Hello community, here is the log from the commit of package yast2 for openSUSE:Factory checked in at Mon Aug 29 14:43:14 CEST 2011.
-------- --- yast2/yast2.changes 2011-08-08 13:25:12.000000000 +0200 +++ /mounts/work_src_done/STABLE/yast2/yast2.changes 2011-08-29 13:06:06.000000000 +0200 @@ -1,0 +2,9 @@ +Fri Aug 26 13:26:32 CEST 2011 - loci...@suse.cz + +- Fixed handling of FW_SERVICES_ACCEPT_* in SuSEFirewall modules to + understand flags as the fifth parameter (bnc#712670) +- Fixed SuSEfirewall2 SCR agent to parse the sysconfig file + properly (bnc#712670) +- 2.21.12 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- yast2-2.21.11.tar.bz2 New: ---- yast2-2.21.12.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2.spec ++++++ --- /var/tmp/diff_new_pack.Cez2tp/_old 2011-08-29 14:42:41.000000000 +0200 +++ /var/tmp/diff_new_pack.Cez2tp/_new 2011-08-29 14:42:41.000000000 +0200 @@ -19,11 +19,11 @@ Name: yast2 -Version: 2.21.11 +Version: 2.21.12 Release: 1 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: yast2-2.21.11.tar.bz2 +Source0: yast2-2.21.12.tar.bz2 Prefix: /usr @@ -130,7 +130,7 @@ installation with YaST2. %prep -%setup -n yast2-2.21.11 +%setup -n yast2-2.21.12 %build %{prefix}/bin/y2tool y2autoconf ++++++ yast2-2.21.11.tar.bz2 -> yast2-2.21.12.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/VERSION new/yast2-2.21.12/VERSION --- old/yast2-2.21.11/VERSION 2011-08-08 13:23:47.000000000 +0200 +++ new/yast2-2.21.12/VERSION 2011-08-29 13:03:19.000000000 +0200 @@ -1 +1 @@ -2.21.11 +2.21.12 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/configure new/yast2-2.21.12/configure --- old/yast2-2.21.11/configure 2011-08-08 13:24:41.000000000 +0200 +++ new/yast2-2.21.12/configure 2011-08-29 13:03:52.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for yast2 2.21.11. +# Generated by GNU Autoconf 2.68 for yast2 2.21.12. # # Report bugs to <http://bugs.opensuse.org/>. # @@ -559,8 +559,8 @@ # Identity of this package. PACKAGE_NAME='yast2' PACKAGE_TARNAME='yast2' -PACKAGE_VERSION='2.21.11' -PACKAGE_STRING='yast2 2.21.11' +PACKAGE_VERSION='2.21.12' +PACKAGE_STRING='yast2 2.21.12' PACKAGE_BUGREPORT='http://bugs.opensuse.org/' PACKAGE_URL='' @@ -1232,7 +1232,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures yast2 2.21.11 to adapt to many kinds of systems. +\`configure' configures yast2 2.21.12 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1303,7 +1303,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of yast2 2.21.11:";; + short | recursive ) echo "Configuration of yast2 2.21.12:";; esac cat <<\_ACEOF @@ -1383,7 +1383,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -yast2 configure 2.21.11 +yast2 configure 2.21.12 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1400,7 +1400,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by yast2 $as_me 2.21.11, which was +It was created by yast2 $as_me 2.21.12, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2330,7 +2330,7 @@ # Define the identity of the package. PACKAGE='yast2' - VERSION='2.21.11' + VERSION='2.21.12' cat >>confdefs.h <<_ACEOF @@ -2452,7 +2452,7 @@ -VERSION="2.21.11" +VERSION="2.21.12" RPMNAME="yast2" MAINTAINER="Jiri Srain <jsr...@suse.cz>" @@ -3498,7 +3498,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by yast2 $as_me 2.21.11, which was +This file was extended by yast2 $as_me 2.21.12, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -3551,7 +3551,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -yast2 config.status 2.21.11 +yast2 config.status 2.21.12 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/configure.in new/yast2-2.21.12/configure.in --- old/yast2-2.21.11/configure.in 2011-08-08 13:24:39.000000000 +0200 +++ new/yast2-2.21.12/configure.in 2011-08-29 13:03:50.000000000 +0200 @@ -3,7 +3,7 @@ dnl -- This file is generated by y2autoconf 2.18.11 - DO NOT EDIT! -- dnl (edit configure.in.in instead) -AC_INIT(yast2, 2.21.11, http://bugs.opensuse.org/, yast2) +AC_INIT(yast2, 2.21.12, http://bugs.opensuse.org/, yast2) dnl Check for presence of file 'RPMNAME' AC_CONFIG_SRCDIR([RPMNAME]) @@ -18,7 +18,7 @@ AM_INIT_AUTOMAKE(tar-ustar -Wno-portability) dnl Important YaST2 variables -VERSION="2.21.11" +VERSION="2.21.12" RPMNAME="yast2" MAINTAINER="Jiri Srain <jsr...