diff --git a/network/shorewall/patch-4.4.12.1 b/network/shorewall/patch-4.4.12.1 new file mode 100644 index 0000000000..a8ba7f242e --- /dev/null +++ b/network/shorewall/patch-4.4.12.1 @@ -0,0 +1,245 @@ +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Chains.pm shorewall-4.4.12.1/Perl/Shorewall/Chains.pm +--- shorewall-4.4.12/Perl/Shorewall/Chains.pm 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/Perl/Shorewall/Chains.pm 2010-08-24 13:15:35.000000000 -0700 +@@ -687,7 +687,7 @@ + # deleting elements from the array over which we are iterating. + # + for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) { +- if ( $rules->[$rule] =~ / -[gj] ${to}\s*$/ ) { ++ if ( $rules->[$rule] =~ / -[gj] ${to}( -m comment .*)?\s*$/ ) { + trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug; + splice( @$rules, $rule, 1 ); + last unless --$refs > 0; +@@ -3118,17 +3118,6 @@ + fatal_error "LOG requires a level"; + } + # +- # Mark Target as referenced, if it's a chain +- # +- if ( $target =~ /-[jg]\s+([^\s]+)/ ) { +- my $targetref = $chain_table{$chainref->{table}}{$1}; +- if ( $targetref ) { +- $targetref->{referenced} = 1; +- add_reference $chainref, $targetref; +- } +- } +- +- # + # Isolate Source Interface, if any + # + if ( $source ) { +@@ -3397,6 +3386,8 @@ + fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl); + fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl); + ++ my $fromref; ++ + if ( $iexcl || $dexcl || $oexcl ) { + # + # We have non-trivial exclusion -- need to create an exclusion chain +@@ -3438,7 +3429,7 @@ + # + # Generate Final Rule + # +- add_rule( $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG'; ++ add_rule( $fromref = $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG'; + } else { + # + # No exclusions +@@ -3478,7 +3469,7 @@ + 'add', + $matches ); + +- add_rule( $chainref, $matches . $target, 1 ); ++ add_rule( $fromref = $chainref, $matches . $target, 1 ); + } + } else { + # +@@ -3499,12 +3490,22 @@ + # + # No logging -- add the target rule with matches to the rule chain + # +- add_rule( $chainref, $matches . $target , 1 ); ++ add_rule( $fromref = $chainref, $matches . $target , 1 ); + } + } + } + } + } ++ # ++ # Mark Target as referenced, if it's a chain ++ # ++ if ( $fromref && $target =~ /-[jg]\s+([^\s]+)/ ) { ++ my $targetref = $chain_table{$chainref->{table}}{$1}; ++ if ( $targetref ) { ++ $targetref->{referenced} = 1; ++ add_reference $fromref, $targetref; ++ } ++ } + + while ( @ends ) { + decr_cmd_level $chainref; +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Config.pm shorewall-4.4.12.1/Perl/Shorewall/Config.pm +--- shorewall-4.4.12/Perl/Shorewall/Config.pm 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/Perl/Shorewall/Config.pm 2010-08-24 13:15:35.000000000 -0700 +@@ -345,7 +345,7 @@ + EXPORT => 0, + STATEMATCH => '-m state --state', + UNTRACKED => 0, +- VERSION => "4.4.12", ++ VERSION => "4.4.12.1", + CAPVERSION => 40411 , + ); + +@@ -2411,7 +2411,7 @@ + qt1( "$iptables -D $sillyname -m set --match-set $sillyname src -j ACCEPT" ); + $result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 ); + } else { +- have_capability 'OLD_IPSET_MATCH'; ++ $result = have_capability 'OLD_IPSET_MATCH'; + } + + qt( "$ipset -X $sillyname" ); +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Providers.pm shorewall-4.4.12.1/Perl/Shorewall/Providers.pm +--- shorewall-4.4.12/Perl/Shorewall/Providers.pm 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/Perl/Shorewall/Providers.pm 2010-08-24 13:15:35.000000000 -0700 +@@ -853,6 +853,11 @@ + # + my $interfaces = find_interfaces_by_option1 'optional'; + ++ if ( $config{REQUIRE_INTERFACE} ) { ++ emit( 'HAVE_INTERFACE=' ); ++ emit( '' ); ++ } ++ + if ( @$interfaces ) { + for my $interface ( @$interfaces ) { + my $provider = $provider_interfaces{$interface}; +@@ -861,11 +866,6 @@ + + emit( '' ); + +- if ( $config{REQUIRE_INTERFACE} ) { +- emit( 'HAVE_INTERFACE=' ); +- emit( '' ); +- } +- + if ( $provider ) { + # + # This interface is associated with a non-shared provider -- get the provider table entry +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/changelog.txt shorewall-4.4.12.1/changelog.txt +--- shorewall-4.4.12/changelog.txt 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/changelog.txt 2010-08-24 13:15:35.000000000 -0700 +@@ -1,3 +1,9 @@ ++Changes in Shorewall 4.4.12.1 ++ ++1) Fix optimization bugs. ++ ++2) Fix detection of old ipset match capability ++ + Changes in Shorewall 4.4.12 + + 1) Fix IPv6 shorecap program. +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/install.sh shorewall-4.4.12.1/install.sh +--- shorewall-4.4.12/install.sh 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/install.sh 2010-08-24 13:15:35.000000000 -0700 +@@ -22,7 +22,7 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + # + +-VERSION=4.4.12 ++VERSION=4.4.12.1 + + usage() # $1 = exit status + { +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/known_problems.txt