diff options
Diffstat (limited to 'network/shorewall/patch-4.4.12.2')
| -rw-r--r-- | network/shorewall/patch-4.4.12.2 | 215 |
1 files changed, 0 insertions, 215 deletions
diff --git a/network/shorewall/patch-4.4.12.2 b/network/shorewall/patch-4.4.12.2 deleted file mode 100644 index 7d43ff1599..0000000000 --- a/network/shorewall/patch-4.4.12.2 +++ /dev/null @@ -1,215 +0,0 @@ -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/Perl/Shorewall/Chains.pm shorewall-4.4.12.2/Perl/Shorewall/Chains.pm ---- shorewall-4.4.12.1/Perl/Shorewall/Chains.pm 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/Perl/Shorewall/Chains.pm 2010-09-04 07:30:24.000000000 -0700 -@@ -687,7 +687,7 @@ - # deleting elements from the array over which we are iterating. - # - for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) { -- if ( $rules->[$rule] =~ / -[gj] ${to}( -m comment .*)?\s*$/ ) { -+ if ( $rules->[$rule] =~ / -[gj] ${to}(\s+-m comment .*)?\s*$/ ) { - trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug; - splice( @$rules, $rule, 1 ); - last unless --$refs > 0; -@@ -3392,7 +3392,7 @@ - # - # We have non-trivial exclusion -- need to create an exclusion chain - # -- fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN'; -+ fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN' || $disposition eq 'CONTINUE'; - - # - # Create the Exclusion Chain -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/Perl/Shorewall/Config.pm shorewall-4.4.12.2/Perl/Shorewall/Config.pm ---- shorewall-4.4.12.1/Perl/Shorewall/Config.pm 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/Perl/Shorewall/Config.pm 2010-09-04 07:30:24.000000000 -0700 -@@ -345,7 +345,7 @@ - EXPORT => 0, - STATEMATCH => '-m state --state', - UNTRACKED => 0, -- VERSION => "4.4.12.1", -+ VERSION => "4.4.12.2", - CAPVERSION => 40411 , - ); - -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/Perl/Shorewall/Rules.pm shorewall-4.4.12.2/Perl/Shorewall/Rules.pm ---- shorewall-4.4.12.1/Perl/Shorewall/Rules.pm 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/Perl/Shorewall/Rules.pm 2010-09-04 07:30:24.000000000 -0700 -@@ -303,7 +303,7 @@ - my $target = source_exclusion( $hostref->[3], $chainref ); - - for my $chain ( first_chains $interface ) { -- add_jump $filter_table->{$chain} , $chainref, 0, "${source}${state}${policy}"; -+ add_jump $filter_table->{$chain} , $target, 0, "${source}${state}${policy}"; - } - - set_interface_option $interface, 'use_input_chain', 1; -@@ -675,12 +675,12 @@ - - for $interface ( @$list ) { - my $chainref = $filter_table->{input_chain $interface}; -- my $base = uc chain_base $interface; -+ my $base = uc chain_base get_physical $interface; - my $variable = get_interface_gateway $interface; - - if ( interface_is_optional $interface ) { - add_commands( $chainref, -- qq(if [ -n "\$${base}_IS_USABLE" -a -n "$variable" ]; then) , -+ qq(if [ -n "\$SW_${base}_IS_USABLE" -a -n "$variable" ]; then) , - ' echo "-A ' . match_source_dev( $interface ) . qq(-s $variable -p udp -j ACCEPT" >&3) , - qq(fi) ); - } else { -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/changelog.txt shorewall-4.4.12.2/changelog.txt ---- shorewall-4.4.12.1/changelog.txt 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/changelog.txt 2010-09-04 07:30:24.000000000 -0700 -@@ -1,9 +1,17 @@ -+Changes in Shorewall 4.4.12.2 -+ -+1) Add tweak to 4.4.12.1 optimization fix. -+ -+2) Fix exclusion in the blacklist file. -+ - Changes in Shorewall 4.4.12.1 - - 1) Fix optimization bugs. - - 2) Fix detection of old ipset match capability - -+3) Fix REQUIRE_INTERFACE=Yes -+ - Changes in Shorewall 4.4.12 - - 1) Fix IPv6 shorecap program. -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/install.sh shorewall-4.4.12.2/install.sh ---- shorewall-4.4.12.1/install.sh 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/install.sh 2010-09-04 07:30:24.000000000 -0700 -@@ -22,7 +22,7 @@ - # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - # - --VERSION=4.4.12.1 -+VERSION=4.4.12.2 - - usage() # $1 = exit status - { -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/known_problems.txt shorewall-4.4.12.2/known_problems.txt ---- shorewall-4.4.12.1/known_problems.txt 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/known_problems.txt 2010-09-04 07:30:24.000000000 -0700 -@@ -5,9 +5,33 @@ - to rules, OPTIMIZE 8 through 15 can result in invalid - iptables-restore (ip6tables-restore) input. - -- Workaround: Don't use