@suse.cz>" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/library/modules/Version.ycp new/yast2-2.21.12/library/modules/Version.ycp --- old/yast2-2.21.11/library/modules/Version.ycp 2011-08-08 13:24:45.000000000 +0200 +++ new/yast2-2.21.12/library/modules/Version.ycp 2011-08-29 13:03:57.000000000 +0200 @@ -20,7 +20,7 @@ /** * Version of the yast2 package */ -global string yast2 = "2.21.11"; +global string yast2 = "2.21.12"; /* EOF */ } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/library/network/agents/sysconfig_SuSEfirewall2.scr new/yast2-2.21.12/library/network/agents/sysconfig_SuSEfirewall2.scr --- old/yast2-2.21.11/library/network/agents/sysconfig_SuSEfirewall2.scr 2010-03-24 08:23:27.000000000 +0100 +++ new/yast2-2.21.12/library/network/agents/sysconfig_SuSEfirewall2.scr 2011-08-26 13:31:12.000000000 +0200 @@ -17,7 +17,7 @@ * // Don't forget to write nil to sync the settings! * Write(.sysconfig.SuSEfirewall2, nil) * - * $Id: sysconfig_SuSEfirewall2.scr 61236 2010-03-10 15:39:50Z mvidner $ + * $Id: sysconfig_SuSEfirewall2.scr 65400 2011-08-26 11:31:11Z locilka $ * * Read/Sets the values defined in /etc/sysconfig/SuSEfirewall2 * in an easy manner. @@ -33,6 +33,12 @@ "comments": [ "^[ \t]*#.*$", "#.*", "^[ \t]*$", ], "params" : [ $[ + // with quotes + "match" : [ "^[ \t]*([_a-zA-Z0-9]+)[ \t]*=[ \t]*\"(.*)\"[ \t]*$", "%s=\"%s\"" ], + // without quotes + "match" : [ "^[ \t]*([_a-zA-Z0-9]+)[ \t]*=[ \t]*([^\"]*)[ \t]*$", "%s=\"%s\"" ], + ], + $[ "match" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*\"([^\"]*)\"", "%s=\"%s\"" ], "multiline" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*\"([^\"]*)", "([^\"]*)\"", ], ], @@ -41,9 +47,6 @@ "match" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*'([^']*)'", "%s=\"%s\"" ], "multiline" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*'([^']*)", "([^\']*)'", ], ], - $[ - "match" : [ "([a-zA-Z0-9_]+)[ \t]*=[ \t]*([^\"]*[^ \t\"]|)[ \t]*$", "%s=\"%s\"",], - ], ], ] ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/library/network/src/SuSEFirewall.ycp new/yast2-2.21.12/library/network/src/SuSEFirewall.ycp --- old/yast2-2.21.11/library/network/src/SuSEFirewall.ycp 2011-08-03 10:45:15.000000000 +0200 +++ new/yast2-2.21.12/library/network/src/SuSEFirewall.ycp 2011-08-26 13:31:12.000000000 +0200 @@ -6,7 +6,7 @@ * Summary: Interface manipulation of /etc/sysconfig/SuSEFirewall * Authors: Lukas Ocilka <loci...@suse.cz> * - * $Id: SuSEFirewall.ycp 65120 2011-08-02 07:30:11Z locilka $ + * $Id: SuSEFirewall.ycp 65400 2011-08-26 11:31:11Z locilka $ * * Module for handling SuSEfirewall2. */ @@ -302,7 +302,8 @@ void ReadSysconfigSuSEFirewall (list<string> variables) { foreach (string variable, variables, { string value = (string) SCR::Read(add(.sysconfig.SuSEfirewall2,variable)); - // if variable is undefined, get default value + + // if value is undefined, get default value if (value == nil || value == "") value = GetDefaultValue(variable); @@ -367,14 +368,14 @@ ); if (! write_status) { - Report::Error(Message::CannotWriteSettingsTo("/etc/sysconfig/SuSEFirewall")); + Report::Error(Message::CannotWriteSettingsTo("/etc/sysconfig/SuSEFirewall2")); break; } }); write_status = SCR::Write(.sysconfig.SuSEfirewall2, nil); if (! write_status) { - Report::Error(Message::CannotWriteSettingsTo("/etc/sysconfig/SuSEFirewall")); + Report::Error(Message::CannotWriteSettingsTo("/etc/sysconfig/SuSEFirewall2")); } return write_status; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/library/network/src/SuSEFirewallExpertRules.ycp new/yast2-2.21.12/library/network/src/SuSEFirewallExpertRules.ycp --- old/yast2-2.21.11/library/network/src/SuSEFirewallExpertRules.ycp 2011-06-22 17:09:31.000000000 +0200 +++ new/yast2-2.21.12/library/network/src/SuSEFirewallExpertRules.ycp 2011-08-25 15:30:39.000000000 +0200 @@ -187,7 +187,7 @@ // // FW_SERVICES_ACCEPT_EXT, FW_SERVICES_ACCEPT_INT, FW_SERVICES_ACCEPT_DMZ - // Format: space separated list of net,protocol[,dport][,sport] + // Format: space separated list of net,protocol[,dport][,sport][,other-comma-separated-options] // list <map <string, string> > rules = maplist ( string one_rule, @@ -195,11 +195,17 @@ { // comma separated list <string> rule_splitted = splitstring(one_rule, ","); + + // additional options after sport (4th entry) + integer options_entries_count = size(rule_splitted) - 4; + return $[ "network" : rule_splitted[0]:"", "protocol" : rule_splitted[1]:"", "dport" : rule_splitted[2]:"", "sport" : rule_splitted[3]:"", + // additional options if defined (offset 4 and more) + "options" : (options_entries_count > 0 ? mergestring(sublist(rule_splitted, 4, options_entries_count), ",") : ""), ]; }); @@ -209,7 +215,8 @@ one_rule["network"]:"" == "" && one_rule["protocol"]:"" == "" && one_rule["dport"]:"" == "" && - one_rule["sport"]:"" == "" + one_rule["sport"]:"" == "" && + one_rule["options"]:"" == "" ); }); @@ -217,6 +224,36 @@ } /** + * Creates a string with one rule definition as described by the given params. + * All the trailing commas are removed + * + * @param map <string, string> params + * @return string rule definition + */ + string CreateRuleFromParams (map <string, string> params) { + // Adjusting params (some empty entries are replaced with $everything value) + params = AdjustParameters (params); + + // Creating new record + string new_rule = params["network"]:"" + + "," + params["protocol"]:"" + + "," + params["dport"]:"" + + "," + params["sport"]:"" + + "," + params["options"]:""; + + // Cut out all the trailing commas + while (regexpmatch (new_rule, ",\+$")) { + new_rule = regexpsub (new_rule, "(.*),\+$", "\\1"); + } + + if (new_rule == "0/0,all") { + y2warning("Created rule '%1' that allows everything from all networks!", new_rule); + } + + return new_rule; + } + + /** * Adds a new accept-rule. Possible keys for parameters are "network", * "protocol", "dport" and "sport". Needed are "network" and "protocol". * @@ -230,7 +267,8 @@ * @example * AddNewAcceptRule ( * "EXT", - * $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"] + * $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22", + * "options":"hitcount=3,blockseconds=60,recentname=ssh"] * ) -> true */ global boolean AddNewAcceptRule (string zone, map <string, string> params) { @@ -241,7 +279,7 @@ y2error("Unknown firewall zone: %1", zone); return nil; } - + // Get all current rules string current_rules = SuSEFirewall::GetAcceptExpertRules(zone); if (current_rules == nil) { @@ -249,28 +287,10 @@ return false; } - // Adjusting params - params = AdjustParameters(params); - - // Creating new record - string new_rule = params["network"]:"" + "," + params["protocol"]:""; - - // either 'dport' or 'sport' - if (params["dport"]:"" != "" || params["sport"]:"" != "") { - // 'dport' can be empty even if 'sport' is set - new_rule = new_rule + "," + params["dport"]:""; - - if (params["sport"]:"" != "") { - new_rule = new_rule + "," + params["sport"]:""; - } - } + string new_rule = CreateRuleFromParams (params); - if (new_rule == "0/0,all") { - y2warning("Adding rule '%1' that allows everything from all networks!", new_rule); - } - current_rules = current_rules + (size(current_rules) > 0 ? " ":"") + new_rule; - + return SuSEFirewall::SetAcceptExpertRules(zone, current_rules); } @@ -305,10 +325,10 @@ return false; } + integer current_rules_number = size (current_rules); + // Creating record to be removed - string remove_rule = params["network"]:"" + "," + params["protocol"]:""; - if (params["dport"]:"" != "") remove_rule = remove_rule + "," + params["dport"]:""; - if (params["sport"]:"" != "") remove_rule = remove_rule + "," + params["sport"]:""; + string remove_rule = CreateRuleFromParams (params); // Filtering out the record list <string> current_rules_list = splitstring (current_rules, " \n"); @@ -316,8 +336,10 @@ return (one_rule != remove_rule && one_rule != "" && one_rule != ","); }); current_rules = mergestring (current_rules_list, " "); - - return SuSEFirewall::SetAcceptExpertRules(zone, current_rules); + + SuSEFirewall::SetAcceptExpertRules (zone, current_rules); + + return (size(SuSEFirewall::GetAcceptExpertRules(zone)) < current_rules_number); } /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/library/network/testsuite/tests/SuSEFirewallExpertRules.out new/yast2-2.21.12/library/network/testsuite/tests/SuSEFirewallExpertRules.out --- old/yast2-2.21.11/library/network/testsuite/tests/SuSEFirewallExpertRules.out 2011-06-22 17:09:31.000000000 +0200 +++ new/yast2-2.21.12/library/network/testsuite/tests/SuSEFirewallExpertRules.out 2011-08-25 15:08:05.000000000 +0200 @@ -13,4 +13,22 @@ Return false Return false Return false +Dump Testing adding/reading expert rules +Return [] +Return true +Return [$["dport":"", "network":"192.168.0.1/255.255.240.0", "options":"hitcount=3,blockseconds=60,recentname=ssh", "protocol":"tcp", "sport":"22"]] +Return true +Return [$["dport":"", "network":"192.168.0.1/255.255.240.0", "options":"hitcount=3,blockseconds=60,recentname=ssh", "protocol":"tcp", "sport":"22"], $["dport":"", "network":"192.168.0.1/255.255.240.0", "options":"whatever=1", "protocol":"tcp", "sport":""]] +Return true +Return [$["dport":"", "network":"192.168.0.1/255.255.240.0", "options":"whatever=1", "protocol":"tcp", "sport":""]] +Dump Cannot remove rule that doesn't exist +Return false +Return [$["dport":"", "network":"192.168.0.1/255.255.240.0", "options":"whatever=1", "protocol":"tcp", "sport":""]] +Return true +Return [] +Dump Adding special rule allowed 'from all networks' +Return true +Return [$["dport":"", "network":"0/0", "options":"", "protocol":"udp", "sport":"888"]] +Return true +Return [$["dport":"", "network":"0/0", "options":"", "protocol":"udp", "sport":"888"], $["dport":"", "network":"0.0.0.0/0", "options":"", "protocol":"tcp", "sport":"999"]] Dump == Done == diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-2.21.11/library/network/testsuite/tests/SuSEFirewallExpertRules.ycp new/yast2-2.21.12/library/network/testsuite/tests/SuSEFirewallExpertRules.ycp --- old/yast2-2.21.11/library/network/testsuite/tests/SuSEFirewallExpertRules.ycp 2011-06-22 17:09:31.000000000 +0200 +++ new/yast2-2.21.12/library/network/testsuite/tests/SuSEFirewallExpertRules.ycp 2011-08-25 15:08:01.000000000 +0200 @@ -27,5 +27,46 @@ TEST(``(SuSEFirewallExpertRules::IsValidNetwork (check_this)), [], nil); }); + DUMP("Testing adding/reading expert rules"); + // Rules are empty at the beginning + TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil); + + TEST(``(SuSEFirewallExpertRules::AddNewAcceptRule("EXT", + $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22", + "options":"hitcount=3,blockseconds=60,recentname=ssh"]) + ), [], nil); + TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil); + + TEST(``(SuSEFirewallExpertRules::AddNewAcceptRule("EXT", + $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "options":"whatever=1"]) + ), [], nil); + TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil); + + // Deleting by rule ID (offset in list) + TEST(``(SuSEFirewallExpertRules::DeleteRuleID("EXT", 0)), [], nil); + TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil); + + DUMP("Cannot remove rule that doesn't exist"); + TEST(``(SuSEFirewallExpertRules::RemoveAcceptRule("EXT", + $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp"]) + ), [], nil); + TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil); + + // Now "options" match too + TEST(``(SuSEFirewallExpertRules::RemoveAcceptRule("EXT", + $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "options":"whatever=1"]) + ), [], nil); + TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil); + + DUMP("Adding special rule allowed 'from all networks'"); + TEST(``(SuSEFirewallExpertRules::AddNewAcceptRule("EXT", + $["protocol":"UDP", "sport":"888"])), [], nil); + TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil); + + // Special all-IPv4-networks-(only) rule + TEST(``(SuSEFirewallExpertRules::AddNewAcceptRule("EXT", + $["protocol":"TCP", "sport":"999", "network":"0.0.0.0/0"])), [], nil); + TEST(``(SuSEFirewallExpertRules::GetListOfAcceptRules("EXT")), [], nil); + DUMP("== Done =="); } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org