From e67e8a82ecb382e606f4b5663e2db8465ef1bb21 Mon Sep 17 00:00:00 2001 From: Pacho Ramos Date: Mon, 2 Apr 2012 20:28:46 +0000 Subject: Add missing kernel checks (#310797 by Phil Koenig, Tom Knight, Tyler Montbriand), use static and fixed RESERVED_IPS file (#332135 by Richard Gray), handle errors better (#332507 by Tyler Montbriand). (Portage version: 2.1.10.54/cvs/Linux x86_64) --- net-firewall/firehol/ChangeLog | 10 ++- .../firehol/files/firehol-1.273-log-output.patch | 11 +++ net-firewall/firehol/firehol-1.273-r2.ebuild | 78 ++++++++++++++++++++++ 3 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 net-firewall/firehol/files/firehol-1.273-log-output.patch create mode 100644 net-firewall/firehol/firehol-1.273-r2.ebuild (limited to 'net-firewall') diff --git a/net-firewall/firehol/ChangeLog b/net-firewall/firehol/ChangeLog index 2b0a3a3a665d..6627366a297e 100644 --- a/net-firewall/firehol/ChangeLog +++ b/net-firewall/firehol/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-firewall/firehol # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.46 2012/02/25 06:34:01 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.47 2012/04/02 20:28:46 pacho Exp $ + +*firehol-1.273-r2 (02 Apr 2012) + + 02 Apr 2012; Pacho Ramos + +files/firehol-1.273-log-output.patch, +firehol-1.273-r2.ebuild: + Add missing kernel checks (#310797 by Phil Koenig, Tom Knight, Tyler + Montbriand), use static and fixed RESERVED_IPS file (#332135 by Richard Gray), + handle errors better (#332507 by Tyler Montbriand). 25 Feb 2012; Robin H. Johnson firehol-1.273-r1.ebuild: Bug #405687: Depend on virtual/modutils instead of sys-apps/module-init-tools. diff --git a/net-firewall/firehol/files/firehol-1.273-log-output.patch b/net-firewall/firehol/files/firehol-1.273-log-output.patch new file mode 100644 index 000000000000..66f0fd4c9b2e --- /dev/null +++ b/net-firewall/firehol/files/firehol-1.273-log-output.patch @@ -0,0 +1,11 @@ +--- firehol.sh-old 2010-08-11 09:01:29.000000000 -0600 ++++ firehol.sh 2010-08-12 09:22:07.000000000 -0600 +@@ -5212,7 +5212,7 @@ + printf >&2 "\n" + echo >&2 "OUTPUT : " + echo >&2 +- ${CAT_CMD} ${FIREHOL_OUTPUT}.log ++ ${CAT_CMD} ${FIREHOL_OUTPUT}.log >&2 + echo >&2 + + return 0 diff --git a/net-firewall/firehol/firehol-1.273-r2.ebuild b/net-firewall/firehol/firehol-1.273-r2.ebuild new file mode 100644 index 000000000000..72fe929f7b18 --- /dev/null +++ b/net-firewall/firehol/firehol-1.273-r2.ebuild @@ -0,0 +1,78 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.273-r2.ebuild,v 1.1 2012/04/02 20:28:46 pacho Exp $ + +EAPI=4 +inherit eutils linux-info + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="http://firehol.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +IUSE="" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" + +DEPEND="sys-apps/iproute2" +RDEPEND="net-firewall/iptables + sys-apps/iproute2[-minimal] + virtual/modutils + || ( + net-misc/wget + net-misc/curl + )" + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2008-4953.patch + epatch "${FILESDIR}"/${P}-log-output.patch #332507 +} + +pkg_setup() { + local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \ + ~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \ + ~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \ + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER" + + get_version + if [ ${KV_PATCH} -ge 25 ]; then + CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}" + else + CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}" + fi + linux-info_pkg_setup +} + +src_install() { + newsbin firehol.sh firehol + + dodir /etc/firehol /etc/firehol/examples /etc/firehol/services + insinto /etc/firehol/examples + doins examples/* || die + + newconfd "${FILESDIR}/firehol.conf.d" firehol + newinitd "${FILESDIR}/firehol.initrd" firehol + + dodoc ChangeLog README TODO WhatIsNew + dohtml doc/*.html doc/*.css + + docinto scripts + dodoc get-iana.sh adblock.sh + + doman man/*.1 man/*.5 + + # Install this RESERVED_IPS as discussed in bug #332135 + insinto /etc/firehol + doins "${FILESDIR}"/RESERVED_IPS +} + +pkg_postinst() { + elog "The default path to firehol's configuration file is /etc/firehol/firehol.conf" + elog "See /etc/firehol/examples for configuration examples." + # + # Install a default configuration if none is available yet + if [[ ! -e "${ROOT}/etc/firehol/firehol.conf" ]]; then + einfo "Installing a sample configuration as ${ROOT}/etc/firehol/firehol.conf" + cp "${ROOT}/etc/firehol/examples/client-all.conf" "${ROOT}/etc/firehol/firehol.conf" + fi +} -- cgit v1.2.3-65-gdbad