diff options
Diffstat (limited to 'network/shorewall/patch-4.4.12.1')
| -rw-r--r-- | network/shorewall/patch-4.4.12.1 | 245 |
1 files changed, 0 insertions, 245 deletions
diff --git a/network/shorewall/patch-4.4.12.1 b/network/shorewall/patch-4.4.12.1 deleted file mode 100644 index a8ba7f242e..0000000000 --- a/network/shorewall/patch-4.4.12.1 +++ /dev/null @@ -1,245 +0,0 @@ -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Chains.pm shorewall-4.4.12.1/Perl/Shorewall/Chains.pm ---- shorewall-4.4.12/Perl/Shorewall/Chains.pm 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/Perl/Shorewall/Chains.pm 2010-08-24 13:15:35.000000000 -0700 -@@ -687,7 +687,7 @@ - # deleting elements from the array over which we are iterating. - # - for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) { -- if ( $rules->[$rule] =~ / -[gj] ${to}\s*$/ ) { -+ if ( $rules->[$rule] =~ / -[gj] ${to}( -m comment .*)?\s*$/ ) { - trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug; - splice( @$rules, $rule, 1 ); - last unless --$refs > 0; -@@ -3118,17 +3118,6 @@ - fatal_error "LOG requires a level"; - } - # -- # Mark Target as referenced, if it's a chain -- # -- if ( $target =~ /-[jg]\s+([^\s]+)/ ) { -- my $targetref = $chain_table{$chainref->{table}}{$1}; -- if ( $targetref ) { -- $targetref->{referenced} = 1; -- add_reference $chainref, $targetref; -- } -- } -- -- # - # Isolate Source Interface, if any - # - if ( $source ) { -@@ -3397,6 +3386,8 @@ - fatal_error "SOURCE interface may not be specified with a source IP address in the POSTROUTING chain" if $restriction == POSTROUTE_RESTRICT && $iiface && ( $inets ne ALLIP || $iexcl || $trivialiexcl); - fatal_error "DEST interface may not be specified with a destination IP address in the PREROUTING chain" if $restriction == PREROUTE_RESTRICT && $diface && ( $dnets ne ALLIP || $dexcl || $trivialdexcl); - -+ my $fromref; -+ - if ( $iexcl || $dexcl || $oexcl ) { - # - # We have non-trivial exclusion -- need to create an exclusion chain -@@ -3438,7 +3429,7 @@ - # - # Generate Final Rule - # -- add_rule( $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG'; -+ add_rule( $fromref = $echainref, $exceptionrule . $target, 1 ) unless $disposition eq 'LOG'; - } else { - # - # No exclusions -@@ -3478,7 +3469,7 @@ - 'add', - $matches ); - -- add_rule( $chainref, $matches . $target, 1 ); -+ add_rule( $fromref = $chainref, $matches . $target, 1 ); - } - } else { - # -@@ -3499,12 +3490,22 @@ - # - # No logging -- add the target rule with matches to the rule chain - # -- add_rule( $chainref, $matches . $target , 1 ); -+ add_rule( $fromref = $chainref, $matches . $target , 1 ); - } - } - } - } - } -+ # -+ # Mark Target as referenced, if it's a chain -+ # -+ if ( $fromref && $target =~ /-[jg]\s+([^\s]+)/ ) { -+ my $targetref = $chain_table{$chainref->{table}}{$1}; -+ if ( $targetref ) { -+ $targetref->{referenced} = 1; -+ add_reference $fromref, $targetref; -+ } -+ } - - while ( @ends ) { - decr_cmd_level $chainref; -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Config.pm shorewall-4.4.12.1/Perl/Shorewall/Config.pm ---- shorewall-4.4.12/Perl/Shorewall/Config.pm 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/Perl/Shorewall/Config.pm 2010-08-24 13:15:35.000000000 -0700 -@@ -345,7 +345,7 @@ - EXPORT => 0, - STATEMATCH => '-m state --state', - UNTRACKED => 0, -- VERSION => "4.4.12", -+ VERSION => "4.4.12.1", - CAPVERSION => 40411 , - ); - -@@ -2411,7 +2411,7 @@ - qt1( "$iptables -D $sillyname -m set --match-set $sillyname src -j ACCEPT" ); - $result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 ); - } else { -- have_capability 'OLD_IPSET_MATCH'; -+ $result = have_capability 'OLD_IPSET_MATCH'; - } - - qt( "$ipset -X $sillyname" ); -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/Perl/Shorewall/Providers.pm shorewall-4.4.12.1/Perl/Shorewall/Providers.pm ---- shorewall-4.4.12/Perl/Shorewall/Providers.pm 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/Perl/Shorewall/Providers.pm 2010-08-24 13:15:35.000000000 -0700 -@@ -853,6 +853,11 @@ - # - my $interfaces = find_interfaces_by_option1 'optional'; - -+ if ( $config{REQUIRE_INTERFACE} ) { -+ emit( 'HAVE_INTERFACE=' ); -+ emit( '' ); -+ } -+ - if ( @$interfaces ) { - for my $interface ( @$interfaces ) { - my $provider = $provider_interfaces{$interface}; -@@ -861,11 +866,6 @@ - - emit( '' ); - -- if ( $config{REQUIRE_INTERFACE} ) { -- emit( 'HAVE_INTERFACE=' ); -- emit( '' ); -- } -- - if ( $provider ) { - # - # This interface is associated with a non-shared provider -- get the provider table entry -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/changelog.txt