Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 377473 - net-firewall/shorewall-4.4.13 - 4.4.22: zones beginning with "all" handled incorrectly
Summary: net-firewall/shorewall-4.4.13 - 4.4.22: zones beginning with "all" handled in...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Netmon project
URL: http://www.shorewall.net/Notices.html...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-02 20:43 UTC by Boney McCracker
Modified: 2011-08-06 21:21 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Boney McCracker 2011-08-02 20:43:29 UTC
The maintainer is probably aware of this, so this is just in case this wasn't noticed.  I imagine he might want to either patch the versions of shorewall in portage or move everybody up to 4.4.22.1.

From http://www.shorewall.net/Notices.html#ALLBUG

---------------------------------------------------------------------------
Nasty Bug in Shorewall 4.4.13-4.4.22

A bug in recent versions of Shorewall can result in rules that are wider in scope than intended.

If a zone name begins with 'all', then rules referring to that zone are incorrectly handled as if the keyword 'all' had been entered rather than the zone name.

Users who are running one of these versions of Shorewall and who have zone names beginning with 'all' are urged to either:
Rename the zone(s) to now begin with 'all'; or
Upgrade to Shorewall 4.4.22.1 or later.
-----------------------------------------------------------------------------

Reproducible: Always

Steps to Reproduce:
I can't reproduce as I am not affected.


Actual Results:  
N/A



Expected Results:  
N/A



There seems to be a patch for the affected versions.  The patch was not attached to the mailing list digest I get, and I could not find it in the web-based mailing list archive.

Excerpted from shorewall-users@lists.sourceforge.net:
----------------------------------------------------------------------------
A bug in recent versions of Shorewall can result in rules that are wider in scope than intended. 

If a zone name begins with 'all', then rules referring to that zone are incorrectly handled as if the keyword 'all' had been entered rather than the zone name.

Shorewall releases affected are 4.4.13 - 4.4.22.

The attached patch applies to all of these releases.

a) Save the patch
b) As root, execute this command:

    patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch

The patch will apply with an offset on releases prior to 4.4.22.

Example (4.4.13):

	patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch
	patching file /usr/share/shorewall/Shorewall/Rules.pm
	Hunk #1 succeeded at 1548 (offset -704 lines).
----------------------------------------------------------------------------
Comment 1 Constanze Hausner (RETIRED) gentoo-dev 2011-08-06 15:50:17 UTC
Thanks for telling me, I'm a she btw ;)
I applied the patch for the stable version (4.4.15.1-r1) and added 4.4.22.1 for the unstable users to the tree.
Comment 2 Boney McCracker 2011-08-06 21:21:07 UTC
My humble apologies, Constanze who is a she, and thank you. :)