[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Freeze exception for ferm



Hi, 

upstream released a minor update to address #499515 which also fixes some
minor problems. The diff is very small (attached) so I ask for an exception
of ferm 2.0.3 for lenny. 

Thanks in advance

Alex

-- 
Alexander Wirt, formorer@formorer.de 
CC99 2DDD D39E 75B0 B0AA  B25C D35B BC99 BC7D 020A
diff -ruN ferm-2.0.2/doc/ferm.1 ferm-2.0.3/doc/ferm.1
--- ferm-2.0.2/doc/ferm.1	2008-07-26 19:31:02.000000000 +0200
+++ ferm-2.0.3/doc/ferm.1	2008-09-30 19:56:51.000000000 +0200
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "FERM 1"
-.TH FERM 1 "2008-07-24" "ferm 2.0.2" "FIREWALL RULES MADE EASY"
+.TH FERM 1 "2008-09-30" "ferm 2.0.3~svn20080930" "FIREWALL RULES MADE EASY"
 .SH "NAME"
 \&\fBferm\fR \- a firewall rule parser for linux
 .SH "SYNOPSIS"
@@ -1063,6 +1063,10 @@
 \&    mod policy mode tunnel tunnel\-dst 192.168.2.1 ACCEPT;
 \&    mod policy strict next reqid 24 spi 0x11 ACCEPT;
 .Ve
+.Sp
+Note that the keyword \fIproto\fR is also used as a shorthand version of
+\&\fIprotocol\fR (built\-in match module).  You can fix this conflict by
+always using the long keyword \fIprotocol\fR.
 .IP "\fBpsd\fR" 8
 .IX Item "psd"
 Detect \s-1TCP/UDP\s0 port scans.
diff -ruN ferm-2.0.2/doc/ferm.html ferm-2.0.3/doc/ferm.html
--- ferm-2.0.2/doc/ferm.html	2008-07-26 19:31:02.000000000 +0200
+++ ferm-2.0.3/doc/ferm.html	2008-09-30 19:56:51.000000000 +0200
@@ -1231,6 +1231,11 @@
     mod policy mode tunnel tunnel-dst 192.168.2.1 ACCEPT;
     mod policy strict next reqid 24 spi 0x11 ACCEPT;</pre>
 </dd>
+<dd>
+<p>Note that the keyword <em>proto</em> is also used as a shorthand version of
+<em>protocol</em> (built-in match module).  You can fix this conflict by
+always using the long keyword <em>protocol</em>.</p>
+</dd>
 </li>
 <dt><strong><a name="item_psd"><strong>psd</strong></a></strong>
 
diff -ruN ferm-2.0.2/doc/ferm.pod ferm-2.0.3/doc/ferm.pod
--- ferm-2.0.2/doc/ferm.pod	2008-07-26 19:31:02.000000000 +0200
+++ ferm-2.0.3/doc/ferm.pod	2008-09-30 19:56:51.000000000 +0200
@@ -925,6 +925,10 @@
     mod policy mode tunnel tunnel-dst 192.168.2.1 ACCEPT;
     mod policy strict next reqid 24 spi 0x11 ACCEPT;
 
+Note that the keyword I<proto> is also used as a shorthand version of
+I<protocol> (built-in match module).  You can fix this conflict by
+always using the long keyword I<protocol>.
+
 =item B<psd>
 
 Detect TCP/UDP port scans.
diff -ruN ferm-2.0.2/doc/ferm.txt ferm-2.0.3/doc/ferm.txt
--- ferm-2.0.2/doc/ferm.txt	2008-07-26 19:31:02.000000000 +0200
+++ ferm-2.0.3/doc/ferm.txt	2008-09-30 19:56:51.000000000 +0200
@@ -746,6 +746,10 @@
                 mod policy mode tunnel tunnel-dst 192.168.2.1 ACCEPT;
                 mod policy strict next reqid 24 spi 0x11 ACCEPT;
 
