Hello community,
here is the log from the commit of package yast2 for openSUSE:Factory
checked in at Mon Aug 29 14:43:14 CEST 2011.
--------
--- yast2/yast2.changes 2011-08-08 13:25:12.000000000 +0200
+++ /mounts/work_src_done/STABLE/yast2/yast2.changes 2011-08-29
13:06:06.000000000 +0200
@@ -1,0 +2,9 @@
+Fri Aug 26 13:26:32 CEST 2011 - loci...@suse.cz
+
+- Fixed handling of FW_SERVICES_ACCEPT_* in SuSEFirewall modules to
+ understand flags as the fifth parameter (bnc#712670)
+- Fixed SuSEfirewall2 SCR agent to parse the sysconfig file
+ properly (bnc#712670)
+- 2.21.12
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
yast2-2.21.11.tar.bz2
New:
----
yast2-2.21.12.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2.spec ++++++
--- /var/tmp/diff_new_pack.Cez2tp/_old 2011-08-29 14:42:41.000000000 +0200
+++ /var/tmp/diff_new_pack.Cez2tp/_new 2011-08-29 14:42:41.000000000 +0200
@@ -19,11 +19,11 @@
Name: yast2
-Version: 2.21.11
+Version: 2.21.12
Release: 1
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-2.21.11.tar.bz2
+Source0: yast2-2.21.12.tar.bz2
Prefix: /usr
@@ -130,7 +130,7 @@
installation with YaST2.
%prep
-%setup -n yast2-2.21.11
+%setup -n yast2-2.21.12
%build
%{prefix}/bin/y2tool y2autoconf
++++++ yast2-2.21.11.tar.bz2 -> yast2-2.21.12.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-2.21.11/VERSION new/yast2-2.21.12/VERSION
--- old/yast2-2.21.11/VERSION 2011-08-08 13:23:47.000000000 +0200
+++ new/yast2-2.21.12/VERSION 2011-08-29 13:03:19.000000000 +0200
@@ -1 +1 @@
-2.21.11
+2.21.12
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-2.21.11/configure new/yast2-2.21.12/configure
--- old/yast2-2.21.11/configure 2011-08-08 13:24:41.000000000 +0200
+++ new/yast2-2.21.12/configure 2011-08-29 13:03:52.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for yast2 2.21.11.
+# Generated by GNU Autoconf 2.68 for yast2 2.21.12.
#
# Report bugs to <http://bugs.opensuse.org/>.
#
@@ -559,8 +559,8 @@
# Identity of this package.
PACKAGE_NAME='yast2'
PACKAGE_TARNAME='yast2'
-PACKAGE_VERSION='2.21.11'
-PACKAGE_STRING='yast2 2.21.11'
+PACKAGE_VERSION='2.21.12'
+PACKAGE_STRING='yast2 2.21.12'
PACKAGE_BUGREPORT='http://bugs.opensuse.org/'
PACKAGE_URL=''
@@ -1232,7 +1232,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures yast2 2.21.11 to adapt to many kinds of systems.
+\`configure' configures yast2 2.21.12 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1303,7 +1303,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of yast2 2.21.11:";;
+ short | recursive ) echo "Configuration of yast2 2.21.12:";;
esac
cat <<\_ACEOF
@@ -1383,7 +1383,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-yast2 configure 2.21.11
+yast2 configure 2.21.12
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -1400,7 +1400,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by yast2 $as_me 2.21.11, which was
+It was created by yast2 $as_me 2.21.12, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -2330,7 +2330,7 @@