shorewall-4.4.12.1/changelog.txt ---- shorewall-4.4.12/changelog.txt 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/changelog.txt 2010-08-24 13:15:35.000000000 -0700 -@@ -1,3 +1,9 @@ -+Changes in Shorewall 4.4.12.1 -+ -+1) Fix optimization bugs. -+ -+2) Fix detection of old ipset match capability -+ - Changes in Shorewall 4.4.12 - - 1) Fix IPv6 shorecap program. -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/install.sh shorewall-4.4.12.1/install.sh ---- shorewall-4.4.12/install.sh 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/install.sh 2010-08-24 13:15:35.000000000 -0700 -@@ -22,7 +22,7 @@ - # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - # - --VERSION=4.4.12 -+VERSION=4.4.12.1 - - usage() # $1 = exit status - { -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/known_problems.txt shorewall-4.4.12.1/known_problems.txt ---- shorewall-4.4.12/known_problems.txt 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/known_problems.txt 2010-08-24 13:15:35.000000000 -0700 -@@ -1,2 +1,13 @@ - 1) On systems running Upstart, Shorewall-init cannot reliably close - the firewall before interfaces come up. -+ -+2) Under rare circumstances where COMMENT is used to attach comments -+ to rules, OPTIMIZE 8 through 15 can result in invalid -+ iptables-restore (ip6tables-restore) input. -+ -+ Workaround: Don't use optimizaiton levels greater than 7. -+ -+3) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15 -+ canresult in invalid iptables-restore (ip6tables-restore) input. -+ -+ Workaround: Don't use optimizaiton levels greater than 7. -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/releasenotes.txt shorewall-4.4.12.1/releasenotes.txt ---- shorewall-4.4.12/releasenotes.txt 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/releasenotes.txt 2010-08-24 13:15:35.000000000 -0700 -@@ -1,5 +1,5 @@ - ---------------------------------------------------------------------------- -- S H O R E W A L L 4 . 4 . 1 2 -+ S H O R E W A L L 4 . 4 . 1 2 . 1 - ---------------------------------------------------------------------------- - - I. RELEASE 4.4 HIGHLIGHTS -@@ -10,7 +10,7 @@ - VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES - - ---------------------------------------------------------------------------- -- I. R E L E A S E 4 . 4 H I G H L I G H T S -+ I. R E L E A S E 4 . 4 H I G H L I G H T S - ---------------------------------------------------------------------------- - - 1) Support for Shorewall-shell has been discontinued. Shorewall-perl -@@ -224,6 +224,22 @@ - I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E - ---------------------------------------------------------------------------- - -+4.4.12.1 -+ -+1) Under rare circumstances where COMMENT is used to attach comments -+ to rules, OPTIMIZE 8 through 15 could result in invalid -+ iptables-restore (ip6tables-restore) input. -+ -+2) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15 -+ could result in invalid iptables-restore (ip6tables-restore) input. -+ -+3) The change in 4.4.12 to detect and use the new ipset match syntax -+ broke the ability to detect the old ipset match capability. Now, -+ both versions of the capability can be correctly detected. -+ -+4.4.12 -+ -+ - 1) Previously, the Shorewall6-lite version of shorecap was using - iptables rather than ip6tables, with the result that many capabilities - that are only available in IPv4 were being reported as available. -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/shorewall.spec shorewall-4.4.12.1/shorewall.spec ---- shorewall-4.4.12/shorewall.spec 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/shorewall.spec 2010-08-24 13:15:35.000000000 -0700 -@@ -1,6 +1,6 @@ - %define name shorewall - %define version 4.4.12 --%define release 0base -+%define release 1 - - Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. - Name: %{name} -@@ -108,6 +108,8 @@ - %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples - - %changelog -+* Mon Aug 23 2010 Tom Eastep tom@shorewall.net -+- Updated to 4.4.12-1 - * Sun Aug 15 2010 Tom Eastep tom@shorewall.net - - Updated to 4.4.12-0base - * Fri Aug 06 2010 Tom Eastep tom@shorewall.net -diff -Naur -X /Users/teastep/bin/exclude.txt shorewall-4.4.12/uninstall.sh shorewall-4.4.12.1/uninstall.sh ---- shorewall-4.4.12/uninstall.sh 2010-08-17 07:34:21.000000000 -0700 -+++ shorewall-4.4.12.1/uninstall.sh 2010-08-24 13:15:35.000000000 -0700 -@@ -26,7 +26,7 @@ - # You may only use this script to uninstall the version - # shown below. Simply run this script to remove Shorewall Firewall - --VERSION=4.4.12 -+VERSION=4.4.12.1 - - usage() # $1 = exit status - { |