mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-25 10:03:03 +01:00
network/shorewall: Updated for version 4.4.12.1.
Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
This commit is contained in:
parent
1093f54c02
commit
9c34ec2f47
3 changed files with 252 additions and 5 deletions
245
network/shorewall/patch-4.4.12.1
Normal file
245
network/shorewall/patch-4.4.12.1
Normal file
|
@ -0,0 +1,245 @@
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Chains.pm shorewall-4.4.12.1/Perl/Shorewall/Chains.pm
|
||||||
|
--- shorewall-4.4.12/Perl/Shorewall/Chains.pm 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/Perl/Shorewall/Chains.pm 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -687,7 +687,7 @@
|
||||||
|
# deleting elements from the array over which we are iterating.
|
||||||
|
#
|
||||||
|
for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) {
|
||||||
|
- if ( $rules->[$rule] =~ / -[gj] ${to}\s*$/ ) {
|
||||||
|
+ if ( $rules->[$rule] =~ / -[gj] ${to}( -m comment .*)?\s*$/ ) {
|
||||||
|
trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug;
|
||||||
|
splice( @$rules, $rule, 1 );
|
||||||
|
last unless --$refs > 0;
|
||||||
|
@@ -3118,17 +3118,6 @@
|
||||||
|
fatal_error "LOG requires a level";
|
||||||
|
}
|
||||||
|
#
|
||||||
|
- # Mark Target as referenced, if it's a chain
|
||||||
|
- #
|
||||||
|
- if ( $target =~ /-[jg]\s+([^\s]+)/ ) {
|
||||||
|
- my $targetref = $chain_table{$chainref->{table}}{$1};
|
||||||
|
- if ( $targetref ) {
|
||||||
|
- $targetref->{referenced} = 1;
|
||||||
|
- add_reference $chainref, $targetref;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- #
|
||||||
|
# Isolate Source Interface, if any
|
||||||
|
#
|
||||||
|
if ( $source ) {
|
||||||
|
@@ -3397,6 +3386,8 @@
|
||||||
|
fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl);
|
||||||
|
fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl);
|
||||||
|
|
||||||
|
+ my $fromref;
|
||||||
|
+
|
||||||
|
if ( $iexcl || $dexcl || $oexcl ) {
|
||||||
|
#
|
||||||
|
# We have non-trivial exclusion -- need to create an exclusion chain
|
||||||
|
@@ -3438,7 +3429,7 @@
|
||||||
|
#
|
||||||
|
# Generate Final Rule
|
||||||
|
#
|
||||||
|
- add_rule( $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG';
|
||||||
|
+ add_rule( $fromref = $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG';
|
||||||
|
} else {
|
||||||
|
#
|
||||||
|
# No exclusions
|
||||||
|
@@ -3478,7 +3469,7 @@
|
||||||
|
'add',
|
||||||
|
$matches );
|
||||||
|
|
||||||
|
- add_rule( $chainref, $matches . $target, 1 );
|
||||||
|
+ add_rule( $fromref = $chainref, $matches . $target, 1 );
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
#
|
||||||
|
@@ -3499,12 +3490,22 @@
|
||||||
|
#
|
||||||
|
# No logging -- add the target rule with matches to the rule chain
|
||||||
|
#
|
||||||
|
- add_rule( $chainref, $matches . $target , 1 );
|
||||||
|
+ add_rule( $fromref = $chainref, $matches . $target , 1 );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ #
|
||||||
|
+ # Mark Target as referenced, if it's a chain
|
||||||
|
+ #
|
||||||
|
+ if ( $fromref && $target =~ /-[jg]\s+([^\s]+)/ ) {
|
||||||
|
+ my $targetref = $chain_table{$chainref->{table}}{$1};
|
||||||
|
+ if ( $targetref ) {
|
||||||
|
+ $targetref->{referenced} = 1;
|
||||||
|
+ add_reference $fromref, $targetref;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
|
||||||
|
while ( @ends ) {
|
||||||
|
decr_cmd_level $chainref;
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Config.pm shorewall-4.4.12.1/Perl/Shorewall/Config.pm
|
||||||
|
--- shorewall-4.4.12/Perl/Shorewall/Config.pm 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/Perl/Shorewall/Config.pm 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -345,7 +345,7 @@