optimizaiton levels greater than 7. -+ Corrected in Shorewall 4.4.12.1. - - 3) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15 - canresult in invalid iptables-restore (ip6tables-restore) input. - -- Workaround: Don't use optimizaiton levels greater than 7. -+ Corrected in Shorewall 4.4.12.1. -+ -+4) The change in 4.4.12 to detect and use the new ipset match syntax -+ broke the ability to detect the old ipset match capability. -+ -+ Corrected in Shorewall 4.4.12.1. -+ -+5) If REQUIRE_INTERFACE=Yes then start/restart will fail -+ if the last optional interface tested is not available. -+ -+ Corrected in Shorewall 4.4.12.1. -+ -+6) The fix for COMMENT and optimization in 4.4.12.1 is incomplete. -+ -+ Corrected in Shorewall 4.4.12.2 -+ -+7) Exclusion in the blacklist file is correctly validated but is then -+ ignored when generating iptables (ip6tables) rules. -+ -+ Corrected in Shorewall 4.4.12.2. -+ -+8) Shorewall allows CONTINUE rules with exclusion. These rules -+ generate valid but incorrect iptables (ip6tables) input. -+ -+ Corrected in Shorewall 4.4.12.2 -- these rules are now disallowed. -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/releasenotes.txt shorewall-4.4.12.2/releasenotes.txt ---- shorewall-4.4.12.1/releasenotes.txt 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/releasenotes.txt 2010-09-04 07:30:24.000000000 -0700 -@@ -1,5 +1,5 @@ - ---------------------------------------------------------------------------- -- S H O R E W A L L 4 . 4 . 1 2 . 1 -+ S H O R E W A L L 4 . 4 . 1 2 . 2 - ---------------------------------------------------------------------------- - - I. RELEASE 4.4 HIGHLIGHTS -@@ -224,21 +224,38 @@ - I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E - ---------------------------------------------------------------------------- - -+4.4.12.2 -+ -+1) Earlier releases allowed CONTINUE rules with exclusion. These rules -+ generated valid but incorrect iptables (ip6tables) input. Such -+ rules are now disallowed. -+ -+2) The fix for COMMENT and OPTIMIZE 8-15 in 4.4.12.1 missed one case -+ which has now been corrected. -+ -+3) Previously, exclusion in the blacklist file was correctly validated -+ but was then ignored when generating iptables (ip6tables) rules. -+ -+4) Previously, the interface option combination of 'optional' and -+ 'upnpclient' did not work correctly. -+ - 4.4.12.1 - - 1) Under rare circumstances where COMMENT is used to attach comments - to rules, OPTIMIZE 8 through 15 could result in invalid - iptables-restore (ip6tables-restore) input. - --2) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15 -+2) Under rare circumstances involving exclusion, OPTIMIZE 8 through 15 - could result in invalid iptables-restore (ip6tables-restore) input. - - 3) The change in 4.4.12 to detect and use the new ipset match syntax - broke the ability to detect the old ipset match capability. Now, - both versions of the capability can be correctly detected. - --4.4.12 -+4) Previously, if REQUIRE_INTERFACE=Yes then start/restart would fail -+ if the last optional interface tested was not available. - -+4.4.12 - - 1) Previously, the Shorewall6-lite version of shorecap was using - iptables rather than ip6tables, with the result that many capabilities -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/shorewall.spec shorewall-4.4.12.2/shorewall.spec ---- shorewall-4.4.12.1/shorewall.spec 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/shorewall.spec 2010-09-04 07:30:24.000000000 -0700 -@@ -1,6 +1,6 @@ - %define name shorewall - %define version 4.4.12 --%define release 1 -+%define release 2 - - Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. - Name: %{name} -@@ -108,6 +108,8 @@ - %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples - - %changelog -+* Sat Sep 04 2010 Tom Eastep tom@shorewall.net -+- Updated to 4.4.12-2 - * Mon Aug 23 2010 Tom Eastep tom@shorewall.net - - Updated to 4.4.12-1 - * Sun Aug 15 2010 Tom Eastep tom@shorewall.net -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12.1/uninstall.sh shorewall-4.4.12.2/uninstall.sh ---- shorewall-4.4.12.1/uninstall.sh 2010-08-24 13:15:35.000000000 -0700 -+++ shorewall-4.4.12.2/uninstall.sh 2010-09-04 07:30:24.000000000 -0700 -@@ -26,7 +26,7 @@ - # You may only use this script to uninstall the version - # shown below. Simply run this script to remove Shorewall Firewall - --VERSION=4.4.12.1 -+VERSION=4.4.12.2 - - usage() # $1 = exit status - { |