[Pkg-gpe-maintainers] Ubuntu (new upstream) gpe-shield 0.31-4ubuntu1
Ubuntu Merge-o-Matic
mom at ubuntu.com
Fri Mar 26 22:11:56 UTC 2010
This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes. It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.8
Date: Fri, 26 Mar 2010 14:20:58 -0400
Source: gpe-shield
Binary: gpe-shield
Architecture: source
Version: 0.31-4ubuntu1
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andrew Starr-Bochicchio <a.starr.b at gmail.com>
Description:
gpe-shield - firewall configuration for GPE
Changes:
gpe-shield (0.31-4ubuntu1) lucid; urgency=low
.
* Merge from debian testing. Remaining changes:
- debian/patches/040-open-mode.patch:
open() needs mode if O_CREAT in backend.c to be built
in GCC 4.4
.
gpe-shield (0.31-4) unstable; urgency=low
.
* Add missing stop to init.d script (lintian)
* point copyright at versioned GPL-2 instead of symlink.
* Add VCS fields for pkg-gpe. Update standards version.
* Migrate to source format 3.0 (quilt) and replace gpe-shield init
with patch to upstream init file.
* Add to gpe-shield init to load /usr/bin (lintian warning)
Checksums-Sha1:
3f85a1889705513906a30ba66772291553d02b57 1480 gpe-shield_0.31-4ubuntu1.dsc
52a34811aed2fd826865ea44710a91a3954895bc 10869 gpe-shield_0.31-4ubuntu1.debian.tar.gz
Checksums-Sha256:
5c2e11f6d2c957535ba8c129740f69eb23e7f4dad301dc6b38ea5c3d93c32529 1480 gpe-shield_0.31-4ubuntu1.dsc
de3315c75d5c58a5acdbb40633d535d4c4b46caf5cf76400f0dd0e4c5621723f 10869 gpe-shield_0.31-4ubuntu1.debian.tar.gz
Files:
0a1051f5fb4760b18c27f51fbfbe4deb 1480 utils optional gpe-shield_0.31-4ubuntu1.dsc
a0723ebe58f284648c4be6835e2dbf54 10869 utils optional gpe-shield_0.31-4ubuntu1.debian.tar.gz
Original-Maintainer: Neil Williams <codehelp at debian.org>
-------------- next part --------------
diff -pruN 0.31-4/backend.c 0.31-4ubuntu1/backend.c
--- 0.31-4/backend.c 2004-06-11 14:43:15.000000000 +0100
+++ 0.31-4ubuntu1/backend.c 2010-03-26 21:39:27.000000000 +0000
@@ -403,7 +403,7 @@ do_change_cfg_load(gboolean doit)
int fh;
if (doit)
{
- if ((fh = open(LOADRULES_MARK,O_CREAT | O_RDWR | O_TRUNC)) < 0)
+ if ((fh = open(LOADRULES_MARK,O_CREAT | O_RDWR | O_TRUNC, S_IRUSR|S_IWUSR)) < 0)
perror("Cannot save setting.");
else
close(fh);
diff -pruN 0.31-4/debian/changelog 0.31-4ubuntu1/debian/changelog
--- 0.31-4/debian/changelog 2010-03-14 09:41:03.000000000 +0000
+++ 0.31-4ubuntu1/debian/changelog 2010-03-26 18:21:07.000000000 +0000
@@ -1,3 +1,12 @@
+gpe-shield (0.31-4ubuntu1) lucid; urgency=low
+
+ * Merge from debian testing. Remaining changes:
+ - debian/patches/040-open-mode.patch:
+ open() needs mode if O_CREAT in backend.c to be built
+ in GCC 4.4
+
+ -- Andrew Starr-Bochicchio <a.starr.b at gmail.com> Fri, 26 Mar 2010 14:20:58 -0400
+
gpe-shield (0.31-4) unstable; urgency=low
* Add missing stop to init.d script (lintian)
@@ -9,6 +18,25 @@ gpe-shield (0.31-4) unstable; urgency=lo
-- Neil Williams <codehelp at debian.org> Sun, 14 Mar 2010 09:41:03 +0000
+gpe-shield (0.31-3ubuntu2) lucid; urgency=low
+
+ * Really apply patch by Alfonso Cepeda.