# Define the identity of the package.
PACKAGE='yast2'
- VERSION='2.21.11'
+ VERSION='2.21.12'
cat >>confdefs.h <<_ACEOF
@@ -2452,7 +2452,7 @@
-VERSION="2.21.11"
+VERSION="2.21.12"
RPMNAME="yast2"
MAINTAINER="Jiri Srain <jsr...@suse.cz>"
@@ -3498,7 +3498,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by yast2 $as_me 2.21.11, which was
+This file was extended by yast2 $as_me 2.21.12, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -3551,7 +3551,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-yast2 config.status 2.21.11
+yast2 config.status 2.21.12
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-2.21.11/configure.in
new/yast2-2.21.12/configure.in
--- old/yast2-2.21.11/configure.in 2011-08-08 13:24:39.000000000 +0200
+++ new/yast2-2.21.12/configure.in 2011-08-29 13:03:50.000000000 +0200
@@ -3,7 +3,7 @@
dnl -- This file is generated by y2autoconf 2.18.11 - DO NOT EDIT! --
dnl (edit configure.in.in instead)
-AC_INIT(yast2, 2.21.11, http://bugs.opensuse.org/, yast2)
+AC_INIT(yast2, 2.21.12, http://bugs.opensuse.org/, yast2)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])
@@ -18,7 +18,7 @@
AM_INIT_AUTOMAKE(tar-ustar -Wno-portability)
dnl Important YaST2 variables
-VERSION="2.21.11"
+VERSION="2.21.12"
RPMNAME="yast2"
MAINTAINER="Jiri Srain <jsr...@suse.cz>"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-2.21.11/library/modules/Version.ycp
new/yast2-2.21.12/library/modules/Version.ycp
--- old/yast2-2.21.11/library/modules/Version.ycp 2011-08-08
13:24:45.000000000 +0200
+++ new/yast2-2.21.12/library/modules/Version.ycp 2011-08-29
13:03:57.000000000 +0200
@@ -20,7 +20,7 @@
/**
* Version of the yast2 package
*/
-global string yast2 = "2.21.11";
+global string yast2 = "2.21.12";
/* EOF */
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-2.21.11/library/network/agents/sysconfig_SuSEfirewall2.scr
new/yast2-2.21.12/library/network/agents/sysconfig_SuSEfirewall2.scr
--- old/yast2-2.21.11/library/network/agents/sysconfig_SuSEfirewall2.scr
2010-03-24 08:23:27.000000000 +0100
+++ new/yast2-2.21.12/library/network/agents/sysconfig_SuSEfirewall2.scr
2011-08-26 13:31:12.000000000 +0200
@@ -17,7 +17,7 @@
* // Don't forget to write nil to sync the settings!
* Write(.sysconfig.SuSEfirewall2, nil)
*
- * $Id: sysconfig_SuSEfirewall2.scr 61236 2010-03-10 15:39:50Z mvidner $
+ * $Id: sysconfig_SuSEfirewall2.scr 65400 2011-08-26 11:31:11Z locilka $
*
* Read/Sets the values defined in /etc/sysconfig/SuSEfirewall2
* in an easy manner.
@@ -33,6 +33,12 @@
"comments": [ "^[ \t]*#.*$", "#.*", "^[ \t]*$", ],
"params" : [
$[
+ // with quotes
+ "match" : [ "^[ \t]*([_a-zA-Z0-9]+)[ \t]*=[ \t]*\"(.*)\"[
\t]*$", "%s=\"%s\"" ],
+ // without quotes
+ "match" : [ "^[ \t]*([_a-zA-Z0-9]+)[ \t]*=[ \t]*([^\"]*)[
\t]*$", "%s=\"%s\"" ],
+ ],
+ $[
"match" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*\"([^\"]*)\"",
"%s=\"%s\"" ],
"multiline" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*\"([^\"]*)",
"([^\"]*)\"", ],
],
@@ -41,9 +47,6 @@
"match" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*'([^']*)'",
"%s=\"%s\"" ],
"multiline" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*'([^']*)",
"([^\']*)'", ],
],
- $[
- "match" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*([^\"]*[^ \t\"]|)[
\t]*$", "%s=\"%s\"",],
- ],
],
]
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-2.21.11/library/network/src/SuSEFirewall.ycp
new/yast2-2.21.12/library/network/src/SuSEFirewall.ycp
--- old/yast2-2.21.11/library/network/src/SuSEFirewall.ycp 2011-08-03
10:45:15.000000000 +0200
+++ new/yast2-2.21.12/library/network/src/SuSEFirewall.ycp 2011-08-26
13:31:12.000000000 +0200
@@ -6,7 +6,7 @@
* Summary: Interface manipulation of /etc/sysconfig/SuSEFirewall
* Authors: Lukas Ocilka <loci...@suse.cz>
*
- * $Id: SuSEFirewall.ycp 65120 2011-08-02 07:30:11Z locilka $
+ * $Id: SuSEFirewall.ycp 65400 2011-08-26 11:31:11Z locilka $
*
* Module for handling SuSEfirewall2.
