diff options
| author |   Yixun Lan <dlan@gentoo.org> | 2014-07-17 06:57:29 +0000 |
|---|---|---|
| committer | Yixun Lan <dlan@gentoo.org> | 2014-07-17 06:57:29 +0000 |
| commit | ea41057c73d891ba6f3213456eabe6382257566c (patch) | |
| tree | f1691c29a3a6ada808f86b9f4c9f6e715ed5b58d /net-firewall/ufw | |
| parent | Typo (diff) | |
| download | historical-ea41057c73d891ba6f3213456eabe6382257566c.tar.gz historical-ea41057c73d891ba6f3213456eabe6382257566c.tar.bz2 historical-ea41057c73d891ba6f3213456eabe6382257566c.zip | |
bug 506390, clean old, update to distutils-r1. proxy for SN (Enlik)
Package-Manager: portage-2.2.10/cvs/Linux x86_64
Manifest-Sign-Key: 0xAABEFD55
Diffstat (limited to 'net-firewall/ufw')
| -rw-r--r-- | net-firewall/ufw/ChangeLog | 12 | ||||
| -rw-r--r-- | net-firewall/ufw/Manifest | 29 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.31.1-conntrack.patch | 201 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.33-conntrack.patch | 187 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch | 15 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-dont-check-iptables.patch | 45 | ||||
| -rw-r--r-- | net-firewall/ufw/ufw-0.33-r2.ebuild | 184 | ||||
| -rw-r--r-- | net-firewall/ufw/ufw-0.34_pre805-r1.ebuild (renamed from net-firewall/ufw/ufw-0.31.1-r2.ebuild) | 77 |
8 files changed, 83 insertions, 667 deletions
diff --git a/net-firewall/ufw/ChangeLog b/net-firewall/ufw/ChangeLog index 94cecaede4b5..901603d3f98b 100644 --- a/net-firewall/ufw/ChangeLog +++ b/net-firewall/ufw/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-firewall/ufw -# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ChangeLog,v 1.13 2013/05/20 09:05:50 lxnay Exp $ +# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ChangeLog,v 1.14 2014/07/17 06:57:21 dlan Exp $ + +*ufw-0.34_pre805-r1 (17 Jul 2014) + + 17 Jul 2014; Yixun Lan <dlan@gentoo.org> -ufw-0.31.1-r2.ebuild, + -ufw-0.33-r2.ebuild, +ufw-0.34_pre805-r1.ebuild, + -files/ufw-0.31.1-conntrack.patch, -files/ufw-0.33-conntrack.patch, + +files/ufw-0.34_pre805-shebang.patch, -files/ufw-dont-check-iptables.patch: + bug 506390, clean old, update to distutils-r1. proxy for SN (Enlik) 20 May 2013; Fabio Erculiani <lxnay@gentoo.org> ufw-0.31.1-r2.ebuild, ufw-0.33-r2.ebuild, ufw-0.34_pre805.ebuild, +files/ufw.service: diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest index c6c78197f8f8..68cecff582e9 100644 --- a/net-firewall/ufw/Manifest +++ b/net-firewall/ufw/Manifest @@ -4,27 +4,32 @@ Hash: SHA256 AUX rsyslog/ufw.logrotate 178 SHA256 02d1a00ca68446fbe056a4c3aede319f77b3262e26092cc04ea46de8923d03f8 SHA512 d381a34b23d8656c316af69c07d49042d6c4def4cea3e51367210bce20681376fd0259a95b6b9403171c5d80732927a8880f3d401e13e6f76b505324eecb146b WHIRLPOOL 10b63f8966ad7ad0894a18216a0102fc8a102b14c8f9fb468a4a8d61ae13b1ec3176c7bb9ffb852f8aaa4ac7874584a8f8f5a2d6e98fa3fb56f5945e9bd99139 AUX syslog-ng/syslog-ng.example 381 SHA256 70a795c1b20e2cdef38565d74b9de042c6666f860a2fd1b3bdc6f31dd451bc68 SHA512 f48d2487679fe179ea216bb4259affbf5ab4c86725b45942581ada8dac24dd0c978f755182805ff5350ab169972fcee7bb54a6d14df760d4b5f62c485af1e49e WHIRLPOOL 44874c68257b6f9a53e7fd1affc6ccf2492d9ec09a4700a17239fb3e413e2dcf2ede87eafb1e253d965c27a1c5ead36c413c8c84ec3ed55f5cf2191b927aacbe AUX syslog-ng/ufw.logrotate 269 SHA256 cddd86613bde19b45f0f935c65bb43721f69aefc14e7d629612b23ea3b5c5c97 SHA512 22d89f04b68a8b4deeb60aca263239255dd01b9c6e6d23a5d77514daf7bb9dc3910a28cfe9c606f70d2a50f0365bb19c3cf00c5859ee2630c00f0df451ee9c5d WHIRLPOOL 5da4f8c615667d829ea4eb318ec01b712adf69002dcf8c3df7deba8fa3e49e426b1c00e468805ba571ed2f2ce05fa81b7e2ac83e7231de3f3305d6ce190264e5 -AUX ufw-0.31.1-conntrack.patch 9842 SHA256 e91af8e88c896fd2e05b4143f361a72bc8ae78c8ab0c5afb8a26ea416f7bb631 SHA512 c7fab58aec12f47a492e8ad94e2ffbb471daf6292b6c9272396754cc25a6d2a164f3c383fd7e933a0d624d55a5b4b7a385a1fd31ef74162b7e819284c25a4fd7 WHIRLPOOL 96aa69e0aad4df20b14231edda6434f95be144d302484ef71bec4b6d6d4518714a852d1844d5aa33eaa7845a70659ab42006881297eecc5237f7c93b3907af9b AUX ufw-0.31.1-move-path.patch 7071 SHA256 88a7b20696b731bac01b3c5d88b0353842b1228d3239cfebe1f2a47c1bdb6768 SHA512 66382ded35437e563c874dc01417a2735a2aa136a1e670fd3707c3311516a6d9a0e62a20679a4f5dcaa2edc0225535cf2410d7f86676b1e10eb309ecc3e24bc2 WHIRLPOOL 89e3165900def8380cade3eb62fc351be9e43c8055f4b71c356f3aa5356b0c57154e18485d94e0ca86462da7c55b1b4755de379a88f1958d313b93c0ec723715 AUX ufw-0.31.1-python-abis.patch 1872 SHA256 1e3094135d71e7e7129b2d268d79c73990f0a6f61f2bb6456d3f3654b4975463 SHA512 fbe65a6775426c66cd82382e62eea3a2179d68a0b6c617cc468e7076e2f58493baffde686b65e6bf3a89ea7fdda48a5a42d152b1be388c943408532f47d4402a WHIRLPOOL 62e68d1ef8aaa4963765599ca6701af18bcdef8f6a20607ce433b5294baa9c5ba75b3d41266d9a8bd82febe3a3ac75c6fcb2326fbc5cafa31634ec96a4407b10 -AUX ufw-0.33-conntrack.patch 10055 SHA256 e034feba3bdeca0d4e9aed0555d88838e49804542174b988f9a7fbf8b8dc759d SHA512 7de6358ec0bf6696c4c26aab2729b9160e16ce44a67b5b634ad935fb4bf218b1b79d599f9d679f8f2a147861d865a098729fe3dbc0db110135bf5a78acfd6d53 WHIRLPOOL