+            Note that the keyword *proto* is also used as a shorthand
+            version of *protocol* (built-in match module). You can fix this
+            conflict by always using the long keyword *protocol*.
+
     psd     Detect TCP/UDP port scans.
 
                 mod psd psd-weight-threshold 21 psd-delay-threshold 300
diff -ruN ferm-2.0.2/doc/import-ferm.1 ferm-2.0.3/doc/import-ferm.1
--- ferm-2.0.2/doc/import-ferm.1	2008-07-26 19:31:02.000000000 +0200
+++ ferm-2.0.3/doc/import-ferm.1	2008-09-30 19:56:51.000000000 +0200
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "IMPORT-FERM 1"
-.TH IMPORT-FERM 1 "2008-07-24" "ferm 2.0.2" "FIREWALL RULES MADE EASY"
+.TH IMPORT-FERM 1 "2008-09-30" "ferm 2.0.3~svn20080930" "FIREWALL RULES MADE EASY"
 .SH "NAME"
 import\-ferm \- import existing firewall rules into ferm
 .SH "SYNOPSIS"
diff -ruN ferm-2.0.2/NEWS ferm-2.0.3/NEWS
--- ferm-2.0.2/NEWS	2008-07-26 19:31:02.000000000 +0200
+++ ferm-2.0.3/NEWS	2008-09-30 19:56:51.000000000 +0200
@@ -7,6 +7,14 @@
     Auke Kok <sofar@foo-projects.org>
 
 
+v2.0.3 - 30 Sep 2008
+  - create chains and subchains even if they are empty
+  - fix includes within a rule ("Missing semicolon...")
+  - fix subchain in include ("Died at [...] line 1493")
+  - "protocol" is an alias for "proto", to fix the keyword conflict with
+    the "policy" module
+
+
 v2.0.2 - 26 Jul 2008
   - allow duplicate specification of "table" and "chain", for better
     1.3.x compatibility.  Support for this will be removed in a later
diff -ruN ferm-2.0.2/src/ferm ferm-2.0.3/src/ferm
--- ferm-2.0.2/src/ferm	2008-07-26 19:31:02.000000000 +0200
+++ ferm-2.0.3/src/ferm	2008-09-30 19:56:51.000000000 +0200
@@ -25,7 +25,7 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
-# $Id: ferm 1270 2008-07-26 17:30:23Z max $
+# $Id: ferm 1283 2008-09-30 17:56:33Z max $
 
 BEGIN {
     eval { require strict; import strict; };
@@ -47,9 +47,9 @@
 use vars qw($DATE $VERSION);
 
 # subversion keyword magic
-$DATE = '$Date: 2008-07-26 19:30:23 +0200 (Sat, 26 Jul 2008) $' =~ m,(\d{4})-(\d\d)-(\d\d), ? $1.$2.$3 : '';
+$DATE = '$Date: 2008-09-30 19:56:33 +0200 (Tue, 30 Sep 2008) $' =~ m,(\d{4})-(\d\d)-(\d\d), ? $1.$2.$3 : '';
 
-$VERSION = '2.0.2';
+$VERSION = '2.0.3';
 #$VERSION .= '~svn' . $DATE;
 
 ## interface variables
@@ -1608,7 +1608,7 @@
                 # consistency check: check if they havn't forgotten
                 # the ';' after the last statement
                 error('Missing semicolon before "}"')
-                  if $rule{has_rule};
+                  if $rule{non_empty};
 
                 # and exit
                 return;
@@ -1658,7 +1658,7 @@
             # definition of a variable or function
             if ($keyword eq '@def' or $keyword eq 'def') {
                 error('"def" must be the first token in a command')
-                  if $rule{has_rule};
+                  if $rule{non_empty};
 
                 my $type = require_next_token();
                 if ($type eq '$') {
@@ -1722,6 +1722,12 @@
                 next;
             }
 