*/
@@ -302,7 +302,8 @@
void ReadSysconfigSuSEFirewall (list<string> variables) {
foreach (string variable, variables, {
string value = (string)
SCR::Read(add(.sysconfig.SuSEfirewall2,variable));
- // if variable is undefined, get default value
+
+ // if value is undefined, get default value
if (value == nil || value == "")
value = GetDefaultValue(variable);
@@ -367,14 +368,14 @@
);
if (! write_status) {
-
Report::Error(Message::CannotWriteSettingsTo("/etc/sysconfig/SuSEFirewall"));
+
Report::Error(Message::CannotWriteSettingsTo("/etc/sysconfig/SuSEFirewall2"));
break;
}
});
write_status = SCR::Write(.sysconfig.SuSEfirewall2, nil);
if (! write_status) {
-
Report::Error(Message::CannotWriteSettingsTo("/etc/sysconfig/SuSEFirewall"));
+
Report::Error(Message::CannotWriteSettingsTo("/etc/sysconfig/SuSEFirewall2"));
}
return write_status;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-2.21.11/library/network/src/SuSEFirewallExpertRules.ycp
new/yast2-2.21.12/library/network/src/SuSEFirewallExpertRules.ycp
--- old/yast2-2.21.11/library/network/src/SuSEFirewallExpertRules.ycp
2011-06-22 17:09:31.000000000 +0200
+++ new/yast2-2.21.12/library/network/src/SuSEFirewallExpertRules.ycp
2011-08-25 15:30:39.000000000 +0200
@@ -187,7 +187,7 @@
//
// FW_SERVICES_ACCEPT_EXT, FW_SERVICES_ACCEPT_INT,
FW_SERVICES_ACCEPT_DMZ
- // Format: space separated list of net,protocol[,dport][,sport]
+ // Format: space separated list of
net,protocol[,dport][,sport][,other-comma-separated-options]
//
list <map <string, string> > rules = maplist (
string one_rule,
@@ -195,11 +195,17 @@
{
// comma separated
list <string> rule_splitted = splitstring(one_rule, ",");
+
+ // additional options after sport (4th entry)
+ integer options_entries_count = size(rule_splitted) - 4;
+
return $[
"network" : rule_splitted[0]:"",
"protocol" : rule_splitted[1]:"",
"dport" : rule_splitted[2]:"",
"sport" : rule_splitted[3]:"",
+ // additional options if defined (offset 4 and more)
+ "options" : (options_entries_count > 0 ?
mergestring(sublist(rule_splitted, 4, options_entries_count), ",") : ""),
];
});
@@ -209,7 +215,8 @@
one_rule["network"]:"" == "" &&
one_rule["protocol"]:"" == "" &&
one_rule["dport"]:"" == "" &&
- one_rule["sport"]:"" == ""
+ one_rule["sport"]:"" == "" &&
+ one_rule["options"]:"" == ""
);
});
@@ -217,6 +224,36 @@
}
/**
+ * Creates a string with one rule definition as described by the given
params.
