Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 377473

Summary: net-firewall/shorewall-4.4.13 - 4.4.22: zones beginning with "all" handled incorrectly
Product: Gentoo Linux Reporter: Boney McCracker <brendlerjg>
Component: Current packagesAssignee: Gentoo Netmon project <netmon>
Status: RESOLVED FIXED    
Severity: normal CC: pchrist, rentorbuy
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.shorewall.net/Notices.html#ALLBUG
Whiteboard:
Package list:
Runtime testing required: ---

Description Boney McCracker 2011-08-02 20:43:29 UTC 
The maintainer is probably aware of this, so this is just in case this wasn't noticed.  I imagine he might want to either patch the versions of shorewall in portage or move everybody up to 4.4.22.1.

From http://www.shorewall.net/Notices.html#ALLBUG

---------------------------------------------------------------------------
Nasty Bug in Shorewall 4.4.13-4.4.22

A bug in recent versions of Shorewall can result in rules that are wider in scope than intended.

If a zone name begins with 'all', then rules referring to that zone are incorrectly handled as if the keyword 'all' had been entered rather than the zone name.

Users who are running one of these versions of Shorewall and who have zone names beginning with 'all' are urged to either:
Rename the zone(s) to now begin with 'all'; or
Upgrade to Shorewall 4.4.22.1 or later.
-----------------------------------------------------------------------------

Reproducible: Always

Steps to Reproduce:
I can't reproduce as I am not affected.


Actual Results:  
N/A



Expected Results:  
N/A



There seems to be a patch for the affected versions.  The patch was not attached to the mailing list digest I get, and I could not find it in the web-based mailing list archive.

Excerpted from shorewall-users@lists.sourceforge.net:
----------------------------------------------------------------------------
A bug in recent versions of Shorewall can result in rules that are wider in scope than intended. 

If a zone name begins with 'all', then rules referring to that zone are incorrectly handled as if the keyword 'all' had been entered rather than the zone name.

Shorewall releases affected are 4.4.13 - 4.4.22.

The attached patch applies to all of these releases.

a) Save the patch
b) As root, execute this command:

    patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch

The patch will apply with an offset on releases prior to 4.4.22.

Example (4.4.13):

	patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch
	patching file /usr/share/shorewall/Shorewall/Rules.pm
	Hunk #1 succeeded at 1548 (offset -704 lines).
----------------------------------------------------------------------------
Comment 1 Constanze Hausner (RETIRED) gentoo-dev 2011-08-06 15:50:17 UTC 
Thanks for telling me, I'm a she btw ;)
I applied the patch for the stable version (4.4.15.1-r1) and added 4.4.22.1 for the unstable users to the tree.
Comment 2 Boney McCracker 2011-08-06 21:21:07 UTC 
My humble apologies, Constanze who is a she, and thank you. :)