+            # this rule has something which isn't inherited by its
+            # parent closure.  This variable is used in a lot of
+            # syntax checks.
+
+            $rule{non_empty} = 1;
+
             # def references
             if ($keyword eq '$') {
                 error('variable references are only allowed as keyword parameter');
@@ -1803,7 +1809,8 @@
             if ($keyword eq 'chain') {
                 warning('Chain is already specified')
                   if exists $rule{chain};
-                $rule{chain} = $stack[0]{auto}{CHAIN} = getvalues();
+
+                my $chain = $rule{chain} = $stack[0]{auto}{CHAIN} = getvalues();
 
                 # ferm 1.1 allowed lower case built-in chain names
                 foreach (ref $rule{chain} ? @{$rule{chain}} : $rule{chain}) {
@@ -1817,6 +1824,14 @@
                 $rule{table} = 'filter'
                   unless exists $rule{table};
 
+                foreach my $domain (to_array $rule{domain}) {
+                    foreach my $table (to_array $rule{table}) {
+                        foreach my $c (to_array $chain) {
+                            $domains{$domain}{tables}{$table}{chains}{$c} ||= {};
+                        }
+                    }
+                }
+
                 next;
             }
 
@@ -1864,6 +1879,12 @@
                     $subchain = 'ferm_auto_' . ++$auto_chain;
                 }
 
+                foreach my $domain (to_array $rule{domain}) {
+                    foreach my $table (to_array $rule{table}) {
+                        $domains{$domain}{tables}{$table}{chains}{$subchain} ||= {};
+                    }
+                }
+
                 set_target(%rule, 'jump', $subchain);
 
                 error('"{" or chain name expected after "@subchain"')
@@ -1884,12 +1905,13 @@
                 }
 
                 # enter the block
-                enter(1, \%inner);
+                enter($lev + 1, \%inner);
 
                 # now handle the parent - it's a jump to the sub chain
-                $rule{script} = { filename => $script->{filename},
-                                     line => $script->{line},
-                                   };
+                $rule{script} = {
+                    filename => $script->{filename},
+                    line => $script->{line},
+                };
 
                 mkrules(\%rule);
 
@@ -1901,7 +1923,7 @@
 
             # everything else must be part of a "real" rule, not just
             # "policy only"
-            $rule{has_rule}++;
+            $rule{has_rule} = 1;
 
             # extended parameters:
             if ($keyword =~ /^mod(?:ule)?$/) {
@@ -1967,7 +1989,7 @@
             # protocol specific options
             #
 
-            if ($keyword eq 'proto') {
+            if ($keyword eq 'proto' or $keyword eq 'protocol') {
                 my $protocol = parse_keyword(%rule,
                                              { params => 1, negation => 1 },
                                              \$negated);
@@ -2013,7 +2035,7 @@
     # consistency check: check if they havn't forgotten
     # the ';' before the last statement
     error("Missing semicolon before end of file")
-      if exists $rule{domain};
+      if $rule{non_empty};
 }
 
 sub execute_command {
diff -ruN ferm-2.0.2/src/import-ferm ferm-2.0.3/src/import-ferm
--- ferm-2.0.2/src/import-ferm	2008-07-26 19:31:02.000000000 +0200
+++ ferm-2.0.3/src/import-ferm	2008-09-30 19:56:51.000000000 +0200
@@ -28,7 +28,7 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
-# $Id: import-ferm 1263 2008-07-24 06:36:33Z max $
+# $Id: import-ferm 1279 2008-09-30 17:55:09Z max $
 
 use strict;
 
@@ -393,7 +393,7 @@
         my %def = ( params => 1 );
         my $value = parse_def_option($option, %def, $pre_negated, @$tokens);
         $line->{proto} = $value;
-        push @$cur, [ 'proto', $value ];
+        push @$cur, [ 'protocol', $value ];
 
         my $module = netfilter_canonical_protocol($value);
         if (exists $proto_defs{ip}{$module}) {

Attachment: signature.asc
Description: Digital signature


Reply to: