Add new version to fix security problems, see Bug 79330

(Portage version: 2.0.51-r14)

9 files changed, 212 insertions, 10 deletions

diff --git a/net-firewall/firehol/ChangeLog b/net-firewall/firehol/ChangeLog
index e3a39625ce76..7bc6772fc6c0 100644
--- a/net-firewall/firehol/ChangeLog
+++ b/net-firewall/firehol/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-firewall/firehol
-# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.12 2004/12/30 09:49:52 centic Exp $
+# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.13 2005/01/27 17:44:47 centic Exp $
+
+*firehol-1.224 (27 Jan 2005)
+
+  27 Jan 2005; Dominik Stadler <centic@gentoo.org>
+  +files/firehol-1.224-to-226.patch, +firehol-1.224.ebuild:
+  Add new version to fix security problems, see Bug 79330
 
   30 Dec 2004; Dominik Stadler <centic@gentoo.org> firehol-1.159-r1.ebuild,
   -firehol-1.159.ebuild, -firehol-1.191-r1.ebuild, firehol-1.191-r2.ebuild,
diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest
index b9527a18b90a..0772583e3a1a 100644
--- a/net-firewall/firehol/Manifest
+++ b/net-firewall/firehol/Manifest
@@ -1,13 +1,16 @@
 MD5 87229840d0bd7fe870cf02f0e5364754 ChangeLog 2424
 MD5 4ee85082d33557f1f172e9220b14433e firehol-1.120.ebuild 1113
+MD5 1056156ba7fa2aa35aa56cf1939eb298 firehol-1.224.ebuild 1535
 MD5 4086491e8b7c76b8138dc140f7742978 metadata.xml 232
 MD5 8e053a4f12f1a41a35a3b4a878408898 firehol-1.159-r1.ebuild 1101
 MD5 93006374d542465fbe5a30d1eae97fdd firehol-1.191-r2.ebuild 1625
 MD5 ee9e91cc93581760f95cc4772b75e714 firehol-1.214.ebuild 1493
 MD5 338cc56b7140f4ccd56377488a6aebf5 files/firehol.initrd 1196
 MD5 900023a168850621684489055919f9ed files/digest-firehol-1.120 65
+MD5 b1fe20f99ed0e74e40f3b11f1261b50b files/digest-firehol-1.224 66
 MD5 5bbd5e937bfbca1a18412642dd122eb6 files/digest-firehol-1.159-r1 65
 MD5 32a409eeb7b55602f5a83b77a8f1662b files/firehol-1.191-bash-3.0.patch 5663
 MD5 d36dc29cf673b91c56f80e1406f981df files/digest-firehol-1.214 66
 MD5 24f588c8420a4d441a56a632cf827be8 files/digest-firehol-1.191-r2 66
 MD5 76b78f59bdc0f07399dd54e1b756c3cb files/firehol.conf.d 70
+MD5 d6bf13c6c6242a55813e956b8cde5bb0 files/firehol-1.224-to-226.patch 4005
diff --git a/net-firewall/firehol/files/digest-firehol-1.224 b/net-firewall/firehol/files/digest-firehol-1.224
new file mode 100644
index 000000000000..681ee07fd536
--- /dev/null
+++ b/net-firewall/firehol/files/digest-firehol-1.224
@@ -0,0 +1 @@
+MD5 8033f99120b6df9de17e27914fbaf9be firehol-1.224.tar.bz2 117988
diff --git a/net-firewall/firehol/files/firehol-1.224-to-226.patch b/net-firewall/firehol/files/firehol-1.224-to-226.patch
new file mode 100644
index 000000000000..b0998f420179
--- /dev/null
+++ b/net-firewall/firehol/files/firehol-1.224-to-226.patch
@@ -0,0 +1,128 @@
+===================================================================
+RCS file: /cvsroot/firehol/firehol/firehol.sh,v
+retrieving revision 1.224
+retrieving revision 1.226
+diff -u -r1.224 -r1.226
+--- firehol/firehol/firehol.sh	2005/01/24 22:24:48	1.224
++++ firehol/firehol/firehol.sh	2005/01/25 21:28:19	1.226
+@@ -10,7 +10,7 @@
+ #
+ # config: /etc/firehol/firehol.conf
+ #
+-# $Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
++# $Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
+ #
+ 
+ # Make sure only root can run us.
+@@ -114,7 +114,7 @@
+ # Find our minor version
+ firehol_minor_version() {
+ ${CAT_CMD} <<"EOF" | ${CUT_CMD} -d ' ' -f 3 | ${CUT_CMD} -d '.' -f 2
+-$Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
++$Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
+ EOF
+ }
+ 
+@@ -144,7 +144,7 @@
+ # Directories and files
+ 