a3d543abf0ac1d6ca11a4754ab296c9e6f28809e8b746986524aa5d0e162f78d5a5abd586ff172618e8d79354c43429de3cc0b0e9a3d1bf91d662071c3cd2cfc AUX ufw-0.33-dont-check-iptables.patch 1659 SHA256 8a3ae20d399e83aa9c779dfed1f65d99b277263681b1a3e7e9e86143d5fabd0a SHA512 8f92d4b79f1caf01cb97ec64014c7607a410fb0a36e5e87376707c026d714a060ae554591b6e5b3834b671acd4145dcca68a9373aa41051ef60c9dd409dd008d WHIRLPOOL 8f897654bde85d84b17dc32507c5a469fe04eb2201acb55bfd02a76346620399dbcb9c7d0ce19f48285f6eec5de0a5d96420483d6a0b7a4c31a41fa329f91180 +AUX ufw-0.34_pre805-shebang.patch 675 SHA256 4348689359f3d80c1bcfe66d12710578ba31a5382bf078242b84e86f7233e38d SHA512 8954f679a993d65cb880ffce09b448626fd64dea93257f0faa97b8bec76dcbbda4fb0d19408655d6db387066a0ac94b962dca2e5febcc5b5685e9b16b97b4cad WHIRLPOOL 44c83c5e1795fa0db7ed40d1440df7b4220b869bd42a294ba0d8262fbb2b2e114154d0ce9a22e100db8ad7c1cd402eefacfe854679e7caecda4a251d98720f03 AUX ufw-2.initd 2722 SHA256 657b5305923b2a5de9eb96931aaaa28d6e997ace6c40793d905887798094258c SHA512 54cb84ae5ce2c327a7a7b03deeed3d7507a4716ce929aa563d4fb5baa9aa73d95575ec7d5db7165345310869bd5a60b1033c6691f02a85ab94baa6b4a550daa7 WHIRLPOOL c19a21c93f0c63165715e8da4ab9b16a4596ccc3730118c1bbd7eb4de9a94b2b1475904818a2786b2490a07dee7d761da28ca6dc087926c27598d691cb333ce6 -AUX ufw-dont-check-iptables.patch 1572 SHA256 2ea0f9525baa82386690577525631f468e56a0fbde0e7e5a65fba36c922ea96f SHA512 c072e924ed5c7df37d89dd9dc8ecb9a52f16fcd962a31d97f45cecefb971adcceabff183bec386be29f44942d12f8bce595ff4203e390ce464627458843b19cb WHIRLPOOL a1ee6799042353f32a1746b14017403994d60dc1ba7e67581ebdff3d93e37e72c7224708d2c0d1bef25ce311ad5c647cd5f0fa62ea4da60321e47f922f64c54d AUX ufw.confd 219 SHA256 069aa7382b40aecebf26ef53f3f4c49890314e0357925c84b3c15f1d0b913be0 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7 WHIRLPOOL e6c4537392921c63f8a57fab7ea269fbeea846468ef8968816d988556557495e8abb77aee9d60648a1483a599683613cf5ea832cbcf498a8828baa9abcd31752 AUX ufw.service 329 SHA256 1c600d9b9425485a0536fdf77a39fbf94bfcaade686789d6c4f3f1aac08ffe69 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7 WHIRLPOOL a00069a5582b9c52b5ff9a9c88b03294140dd06596ea0fbcbd0e7f6de016b1eed97840728c932a82f18762c84c9e8849f86ee504b49931420f2d097bb9b0ebd6 -DIST ufw-0.31.1.tar.gz 322448 SHA256 ccf5e00aa76841b9467ad9506fbf96373fb24a4b26bffd858ea1eb2522491dcb SHA512 3c9e61be7ba18ccdbd8195517f0b74a418b460f91b6efcdf0d883fc1dca2bc376ee317836882b67d2fd4825c2e5374d9c6a5da3d77f98794b64c98071d3ac0dc WHIRLPOOL 35064e73f892d6a94413f3560f5f0af945c972b673da4980af0a60576cc641810a74d76ed196935abaf9c2b395c2cc7250b6d27e710e284cbf2df014a6f0820d -DIST ufw-0.33.tar.gz 332893 SHA256 5f85a8084ad3539b547bec097286948233188c971f498890316dec170bdd1da8 SHA512 a908d0a2c74bedef418b28f1701048bc9281f314ff747fb1e9497ddee341dbf86402215c470b605523b03a12b2dec812cd7342c310c04231dbed5b6f8e783309 WHIRLPOOL bdd09fbdc2514061b6971e06fa05d6fee04e29c2cecf0c12b237349071e88d188aa8a7bd5c54f5cf3cccd4ddf8d2e3d2bb6ed0db92538b7d76cea471d74848c1 DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829 -EBUILD ufw-0.31.1-r2.ebuild 5587 SHA256 8ff4d7fcf67686d85b18cc094c19c7625d9e980f3c6747cca04c796c3c997e3a SHA512 ecea06b997f91cbed3500e84678c65a3ecd6eca9acfc877888ddabf6d4cbefd95a8f8c66f5f9185c5d4a06d92a31b7780bc4adfaefffb4ec4b6907d49fb2edbb WHIRLPOOL da35894ce419296a4ad415f05f84fbdea701200be55bcf8acd975a040fa6e1eb983d6e27f2ee31290e6c7b30803d19accf2470015aa4c331ee3d1615dab09903 -EBUILD ufw-0.33-r2.ebuild 5665 SHA256 77e14c04d236925a4608a55307dea92c137583a304d4cf685f87bcc114b3f26d SHA512 4614dcb6fd4f8d102fe344e7eac1f46d0c8ea8ed7153edd67111aab58e1f8c9ac37208da7fd5472dc6bad0081788d181e4062d58481f963663e9c9bc0993e043 WHIRLPOOL 6711f39ca765009e1a545787b18e11b67ec92a4dd11245c753b636c7ea865dbbbbd974fb542532f26a3dc119c0db0a3dc929549109b4b8fc5a6e76700c1ccdee +EBUILD ufw-0.34_pre805-r1.ebuild 5398 SHA256 16a2db7343801bcceda2d8400e24bab6ce00ab487d443131c3f58cce5550545d SHA512 af8fee0561f9051797e3412e289367e3b5e96ade120b13c10e408b280ba21795c669216ac4b987cd3657604a6ab52a11e355d6e1649be4c741834f50ee82a314 WHIRLPOOL 1d896cdc80da885c8ba252a03ec4eeaf443a54320eb750d7d28eff9e99f45b651ea9371705303ea191e7226646368df3bd4d6e4161110f60007820d4023e51dd EBUILD ufw-0.34_pre805.ebuild 5415 SHA256 2a5191348122b729d4cefccb4f65e9714c704e61afff25dcedc530e12284c5a2 SHA512 378e32a0e135eafc33cb2134a26a0fa9590b86d9abd8008bb7086d0739a0e106f36cc127069d5145659dce9607734b6344804dc0b3914ae7efdc867885c1b504 WHIRLPOOL 13cdf52c7824fd06d407e0e3bd8333fda9dc7f6af2164b6cfe1ed95fab4ddf313df347c86793ee9e4d26b805bcd7118e4c38cce4cee2041ea5fe15900f51a788 -MISC ChangeLog 3412 SHA256 e40b5094a14577b02edf32e128c1007ffb3ed1e3428fd92752746bddd4031cfc SHA512 891a4f1369ae1926e65f4744544142f70c7ebb7ec9d1ac4d9f421f9c848e863743b2b593447c16b67bc30f1bb55b8ffae65e0d297344e09142cc0d36ffa1b536 WHIRLPOOL c360c1bb16cec63b6b8bcae25d5959427bcac9ac82186ab1f4b585c26ae0771179a026f8112e7ed9672cc6364d612a3a866e20180aeb65c6e4d592574309ac53 +MISC ChangeLog 3782 SHA256 57d502ce1fc9cfd551340cda1a91dbace28b6cb8ca8e6ac2d4390d8d7eeb55a3 SHA512 27996559c555d51f639bf4be0175d0476a6bcecf1bb7fc15dd912a08d77f664589f2649fd5e3830aa6f387cb467aa726f071e10d36f36f6e3bf5a1e90d769c56 