[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 214cc7b19528774eebc43e82d9c94c5e4592bc39 - IPFire-SCM

2 Jan 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
       via  214cc7b19528774eebc43e82d9c94c5e4592bc39 (commit)
       via  d840d02aee26d2f71b9d411b1960eb5b2423b19a (commit)
      from  132557976f619a6c9b361442d5c4993eee588cc2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 214cc7b19528774eebc43e82d9c94c5e4592bc39
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Jan 2 12:27:47 2015 +0100
Add firewall changes to Core Update 86
commit d840d02aee26d2f71b9d411b1960eb5b2423b19a
Author: Michael Tremer michael.tremer@ipfire.org
Date:   Fri Jan 2 12:20:50 2015 +0100
firewall: Fix off-by-one error in configuration parser
The configuration parser determines how many comma-separated
    values there are in a line. If new values are added we need
    to check first if those are set in every line to avoid any
    undefined behaviour. A wrong comparison parameter was used
    which caused that the limit feature was never enabled in
    the rule generation.
-----------------------------------------------------------------------
Summary of changes:
 config/firewall/rules.pl                 | 12 ++++++------
 config/rootfiles/core/86/filelists/files |  1 +
 2 files changed, 7 insertions(+), 6 deletions(-)
Difference in files:

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 75a9357..a475e2d 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -280,7 +280,7 @@ sub buildrules {
    	# Concurrent connection limit
    	my @ratelimit_options = ();
-		if (($elements gt 34) && ($$hash{$key}[32] eq 'ON')) {
+		if (($elements ge 34) && ($$hash{$key}[32] eq 'ON')) {
    		my $conn_limit = $$hash{$key}[33];
if ($conn_limit ge 1) {
@@ -296,13 +296,13 @@ sub buildrules {
    	}
# Ratelimit
-		if (($elements gt 37) && ($$hash{$key}[34] eq 'ON')) {
+		if (($elements ge 37) && ($$hash{$key}[34] eq 'ON')) {
    		my $rate_limit = "$$hash{$key}[35]/$$hash{$key}[36]";
-				if ($rate_limit) {
-					push(@ratelimit_options, ("-m", "limit"));
-					push(@ratelimit_options, ("--limit", $rate_limit));
-				}
+			if ($rate_limit) {
+				push(@ratelimit_options, ("-m", "limit"));
+				push(@ratelimit_options, ("--limit", $rate_limit));
+			}
    	}
# Check which protocols are used in this rule and so that we can
diff --git a/config/rootfiles/core/86/filelists/files b/config/rootfiles/core/86/filelists/files
index 63b9c5c..dcdb65c 100644
--- a/config/rootfiles/core/86/filelists/files
+++ b/config/rootfiles/core/86/filelists/files
@@ -1,6 +1,7 @@
 etc/system-release
 etc/issue
 opt/pakfire/etc/pakfire.conf
+usr/lib/firewall/rules.pl
 usr/local/bin/update-bootloader
 var/ipfire/header.pl
 var/ipfire/langs
hooks/post-receive
--
IPFire 2.x development tree

    