Revbump (bug 520316, thanks whissi).

(Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 62EEF090)

7 files changed, 45 insertions, 3 deletions

diff --git a/net-firewall/shorewall/ChangeLog b/net-firewall/shorewall/ChangeLog
index 8a7c7e31380e..b8bcfd8271a5 100644
--- a/net-firewall/shorewall/ChangeLog
+++ b/net-firewall/shorewall/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for net-firewall/shorewall
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/ChangeLog,v 1.265 2014/09/19 09:17:31 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/ChangeLog,v 1.266 2014/11/18 11:12:24 xmw Exp $
+
+*shorewall-4.5.21.10-r1 (18 Nov 2014)
+
+  18 Nov 2014; Michael Weber <xmw@gentoo.org>
+  +files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch,
+  +files/4.5.21.10-r1/shorewall.confd, +files/4.5.21.10-r1/shorewall.initd,
+  +files/4.5.21.10-r1/shorewall.systemd, +files/4.5.21.10-r1/shorewallrc,
+  +shorewall-4.5.21.10-r1.ebuild, -files/4.5.21.10/shorewall.confd,
+  -files/4.5.21.10/shorewall.initd, -files/4.5.21.10/shorewall.systemd,
+  -files/4.5.21.10/shorewallrc, -shorewall-4.5.21.10.ebuild:
+  Revbump (bug 520316, thanks whissi).
 
   19 Sep 2014; Agostino Sarubbo <ago@gentoo.org> shorewall-4.5.21.9.ebuild:
   Stable for sparc, wrt bug #511620
diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch
new file mode 100644
index 000000000000..55b8f7039747
--- /dev/null
+++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch
@@ -0,0 +1,29 @@
+Beginning with 3.14, the address family of the ipset was checked and an
+error is generated:
+
+root@jessie:~# ipset -N foo iphash
+root@jessie:~# ip6tables -N foo
+root@jessie:~# ip6tables -A foo -m set --match-set foo src
+ip6tables v1.4.21: The protocol family of set foo is IPv4, which is not
+applicable.
+
+Try `ip6tables -h' or 'ip6tables --help' for more information.
+root@jessie:~#
+
+This caused the failure. By reversing the order of the terms, an ipv6
+ipset is created (if supported) and the ip6tables command succeeds.
+
+http://thread.gmane.org/gmane.comp.security.shorewall/31349
+
+diff -rupN old/shorewall-4.5.21.10/Perl/Shorewall/Config.pm new/shorewall-4.5.21.10/Perl/Shorewall/Config.pm
+--- old/shorewall-4.5.21.10/Perl/Shorewall/Config.pm	2014-05-26 16:47:21.000000000 +0200
++++ new/shorewall-4.5.21.10/Perl/Shorewall/Config.pm	2014-07-20 18:11:28.186658453 +0200
+@@ -3961,7 +3961,7 @@ sub IPSet_Match() {
+     if ( $ipset && -x $ipset ) {
+ 	qt( "$ipset -X $sillyname" );
+ 
+-	if ( qt( "$ipset -N $sillyname iphash" ) || qt( "$ipset -N $sillyname hash:ip family $fam") ) {
++	if ( qt( "$ipset -N $sillyname hash:ip family $fam" ) || qt( "$ipset -N $sillyname iphash" ) ) {
+ 	    if ( qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src -j ACCEPT" ) ) {
+ 		qt1( "$iptables $iptablesw -F $sillyname" );
+ 		$result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 );
diff --git a/net-firewall/shorewall/files/4.5.21.10/shorewall.confd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.confd
index e5957167b5b9..e5957167b5b9 100644
--- a/net-firewall/shorewall/files/4.5.21.10/shorewall.confd
+++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.confd
diff --git a/net-firewall/shorewall/files/4.5.21.10/shorewall.initd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd
index 0c430ade393c..69015063b734 100644
--- a/net-firewall/shorewall/files/4.5.21.10/shorewall.initd
+++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd
@@ -1,7 +1,7 @@
 #!/sbin/runscript
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/files/4.5.21.10/shorewall.initd,v 1.1 2014/06/12 14:02:18 tomwij Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd,v 1.1 2014/11/18 11:12:24 xmw Exp $
 
 description='The Shoreline Firewall, more commonly known as "Shorewall", is'
 description="${description} a high-level tool for configuring Netfilter."
diff --git a/net-firewall/shorewall/files/4.5.21.10/shorewall.systemd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.systemd
index db278fd54585..db278fd54585 100644
--- a/net-firewall/shorewall/files/4.5.21.10/shorewall.systemd
+++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.systemd
diff --git a/net-firewall/shorewall/files/4.5.21.10/shorewallrc b/net-firewall/shorewall/files/4.5.21.10-r1/shorewallrc
index 46f5eb9a3603..46f5eb9a3603 100644
--- a/net-firewall/shorewall/files/4.5.21.10/shorewallrc
+++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewallrc
diff --git a/net-firewall/shorewall/shorewall-4.5.21.10.ebuild b/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild
index d259883c44d5..62966e8ffca9 100644
--- a/net-firewall/shorewall/shorewall-4.5.21.10.ebuild
+++ b/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/shorewall-4.5.21.10.ebuild,v 1.1 2014/06/12 14:02:16 tomwij Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild,v 1.1 2014/11/18 11:12:24 xmw Exp $
 
 EAPI="5"
 
@@ -62,6 +62,8 @@ pkg_pretend() {
 }
 
 src_prepare() {
+	epatch "${FILESDIR}"/${PVR}/shorewall-10-fix-ipset-support-detection.patch
+
 	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
 	eprefixify "${S}"/shorewallrc.gentoo