WHIRLPOOL 9ad88aa37ad391a0c48450871615ab82d7ad07e9c5eecd6992035f3a17a7d973a924b177f0620b688cb8941ba07e1df0b1edfa725171df1d493dbc3860f270ef MISC metadata.xml 568 SHA256 0fea99101adbd93b9a644642cf668a7cb5d6392c840b66b4c8aca504985c4033 SHA512 5ac4c205a5df4c0bf11f22d442457c5a50535ebf007fb01bb07e9480f9d854eb053bdd220519e37e0602e1d3ec0043bab7e1865bf9c2e8339b76538719285e96 WHIRLPOOL 122348f9b736392521b10685d03ce3105abec78c8a1378ed1e1b86f9bf6097b1b6be66ce172e1cc92e813c21c8722a4f44e52ee63bfd2c327c9e2c844faf1d13 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.19 (GNU/Linux) +Version: GnuPG v2 -iEYEAREIAAYFAlGZ51wACgkQfaj9zK3JFuU8agCfaSghPqtPnfhwkx1lEMazNSq5 -iyEAnjHVFS+FmCLVkeQ5tpq6WzXjjixH -=Uc3e +iQIcBAEBCAAGBQJTx3NWAAoJEJIMDbyqvv1V6ksQAN2wS6+fKeGlg4v6Rjt2N8b6 +TyAlOZtj0KBAU0gP02NT81w7ZO+Q+Va2HUVTE7tiLK7tbAFbsmM4kszerGfmn7WK +dMZCgXsdlLe8mFEtR2o+UihlDGD3lMQW936JTR26YfuFEGR9USr9GT2ymzroyyx1 +Cs4liRN+pGSylRQOCZePx7GzhbZ6UQCsR13CTj2vCLlnqTNiznTQIZQ8pUhmN8Yp +GFCRM2ZeVroJ/DyK7rzJPP8jMi/osA6r9zjGpb+742IDEhq5jAhj4swvVp0R3rx1 +inwRAvF0xDP/SvFAAtQdPz/TmpgXLKcaXwV30mL5xqd0c2/irhi33nl0SUnnbc/7 +5FKobS80OvkC65XRp3OE3xYuv3plKF+VZRyfHkCYxk0+lG6Gv2q5Hu9Fb7AvxWaN +kv9RSeakgJo4DFxZX0Ao6nTaqbudsKbDtucugNLjJ6nfXOXprQeXS8Z/R+y5qhRr +poe2M7hxnZT8dDxOES6rb0AtcfDP21mu2de+Urw9DtPCg3CG/auuJ/m0k0LPnwnn +WBMbFab1JXGP9w4TRoCYMmO8lTeq2AIhvEJhJ0y0DBw5IRGS4l4toTblRaIHTQGH +m9ncK2bTw9Y5LZAlVE1vJnEIroW9+xhNhacOreEOI871wswZ0eNZIqv2KHI55YQW +Ij9VMfFVa50TWS8uiPi6 +=5To4 -----END PGP SIGNATURE----- diff --git a/net-firewall/ufw/files/ufw-0.31.1-conntrack.patch b/net-firewall/ufw/files/ufw-0.31.1-conntrack.patch deleted file mode 100644 index 6a7e6924c53f..000000000000 --- a/net-firewall/ufw/files/ufw-0.31.1-conntrack.patch +++ /dev/null @@ -1,201 +0,0 @@ -use conntrack instead of state -https://bugs.launchpad.net/ufw/+bug/1065297 - -This is a version for ufw 0.31.1. -diff --git a/conf/before.rules b/conf/before.rules -index bc11f36..9917b87 100644 ---- a/conf/before.rules -+++ b/conf/before.rules -@@ -22,12 +22,12 @@ - -A ufw-before-output -o lo -j ACCEPT - - # quickly process packets for which we already have a connection ---A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT ---A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT -+-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -+-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - # drop INVALID packets (logs these in loglevel medium and higher) ---A ufw-before-input -m state --state INVALID -j ufw-logging-deny ---A ufw-before-input -m state --state INVALID -j DROP -+-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -+-A ufw-before-input -m conntrack --ctstate INVALID -j DROP - - # ok icmp codes - -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -diff --git a/conf/before6.rules b/conf/before6.rules -index fb1a8f1..8b7e4ff 100644 ---- a/conf/before6.rules -+++ b/conf/before6.rules -@@ -34,16 +34,16 @@ - -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT - - # quickly process packets for which we already have a connection ---A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT ---A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT -+-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -+-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - # for multicast ping replies from link-local addresses (these don't have an - # associated connection and would otherwise be marked INVALID) - -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -s fe80::/10 -j ACCEPT - - # drop INVALID packets (logs these in loglevel medium and higher) ---A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny ---A ufw6-before-input -m state --state INVALID -j DROP -+-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny -+-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP - - # ok icmp codes - -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT -diff --git a/doc/ufw-framework.8 b/doc/ufw-framework.8 -index d9e3d5a..bfc83e2 100644 ---- a/doc/ufw-framework.8 -+++ b/doc/ufw-framework.8 -@@ -167,9 +167,9 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: - net.ipv4.ip_forward=1 - .TP - Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: -- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ -+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate RELATED,ESTABLISHED \\ - \-j ACCEPT -- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ -+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ - \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT - .TP - Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section: -@@ -209,13 +209,13 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: - net.ipv4.ip_forward=1 - .TP - Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: -- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ -+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate RELATED,ESTABLISHED \\ - \-j ACCEPT - -- \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m state \\ -- \-\-state NEW \-j ACCEPT -+ \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m conntrack \\ -+ \-\-ctstate NEW \-j ACCEPT - -- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ -+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ - \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT - - \-A ufw\-before\-forward \-o eth0 \-d 10.0.0.0/8 \-j REJECT -diff --git a/src/backend_iptables.py b/src/backend_iptables.py -index 340beba..4459a3b 100644 ---- a/src/backend_iptables.py -+++ b/src/backend_iptables.py -@@ -551,7 +551,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend): - lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \ - policy) - if not pat_logall.search(s): -- lstr = '-m state --state NEW ' + lstr -+ lstr = '-m conntrack --ctstate NEW ' + lstr - snippets[i] = pat_log.sub(r'\1-j \2\4', s) - snippets.insert(i, pat_log.sub(r'\1-j ' + prefix + \ - '-user-logging-' + suffix, s)) -@@ -567,9 +567,9 @@ class UFWBackendIptables(ufw.backend.UFWBackend): - pat_limit = re.compile(r' -j LIMIT') - for i, s in enumerate(snippets): - if pat_limit.search(s): -- tmp1 = pat_limit.sub(' -m state --state NEW -m recent --set', \ -+ tmp1 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent --set', \ - s) -- tmp2 = pat_limit.sub(' -m state --state NEW -m recent' + \ -+ tmp2 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent' + \ - ' --update --seconds 30 --hitcount 6' + \ - ' -j ' + prefix + '-user-limit', s) - tmp3 = pat_limit.sub(' -j ' + prefix + '-user-limit-accept', s) -@@ -1178,12 +1178,12 @@ class UFWBackendIptables(ufw.backend.UFWBackend): - prefix = "[UFW BLOCK] " - if self.loglevels[level] < self.loglevels["medium"]: - # only log INVALID in medium and higher -- rules_t.append([c, ['-I', c, '-m', 'state', \ -- '--state', 'INVALID', \ -+ rules_t.append([c, ['-I', c, '-m', 'conntrack', \ -+ '--ctstate', 'INVALID', \ - '-j', 'RETURN'] + largs, '']) - else: -- rules_t.append([c, ['-A', c, '-m', 'state', \ -- '--state', 'INVALID', \ -+ rules_t.append([c, ['-A', c, '-m', 'conntrack', \ -+ '--ctstate', 'INVALID', \ - '-j', 'LOG', \ - '--log-prefix', \ - "[UFW AUDIT INVALID] "] + \ -@@ -1202,7 +1202,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend): - - # loglevel medium logs all new packets with limit - if self.loglevels[level] < self.loglevels["high"]: -- largs = ['-m', 'state', '--state', 'NEW'] + limit_args -+ largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args - - prefix = "[UFW AUDIT] " - for c in self.chains['before']: -diff --git a/src/ufw-init-functions b/src/ufw-init-functions -index f4783e7..c5e0319 100755 ---- a/src/ufw-init-functions -+++ b/src/ufw-init-functions -@@ -251,15 +251,15 @@ ufw_start() { - # add tracking policy - if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then - printf "*filter\n"\ --"-A ufw${type}-track-input -p tcp -m state --state NEW -j ACCEPT\n"\ --"-A ufw${type}-track-input -p udp -m state --state NEW -j ACCEPT\n"\ -+"-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ -+"-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ - "COMMIT\n" | $exe-restore -n || error="yes" - fi - - if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then - printf "*filter\n"\ --"-A ufw${type}-track-output -p tcp -m state --state NEW -j ACCEPT\n"\ --"-A ufw${type}-track-output -p udp -m state --state NEW -j ACCEPT\n"\ -+"-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ -+"-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ - "COMMIT\n" | $exe-restore -n || error="yes" - fi - -diff --git a/tests/check-requirements b/tests/check-requirements -index dbb26ec..d3ad1f8 100755 ---- a/tests/check-requirements -+++ b/tests/check-requirements -@@ -152,32 +152,32 @@ for i in "" 6; do - done - - echo -n "hashlimit: " -- runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT -+ runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT - - echo -n "limit: " - runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT - - for j in NEW RELATED ESTABLISHED INVALID; do - echo -n "state ($j): " -- runcmd $exe -A $c -m state --state $j -+ runcmd $exe -A $c -m conntrack --ctstate $j - done - - echo -n "state (new, recent set): " - if [ "$i" = "6" ]; then - echo "skipped -- IPv6 'limit' not supported by ufw yet" - else -- runcmd $exe -A $c -m state --state NEW -m recent --set -+ runcmd $exe -A $c -m conntrack --ctstate NEW -m recent --set - fi - - echo -n "state (new, recent update): " - if [ "$i" = "6" ]; then - echo "skipped -- IPv6 'limit' not supported by ufw yet" - else -- runcmd $exe -A $c -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT -+ runcmd $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT - fi - - echo -n "state (new, limit): " -- runcmd $exe -A $c -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT -+ runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT - - echo -n "interface (input): " - runcmd $exe -A $c -i eth0 -j ACCEPT diff --git a/net-firewall/ufw/files/ufw-0.33-conntrack.patch b/net-firewall/ufw/files/ufw-0.33-conntrack.patch deleted file mode 100644 index 36eee8e76505..000000000000 --- a/net-firewall/ufw/files/ufw-0.33-conntrack.patch +++ /dev/null @@ -1,187 +0,0 @@ -use conntrack instead of state -https://bugs.launchpad.net/ufw/+bug/1065297 -diff -urp