+ * All the trailing commas are removed
+ *
+ * @param map <string, string> params
+ * @return string rule definition
+ */
+ string CreateRuleFromParams (map <string, string> params) {
+ // Adjusting params (some empty entries are replaced with $everything
value)
+ params = AdjustParameters (params);
+
+ // Creating new record
+ string new_rule = params["network"]:""
+ + "," + params["protocol"]:""
+ + "," + params["dport"]:""
+ + "," + params["sport"]:""
+ + "," + params["options"]:"";
+
+ // Cut out all the trailing commas
+ while (regexpmatch (new_rule, ",\+$")) {
+ new_rule = regexpsub (new_rule, "(.*),\+$", "\\1");
+ }
+
+ if (new_rule == "0/0,all") {
+ y2warning("Created rule '%1' that allows everything from all
networks!", new_rule);
+ }
+
+ return new_rule;
+ }
+
+ /**
* Adds a new accept-rule. Possible keys for parameters are "network",
* "protocol", "dport" and "sport". Needed are "network" and "protocol".
*
@@ -230,7 +267,8 @@
* @example
* AddNewAcceptRule (
* "EXT",
- * $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp",
"sport":"22"]
+ * $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp",
"sport":"22",
+ * "options":"hitcount=3,blockseconds=60,recentname=ssh"]
* ) -> true
*/
global boolean AddNewAcceptRule (string zone, map <string, string> params)
{
@@ -241,7 +279,7 @@
y2error("Unknown firewall zone: %1", zone);
return nil;
}
-
+
// Get all current rules
string current_rules = SuSEFirewall::GetAcceptExpertRules(zone);
if (current_rules == nil) {
@@ -249,28 +287,10 @@
return false;
}
- // Adjusting params
- params = AdjustParameters(params);
-
- // Creating new record
- string new_rule = params["network"]:"" + "," + params["protocol"]:"";
-
- // either 'dport' or 'sport'
- if (params["dport"]:"" != "" || params["sport"]:"" != "") {
- // 'dport' can be empty even if 'sport' is set
- new_rule = new_rule + "," + params["dport"]:"";
-
- if (params["sport"]:"" != "") {
- new_rule = new_rule + "," + params["sport"]:"";
- }
- }
+ string new_rule = CreateRuleFromParams (params);
- if (new_rule == "0/0,all") {
- y2warning("Adding rule '%1' that allows everything from all
networks!", new_rule);
- }
-
current_rules = current_rules + (size(current_rules) > 0 ? " ":"") +
new_rule;
-
+
return SuSEFirewall::SetAcceptExpertRules(zone, current_rules);
}
@@ -305,10 +325,10 @@
return false;
}
+ integer current_rules_number = size (current_rules);
+
// Creating record to be removed
- string remove_rule = params["network"]:"" + "," + params["protocol"]:"";
- if (params["dport"]:"" != "") remove_rule = remove_rule + "," +
params["dport"]:"";
- if (params["sport"]:"" != "") remove_rule = remove_rule + "," +
params["sport"]:"";
+ string remove_rule = CreateRuleFromParams (params);
// Filtering out the record
list <string> current_rules_list = splitstring (current_rules, " \n");
@@ -316,8 +336,10 @@
return (one_rule != remove_rule && one_rule != "" && one_rule !=
",");
});
current_rules = mergestring (current_rules_list, " ");
-
- return SuSEFirewall::SetAcceptExpertRules(zone, current_rules);
+
+ SuSEFirewall::SetAcceptExpertRules (zone, current_rules);
+
+ return (size(SuSEFirewall::GetAcceptExpertRules(zone)) <
current_rules_number);
}
/**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-2.21.11/library/network/testsuite/tests/SuSEFirewallExpertRules.out
new/yast2-2.21.12/library/network/testsuite/tests/SuSEFirewallExpertRules.out
---
old/yast2-2.21.11/library/network/testsuite/tests/SuSEFirewallExpertRules.out
2011-06-22 17:09:31.000000000 +0200
+++
new/yast2-2.21.12/library/network/testsuite/tests/SuSEFirewallExpertRules.out
2011-08-25 15:08:05.000000000 +0200