|
||||||
|
EXPORT => 0,
|
||||||
|
STATEMATCH => '-m state --state',
|
||||||
|
UNTRACKED => 0,
|
||||||
|
- VERSION => "4.4.12",
|
||||||
|
+ VERSION => "4.4.12.1",
|
||||||
|
CAPVERSION => 40411 ,
|
||||||
|
);
|
||||||
|
|
||||||
|
@@ -2411,7 +2411,7 @@
|
||||||
|
qt1( "$iptables -D $sillyname -m set --match-set $sillyname src -j ACCEPT" );
|
||||||
|
$result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 );
|
||||||
|
} else {
|
||||||
|
- have_capability 'OLD_IPSET_MATCH';
|
||||||
|
+ $result = have_capability 'OLD_IPSET_MATCH';
|
||||||
|
}
|
||||||
|
|
||||||
|
qt( "$ipset -X $sillyname" );
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Providers.pm shorewall-4.4.12.1/Perl/Shorewall/Providers.pm
|
||||||
|
--- shorewall-4.4.12/Perl/Shorewall/Providers.pm 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/Perl/Shorewall/Providers.pm 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -853,6 +853,11 @@
|
||||||
|
#
|
||||||
|
my $interfaces = find_interfaces_by_option1 'optional';
|
||||||
|
|
||||||
|
+ if ( $config{REQUIRE_INTERFACE} ) {
|
||||||
|
+ emit( 'HAVE_INTERFACE=' );
|
||||||
|
+ emit( '' );
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if ( @$interfaces ) {
|
||||||
|
for my $interface ( @$interfaces ) {
|
||||||
|
my $provider = $provider_interfaces{$interface};
|
||||||
|
@@ -861,11 +866,6 @@
|
||||||
|
|
||||||
|
emit( '' );
|
||||||
|
|
||||||
|
- if ( $config{REQUIRE_INTERFACE} ) {
|
||||||
|
- emit( 'HAVE_INTERFACE=' );
|
||||||
|
- emit( '' );
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
if ( $provider ) {
|
||||||
|
#
|
||||||
|
# This interface is associated with a non-shared provider -- get the provider table entry
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/changelog.txt shorewall-4.4.12.1/changelog.txt
|
||||||
|
--- shorewall-4.4.12/changelog.txt 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/changelog.txt 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -1,3 +1,9 @@
|
||||||
|
+Changes in Shorewall 4.4.12.1
|
||||||
|
+
|
||||||
|
+1) Fix optimization bugs.
|
||||||
|
+
|
||||||
|
+2) Fix detection of old ipset match capability
|
||||||
|
+
|
||||||
|
Changes in Shorewall 4.4.12
|
||||||
|
|
||||||
|
1) Fix IPv6 shorecap program.
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/install.sh shorewall-4.4.12.1/install.sh
|
||||||
|
--- shorewall-4.4.12/install.sh 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/install.sh 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -22,7 +22,7 @@
|
||||||
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
#
|
||||||
|
|
||||||
|
-VERSION=4.4.12
|
||||||
|
+VERSION=4.4.12.1
|
||||||
|
|
||||||
|
usage() # $1 = exit status
|
||||||
|
{
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/known_problems.txt shorewall-4.4.12.1/known_problems.txt
|
||||||
|
--- shorewall-4.4.12/known_problems.txt 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/known_problems.txt 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -1,2 +1,13 @@
|
||||||
|
1) On systems running Upstart, Shorewall-init cannot reliably close
|
||||||
|
the firewall before interfaces come up.
|
||||||
|
+
|
||||||
|
+2) Under rare circumstances where COMMENT is used to attach comments
|
||||||
|
+ to rules, OPTIMIZE 8 through 15 can result in invalid
|
||||||
|
+ iptables-restore (ip6tables-restore) input.
|
||||||
|
+
|
||||||
|
+ Workaround: Don't use optimizaiton levels greater than 7.
|
||||||
|
+
|
||||||
|
+3) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
|
||||||
|
+ canresult in invalid iptables-restore (ip6tables-restore) input.
|
||||||
|
+
|
||||||
|
+ Workaround: Don't use optimizaiton levels greater than 7.
