summaryrefslogtreecommitdiff
path: root/network
diff options
context:
space:
mode:
Diffstat (limited to 'network')
-rw-r--r--network/shorewall/patch-4.4.12.1245
-rw-r--r--network/shorewall/shorewall.SlackBuild2
-rw-r--r--network/shorewall/shorewall.info10
3 files changed, 252 insertions, 5 deletions
diff --git a/network/shorewall/patch-4.4.12.1 b/network/shorewall/patch-4.4.12.1
new file mode 100644
index 0000000000..a8ba7f242e
--- /dev/null
+++ b/network/shorewall/patch-4.4.12.1
@@ -0,0 +1,245 @@
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Chains.pm shorewall-4.4.12.1/Perl/Shorewall/Chains.pm
+--- shorewall-4.4.12/Perl/Shorewall/Chains.pm 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/Perl/Shorewall/Chains.pm 2010-08-24 13:15:35.000000000 -0700
+@@ -687,7 +687,7 @@
+ # deleting elements from the array over which we are iterating.
+ #
+ for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) {
+- if ( $rules->[$rule] =~ / -[gj] ${to}\s*$/ ) {
++ if ( $rules->[$rule] =~ / -[gj] ${to}( -m comment .*)?\s*$/ ) {
+ trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug;
+ splice( @$rules, $rule, 1 );
+ last unless --$refs > 0;
+@@ -3118,17 +3118,6 @@
+ fatal_error "LOG requires a level";
+ }
+ #
+- # Mark Target as referenced, if it's a chain
+- #
+- if ( $target =~ /-[jg]\s+([^\s]+)/ ) {
+- my $targetref = $chain_table{$chainref->{table}}{$1};
+- if ( $targetref ) {
+- $targetref->{referenced} = 1;
+- add_reference $chainref, $targetref;
+- }
+- }
+-
+- #
+ # Isolate Source Interface, if any
+ #
+ if ( $source ) {
+@@ -3397,6 +3386,8 @@
+ fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl);
+ fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl);
+
++ my $fromref;
++
+ if ( $iexcl || $dexcl || $oexcl ) {
+ #
+ # We have non-trivial exclusion -- need to create an exclusion chain
+@@ -3438,7 +3429,7 @@
+ #
+ # Generate Final Rule
+ #
+- add_rule( $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG';
++ add_rule( $fromref = $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG';
+ } else {
+ #
+ # No exclusions
+@@ -3478,7 +3469,7 @@
+ 'add',
+ $matches );
+
+- add_rule( $chainref, $matches . $target, 1 );
++ add_rule( $fromref = $chainref, $matches . $target, 1 );
+ }
+ } else {
+ #
+@@ -3499,12 +3490,22 @@
+ #
+ # No logging -- add the target rule with matches to the rule chain
+ #
+- add_rule( $chainref, $matches . $target , 1 );
++ add_rule( $fromref = $chainref, $matches . $target , 1 );
+ }
+ }
+ }
+ }
+ }
++ #
++ # Mark Target as referenced, if it's a chain
++ #
++ if ( $fromref && $target =~ /-[jg]\s+([^\s]+)/ ) {
++ my $targetref = $chain_table{$chainref->{table}}{$1};
++ if ( $targetref ) {
++ $targetref->{referenced} = 1;
++ add_reference $fromref, $targetref;
++ }
++ }
+
+ while ( @ends ) {
+ decr_cmd_level $chainref;
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Config.pm shorewall-4.4.12.1/Perl/Shorewall/Config.pm
+--- shorewall-4.4.12/Perl/Shorewall/Config.pm 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/Perl/Shorewall/Config.pm 2010-08-24 13:15:35.000000000 -0700
+@@ -345,7 +345,7 @@
+ EXPORT => 0,
+ STATEMATCH => '-m state --state',
+ UNTRACKED => 0,
+- VERSION => "4.4.12",
++ VERSION => "4.4.12.1",
+ CAPVERSION => 40411 ,
+ );
+
+@@ -2411,7 +2411,7 @@
+ qt1( "$iptables -D $sillyname -m set --match-set $sillyname src -j ACCEPT" );
+ $result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 );
+ } else {
+- have_capability 'OLD_IPSET_MATCH';
++ $result = have_capability 'OLD_IPSET_MATCH';
+ }
+
+ qt( "$ipset -X $sillyname" );
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Providers.pm shorewall-4.4.12.1/Perl/Shorewall/Providers.pm
+--- shorewall-4.4.12/Perl/Shorewall/Providers.pm 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/Perl/Shorewall/Providers.pm 2010-08-24 13:15:35.000000000 -0700
+@@ -853,6 +853,11 @@
+ #
+ my $interfaces = find_interfaces_by_option1 'optional';
+
++ if ( $config{REQUIRE_INTERFACE} ) {
++ emit( 'HAVE_INTERFACE=' );
++ emit( '' );
++ }
++
+ if ( @$interfaces ) {
+ for my $interface ( @$interfaces ) {
+ my $provider = $provider_interfaces{$interface};
+@@ -861,11 +866,6 @@
+
+ emit( '' );
+
+- if ( $config{REQUIRE_INTERFACE} ) {
+- emit( 'HAVE_INTERFACE=' );
+- emit( '' );
+- }
+-
+ if ( $provider ) {
+ #
+ # This interface is associated with a non-shared provider -- get the provider table entry
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/changelog.txt shorewall-4.4.12.1/changelog.txt
+--- shorewall-4.4.12/changelog.txt 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/changelog.txt 2010-08-24 13:15:35.000000000 -0700
+@@ -1,3 +1,9 @@
++Changes in Shorewall 4.4.12.1
++
++1) Fix optimization bugs.
