network/shorewall: Updated for version 4.4.12.1.

Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
This commit is contained in:
ArTourter 2010-09-08 18:22:22 -04:00 committed by dsomero
parent 1093f54c02
commit 9c34ec2f47
3 changed files with 252 additions and 5 deletions

View file

@ -0,0 +1,245 @@
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Chains.pm shorewall-4.4.12.1/Perl/Shorewall/Chains.pm
--- shorewall-4.4.12/Perl/Shorewall/Chains.pm 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/Perl/Shorewall/Chains.pm 2010-08-24 13:15:35.000000000 -0700
@@ -687,7 +687,7 @@
# deleting elements from the array over which we are iterating.
#
for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) {
- if ( $rules->[$rule] =~ / -[gj] ${to}\s*$/ ) {
+ if ( $rules->[$rule] =~ / -[gj] ${to}( -m comment .*)?\s*$/ ) {
trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug;
splice( @$rules, $rule, 1 );
last unless --$refs > 0;
@@ -3118,17 +3118,6 @@
fatal_error "LOG requires a level";
}
#
- # Mark Target as referenced, if it's a chain
- #
- if ( $target =~ /-[jg]\s+([^\s]+)/ ) {
- my $targetref = $chain_table{$chainref->{table}}{$1};
- if ( $targetref ) {
- $targetref->{referenced} = 1;
- add_reference $chainref, $targetref;
- }
- }
-
- #
# Isolate Source Interface, if any
#
if ( $source ) {
@@ -3397,6 +3386,8 @@
fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl);
fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl);
+ my $fromref;
+
if ( $iexcl || $dexcl || $oexcl ) {
#
# We have non-trivial exclusion -- need to create an exclusion chain
@@ -3438,7 +3429,7 @@
#
# Generate Final Rule
#
- add_rule( $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG';
+ add_rule( $fromref = $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG';
} else {
#
# No exclusions
@@ -3478,7 +3469,7 @@
'add',
$matches );
- add_rule( $chainref, $matches . $target, 1 );
+ add_rule( $fromref = $chainref, $matches . $target, 1 );
}
} else {
#
@@ -3499,12 +3490,22 @@
#
# No logging -- add the target rule with matches to the rule chain
#
- add_rule( $chainref, $matches . $target , 1 );
+ add_rule( $fromref = $chainref, $matches . $target , 1 );
}
}
}
}
}
+ #
+ # Mark Target as referenced, if it's a chain
+ #
+ if ( $fromref && $target =~ /-[jg]\s+([^\s]+)/ ) {
+ my $targetref = $chain_table{$chainref->{table}}{$1};
+ if ( $targetref ) {
+ $targetref->{referenced} = 1;
+ add_reference $fromref, $targetref;
+ }
+ }
while ( @ends ) {
decr_cmd_level $chainref;
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Config.pm shorewall-4.4.12.1/Perl/Shorewall/Config.pm
--- shorewall-4.4.12/Perl/Shorewall/Config.pm 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/Perl/Shorewall/Config.pm 2010-08-24 13:15:35.000000000 -0700
@@ -345,7 +345,7 @@
EXPORT => 0,
STATEMATCH => '-m state --state',
UNTRACKED => 0,
- VERSION => "4.4.12",
+ VERSION => "4.4.12.1",
CAPVERSION => 40411 ,
);
@@ -2411,7 +2411,7 @@
qt1( "$iptables -D $sillyname -m set --match-set $sillyname src -j ACCEPT" );
$result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 );
} else {
- have_capability 'OLD_IPSET_MATCH';
+ $result = have_capability 'OLD_IPSET_MATCH';
}
qt( "$ipset -X $sillyname" );
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Providers.pm shorewall-4.4.12.1/Perl/Shorewall/Providers.pm
--- shorewall-4.4.12/Perl/Shorewall/Providers.pm 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/Perl/Shorewall/Providers.pm 2010-08-24 13:15:35.000000000 -0700
@@ -853,6 +853,11 @@
#
my $interfaces = find_interfaces_by_option1 'optional';
+ if ( $config{REQUIRE_INTERFACE} ) {
+ emit( 'HAVE_INTERFACE=' );
+ emit( '' );
+ }
+
if ( @$interfaces ) {
for my $interface ( @$interfaces ) {
my $provider = $provider_interfaces{$interface};
@@ -861,11 +866,6 @@
emit( '' );
- if ( $config{REQUIRE_INTERFACE} ) {
- emit( 'HAVE_INTERFACE=' );
- emit( '' );
- }
-
if ( $provider ) {
#
# This interface is associated with a non-shared provider -- get the provider table entry
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/changelog.txt shorewall-4.4.12.1/changelog.txt
--- shorewall-4.4.12/changelog.txt 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/changelog.txt 2010-08-24 13:15:35.000000000 -0700
@@ -1,3 +1,9 @@
+Changes in Shorewall 4.4.12.1
+
+1) Fix optimization bugs.
+
+2) Fix detection of old ipset match capability
+
Changes in Shorewall 4.4.12
1) Fix IPv6 shorecap program.
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/install.sh shorewall-4.4.12.1/install.sh
--- shorewall-4.4.12/install.sh 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/install.sh 2010-08-24 13:15:35.000000000 -0700