shorewall-4.4.12.1/known_problems.txt +--- shorewall-4.4.12/known_problems.txt 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/known_problems.txt 2010-08-24 13:15:35.000000000 -0700 +@@ -1,2 +1,13 @@ + 1) On systems running Upstart, Shorewall-init cannot reliably close + the firewall before interfaces come up. ++ ++2) Under rare circumstances where COMMENT is used to attach comments ++ to rules, OPTIMIZE 8 through 15 can result in invalid ++ iptables-restore (ip6tables-restore) input. ++ ++ Workaround: Don't use optimizaiton levels greater than 7. ++ ++3) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15 ++ canresult in invalid iptables-restore (ip6tables-restore) input. ++ ++ Workaround: Don't use optimizaiton levels greater than 7. +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/releasenotes.txt shorewall-4.4.12.1/releasenotes.txt +--- shorewall-4.4.12/releasenotes.txt 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/releasenotes.txt 2010-08-24 13:15:35.000000000 -0700 +@@ -1,5 +1,5 @@ + ---------------------------------------------------------------------------- +- S H O R E W A L L 4 . 4 . 1 2 ++ S H O R E W A L L 4 . 4 . 1 2 . 1 + ---------------------------------------------------------------------------- + + I. RELEASE 4.4 HIGHLIGHTS +@@ -10,7 +10,7 @@ + VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES + + ---------------------------------------------------------------------------- +- I. R E L E A S E 4 . 4 H I G H L I G H T S ++ I. R E L E A S E 4 . 4 H I G H L I G H T S + ---------------------------------------------------------------------------- + + 1) Support for Shorewall-shell has been discontinued. Shorewall-perl +@@ -224,6 +224,22 @@ + I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E + ---------------------------------------------------------------------------- + ++4.4.12.1 ++ ++1) Under rare circumstances where COMMENT is used to attach comments ++ to rules, OPTIMIZE 8 through 15 could result in invalid ++ iptables-restore (ip6tables-restore) input. ++ ++2) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15 ++ could result in invalid iptables-restore (ip6tables-restore) input. ++ ++3) The change in 4.4.12 to detect and use the new ipset match syntax ++ broke the ability to detect the old ipset match capability. Now, ++ both versions of the capability can be correctly detected. ++ ++4.4.12 ++ ++ + 1) Previously, the Shorewall6-lite version of shorecap was using + iptables rather than ip6tables, with the result that many capabilities + that are only available in IPv4 were being reported as available. +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/shorewall.spec shorewall-4.4.12.1/shorewall.spec +--- shorewall-4.4.12/shorewall.spec 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/shorewall.spec 2010-08-24 13:15:35.000000000 -0700 +@@ -1,6 +1,6 @@ + %define name shorewall + %define version 4.4.12 +-%define release 0base ++%define release 1 + + Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. + Name: %{name} +@@ -108,6 +108,8 @@ + %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples + + %changelog ++* Mon Aug 23 2010 Tom Eastep tom@shorewall.net ++- Updated to 4.4.12-1 + * Sun Aug 15 2010 Tom Eastep tom@shorewall.net + - Updated to 4.4.12-0base + * Fri Aug 06 2010 Tom Eastep tom@shorewall.net +diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/uninstall.sh shorewall-4.4.12.1/uninstall.sh +--- shorewall-4.4.12/uninstall.sh 2010-08-17 07:34:21.000000000 -0700 ++++ shorewall-4.4.12.1/uninstall.sh 2010-08-24 13:15:35.000000000 -0700 +@@ -26,7 +26,7 @@ + # You may only use this script to uninstall the version + # shown below. Simply run this script to remove Shorewall Firewall + +-VERSION=4.4.12 ++VERSION=4.4.12.1 + + usage() # $1 = exit status + { diff --git a/network/shorewall/shorewall.SlackBuild b/network/shorewall/shorewall.SlackBuild index a36270f80f..09d82d17ea 100644 --- a/network/shorewall/shorewall.SlackBuild +++ b/network/shorewall/shorewall.SlackBuild @@ -24,7 +24,7 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=shorewall -VERSION=${VERSION:-4.4.12} +VERSION=${VERSION:-4.4.12.1} ARCH=noarch BUILD=${BUILD:-1} TAG=${TAG:-_SBo} diff --git a/network/shorewall/shorewall.info b/network/shorewall/shorewall.info index e4fc4b3a99..0c7d764541 100644 --- a/network/shorewall/shorewall.info +++ b/network/shorewall/shorewall.info @@ -1,10 +1,12 @@ PRGNAM="shorewall" -VERSION="4.4.12" +VERSION="4.4.12.1" HOMEPAGE="http://www.shorewall.net" -DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2" -MD5SUM="245617f3db1312c64eff6e595eed8d18" +DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2 \ + http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/patch-4.4.12.1" +MD5SUM="245617f3db1312c64eff6e595eed8d18 \ + e32cc02eaaa71f85f346623db9a3ec6b" DOWNLOAD_x86_64="" MD5SUM_x86_64="" MAINTAINER="ArTourter" EMAIL="artourter@gmail.com" -APPROVED="Erik Hanson" +APPROVED="dsomero"