+ - debian/patches/040-open-mode.patch:
+ open() needs mode if O_CREAT in backend.c to be build
+ in GCC 4.4 (LP: #495448)
+
+ -- Andrew Starr-Bochicchio <a.starr.b at gmail.com> Fri, 11 Dec 2009 23:55:28 -0500
+
+gpe-shield (0.31-3ubuntu1) lucid; urgency=low
+
+ * [FTBFS] open() needs mode if O_CREAT in backend.c to be build
+ in GCC 4.4 (LP: #495448)
+
+ [Chuck Short]
+ * Update maintainer according to spec.
+
+ -- Alfonso Cepeda Caballos <cepeda at gmail.com> Fri, 11 Dec 2009 12:06:18 +0000
+
gpe-shield (0.31-3) unstable; urgency=low
* wrong iptables location in init script - break install and removal
diff -pruN 0.31-4/debian/control 0.31-4ubuntu1/debian/control
--- 0.31-4/debian/control 2010-03-14 09:44:53.000000000 +0000
+++ 0.31-4ubuntu1/debian/control 2010-03-25 06:22:16.000000000 +0000
@@ -1,7 +1,8 @@
Source: gpe-shield
Section: utils
Priority: optional
-Maintainer: Neil Williams <codehelp at debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Neil Williams <codehelp at debian.org>
Uploaders: Debian GPE team <pkg-gpe-maintainers at lists.alioth.debian.org>, Moray Allan <moray at debian.org>,
Phil Blundell <pb at debian.org>, Philippe De Swert <philippedeswert at scarlet.be>
Build-Depends: cdbs, debhelper (>= 5), libgpewidget-dev, libgtk2.0-dev,
diff -pruN 0.31-4/debian/patches/040-open-mode.patch 0.31-4ubuntu1/debian/patches/040-open-mode.patch
--- 0.31-4/debian/patches/040-open-mode.patch 1970-01-01 01:00:00.000000000 +0100
+++ 0.31-4ubuntu1/debian/patches/040-open-mode.patch 2010-03-25 06:22:15.000000000 +0000
@@ -0,0 +1,12 @@
+diff -Nur -x '*.orig' -x '*~' gpe-shield-0.31/backend.c gpe-shield-0.31.new/backend.c
+--- gpe-shield-0.31/backend.c 2004-06-11 13:43:15.000000000 +0000
++++ gpe-shield-0.31.new/backend.c 2009-12-11 12:04:27.000000000 +0000
+@@ -403,7 +403,7 @@
+ int fh;
+ if (doit)
+ {
+- if ((fh = open(LOADRULES_MARK,O_CREAT | O_RDWR | O_TRUNC)) < 0)
++ if ((fh = open(LOADRULES_MARK,O_CREAT | O_RDWR | O_TRUNC, S_IRUSR|S_IWUSR)) < 0)
+ perror("Cannot save setting.");
+ else
+ close(fh);
diff -pruN 0.31-4/debian/patches/series 0.31-4ubuntu1/debian/patches/series
--- 0.31-4/debian/patches/series 2009-12-12 07:08:40.000000000 +0000
+++ 0.31-4ubuntu1/debian/patches/series 2010-03-26 18:19:41.000000000 +0000
@@ -1,4 +1,5 @@
Makefile
desktop-validity
ipshield-init
+040-open-mode.patch
diff -pruN 0.31-4/.pc/040-open-mode.patch/backend.c 0.31-4ubuntu1/.pc/040-open-mode.patch/backend.c
--- 0.31-4/.pc/040-open-mode.patch/backend.c 1970-01-01 01:00:00.000000000 +0100
+++ 0.31-4ubuntu1/.pc/040-open-mode.patch/backend.c 2004-06-11 14:43:15.000000000 +0100
@@ -0,0 +1,476 @@
+/*
+ * gpe-shield
+ *
+ * Copyright (C) 2004 kernel concepts
+ * Florian Boor <florian.boor at kernelconcepts.de>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * GPE desktop firewall.