+ # These files will be created and deleted during our run.
+-FIREHOL_DIR="/tmp/firehol-tmp-$$"
++FIREHOL_DIR="/tmp/.firehol-tmp-$$-${RANDOM}-${RANDOM}"
+ FIREHOL_CHAINS_DIR="${FIREHOL_DIR}/chains"
+ FIREHOL_OUTPUT="${FIREHOL_DIR}/firehol-out.sh"
+ FIREHOL_SAVED="${FIREHOL_DIR}/firehol-save.sh"
+@@ -211,7 +211,7 @@
+ # Externally defined services can be placed in "${FIREHOL_CONFIG_DIR}/services/"
+ if [ ! -d "${FIREHOL_CONFIG_DIR}/services" ]
+ then
+-	"${MKDIR_CMD}" -p "${FIREHOL_CONFIG_DIR}/services"
++	"${MKDIR_CMD}" "${FIREHOL_CONFIG_DIR}/services"
+ 	if [ $? -ne 0 ]
+ 	then
+ 		echo >&2
+@@ -239,14 +239,14 @@
+ 		exit 1
+ 	fi
+ fi
+-"${MKDIR_CMD}" -p "${FIREHOL_DIR}"				|| exit 1
+-"${MKDIR_CMD}" -p "${FIREHOL_CHAINS_DIR}"			|| exit 1
++"${MKDIR_CMD}" "${FIREHOL_DIR}"				|| exit 1
++"${MKDIR_CMD}" "${FIREHOL_CHAINS_DIR}"			|| exit 1
+ 
+ 
+ # Make sure we have a directory for our data.
+ if [ ! -d "${FIREHOL_SPOOL_DIR}" ]
+ then
+-	"${MKDIR_CMD}" -p "${FIREHOL_SPOOL_DIR}"		|| exit 1
++	"${MKDIR_CMD}" "${FIREHOL_SPOOL_DIR}"			|| exit 1
+ 	"${CHOWN_CMD}" root:root "${FIREHOL_CONFIG_DIR}"	|| exit 1
+ 	"${CHMOD_CMD}" 700 "${FIREHOL_CONFIG_DIR}"		|| exit 1
+ fi
+@@ -1055,7 +1055,7 @@
+ 	local x=
+ 	for x in ${servers}
+ 	do
+-		local tmp="${FIREHOL_DIR}/firehol.rpcinfo.$$"
++		local tmp="${FIREHOL_DIR}/firehol.rpcinfo.$$.${RANDOM}"
+ 		
+ 		set_work_function "Getting RPC information from server '${x}'"
+ 		
+@@ -1169,7 +1169,7 @@
+ 	local x=
+ 	for x in ${servers}
+ 	do
+-		local tmp="${FIREHOL_DIR}/firehol.rpcinfo.$$"
++		local tmp="${FIREHOL_DIR}/firehol.rpcinfo.$$.${RANDOM}"
+ 		
+ 		set_work_function "Getting RPC information from server '${x}'"
+ 		
+@@ -2567,9 +2567,9 @@
+ if [ -f "/proc/config" ]
+ then
+ 	KERNEL_CONFIG="/proc/config"
+-	${CAT_CMD} /proc/config >/tmp/kcfg.$$
+-	source /tmp/kcfg.$$
+-	${RM_CMD} -f /tmp/kcfg.$$
++	${CAT_CMD} /proc/config >${FIREHOL_DIR}/kcfg
++	source ${FIREHOL_DIR}/kcfg
++	${RM_CMD} -f ${FIREHOL_DIR}/kcfg
+ 	
+ elif [ -f "/lib/modules/`${UNAME_CMD} -r`/build/.config" ]
+ then
+@@ -5121,7 +5121,7 @@
+ 		else
+ 		
+ 		${CAT_CMD} <<EOF
+-$Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
++$Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
+ (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
+ FireHOL is distributed under GPL.
+ 
+@@ -5307,7 +5307,7 @@
+ 	
+ 	${CAT_CMD} <<EOF
+ 
+-$Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
++$Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
+ (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
+ FireHOL is distributed under GPL.
+ Home Page: http://firehol.sourceforge.net
+@@ -5601,7 +5601,7 @@
+ 	
+ 	"${CAT_CMD}" >&2 <<EOF
+ 
+-$Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
++$Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
+ (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
+ FireHOL is distributed under GPL.
+ Home Page: http://firehol.sourceforge.net
+@@ -5684,7 +5684,7 @@
+ 	echo "# "
+ 
+ 	${CAT_CMD} <<EOF
+-# $Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
++# $Id: firehol-1.224-to-226.patch,v 1.1 2005/01/27 17:44:47 centic Exp $
+ # (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
+ # FireHOL is distributed under GPL.
+ # Home Page: http://firehol.sourceforge.net
diff --git a/net-firewall/firehol/firehol-1.120.ebuild b/net-firewall/firehol/firehol-1.120.ebuild
index 64180643af24..ea0f44c64ec6 100644
--- a/net-firewall/firehol/firehol-1.120.ebuild
+++ b/net-firewall/firehol/firehol-1.120.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.120.ebuild,v 1.5 2004/06/24 22:38:38 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.120.ebuild,v 1.6 2005/01/27 17:44:47 centic Exp $
 