@@ -13,4 +13,22 @@
Return false
Return false
Return false
+Dump Testing adding/reading expert rules
+Return []
+Return true
+Return [$["dport":"", "network":"192.168.0.1/255.255.240.0",
"options":"hitcount=3,blockseconds=60,recentname=ssh", "protocol":"tcp",
"sport":"22"]]
+Return true
+Return [$["dport":"", "network":"192.168.0.1/255.255.240.0",
"options":"hitcount=3,blockseconds=60,recentname=ssh", "protocol":"tcp",
"sport":"22"], $["dport":"", "network":"192.168.0.1/255.255.240.0",
"options":"whatever=1", "protocol":"tcp", "sport":""]]
+Return true
+Return [$["dport":"", "network":"192.168.0.1/255.255.240.0",
"options":"whatever=1", "protocol":"tcp", "sport":""]]
+Dump Cannot remove rule that doesn't exist
+Return false
+Return [$["dport":"", "network":"192.168.0.1/255.255.240.0",
"options":"whatever=1", "protocol":"tcp", "sport":""]]
+Return true
+Return []
+Dump Adding special rule allowed 'from all networks'
+Return true
+Return [$["dport":"", "network":"0/0", "options":"", "protocol":"udp",
"sport":"888"]]
+Return true
+Return [$["dport":"", "network":"0/0", "options":"", "protocol":"udp",
"sport":"888"], $["dport":"", "network":"0.0.0.0/0", "options":"",
"protocol":"tcp", "sport":"999"]]
Dump == Done ==
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-2.21.11/library/network/testsuite/tests/SuSEFirewallExpertRules.ycp
new/yast2-2.21.12/library/network/testsuite/tests/SuSEFirewallExpertRules.ycp
---
old/yast2-2.21.11/library/network/testsuite/tests/SuSEFirewallExpertRules.ycp
2011-06-22 17:09:31.000000000 +0200
+++
new/yast2-2.21.12/library/network/testsuite/tests/SuSEFirewallExpertRules.ycp
2011-08-25 15:08:01.000000000 +0200
@@ -27,5 +27,46 @@
TEST(``(SuSEFirewallExpertRules::IsValidNetwork (check_this)), [], nil);
});
+ DUMP("Testing adding/reading expert rules");
+ // Rules are empty at the beginning
+ TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil);
+
+ TEST(``(SuSEFirewallExpertRules::AddNewAcceptRule("EXT",
+ $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22",
+ "options":"hitcount=3,blockseconds=60,recentname=ssh"])
+ ), [], nil);
+ TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil);
+
+ TEST(``(SuSEFirewallExpertRules::AddNewAcceptRule("EXT",
+ $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp",
"options":"whatever=1"])
+ ), [], nil);
+ TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil);
+
+ // Deleting by rule ID (offset in list)
+ TEST(``(SuSEFirewallExpertRules::DeleteRuleID("EXT", 0)), [], nil);
+ TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil);
+
+ DUMP("Cannot remove rule that doesn't exist");
+ TEST(``(SuSEFirewallExpertRules::RemoveAcceptRule("EXT",
+ $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp"])
+ ), [], nil);
+ TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil);
+
+ // Now "options" match too
+ TEST(``(SuSEFirewallExpertRules::RemoveAcceptRule("EXT",
+ $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp",
"options":"whatever=1"])
+ ), [], nil);
+ TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil);
+
+ DUMP("Adding special rule allowed 'from all networks'");
+ TEST(``(SuSEFirewallExpertRules::AddNewAcceptRule("EXT",
+ $["protocol":"UDP", "sport":"888"])), [], nil);
+ TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil);
+
+ // Special all-IPv4-networks-(only) rule
+ TEST(``(SuSEFirewallExpertRules::AddNewAcceptRule("EXT",
+ $["protocol":"TCP", "sport":"999", "network":"0.0.0.0/0"])), [], nil);
+ TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil);
+
DUMP("== Done ==");
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
