network/shorewall: Updated for version 4.4.12.2.

Signed-off-by: dsomero <xgizzmo@slackbuilds.org>

network/shorewall/patch-4.4.12.2

@@ -0,0 +1,215 @@
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/Perl/Shorewall/Chains.pm shorewall-4.4.12.2/Perl/Shorewall/Chains.pm
+--- shorewall-4.4.12.1/Perl/Shorewall/Chains.pm	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/Perl/Shorewall/Chains.pm	2010-09-04 07:30:24.000000000 -0700
+@@ -687,7 +687,7 @@
+     # deleting elements from the array over which we are iterating.
+     #
+     for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) {
+-	if (  $rules->[$rule] =~ / -[gj] ${to}( -m comment .*)?\s*$/ ) {
++	if (  $rules->[$rule] =~ / -[gj] ${to}(\s+-m comment .*)?\s*$/ ) {
+ 	    trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug;
+ 	    splice(  @$rules, $rule, 1 );
+ 	    last unless --$refs > 0;
+@@ -3392,7 +3392,7 @@
+ 	#
+ 	# We have non-trivial exclusion -- need to create an exclusion chain
+ 	#
+-	fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN';
++	fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN' || $disposition eq 'CONTINUE';
+ 
+ 	#
+ 	# Create the Exclusion Chain
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/Perl/Shorewall/Config.pm shorewall-4.4.12.2/Perl/Shorewall/Config.pm
+--- shorewall-4.4.12.1/Perl/Shorewall/Config.pm	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/Perl/Shorewall/Config.pm	2010-09-04 07:30:24.000000000 -0700
+@@ -345,7 +345,7 @@
+ 		    EXPORT => 0,
+ 		    STATEMATCH => '-m state --state',
+ 		    UNTRACKED => 0,
+-		    VERSION => "4.4.12.1",
++		    VERSION => "4.4.12.2",
+ 		    CAPVERSION => 40411 ,
+ 		  );
+ 
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/Perl/Shorewall/Rules.pm shorewall-4.4.12.2/Perl/Shorewall/Rules.pm
+--- shorewall-4.4.12.1/Perl/Shorewall/Rules.pm	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/Perl/Shorewall/Rules.pm	2010-09-04 07:30:24.000000000 -0700
+@@ -303,7 +303,7 @@
+ 	    my $target     = source_exclusion( $hostref->[3], $chainref );
+ 
+ 	    for my $chain ( first_chains $interface ) {
+-		add_jump $filter_table->{$chain} , $chainref, 0, "${source}${state}${policy}";
++		add_jump $filter_table->{$chain} , $target, 0, "${source}${state}${policy}";
+ 	    }
+ 
+ 	    set_interface_option $interface, 'use_input_chain', 1;
+@@ -675,12 +675,12 @@
+ 
+ 	    for $interface ( @$list ) {
+ 		my $chainref = $filter_table->{input_chain $interface};
+-		my $base     = uc chain_base $interface;
++		my $base     = uc chain_base get_physical $interface;
+ 		my $variable = get_interface_gateway $interface;
+ 
+ 		if ( interface_is_optional $interface ) {
+ 		    add_commands( $chainref,
+-				  qq(if [ -n "\$${base}_IS_USABLE" -a -n "$variable" ]; then) ,
++				  qq(if [ -n "\$SW_${base}_IS_USABLE" -a -n "$variable" ]; then) ,
+ 				  '    echo "-A ' . match_source_dev( $interface ) . qq(-s $variable -p udp -j ACCEPT" >&3) ,
+ 				  qq(fi) );
+ 		} else {
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/changelog.txt shorewall-4.4.12.2/changelog.txt
+--- shorewall-4.4.12.1/changelog.txt	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/changelog.txt	2010-09-04 07:30:24.000000000 -0700
+@@ -1,9 +1,17 @@
++Changes in Shorewall 4.4.12.2
++
++1)  Add tweak to 4.4.12.1 optimization fix.
++
++2)  Fix exclusion in the blacklist file.
++
+ Changes in Shorewall 4.4.12.1
+ 
+ 1)  Fix optimization bugs.
+ 
+ 2)  Fix detection of old ipset match capability
+ 
++3)  Fix REQUIRE_INTERFACE=Yes
++
+ Changes in Shorewall 4.4.12
+ 
+ 1)  Fix IPv6 shorecap program.
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/install.sh shorewall-4.4.12.2/install.sh
+--- shorewall-4.4.12.1/install.sh	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/install.sh	2010-09-04 07:30:24.000000000 -0700
+@@ -22,7 +22,7 @@
+ #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ #
+ 
+-VERSION=4.4.12.1
++VERSION=4.4.12.2
+ 
+ usage() # $1 = exit status
+ {
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/known_problems.txt shorewall-4.4.12.2/known_problems.txt
+--- shorewall-4.4.12.1/known_problems.txt	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/known_problems.txt	2010-09-04 07:30:24.000000000 -0700
+@@ -5,9 +5,33 @@
+     to rules, OPTIMIZE 8 through 15 can result in invalid
+     iptables-restore (ip6tables-restore) input.
+ 
+-    Workaround: Don't use optimizaiton levels greater than 7.
++    Corrected in Shorewall 4.4.12.1.
+ 
+ 3)  Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
+     canresult in invalid iptables-restore (ip6tables-restore) input.
+ 
+-    Workaround: Don't use optimizaiton levels greater than 7.
++    Corrected in Shorewall 4.4.12.1.
++
++4)  The change in 4.4.12 to detect and use the new ipset match syntax
++    broke the ability to detect the old ipset match capability. 
++
++    Corrected in Shorewall 4.4.12.1.
++
++5)  If REQUIRE_INTERFACE=Yes then start/restart will fail