ufw-0.33.orig/conf/before6.rules ufw-0.33/conf/before6.rules ---- ufw-0.33.orig/conf/before6.rules 2012-10-10 22:26:26.021931270 +0200 -+++ ufw-0.33/conf/before6.rules 2012-10-10 22:38:58.803605951 +0200 -@@ -34,16 +34,16 @@ - -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT - - # quickly process packets for which we already have a connection ---A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT ---A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT -+-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -+-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - # for multicast ping replies from link-local addresses (these don't have an - # associated connection and would otherwise be marked INVALID) - -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -s fe80::/10 -j ACCEPT - - # drop INVALID packets (logs these in loglevel medium and higher) ---A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny ---A ufw6-before-input -m state --state INVALID -j DROP -+-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny -+-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP - - # ok icmp codes - -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT -diff -urp ufw-0.33.orig/conf/before.rules ufw-0.33/conf/before.rules ---- ufw-0.33.orig/conf/before.rules 2012-10-10 22:26:26.021931270 +0200 -+++ ufw-0.33/conf/before.rules 2012-10-10 22:38:17.442349148 +0200 -@@ -22,12 +22,12 @@ - -A ufw-before-output -o lo -j ACCEPT - - # quickly process packets for which we already have a connection ---A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT ---A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT -+-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -+-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - # drop INVALID packets (logs these in loglevel medium and higher) ---A ufw-before-input -m state --state INVALID -j ufw-logging-deny ---A ufw-before-input -m state --state INVALID -j DROP -+-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -+-A ufw-before-input -m conntrack --ctstate INVALID -j DROP - - # ok icmp codes - -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -diff -urp ufw-0.33.orig/doc/ufw-framework.8 ufw-0.33/doc/ufw-framework.8 ---- ufw-0.33.orig/doc/ufw-framework.8 2012-10-10 22:26:26.020931143 +0200 -+++ ufw-0.33/doc/ufw-framework.8 2012-10-10 23:06:21.407372442 +0200 -@@ -167,9 +167,9 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to - net.ipv4.ip_forward=1 - .TP - Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: -- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ -- \-j ACCEPT -- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ -+ \-A ufw\-before\-forward \-m conntrack \\ -+ \-\-ctstate RELATED,ESTABLISHED \-j ACCEPT -+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ - \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT - .TP - Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section: -@@ -209,13 +209,13 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to - net.ipv4.ip_forward=1 - .TP - Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: -- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ -- \-j ACCEPT -+ \-A ufw\-before\-forward \-m conntrack \\ -+ \-\-ctstate RELATED,ESTABLISHED \-j ACCEPT - -- \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m state \\ -- \-\-state NEW \-j ACCEPT -+ \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \\ -+ \-m conntrack \-\-ctstate NEW \-j ACCEPT - -- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ -+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ - \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT - - \-A ufw\-before\-forward \-o eth0 \-d 10.0.0.0/8 \-j REJECT -diff -urp ufw-0.33.orig/src/backend_iptables.py ufw-0.33/src/backend_iptables.py ---- ufw-0.33.orig/src/backend_iptables.py 2012-10-10 22:26:26.022931397 +0200 -+++ ufw-0.33/src/backend_iptables.py 2012-10-10 22:29:53.981361845 +0200 -@@ -558,7 +558,7 @@ class UFWBackendIptables(ufw.backend.UFW - lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \ - policy) - if not pat_logall.search(s): -- lstr = '-m state --state NEW ' + lstr -+ lstr = '-m conntrack --ctstate NEW ' + lstr - snippets[i] = pat_log.sub(r'\1-j \2\4', s) - snippets.insert(i, pat_log.sub(r'\1-j ' + prefix + \ - '-user-logging-' + suffix, s)) -@@ -574,9 +574,9 @@ class UFWBackendIptables(ufw.backend.UFW - pat_limit = re.compile(r' -j LIMIT') - for i, s in enumerate(snippets): - if pat_limit.search(s): -- tmp1 = pat_limit.sub(' -m state --state NEW -m recent --set', \ -+ tmp1 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent --set', \ - s) -- tmp2 = pat_limit.sub(' -m state --state NEW -m recent' + \ -+ tmp2 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent' + \ - ' --update --seconds 30 --hitcount 6' + \ - ' -j ' + prefix + '-user-limit', s) - tmp3 = pat_limit.sub(' -j ' + prefix + '-user-limit-accept', s) -@@ -1196,12 +1196,12 @@ class UFWBackendIptables(ufw.backend.UFW - prefix = "[UFW BLOCK] " - if self.loglevels[level] < self.loglevels["medium"]: - # only log INVALID in medium and higher -- rules_t.append([c, ['-I', c, '-m', 