+ * Module: iptables backend
+ *
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <poll.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <gdk/gdk.h>
+
+#include "backend.h"
+#include "main.h"
+
+/* module global variables */
+
+static int sock = -1;
+
+/* local rule repository */
+static rule_t *rule_info = NULL;
+static int rule_count = 0;
+
+#define CONFIGFILE "/etc/access.conf"
+#define DEFAULT_INTERFACE "! lo"
+
+#ifdef MACH_IPAQ
+#define IPTABLES_CMD "/usr/sbin/iptables"
+#else
+#define IPTABLES_CMD "/sbin/iptables"
+#endif
+
+/* forwared definitions */
+
+static void do_command (pkcommand_t command, rule_t rule);
+static int wait_message ();
+static void send_message (pkcontent_t ctype, rule_t *rule);
+
+
+/* iptables control routines */
+
+void
+translate_name(char *name, int set)
+{
+ char* ptr = name;
+ if (set)
+ while ((ptr = strstr(ptr," ")))
+ ptr[0] = '%';
+ else
+ while ((ptr = strstr(ptr,"%")))
+ ptr[0] = ' ';
+}
+
+int
+do_save_rules(void)
+{
+ FILE *cfgfile;
+ int i;
+
+ cfgfile = fopen(CONFIGFILE,"w");
+ if (!cfgfile)
+ return -1;
+
+ for (i=0;i<rule_count;i++)
+ {
+ translate_name(rule_info[i].name,1);
+ fprintf(cfgfile,"%s %d %d %d %d %d %d %d %d\n",
+ rule_info[i].name,
+ rule_info[i].status,
+ rule_info[i].target,
+ rule_info[i].protocol,
+ rule_info[i].chain,
+ rule_info[i].d_port,
+ rule_info[i].s_port,
+ rule_info[i].state,
+ rule_info[i].is_policy);
+ }
+ fclose(cfgfile);
+ return 0;
+}
+
+
+int
+do_load_rules(void)
+{
+ FILE *cfgfile;
+ int ret = 0;
+ rule_t arule;
+
+ cfgfile = fopen(CONFIGFILE,"r");
+ if (!cfgfile)
+ return -1;
+ while (ret != EOF)
+ {
+ ret = fscanf(cfgfile,"%254s %d %d %d %d %d %d %d %d\n",
+ (char*)arule.name,
+ &arule.status,
+ (int*)&arule.target,
+ (int*)&arule.protocol,
+ (int*)&arule.chain,
+ &arule.d_port,
+ &arule.s_port,
+ &arule.state,
+ &arule.is_policy);
+ if (ret == 9)
+ {
+ rule_count++;
+ rule_info = realloc(rule_info,rule_count*sizeof(rule_t));
+ memset(&rule_info[rule_count-1],0,sizeof(rule_t));
+ translate_name(arule.name,0);
+ rule_info[rule_count - 1] = arule;
+ send_message(PK_RULE,&rule_info[rule_count-1]);
+ }
+ }
+ fclose(cfgfile);
+ return 0;
+}
+
+
+void
+do_clear(void)
+{
+ system(IPTABLES_CMD " --flush");
+ g_free(rule_info);
+ rule_info = NULL;
+ rule_count = 0;
+}
+
+
+void
+do_rules_apply()
+{
+ gchar *cmd, *portspec, *states, *tmp;
+ const gchar *dir;
+ const gchar *prot;
+ const gchar *target;
+ int i;
+
+ system(IPTABLES_CMD " --flush"); /* cleans all existing iptables settings */
+
+ for (i=0;i<rule_count;i++)
+ {
+ if (rule_info[i].status) /* is rule active? */
+ {
+ /* prepare command */
+ switch (rule_info[i].target)
+ {
+ case TARGET_ACCEPT:
+ target = "ACCEPT";
+ break;
+ case TARGET_DROP:
+ target = "DROP";
+ break;
+ default:
+ target = "REJECT";
+ break;
+ }
+
+ switch (rule_info[i].chain)