++    if the last optional interface tested is not available.
++
++    Corrected in Shorewall 4.4.12.1.
++
++6)  The fix for COMMENT and optimization in 4.4.12.1 is incomplete.
++
++    Corrected in Shorewall 4.4.12.2
++
++7)  Exclusion in the blacklist file is correctly validated but is then
++    ignored when generating iptables (ip6tables) rules.
++
++    Corrected in Shorewall 4.4.12.2.
++
++8)  Shorewall allows CONTINUE rules with exclusion. These rules
++    generate valid but incorrect iptables (ip6tables) input.
++
++    Corrected in Shorewall 4.4.12.2 -- these rules are now disallowed.
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/releasenotes.txt shorewall-4.4.12.2/releasenotes.txt
+--- shorewall-4.4.12.1/releasenotes.txt	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/releasenotes.txt	2010-09-04 07:30:24.000000000 -0700
+@@ -1,5 +1,5 @@
+ ----------------------------------------------------------------------------
+-                   S H O R E W A L L  4 . 4 . 1 2 . 1
++                   S H O R E W A L L  4 . 4 . 1 2 . 2
+ ----------------------------------------------------------------------------
+ 
+ I.    RELEASE 4.4 HIGHLIGHTS
+@@ -224,21 +224,38 @@
+ I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
+ ----------------------------------------------------------------------------
+ 
++4.4.12.2
++
++1)  Earlier releases allowed CONTINUE rules with exclusion. These rules
++    generated valid but incorrect iptables (ip6tables) input. Such
++    rules are now disallowed.
++
++2)  The fix for COMMENT and OPTIMIZE 8-15 in 4.4.12.1 missed one case
++    which has now been corrected.
++
++3)  Previously, exclusion in the blacklist file was correctly validated
++    but was then ignored when generating iptables (ip6tables) rules.
++
++4)  Previously, the interface option combination of 'optional' and
++    'upnpclient' did not work correctly.
++
+ 4.4.12.1
+ 
+ 1)  Under rare circumstances where COMMENT is used to attach comments
+     to rules, OPTIMIZE 8 through 15 could result in invalid
+     iptables-restore (ip6tables-restore) input.
+ 
+-2)  Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
++2)  Under rare circumstances involving exclusion, OPTIMIZE 8 through 15
+     could result in invalid iptables-restore (ip6tables-restore) input.
+ 
+ 3)  The change in 4.4.12 to detect and use the new ipset match syntax
+     broke the ability to detect the old ipset match capability. Now,
+     both versions of the capability can be correctly detected.
+ 
+-4.4.12
++4)  Previously, if REQUIRE_INTERFACE=Yes then start/restart would fail
++    if the last optional interface tested was not available.
+ 
++4.4.12
+ 
+ 1)  Previously, the Shorewall6-lite version of shorecap was using
+     iptables rather than ip6tables, with the result that many capabilities
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/shorewall.spec shorewall-4.4.12.2/shorewall.spec
+--- shorewall-4.4.12.1/shorewall.spec	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/shorewall.spec	2010-09-04 07:30:24.000000000 -0700
+@@ -1,6 +1,6 @@
+ %define name shorewall
+ %define version 4.4.12
+-%define release 1
++%define release 2
+ 
+ Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
+ Name: %{name}
+@@ -108,6 +108,8 @@
+ %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
+ 
+ %changelog
++* Sat Sep 04 2010 Tom Eastep tom@shorewall.net
++- Updated to 4.4.12-2
+ * Mon Aug 23 2010 Tom Eastep tom@shorewall.net
+ - Updated to 4.4.12-1
+ * Sun Aug 15 2010 Tom Eastep tom@shorewall.net
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/uninstall.sh shorewall-4.4.12.2/uninstall.sh
+--- shorewall-4.4.12.1/uninstall.sh	2010-08-24 13:15:35.000000000 -0700
++++ shorewall-4.4.12.2/uninstall.sh	2010-09-04 07:30:24.000000000 -0700
+@@ -26,7 +26,7 @@
+ #       You may only use this script to uninstall the version
+ #       shown below. Simply run this script to remove Shorewall Firewall
+ 
+-VERSION=4.4.12.1
++VERSION=4.4.12.2
+ 
+ usage() # $1 = exit status
+ {

network/shorewall/shorewall.SlackBuild

@@ -24,7 +24,7 @@
 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 PRGNAM=shorewall
-VERSION=${VERSION:-4.4.12.1}
+VERSION=${VERSION:-4.4.12.2}
 ARCH=noarch
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}

network/shorewall/shorewall.info

@@ -1,10 +1,12 @@
 PRGNAM="shorewall"
-VERSION="4.4.12.1"
+VERSION="4.4.12.2"
 HOMEPAGE="http://www.shorewall.net"
 DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2 \
-	http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/patch-4.4.12.1"
+	http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/patch-4.4.12.1 \
+	http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/patch-4.4.12.2"
 MD5SUM="245617f3db1312c64eff6e595eed8d18 \
-	e32cc02eaaa71f85f346623db9a3ec6b"
+	e32cc02eaaa71f85f346623db9a3ec6b \
+	ac5d09f6965bbc8f1ec5d6596dcb32f4"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 MAINTAINER="ArTourter"