++
++2) Fix detection of old ipset match capability
++
+ Changes in Shorewall 4.4.12
+
+ 1) Fix IPv6 shorecap program.
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/install.sh shorewall-4.4.12.1/install.sh
+--- shorewall-4.4.12/install.sh 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/install.sh 2010-08-24 13:15:35.000000000 -0700
+@@ -22,7 +22,7 @@
+ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ #
+
+-VERSION=4.4.12
++VERSION=4.4.12.1
+
+ usage() # $1 = exit status
+ {
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/known_problems.txt shorewall-4.4.12.1/known_problems.txt
+--- shorewall-4.4.12/known_problems.txt 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/known_problems.txt 2010-08-24 13:15:35.000000000 -0700
+@@ -1,2 +1,13 @@
+ 1) On systems running Upstart, Shorewall-init cannot reliably close
+ the firewall before interfaces come up.
++
++2) Under rare circumstances where COMMENT is used to attach comments
++ to rules, OPTIMIZE 8 through 15 can result in invalid
++ iptables-restore (ip6tables-restore) input.
++
++ Workaround: Don't use optimizaiton levels greater than 7.
++
++3) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
++ canresult in invalid iptables-restore (ip6tables-restore) input.
++
++ Workaround: Don't use optimizaiton levels greater than 7.
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/releasenotes.txt shorewall-4.4.12.1/releasenotes.txt
+--- shorewall-4.4.12/releasenotes.txt 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/releasenotes.txt 2010-08-24 13:15:35.000000000 -0700
+@@ -1,5 +1,5 @@
+ ----------------------------------------------------------------------------
+- S H O R E W A L L 4 . 4 . 1 2
++ S H O R E W A L L 4 . 4 . 1 2 . 1
+ ----------------------------------------------------------------------------
+
+ I. RELEASE 4.4 HIGHLIGHTS
+@@ -10,7 +10,7 @@
+ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
+
+ ----------------------------------------------------------------------------
+- I. R E L E A S E 4 . 4 H I G H L I G H T S
++ I. R E L E A S E 4 . 4 H I G H L I G H T S
+ ----------------------------------------------------------------------------
+
+ 1) Support for Shorewall-shell has been discontinued. Shorewall-perl
+@@ -224,6 +224,22 @@
+ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
+ ----------------------------------------------------------------------------
+
++4.4.12.1
++
++1) Under rare circumstances where COMMENT is used to attach comments
++ to rules, OPTIMIZE 8 through 15 could result in invalid
++ iptables-restore (ip6tables-restore) input.
++
++2) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
++ could result in invalid iptables-restore (ip6tables-restore) input.
++
++3) The change in 4.4.12 to detect and use the new ipset match syntax
++ broke the ability to detect the old ipset match capability. Now,
++ both versions of the capability can be correctly detected.
++
++4.4.12
++
++
+ 1) Previously, the Shorewall6-lite version of shorecap was using
+ iptables rather than ip6tables, with the result that many capabilities
+ that are only available in IPv4 were being reported as available.
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/shorewall.spec shorewall-4.4.12.1/shorewall.spec
+--- shorewall-4.4.12/shorewall.spec 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/shorewall.spec 2010-08-24 13:15:35.000000000 -0700
+@@ -1,6 +1,6 @@
+ %define name shorewall
+ %define version 4.4.12
+-%define release 0base
++%define release 1
+
+ Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
+ Name: %{name}
+@@ -108,6 +108,8 @@
+ %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
+
+ %changelog
++* Mon Aug 23 2010 Tom Eastep tom@shorewall.net
++- Updated to 4.4.12-1
+ * Sun Aug 15 2010 Tom Eastep tom@shorewall.net
+ - Updated to 4.4.12-0base
+ * Fri Aug 06 2010 Tom Eastep tom@shorewall.net
+diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/uninstall.sh shorewall-4.4.12.1/uninstall.sh
+--- shorewall-4.4.12/uninstall.sh 2010-08-17 07:34:21.000000000 -0700
++++ shorewall-4.4.12.1/uninstall.sh 2010-08-24 13:15:35.000000000 -0700
+@@ -26,7 +26,7 @@
+ # You may only use this script to uninstall the version
+ # shown below. Simply run this script to remove Shorewall Firewall
+
+-VERSION=4.4.12
++VERSION=4.4.12.1
+
+ usage() # $1 = exit status
+ {
diff --git a/network/shorewall/shorewall.SlackBuild b/network/shorewall/shorewall.SlackBuild
index a36270f80f..09d82d17ea 100644
--- a/network/shorewall/shorewall.SlackBuild
+++ b/network/shorewall/shorewall.SlackBuild
@@ -24,7 +24,7 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=shorewall
-VERSION=${VERSION:-4.4.12}
+VERSION=${VERSION:-4.4.12.1}
ARCH=noarch
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
diff --git a/network/shorewall/shorewall.info b/network/shorewall/shorewall.info
index e4fc4b3a99..0c7d764541 100644
--- a/network/shorewall/shorewall.info
+++ b/network/shorewall/shorewall.info
@@ -1,10 +1,12 @@
PRGNAM="shorewall"
-VERSION="4.4.12"
+VERSION="4.4.12.1"
HOMEPAGE="http://www.shorewall.net"
-DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2"
-MD5SUM="245617f3db1312c64eff6e595eed8d18"
+DOWNLOAD="http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/base/shorewall-4.4.12.tar.bz2 \
+ http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.12/patch-4.4.12.1"
+MD5SUM="245617f3db1312c64eff6e595eed8d18 \
+ e32cc02eaaa71f85f346623db9a3ec6b"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
MAINTAINER="ArTourter"
EMAIL="artourter@gmail.com"
-APPROVED="Erik Hanson"
+APPROVED="dsomero"