'state', \ -- '--state', 'INVALID', \ -+ rules_t.append([c, ['-I', c, '-m', 'conntrack', \ -+ '--ctstate', 'INVALID', \ - '-j', 'RETURN'] + largs, '']) - else: -- rules_t.append([c, ['-A', c, '-m', 'state', \ -- '--state', 'INVALID', \ -+ rules_t.append([c, ['-A', c, '-m', 'conntrack', \ -+ '--ctstate', 'INVALID', \ - '-j', 'LOG', \ - '--log-prefix', \ - "[UFW AUDIT INVALID] "] + \ -@@ -1220,7 +1220,7 @@ class UFWBackendIptables(ufw.backend.UFW - - # loglevel medium logs all new packets with limit - if self.loglevels[level] < self.loglevels["high"]: -- largs = ['-m', 'state', '--state', 'NEW'] + limit_args -+ largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args - - prefix = "[UFW AUDIT] " - for c in self.chains['before']: -diff -urp ufw-0.33.orig/src/ufw-init-functions ufw-0.33/src/ufw-init-functions ---- ufw-0.33.orig/src/ufw-init-functions 2012-10-10 22:26:26.023931524 +0200 -+++ ufw-0.33/src/ufw-init-functions 2012-10-10 22:48:38.305257627 +0200 -@@ -251,15 +251,15 @@ ufw_start() { - # add tracking policy - if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then - printf "*filter\n"\ --"-A ufw${type}-track-input -p tcp -m state --state NEW -j ACCEPT\n"\ --"-A ufw${type}-track-input -p udp -m state --state NEW -j ACCEPT\n"\ -+"-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ -+"-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ - "COMMIT\n" | $exe-restore -n || error="yes" - fi - - if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then - printf "*filter\n"\ --"-A ufw${type}-track-output -p tcp -m state --state NEW -j ACCEPT\n"\ --"-A ufw${type}-track-output -p udp -m state --state NEW -j ACCEPT\n"\ -+"-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ -+"-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ - "COMMIT\n" | $exe-restore -n || error="yes" - fi - -diff -urp ufw-0.33.orig/tests/check-requirements ufw-0.33/tests/check-requirements ---- ufw-0.33.orig/tests/check-requirements 2012-10-10 22:26:25.944921482 +0200 -+++ ufw-0.33/tests/check-requirements 2012-10-10 22:41:54.378920671 +0200 -@@ -167,24 +167,24 @@ for i in "" 6; do - done - - echo -n "hashlimit: " -- runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT -+ runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT - - echo -n "limit: " - runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT - - for j in NEW RELATED ESTABLISHED INVALID; do - echo -n "state ($j): " -- runcmd $exe -A $c -m state --state $j -+ runcmd $exe -A $c -m conntrack --ctstate $j - done - - echo -n "state (new, recent set): " -- runcmd runtime $exe -A $c -m state --state NEW -m recent --set -+ runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --set - - echo -n "state (new, recent update): " -- runcmd runtime $exe -A $c -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT -+ runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT - - echo -n "state (new, limit): " -- runcmd $exe -A $c -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT -+ runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT - - echo -n "interface (input): " - runcmd $exe -A $c -i eth0 -j ACCEPT diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch new file mode 100644 index 000000000000..991f4c826ece --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch @@ -0,0 +1,15 @@ +--- a/setup.py ++++ b/setup.py +@@ -107,12 +107,6 @@ class Install(_install, object): + for f in [ script, manpage, manpage_f ]: + self.mkpath(os.path.dirname(f)) + +- # update the interpreter to that of the one the user specified for setup +- print("Updating staging/ufw to use %s" % (sys.executable)) +- subprocess.call(["sed", +- "-i", +- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", +- 'staging/ufw']) + self.copy_file('staging/ufw', script) + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) diff --git a/net-firewall/ufw/files/ufw-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-dont-check-iptables.patch deleted file mode 100644 index 1ce2086d666d..000000000000 --- a/net-firewall/ufw/files/ufw-dont-check-iptables.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- setup.py 2011-03-22 19:00:03.000000000 +0100 -+++ setup.py 2011-06-10 19:28:41.798000241 +0200 -@@ -224,41 +224,7 @@ - os.unlink(os.path.join('staging', 'ufw-init')) - os.unlink(os.path.join('staging', 'ufw-init-functions')) - --iptables_exe = '' --iptables_dir = '' -- --for e in ['iptables']: -- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ -- '/usr/local/bin']: -- if e == "iptables": -- if os.path.exists(os.path.join(dir, e)): -- iptables_dir = dir -- iptables_exe = os.path.join(iptables_dir, "iptables") -- print "Found '%s'" % iptables_exe -- else: -- continue -- -- if iptables_exe != "": -- break -- -- --if iptables_exe == '': -- print >> sys.stderr, "ERROR: could not find required binary 'iptables'" -- sys.exit(1) -- --for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: -- if not os.path.exists(os.path.join(iptables_dir, e)): -- print >> sys.stderr, "ERROR: could not find required binary '%s'" % (e) -- sys.exit(1) -- --(rc, out) = cmd([iptables_exe, '-V']) --if