, which applied successfully, and a > shorewall6 restart/start produces the errors described. > > Note that I have never used the IPv4 shorewall on this system and have not > edited its files previously as I am using only the ipv6 firewall, however > due to the dependencies the ipv4 RPMs are installed. > > It''s not really that big a deal since I think the bug dealt with in the > patch doesn''t apply to my config anyway, and I''ll just upgrade to the 22-1 > when it''s available. I''ll send you the patched file privately as you asked. > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Tuesday, August 02, 2011 12:33 PM > To: Shorewall Users > Subject: Re: [Shorewall-users] [PATCH] Nasty bug > > On Tue, 2011-08-02 at 12:16 -0700, Andrew Silverman wrote: >> After applying this patch, Shorewall6 startup fails as follows: >> >> [root@ipv6tunl Shorewall]# shorewall6 start Compiling... >> Subroutine insert_irule redefined at > /usr/share/shorewall/Shorewall/Rules.pm line 517. >> Subroutine imatch_source_dev redefined at > /usr/share/shorewall/Shorewall/Rules.pm line 2485. >> Global symbol "$comment" requires explicit package name at > /usr/share/shorewall/Shorewall/Rules.pm line 536. >> Global symbol "$comment" requires explicit package name at > /usr/share/shorewall/Shorewall/Rules.pm line 537. >> Global symbol "$iprangematch" requires explicit package name at > /usr/share/shorewall/Shorewall/Rules.pm line 549. >> Global symbol "%capabilities" requires explicit package name at > /usr/share/shorewall/Shorewall/Rules.pm line 1490. >> Compilation failed in require at /usr/share/shorewall/Shorewall/Tunnels.pm > line 31. >> BEGIN failed--compilation aborted at > /usr/share/shorewall/Shorewall/Tunnels.pm line 31. >> Compilation failed in require at > /usr/share/shorewall/Shorewall/Compiler.pm line 32. >> BEGIN failed--compilation aborted at > /usr/share/shorewall/Shorewall/Compiler.pm line 32. >> Compilation failed in require at /usr/share/shorewall/compiler.pl line 44. >> BEGIN failed--compilation aborted at /usr/share/shorewall/compiler.pl line > 44. >> [root@ipv6tunl Shorewall]# > > Looking back in the recent ''SELinux'' thread, you mentioned running 4.4.21.1. > I patched that version of Rules.pm with the patch and it compiles fine. > > I really don''t see how ALL.patch can generate the above errors. It adds a > single ''$'' at the end of a regular expression. The errors you are seeing > appear to be caused by mismatched parentheses or braces. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ---------------------------------------------------------------------------- > -- > BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The > must-attend event for mobile developers. Connect with experts. > Get tools for creating Super Apps. See the latest technologies. > Sessions, hands-on labs, demos & much more. Register early & save! > http://p.sf.net/sfu/rim-blackberry-1 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA > The must-attend event for mobile developers. Connect with experts. > Get tools for creating Super Apps. See the latest technologies. > Sessions, hands-on labs, demos & much more. Register early & save! > http://p.sf.net/sfu/rim-blackberry-1 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
Das wrote:> Hi Tom, > > Can you please tell us how we can apply the patch to the source/tar > ball so that end-users and developers in this situation can patch it > before packaging.Hopefully, we don''t have people packaging Shorewall who don''t know how to apply a patch. But if you have the current tarball contents in ./shorewall-4.4.22/, then patch shorewall-4.4.22/Perl/Shorewall/Rules < ALL.patch Now tar it back up and you have a patched tar ball. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
Tom Eastep wrote:> Hopefully, we don''t have people packaging Shorewall who don''t know how > to apply a patch. But if you have the current tarball contents in > ./shorewall-4.4.22/, then > > patch shorewall-4.4.22/Perl/Shorewall/Rules < ALL.patchMake that: patch shorewall-4.4.22/Perl/Shorewall/Rules.pm < ALL.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
Thanks... On Tue, Aug 2, 2011 at 5:13 PM, Tom Eastep <teastep@shorewall.net> wrote:> Tom Eastep wrote: > > > Hopefully, we don''t have people packaging Shorewall who don''t know how > > to apply a patch. But if you have the current tarball contents in > > ./shorewall-4.4.22/, then > > > > patch shorewall-4.4.22/Perl/Shorewall/Rules < ALL.patch > > Make that: > > patch shorewall-4.4.22/Perl/Shorewall/Rules.pm < ALL.patch > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA > The must-attend event for mobile developers. Connect with experts. > Get tools for creating Super Apps. See the latest technologies. > Sessions, hands-on labs, demos & much more. Register early & save! > http://p.sf.net/sfu/rim-blackberry-1 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1