+ {
+ case CHAIN_FORWARD:
+ dir = "FORWARD";
+ break;
+ case CHAIN_OUTPUT:
+ dir = "OUTPUT";
+ break;
+ default:
+ dir = "INPUT";
+ break;
+ }
+
+ switch (rule_info[i].protocol)
+ {
+ case PROT_ICMP:
+ prot = "-p icmp";
+ break;
+ case PROT_TCP :
+ prot = "-p tcp";
+ break;
+ case PROT_UDP :
+ prot = "-p udp";
+ break;
+ default:
+ prot = "-p all";
+ break;
+ }
+
+ states = NULL;
+ if (rule_info[i].state)
+ {
+ tmp = g_strdup("-m state --state ");
+ if (rule_info[i].state & STATE_ESTABLISHED)
+ {
+ states = g_strdup_printf("%s ESTABLISHED",tmp);
+ tmp = states;
+ }
+ if (rule_info[i].state & STATE_RELATED)
+ {
+ if (states)
+ {
+ states = g_strdup_printf("%s,RELATED",tmp);
+ g_free(tmp);
+ }
+ else
+ states = g_strdup_printf("%s RELATED",tmp);
+ tmp = states;
+ }
+ if (rule_info[i].state & STATE_NEW)
+ {
+ if (states)
+ {
+ states = g_strdup_printf("%s,NEW",tmp);
+ g_free(tmp);
+ }
+ else
+ states = g_strdup_printf("%s NEW",tmp);
+ tmp = states;
+ }
+ if (rule_info[i].state & STATE_INVALID)
+ {
+ if (states)
+ {
+ states = g_strdup_printf("%s,INVALID",tmp);
+ g_free(tmp);
+ }
+ else
+ states = g_strdup_printf("%s INVALID",tmp);
+ tmp = states;
+ }
+ }
+ else
+ states = g_strdup("");
+
+ if (rule_info[i].s_port)
+ portspec = g_strdup_printf("--sport %d",rule_info[i].s_port);
+ else if (rule_info[i].d_port)
+ portspec = g_strdup_printf("--dport %d",rule_info[i].d_port);
+ else
+ portspec = g_strdup("");
+
+ if (rule_info[i].is_policy)
+ cmd = g_strdup_printf("%s %s %s %s",IPTABLES_CMD, "-P", dir, target);
+ else
+ cmd = g_strdup_printf("%s %s %s %s %s %s %s %s -j %s",
+ IPTABLES_CMD,
+ "-A", dir,
+ (rule_info[i].chain == CHAIN_OUTPUT) ? "-o" : "-i", DEFAULT_INTERFACE,
+ states,
+ prot,
+ portspec,
+ target);
+#ifdef DEBUG
+ printf("exec: %s\n",cmd);
+#endif
+ /* call iptables to add rule */
+ system(cmd);
+
+ g_free(cmd);
+ g_free(portspec);
+ g_free(states);
+ }
+ }
+}
+
+
+/* add a frontend defined rule to ipchains ruleset and local storage */
+static void
+do_rule_add(rule_t *rule)
+{
+ /* add to local rule repository */
+ rule_count++;
+ rule_info = realloc(rule_info,rule_count*sizeof(rule_t));
+ rule_info[rule_count - 1] = *rule;
+}
+
+
+static void
+do_rule_remove(rule_t *rule)
+{
+ int i, j;
+
+ for (i=0;i<rule_count;i++)
+ {
+ if (!strcmp(rule_info[i].name,rule->name))
+ {
+ rule_count--;
+ for (j=i;j<rule_count;j++)
+ rule_info[j] = rule_info[j+1];
+ break;
+ }
+ }
+}
+
+
+static void
+do_rule_change(rule_t *rule)
+{
+ int i;
+
+ for (i=0;i<rule_count;i++)
+ {
+ if ((!strcmp(rule_info[i].name,rule->oldname)) ||
+ (!strcmp(rule_info[i].name,rule->name)))
+ {
+ rule_info[i] = *rule;
+ break;
+ }
+ }
+}
+
+
+/* message send and receive */
+
+static void
+send_message (pkcontent_t ctype, rule_t *rule)
+{
+ pkmessage_t msg;
+
+ if (sock < 0) return; /* no connection active */