rc != 0: -- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ -- (iptables_exe)) --version = re.sub('^v', '', re.split('\s', out)[1]) --print "Found '%s' version '%s'" % (iptables_exe, version) --if version < "1.4": -- print >> sys.stderr, "WARN: version '%s' has limited IPv6 support. See README for details." % (version) -+iptables_dir = '/sbin' - - setup (name='ufw', - version=ufw_version, diff --git a/net-firewall/ufw/ufw-0.33-r2.ebuild b/net-firewall/ufw/ufw-0.33-r2.ebuild deleted file mode 100644 index 6a768533ce0e..000000000000 --- a/net-firewall/ufw/ufw-0.33-r2.ebuild +++ /dev/null @@ -1,184 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.33-r2.ebuild,v 1.2 2013/05/20 09:05:50 lxnay Exp $ - -EAPI=4 -PYTHON_DEPEND="2:2.6 3:3.1" -SUPPORT_PYTHON_ABIS="1" -RESTRICT_PYTHON_ABIS="2.5 *-jython" - -inherit versionator bash-completion-r1 eutils linux-info distutils systemd - -MY_PV_12=$(get_version_component_range 1-2) -DESCRIPTION="A program used to manage a netfilter firewall" -HOMEPAGE="http://launchpad.net/ufw" -SRC_URI="http://launchpad.net/ufw/${MY_PV_12}/${PV}/+download/${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="examples" - -DEPEND="sys-devel/gettext" -# ipv6 forced: bug 437266 -RDEPEND=">=net-firewall/iptables-1.4[ipv6] - !<kde-misc/kcm-ufw-0.4.2 - !<net-firewall/ufw-frontends-0.3.2 -" - -# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 -RESTRICT="test" - -pkg_pretend() { - local CONFIG_CHECK="~PROC_FS - ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL - ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT - ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" - - if kernel_is -ge 2 6 39; then - CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" - else - CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" - fi - - check_extra_config - - # Check for default, useful optional features. - if ! linux_config_exists; then - ewarn "Cannot determine configuration of your kernel." - return - fi - - if ! linux_chkconfig_present IPV6; then - echo - ewarn "This version of ufw requires that IPv6 is enabled." - ewarn "If you don't want it, install ${CATEGORY}/${PN}-0.31.1." - ewarn "More information can be found in bug 437266." - fi - - local nf_nat_ftp_ok="yes" - local nf_conntrack_ftp_ok="yes" - local nf_conntrack_netbios_ns_ok="yes" - - linux_chkconfig_present \ - NF_NAT_FTP || nf_nat_ftp_ok="no" - linux_chkconfig_present \ - NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" - linux_chkconfig_present \ - NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" - - # This is better than an essay for each unset option... - if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ - || [[ ${nf_conntrack_netbios_ns_ok} = no ]] - then - echo - local mod_msg="Kernel options listed below are not set. They are not" - mod_msg+=" mandatory, but they are often useful." - mod_msg+=" If you don't need some of them, please remove relevant" - mod_msg+=" module name(s) from IPT_MODULES in" - mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." - mod_msg+=" Otherwise ufw may fail to start!" - ewarn "${mod_msg}" - if [[ ${nf_nat_ftp_ok} = no ]]; then - ewarn "NF_NAT_FTP: for better support for active mode FTP." - fi - if [[ ${nf_conntrack_ftp_ok} = no ]]; then - ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." - fi - if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then - ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." - fi - fi -} - -src_prepare() { - # Remove warning about 'state' being obsolete in iptables 1.4.16.2. - epatch "${FILESDIR}"/${P}-conntrack.patch - # Allow to remove unnecessary build time dependency - # on net-firewall/iptables. - epatch "${FILESDIR}"/${P}-dont-check-iptables.patch - # Move files away from /lib/ufw. - epatch "${FILESDIR}"/${PN}-0.31.1-move-path.patch - # Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the - # file). - epatch "${FILESDIR}"/${PN}-0.31.1-python-abis.patch - - # Set as enabled by default. User can enable or disable - # the service by adding or removing it to/from a runlevel. - sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ - || die "sed failed (ufw.conf)" - - #sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die - - # If LINGUAS is set install selected translations only. - if [[ -n ${LINGUAS+set} ]]; then - _EMPTY_LOCALE_LIST="yes" - pushd locales/po > /dev/null || die - - local lang - for lang in *.po; do - if ! has "${lang%.po}" ${LINGUAS}; then - rm "${lang}" || die - else - _EMPTY_LOCALE_LIST="no" - fi - done - - popd > /dev/null || die - else - _EMPTY_LOCALE_LIST="no" - fi -} - -src_install() { - newconfd "${FILESDIR}"/ufw.confd ufw - newinitd "${FILESDIR}"/ufw-2.initd ufw - systemd_dounit "${FILESDIR}/ufw.service" - - exeinto /usr/share/${PN} - doexe tests/check-requirements - - # users normally would want it - insinto /usr/share/doc/${PF}/logging/syslog-ng - doins "${FILESDIR}"/syslog-ng/* - - insinto /usr/share/doc/${PF}/logging/rsyslog - doins "${FILESDIR}"/rsyslog/* - doins doc/rsyslog.example - - if use examples; then - insinto /usr/share/doc/${PF}/examples - doins examples/* - fi - distutils_src_install - [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo - newbashcomp shell-completion/bash ${PN} -} - -pkg_postinst() { - distutils_pkg_postinst - if [[ -z ${REPLACING_VERSIONS} ]]; then - echo - elog "To enable ufw, add it to boot sequence and activate it:" - elog "-- # rc-update add ufw boot" - elog "-- # /etc/init.d/ufw start" - echo - elog "If you want to keep ufw logs in a separate file, take a look at" - elog "/usr/share/doc/${PF}/logging." - fi - if [[ -z ${REPLACING_VERSIONS} ]] \ - || [[ ${REPLACING_VERSIONS} < 0.33-r2 ]]; - then - # etc-update etc. should show when the file needs updating - # but let's inform about the change - echo - elog "Because of bug 437266 this version doesn't have ipv6 USE" - elog "flag, so in case it's needed, please adjust 'IPV6' setting" - elog "in /etc/default/ufw manually. (IPv6 is enabled there by default.)" - # TODO: add message about check-requirements script when this - # bug is fixed - fi - echo - ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" - ewarn "default. See README, Remote Management section for more information." -} diff --git a/net-firewall/ufw/ufw-0.31.1-r2.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild index 8b2ab05e32a9..420a9f3bb005 100644 --- a/net-firewall/ufw/ufw-0.31.1-r2.ebuild +++ b/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild @@ -1,18 +1,16 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.31.1-r2.ebuild,v 1.2 2013/05/20 09:05:50 lxnay Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild,v 1.1 2014/07/17 06:57:21 dlan Exp $ -EAPI=4 -PYTHON_DEPEND="2:2.5" -SUPPORT_PYTHON_ABIS="1" -RESTRICT_PYTHON_ABIS="3.* *-jython" +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_2,3_3,3_4} ) +DISTUTILS_IN_SOURCE_BUILD=1 -inherit versionator bash-completion-r1 eutils linux-info distutils systemd +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd -MY_PV_12=$(get_version_component_range 1-2) DESCRIPTION="A program used to manage a netfilter firewall" HOMEPAGE="http://launchpad.net/ufw" -SRC_URI="http://launchpad.net/ufw/${MY_PV_12}/${PV}/+download/${P}.tar.gz" +SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" LICENSE="GPL-3" SLOT="0" @@ -28,6 +26,15 @@ RDEPEND=">=net-firewall/iptables-1.4[ipv6?] # tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 RESTRICT="test" +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.31.1-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${P}-shebang.patch +) + pkg_pretend() { local CONFIG_CHECK="~PROC_FS ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL @@ -40,6 +47,17 @@ pkg_pretend() { CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" fi + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + check_extra_config # Check for default, useful optional features. @@ -83,18 +101,7 @@ pkg_pretend() { fi } -src_prepare() { - # Remove warning about 'state' being obsolete in iptables 1.4.16.2. - epatch "${FILESDIR}"/${P}-conntrack.patch - # Allow to remove unnecessary build time dependency - # on net-firewall/iptables. - epatch "${FILESDIR}"/${PN}-dont-check-iptables.patch - # Move files away from /lib/ufw. - epatch "${FILESDIR}"/${P}-move-path.patch - # Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the - # file). - epatch "${FILESDIR}"/${P}-python-abis.patch - +python_prepare_all() { # Set as enabled by default. User can enable or disable # the service by adding or removing it to/from a runlevel. sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ @@ -120,9 +127,11 @@ src_prepare() { else _EMPTY_LOCALE_LIST="no" fi + + distutils-r1_python_prepare_all } -src_install() { +python_install_all() { newconfd "${FILESDIR}"/ufw.confd ufw newinitd "${FILESDIR}"/ufw-2.initd ufw systemd_dounit "${FILESDIR}/ufw.service" @@ -142,13 +151,15 @@ src_install() { insinto /usr/share/doc/${PF}/examples doins examples/* fi - distutils_src_install - [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" } pkg_postinst() { - distutils_pkg_postinst if [[ -z ${REPLACING_VERSIONS} ]]; then echo elog "To enable ufw, add it to boot sequence and activate it:" @@ -158,20 +169,14 @@ pkg_postinst() { elog "If you want to keep ufw logs in a separate file, take a look at" elog "/usr/share/doc/${PF}/logging." fi - # Make sure it gets displayed also when one downgrades from >= 0.33*, - # because this message isn't displayed for 0.33* (and possibly newer - # ones in the future) as it's not relevant there. if [[ -z ${REPLACING_VERSIONS} ]] \ - || [[ ${REPLACING_VERSIONS} = 0.33 ]] \ - || [[ ${REPLACING_VERSIONS} > 0.33 ]] \ - || [[ ${REPLACING_VERSIONS} < 0.31.1-r2 ]] + || [[ ${REPLACING_VERSIONS} < 0.34 ]]; then echo - elog "Starting from ufw-0.31.1-r2, /usr/share/ufw/check-requirements" - elog "script is installed. It is useful for debugging problems with" - elog "ufw. However one should keep in mind that the script assumes" - elog "IPv6 is enabled on kernel and net-firewall/iptables," - elog "and fails when it's not." + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." fi echo ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" |