Merge Simon's umask patch

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1937 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -1,7 +1,9 @@
-Changes since 2.2.0
+Changes in 2.2.1
 
 1) Add examples to the zones and policy files.
 
+2) Simon Matter's patch for umask.
+
 Changes since 2.0.3
 
 1) Fix security vulnerability involving temporary files/directories.

Shorewall2/firewall

@@ -7065,6 +7065,9 @@ do_initialize() {
 
     export LC_ALL=C
 
+    # Make sure umask is sane
+    umask 177
+
     PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
     #
     # Establish termination function

Shorewall2/releasenotes.txt

@@ -5,6 +5,10 @@ Problems corrected in version 2.2.1
 
 1) The /etc/shorewall/policy file contained a misleading comment and
    both that file and the /etc/shorewall/zones file lacked examples.
+
+2) Shorewall previously used root's default umask which could cause
+   files in /var/lib/shorewall to be world-readable. Shorewall now uses
+   umask 0177.
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.2:
 
@@ -88,7 +92,7 @@ Issues when migrating from Shorewall 2.0 to Shorewall 2.2:
     OpenVPN.
 
 -----------------------------------------------------------------------
-New Features:
+New Features in Shorewall 2.2.0:
 
 1)  ICMP packets that are in the INVALID state are now dropped by the
     Reject and Drop default actions. They do so using the new 

Shorewall2/zones

@@ -11,7 +11,7 @@
 # OVERLAPPING ZONES DEFINED THROUGH /etc/shorewall/hosts.
 #
 # See http://www.shorewall.net/Documentation.htm#Nested
-#
+#--------------------------------------------------------------------------------
 # Example zones:
 #
 #    You have a three interface firewall with internet, local and DMZ interfaces.