[gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/libexec/, net-firewall/nftables/ - gentoo-commits

From:	Matthew Thode <prometheanfire@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/libexec/, net-firewall/nftables/
Date:	Tue, 15 Jan 2019 23:21:01
Message-Id:	`1547594442.5340dc96865d410a32ab4cb9f900bcb88e035600.prometheanfire@gentoo`

1

commit:     5340dc96865d410a32ab4cb9f900bcb88e035600

2

Author:     Francisco Blas (klondike) Izquierdo Riera <klondike <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jan 15 23:13:18 2019 +0000

4

Commit:     Matthew Thode <prometheanfire <AT> gentoo <DOT> org>

5

CommitDate: Tue Jan 15 23:20:42 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5340dc96

7

8

net-firewall/nftables: Minor fixes on the script closes #675188

9

10

* Use printf instead of echo for better shell compatibility.

11

* Use an include instead of concatenating the ruleset.

12

  (Note that this is likely to fail is the ruleset path contains

13

   special characters).

14

* Empty the table first when executing panic actions.

15

16

Fixes: https://bugs.gentoo.org/675188

17

18

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike <AT> gentoo.org>

19

Package-Manager: Portage-2.3.51, Repoman-2.3.11

20

Signed-off-by: Matthew Thode <prometheanfire <AT> gentoo.org>

21

22

 net-firewall/nftables/files/libexec/nftables-mk.sh                 | 7 ++++---

23

 .../{nftables-0.9.0-r2.ebuild => nftables-0.9.0-r3.ebuild}         | 0

24

 2 files changed, 4 insertions(+), 3 deletions(-)

25

26

diff --git a/net-firewall/nftables/files/libexec/nftables-mk.sh b/net-firewall/nftables/files/libexec/nftables-mk.sh

27

index b6ad37867b6..b3d7db60d7f 100644

28

--- a/net-firewall/nftables/files/libexec/nftables-mk.sh

29

+++ b/net-firewall/nftables/files/libexec/nftables-mk.sh

30

@@ -13,7 +13,8 @@ main() {

31

 			nft ${SAVE_OPTIONS} list ruleset

32

;;

33

 		"load")

34

-			( echo "flush ruleset;"; cat "${NFTABLES_SAVE}" ) | nft -f -

35

+			# We use an include because cat fails with long rulesets see #675188

36

+			printf 'flush ruleset\ninclude "%s"\n' "${NFTABLES_SAVE}" | nft -f -

37

;;

38

 		"panic")

39

 			panic hard | nft -f -

40

@@ -25,8 +26,7 @@ main() {

41

 			local tmp_save="${NFTABLES_SAVE}.tmp"

42

 			umask 600;

43

(

44

-				echo "#!/sbin/nft -f"

45

-				echo "flush ruleset;"

46

+				printf '#!/sbin/nft -f\nflush ruleset\n'

47

 				nft ${SAVE_OPTIONS} list ruleset

48

 			) > "$tmp_save" && mv ${tmp_save} ${NFTABLES_SAVE}

49

;;

50

@@ -37,6 +37,7 @@ panic() {

51

 	local erule;

52

 	[ "$1" = soft ] && erule="ct state established,related accept;" || erule="";

53

 	cat <<EOF

54

+flush ruleset

55

 table inet filter {

56

 	chain input {

57

 		type filter hook input priority 0;

58

59

diff --git a/net-firewall/nftables/nftables-0.9.0-r2.ebuild b/net-firewall/nftables/nftables-0.9.0-r3.ebuild

60

similarity index 100%

61

rename from net-firewall/nftables/nftables-0.9.0-r2.ebuild

62

rename to net-firewall/nftables/nftables-0.9.0-r3.ebuild

1	commit: 5340dc96865d410a32ab4cb9f900bcb88e035600
2	Author: Francisco Blas (klondike) Izquierdo Riera <klondike <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jan 15 23:13:18 2019 +0000
4	Commit: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
5	CommitDate: Tue Jan 15 23:20:42 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5340dc96
7
8	net-firewall/nftables: Minor fixes on the script closes #675188
9
10	* Use printf instead of echo for better shell compatibility.
11	* Use an include instead of concatenating the ruleset.
12	(Note that this is likely to fail is the ruleset path contains
13	special characters).
14	* Empty the table first when executing panic actions.
15
16	Fixes: https://bugs.gentoo.org/675188
17
18	Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike <AT> gentoo.org>
19	Package-Manager: Portage-2.3.51, Repoman-2.3.11
20	Signed-off-by: Matthew Thode <prometheanfire <AT> gentoo.org>
21
22	net-firewall/nftables/files/libexec/nftables-mk.sh \| 7 ++++---
23	.../{nftables-0.9.0-r2.ebuild => nftables-0.9.0-r3.ebuild} \| 0
24	2 files changed, 4 insertions(+), 3 deletions(-)
25
26	diff --git a/net-firewall/nftables/files/libexec/nftables-mk.sh b/net-firewall/nftables/files/libexec/nftables-mk.sh
27	index b6ad37867b6..b3d7db60d7f 100644
28	--- a/net-firewall/nftables/files/libexec/nftables-mk.sh
29	+++ b/net-firewall/nftables/files/libexec/nftables-mk.sh
30	@@ -13,7 +13,8 @@ main() {
31	nft ${SAVE_OPTIONS} list ruleset
32	;;
33	"load")
34	- ( echo "flush ruleset;"; cat "${NFTABLES_SAVE}" ) \| nft -f -
35	+ # We use an include because cat fails with long rulesets see #675188
36	+ printf 'flush ruleset\ninclude "%s"\n' "${NFTABLES_SAVE}" \| nft -f -
37	;;
38	"panic")
39	panic hard \| nft -f -
40	@@ -25,8 +26,7 @@ main() {
41	local tmp_save="${NFTABLES_SAVE}.tmp"
42	umask 600;
43	(
44	- echo "#!/sbin/nft -f"
45	- echo "flush ruleset;"
46	+ printf '#!/sbin/nft -f\nflush ruleset\n'
47	nft ${SAVE_OPTIONS} list ruleset
48	) > "$tmp_save" && mv ${tmp_save} ${NFTABLES_SAVE}
49	;;
50	@@ -37,6 +37,7 @@ panic() {
51	local erule;
52	[ "$1" = soft ] && erule="ct state established,related accept;" \|\| erule="";
53	cat <<EOF
54	+flush ruleset
55	table inet filter {
56	chain input {
57	type filter hook input priority 0;
58
59	diff --git a/net-firewall/nftables/nftables-0.9.0-r2.ebuild b/net-firewall/nftables/nftables-0.9.0-r3.ebuild
60	similarity index 100%
61	rename from net-firewall/nftables/nftables-0.9.0-r2.ebuild
62	rename to net-firewall/nftables/nftables-0.9.0-r3.ebuild

Gentoo Archives: gentoo-commits