+ msg.type = PK_FRONT;
+ msg.ctype = ctype;
+ if (rule)
+ msg.content.tf.rule = *rule;
+ if (write (sock, (void *) &msg, sizeof (pkmessage_t)) < 0)
+ {
+ perror ("ERR sending data to frontend");
+ }
+}
+
+
+static void
+do_shutdown()
+{
+// system(IPTABLES_CMD " --flush"); /* cleans all existing iptables settings */
+// system(IPTABLES_CMD " -P INPUT ACCEPT"); /* reset input policy */
+}
+
+static int
+wait_message ()
+{
+ static pkmessage_t msg;
+ struct pollfd pfd[1];
+ static int retry_count = 0;
+
+ pfd[0].fd = sock;
+ pfd[0].events = (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI);
+ while (poll (pfd, 1, -1) > 0)
+ {
+ if ((pfd[0].revents & POLLERR) || (pfd[0].revents & POLLHUP))
+ {
+#ifdef DEBUG
+ perror ("Err: connection lost: ");
+#endif
+ retry_count++;
+ if (retry_count > 6) return FALSE;
+ usleep(500000);
+ }
+ else
+ {
+ if (read (sock, (void *) &msg, sizeof (pkmessage_t)) < 0)
+ {
+ #ifdef DEBUG
+ perror ("err receiving data packet");
+ #endif
+ close (sock);
+ exit (1);
+ }
+ else if (msg.type == PK_BACK)
+ {
+ retry_count = 0;
+ switch (msg.ctype)
+ {
+ case (PK_COMMAND):
+ do_command (msg.content.tb.command, msg.content.tb.rule);
+ break;
+ default:
+ break;
+ }
+ }
+ } /* else */
+ } /* while */
+ return TRUE;
+}
+
+
+static void
+do_change_cfg_load(gboolean doit)
+{
+ int fh;
+ if (doit)
+ {
+ if ((fh = open(LOADRULES_MARK,O_CREAT | O_RDWR | O_TRUNC)) < 0)
+ perror("Cannot save setting.");
+ else
+ close(fh);
+ }
+ else
+ {
+ if (remove(LOADRULES_MARK) < 0)
+ perror("Cannot save setting.");
+ }
+}
+
+
+static void
+do_command (pkcommand_t command, rule_t rule)
+{
+ switch (command)
+ {
+ case CMD_ADD: /* add a rule defined by frontend */
+ do_rule_add(&rule);
+ break;
+ case CMD_CHANGE:
+ do_rule_change(&rule);
+ break;
+ case CMD_REMOVE:
+ do_rule_remove(&rule);
+ break;
+ case CMD_LOAD: /* load ruleset from config file */
+ do_clear();
+ do_load_rules();
+ break;
+ case CMD_SAVE:
+ do_save_rules();
+ break;
+ case CMD_CLEAR: /* clear all rules in system and storage */
+ do_clear();
+ break;
+ case CMD_SET:
+ do_rules_apply();
+ break;
+ case CMD_SHUTDOWN:
+ do_shutdown();
+ break;
+ case CMD_CFG_LOAD:
+ do_change_cfg_load(TRUE);
+ break;
+ case CMD_CFG_DONTLOAD:
+ do_change_cfg_load(FALSE);
+ break;
+ default:
+ break;
+ }
+
+ send_message(PK_FINISHED,NULL);
+}
+
+
+/* app mainloop */
+
+int
+suidloop (int csock)
+{
+ sock = csock;
+
+ while (wait_message ()) ;
+
+ close (sock);
+ unlink (PK_SOCKET);
+
+ return 0;
+}
diff -pruN 0.31-4/.pc/applied-patches 0.31-4ubuntu1/.pc/applied-patches
--- 0.31-4/.pc/applied-patches 2010-03-26 21:44:43.000000000 +0000
+++ 0.31-4ubuntu1/.pc/applied-patches 2010-03-26 21:39:27.000000000 +0000
@@ -1,3 +1,4 @@
Makefile
desktop-validity
ipshield-init
+040-open-mode.patch
More information about the Pkg-gpe-maintainers
mailing list