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.4.12
+VERSION=4.4.12.1
usage() # $1 = exit status
{
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/known_problems.txt shorewall-4.4.12.1/known_problems.txt
--- shorewall-4.4.12/known_problems.txt 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/known_problems.txt 2010-08-24 13:15:35.000000000 -0700
@@ -1,2 +1,13 @@
1) On systems running Upstart, Shorewall-init cannot reliably close
the firewall before interfaces come up.
+
+2) Under rare circumstances where COMMENT is used to attach comments
+ to rules, OPTIMIZE 8 through 15 can result in invalid
+ iptables-restore (ip6tables-restore) input.
+
+ Workaround: Don't use optimizaiton levels greater than 7.
+
+3) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
+ canresult in invalid iptables-restore (ip6tables-restore) input.
+
+ Workaround: Don't use optimizaiton levels greater than 7.
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/releasenotes.txt shorewall-4.4.12.1/releasenotes.txt
--- shorewall-4.4.12/releasenotes.txt 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/releasenotes.txt 2010-08-24 13:15:35.000000000 -0700
@@ -1,5 +1,5 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 4 . 1 2
+ S H O R E W A L L 4 . 4 . 1 2 . 1
----------------------------------------------------------------------------
I. RELEASE 4.4 HIGHLIGHTS
@@ -10,7 +10,7 @@
VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
----------------------------------------------------------------------------
- I. R E L E A S E 4 . 4 H I G H L I G H T S
+ I. R E L E A S E 4 . 4 H I G H L I G H T S
----------------------------------------------------------------------------
1) Support for Shorewall-shell has been discontinued. Shorewall-perl
@@ -224,6 +224,22 @@
I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+4.4.12.1
+
+1) Under rare circumstances where COMMENT is used to attach comments
+ to rules, OPTIMIZE 8 through 15 could result in invalid
+ iptables-restore (ip6tables-restore) input.
+
+2) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
+ could result in invalid iptables-restore (ip6tables-restore) input.
+
+3) The change in 4.4.12 to detect and use the new ipset match syntax
+ broke the ability to detect the old ipset match capability. Now,
+ both versions of the capability can be correctly detected.
+
+4.4.12
+
+
1) Previously, the Shorewall6-lite version of shorecap was using
iptables rather than ip6tables, with the result that many capabilities
that are only available in IPv4 were being reported as available.
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/shorewall.spec shorewall-4.4.12.1/shorewall.spec
--- shorewall-4.4.12/shorewall.spec 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/shorewall.spec 2010-08-24 13:15:35.000000000 -0700
@@ -1,6 +1,6 @@
%define name shorewall
%define version 4.4.12
-%define release 0base
+%define release 1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@@ -108,6 +108,8 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
%changelog
+* Mon Aug 23 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.12-1
* Sun Aug 15 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.12-0base
* Fri Aug 06 2010 Tom Eastep tom@shorewall.net
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/uninstall.sh shorewall-4.4.12.1/uninstall.sh
--- shorewall-4.4.12/uninstall.sh 2010-08-17 07:34:21.000000000 -0700
+++ shorewall-4.4.12.1/uninstall.sh 2010-08-24 13:15:35.000000000 -0700
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.12
+VERSION=4.4.12.1
usage() # $1 = exit status
{

View file

@ -24,7 +24,7 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=shorewall PRGNAM=shorewall
VERSION=${VERSION:-4.4.12} VERSION=${VERSION:-4.4.12.1}
ARCH=noarch ARCH=noarch
BUILD=${BUILD:-1} BUILD=${BUILD:-1}
TAG=${TAG:-_SBo} TAG=${TAG:-_SBo}

View file

@ -1,10 +1,12 @@
PRGNAM="shorewall" PRGNAM="shorewall"
VERSION="4.4.12" VERSION="4.4.12.1"
HOMEPAGE="http://www.shorewall.net" HOMEPAGE="http://www.shorewall.net"
DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2" DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2 \
MD5SUM="245617f3db1312c64eff6e595eed8d18" http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/patch-4.4.12.1"
MD5SUM="245617f3db1312c64eff6e595eed8d18 \
e32cc02eaaa71f85f346623db9a3ec6b"
DOWNLOAD_x86_64="" DOWNLOAD_x86_64=""
MD5SUM_x86_64="" MD5SUM_x86_64=""
MAINTAINER="ArTourter" MAINTAINER="ArTourter"
EMAIL="artourter@gmail.com" EMAIL="artourter@gmail.com"
APPROVED="Erik Hanson" APPROVED="dsomero"