 DESCRIPTION="iptables firewall generator"
 HOMEPAGE="http://firehol.sourceforge.net"
diff --git a/net-firewall/firehol/firehol-1.159-r1.ebuild b/net-firewall/firehol/firehol-1.159-r1.ebuild
index 42223133150f..de8fa2d637d0 100644
--- a/net-firewall/firehol/firehol-1.159-r1.ebuild
+++ b/net-firewall/firehol/firehol-1.159-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.159-r1.ebuild,v 1.4 2004/12/30 09:49:52 centic Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.159-r1.ebuild,v 1.5 2005/01/27 17:44:47 centic Exp $
 
 DESCRIPTION="iptables firewall generator"
 HOMEPAGE="http://firehol.sourceforge.net"
diff --git a/net-firewall/firehol/firehol-1.191-r2.ebuild b/net-firewall/firehol/firehol-1.191-r2.ebuild
index 45c2bddaedbe..89c710b4dacf 100644
--- a/net-firewall/firehol/firehol-1.191-r2.ebuild
+++ b/net-firewall/firehol/firehol-1.191-r2.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.191-r2.ebuild,v 1.2 2004/12/30 09:49:52 centic Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.191-r2.ebuild,v 1.3 2005/01/27 17:44:47 centic Exp $
 
 inherit eutils
 
diff --git a/net-firewall/firehol/firehol-1.214.ebuild b/net-firewall/firehol/firehol-1.214.ebuild
index 5114f263dc97..8b96d0d0e894 100644
--- a/net-firewall/firehol/firehol-1.214.ebuild
+++ b/net-firewall/firehol/firehol-1.214.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.214.ebuild,v 1.3 2004/12/30 09:49:52 centic Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.214.ebuild,v 1.4 2005/01/27 17:44:47 centic Exp $
 
 inherit eutils
 
diff --git a/net-firewall/firehol/firehol-1.224.ebuild b/net-firewall/firehol/firehol-1.224.ebuild
new file mode 100644
index 000000000000..a60a231630eb
--- /dev/null
+++ b/net-firewall/firehol/firehol-1.224.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.224.ebuild,v 1.1 2005/01/27 17:44:47 centic Exp $
+
+inherit eutils
+
+DESCRIPTION="iptables firewall generator"
+HOMEPAGE="http://firehol.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE=""
+KEYWORDS="~x86 ~amd64"
+
+RDEPEND="net-firewall/iptables
+	sys-apps/iproute2
+	virtual/modutils
+	|| (
+		net-misc/wget
+		net-misc/curl
+	)"
+
+# patch for security problems
+# backport from firehol-CVS.
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${P}-to-226.patch || die
+}
+
+src_install() {
+	newsbin firehol.sh firehol
+
+	dodir /etc/firehol /etc/firehol/examples /etc/firehol/services
+	insinto /etc/firehol/examples
+	doins examples/* || die
+
+	insinto /etc/conf.d
+	newins ${FILESDIR}/firehol.conf.d firehol || die
+
+	dodoc ChangeLog COPYING README TODO WhatIsNew || die
+	dohtml doc/*.html doc/*.css  || die
+
+	docinto scripts
+	dodoc get-iana.sh adblock.sh || die
+
+	doman man/*.1 man/*.5 || die
+
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/firehol.initrd firehol || die
+}
+
+pkg_postinst() {
+	einfo "The default path to firehol's configuration file is /etc/firehol/firehol.conf"
+	einfo "See /etc/firehol/examples for configuration examples."
+	#
+	# Install a default configuration if none is available yet
+	if [[ ! -e "${ROOT}/etc/firehol/firehol.conf" ]]; then
+		einfo "Installing a sample configuration as ${ROOT}/etc/firehol/firehol.conf"
+		cp "${ROOT}/etc/firehol/examples/client-all.conf" "${ROOT}/etc/firehol/firehol.conf"
+	fi
+}
+