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/releasenotes.txt shorewall-4.4.12.1/releasenotes.txt
|
||||||
|
--- shorewall-4.4.12/releasenotes.txt 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/releasenotes.txt 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
- S H O R E W A L L 4 . 4 . 1 2
|
||||||
|
+ S H O R E W A L L 4 . 4 . 1 2 . 1
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
I. RELEASE 4.4 HIGHLIGHTS
|
||||||
|
@@ -10,7 +10,7 @@
|
||||||
|
VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||||
|
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
- I. R E L E A S E 4 . 4 H I G H L I G H T S
|
||||||
|
+ I. R E L E A S E 4 . 4 H I G H L I G H T S
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
1) Support for Shorewall-shell has been discontinued. Shorewall-perl
|
||||||
|
@@ -224,6 +224,22 @@
|
||||||
|
I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
+4.4.12.1
|
||||||
|
+
|
||||||
|
+1) Under rare circumstances where COMMENT is used to attach comments
|
||||||
|
+ to rules, OPTIMIZE 8 through 15 could result in invalid
|
||||||
|
+ iptables-restore (ip6tables-restore) input.
|
||||||
|
+
|
||||||
|
+2) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
|
||||||
|
+ could result in invalid iptables-restore (ip6tables-restore) input.
|
||||||
|
+
|
||||||
|
+3) The change in 4.4.12 to detect and use the new ipset match syntax
|
||||||
|
+ broke the ability to detect the old ipset match capability. Now,
|
||||||
|
+ both versions of the capability can be correctly detected.
|
||||||
|
+
|
||||||
|
+4.4.12
|
||||||
|
+
|
||||||
|
+
|
||||||
|
1) Previously, the Shorewall6-lite version of shorecap was using
|
||||||
|
iptables rather than ip6tables, with the result that many capabilities
|
||||||
|
that are only available in IPv4 were being reported as available.
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/shorewall.spec shorewall-4.4.12.1/shorewall.spec
|
||||||
|
--- shorewall-4.4.12/shorewall.spec 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/shorewall.spec 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
%define name shorewall
|
||||||
|
%define version 4.4.12
|
||||||
|
-%define release 0base
|
||||||
|
+%define release 1
|
||||||
|
|
||||||
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
|
Name: %{name}
|
||||||
|
@@ -108,6 +108,8 @@
|
||||||
|
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
+* Mon Aug 23 2010 Tom Eastep tom@shorewall.net
|
||||||
|
+- Updated to 4.4.12-1
|
||||||
|
* Sun Aug 15 2010 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.12-0base
|
||||||
|
* Fri Aug 06 2010 Tom Eastep tom@shorewall.net
|
||||||
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/uninstall.sh shorewall-4.4.12.1/uninstall.sh
|
||||||
|
--- shorewall-4.4.12/uninstall.sh 2010-08-17 07:34:21.000000000 -0700
|
||||||
|
+++ shorewall-4.4.12.1/uninstall.sh 2010-08-24 13:15:35.000000000 -0700
|
||||||
|
@@ -26,7 +26,7 @@
|
||||||
|
# You may only use this script to uninstall the version
|
||||||
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
|
-VERSION=4.4.12
|
||||||
|
+VERSION=4.4.12.1
|
||||||
|
|
||||||
|
usage() # $1 = exit status
|
||||||
|
{
|
|
@ -24,7 +24,7 @@
|
||||||
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
PRGNAM=shorewall
|
PRGNAM=shorewall
|
||||||
VERSION=${VERSION:-4.4.12}
|
VERSION=${VERSION:-4.4.12.1}
|
||||||
ARCH=noarch
|
ARCH=noarch
|
||||||
BUILD=${BUILD:-1}
|
BUILD=${BUILD:-1}
|
||||||
TAG=${TAG:-_SBo}
|
TAG=${TAG:-_SBo}
|
||||||
|
|
|
@ -1,10 +1,12 @@
|
||||||
PRGNAM="shorewall"
|
PRGNAM="shorewall"
|
||||||
VERSION="4.4.12"
|
VERSION="4.4.12.1"
|
||||||
HOMEPAGE="http://www.shorewall.net"
|
HOMEPAGE="http://www.shorewall.net"
|
||||||
DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2"
|
DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2 \
|
||||||
MD5SUM="245617f3db1312c64eff6e595eed8d18"
|
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/patch-4.4.12.1"
|
||||||
|
MD5SUM="245617f3db1312c64eff6e595eed8d18 \
|
||||||
|
e32cc02eaaa71f85f346623db9a3ec6b"
|
||||||
DOWNLOAD_x86_64=""
|
DOWNLOAD_x86_64=""
|
||||||
MD5SUM_x86_64=""
|
MD5SUM_x86_64=""
|
||||||
MAINTAINER="ArTourter"
|
MAINTAINER="ArTourter"
|
||||||
EMAIL="artourter@gmail.com"
|
EMAIL="artourter@gmail.com"
|
||||||
APPROVED="Erik Hanson"
|
APPROVED="dsomero"
|
||||||
|
|
Loading…
Reference in a new issue