Hello community, here is the log from the commit of package SuSEfirewall2 checked in at Mon Jun 30 19:42:19 CEST 2008. -------- --- SuSEfirewall2/SuSEfirewall2.changes 2008-04-22 11:10:16.000000000 +0200 +++ SuSEfirewall2/SuSEfirewall2.changes 2008-06-30 17:28:01.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Jun 30 17:27:30 CEST 2008 - lnussel@suse.de + +- allow empty protocol in FW_SERVICES_ACCEPT_RELATED, + FW_SERVICES_REJECT, FW_SERVICES_DROP, FW_SERVICES_ACCEPT (bnc#376758) + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.6_SVNr195.tar.bz2 New: ---- SuSEfirewall2-3.6_SVNr196.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.qK1807/_old 2008-06-30 19:40:40.000000000 +0200 +++ /var/tmp/diff_new_pack.qK1807/_new 2008-06-30 19:40:40.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package SuSEfirewall2 (Version 3.6_SVNr195) +# spec file for package SuSEfirewall2 (Version 3.6_SVNr196) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -13,7 +13,7 @@ Name: SuSEfirewall2 -Version: 3.6_SVNr195 +Version: 3.6_SVNr196 Release: 1 License: GPL v2 or later Group: Productivity/Networking/Security @@ -188,6 +188,9 @@ rm -rf %{buildroot} %changelog +* Mon Jun 30 2008 lnussel@suse.de +- allow empty protocol in FW_SERVICES_ACCEPT_RELATED, + FW_SERVICES_REJECT, FW_SERVICES_DROP, FW_SERVICES_ACCEPT (bnc#376758) * Tue Apr 22 2008 lnussel@suse.de - accept icmp RELATED packets (bnc#382004) * Thu Apr 17 2008 lnussel@suse.de ++++++ SuSEfirewall2-3.6_SVNr195.tar.bz2 -> SuSEfirewall2-3.6_SVNr196.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/SuSEfirewall2-3.6_SVNr195/SuSEfirewall2 new/SuSEfirewall2-3.6_SVNr196/SuSEfirewall2 --- old/SuSEfirewall2-3.6_SVNr195/SuSEfirewall2 2008-04-22 11:09:33.000000000 +0200 +++ new/SuSEfirewall2-3.6_SVNr196/SuSEfirewall2 2008-06-30 17:26:50.000000000 +0200 @@ -437,7 +437,18 @@ sport="$3" local var="$4" case "$proto" in - '') error "proto must not be empty in ${var}"; return 1; ;; + '') + if [ -z "$proto" -a -z "$port" -a -z "$sport" ]; then + proto='' + port='' + rport='' + sport='' + rsport='' + else + error "proto must not be empty in ${var}" + return 1 + fi + ;; _rpc_) # cannot check ports here ;; tcp|udp) @@ -480,7 +491,7 @@ fi ;; esac - proto="-p $proto" + [ -z "$proto" ] || proto="-p $proto" return 0 } @@ -1334,17 +1345,11 @@ for service in $services; do IFS=, eval set -- \$service - if [ "$#" -lt 3 ]; then - error "too few parameters in $var -> $service" - continue - fi net="${1:-0/0}" proto="$2" port="$3" sport="$4" - shift 4 - [ "$#" -gt 0 ] && shift iptables="$IPTABLES $IP6TABLES" case "$net" in @@ -1469,7 +1474,7 @@ error "network parameter of FW_TRUSTED_NETS is empty -> $nets" elif [ -z "$proto" -a -n "$port" ]; then error "need to specify protocol for port $port in FW_TRUSTED_NETS" - elif [ -z "$proto" ] || check_proto_port "$proto" "$port" "" 'FW_TRUSTED_NETS'; then + elif check_proto_port "$proto" "$port" "" 'FW_TRUSTED_NETS'; then for chain in $input_zones; do # trusted networks can be on any interface ... chain=input_$chain $LAC $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-TRUST " -m state --state NEW -s $net $proto $port @@ -1506,16 +1511,11 @@ for service in $services; do IFS=, eval set -- \$service - if [ "$#" -lt 2 ]; then - error "too few parameters in $var -> $service" - continue - fi net="${1:-0/0}" proto="$2" port="$3" sport="$4" - shift 4 iptables="$IPTABLES $IP6TABLES" case "$net" in @@ -1555,7 +1555,7 @@ ipt_recent_set='' ipt_recent_rcheck='' IFS=, eval set -- \$service - if [ "$#" -lt 3 ]; then + if [ "$#" -lt 1 ]; then error "too few parameters in $var -> $service" continue fi @@ -1563,12 +1563,10 @@ net="${1:-0/0}" proto="$2" port="$3" - shift 3 - sport="$1" - [ "$#" -gt 0 ] && shift + sport="$4" - while [ "$#" -gt 0 ]; do - case "$1" in + while [ "$#" -gt 4 ]; do + case "$5" in hitcount=*) ipt_recent_update="$ipt_recent_update --hitcount ${1#*=}"; shift ;; blockseconds=*) ipt_recent_update="$ipt_recent_update --seconds ${1#*=}"; shift ;; recentname=*) @@ -1863,7 +1861,7 @@ ;; esac - if [ -n "$proto" ] && ! check_proto_port "$proto" "$port" '' "FW_FORWARD"; then + if ! check_proto_port "$proto" "$port" '' "FW_FORWARD"; then continue fi @@ -1915,7 +1913,7 @@ error "Too many arguments in $var -> $nets" elif [ -z "$net1" ]; then error "source network must not be empty in $var -> $nets" - elif [ -z "$proto" -a -z "$port" ] || check_proto_port "$proto" "$port" '' "$var"; then + elif check_proto_port "$proto" "$port" '' "$var"; then net1=${net1/\!/\! } net2=${net2/\!/\! } snet2="" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de