Move some fixes from 4.4.5 to 4.4.4.2

2009-11-24 08:51:46 -08:00 · 2009-11-24 08:51:46 -08:00 · 8581c53b9f
commit 8581c53b9f
parent c02ab429e6
4 changed files with 52 additions and 15 deletions
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@ -72,7 +72,7 @@ our @EXPORT = qw( ALLIPv4
 		  validate_icmp6
 		 );
 our @EXPORT_OK = qw( );
-our $VERSION = '4.4_1';
+our $VERSION = '4.4_4';
 #
 # Some IPv4/6 useful stuff
@ -302,7 +302,7 @@ sub validate_port( $$ ) {
    my $value;
    if ( $port =~ /^(\d+)$/ ) {
-	return $port if $port <= 65535;
+	return $port if $port && $port <= 65535;
    } else {
 	$proto = proto_name $proto if $proto =~ /^(\d+)$/;
 	$value = getservbyname( $port, $proto );
@ -485,16 +485,16 @@ sub valid_6address( $ ) {
    return 0 unless ( @address == $max ) || $address =~ /::/;
    return 0 if $address =~ /:::/ || $address =~ /::.*::/;
-    if ( $address =~ /^:/ ) {
+    unless ( $address =~ /^::/ ) {
-	unless ( $address eq '::' ) {
+	return 0 if $address =~ /^:/;
 	    return 0 if $address =~ /:$/ || $address =~ /^:.*::/;
 	}
    } elsif ( $address =~ /:$/ ) {
 	return 0 if $address =~ /::.*:$/;
    }
    unless ( $address =~ /::$/  ) {
 	return 0 if $address =~ /:$/;
    }
    for my $a ( @address ) {
-	return 0 unless $a eq '' || ( $a =~ /^[a-fA-f\d]+$/ && oct "0x$a" < 65536 );
+	return 0 unless $a eq '' || ( $a =~ /^[a-fA-f\d]+$/ && length $a < 5 );
    }
    1;
@ -543,13 +543,27 @@ sub validate_6net( $$ ) {
 sub normalize_6addr( $ ) {
    my $addr = shift;
-    while ( $addr =~ tr/:/:/ < 6 ) {
+    if ( $addr eq '::' ) {
-	$addr =~ s/::/:0::/;
+	'0:0:0:0:0:0:0:0';
    } else {
 	#
 	# Suppress leading zeros
 	#
 	$addr =~ s/^0+//;
 	$addr =~ s/:0+/:/g;
 	$addr =~ s/^:/0:/;
 	$addr =~ s/:$/:0/;
 	$addr =~ s/::/:0::/ while $addr =~ tr/:/:/ < 7;
 	#
 	# Note: "s/::/:0:/g" doesn't work here
 	#
 	1 while $addr =~ s/::/:0:/;
 	$addr =~ s/^0+:/0:/;
 	$addr;
    }
    $addr =~ s/::/:0:/;
    $addr;
 }
 sub validate_6range( $$ ) {
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -4,6 +4,10 @@ Changes in Shorewall 4.4.4.1
 2)  Fix handling of interfaces with the 'bridge' option.
 3)  Disallow port 0
 4)  Improve IPv6 address validation and range checking.
 Changes in Shorewall 4.4.4
 1)  Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf.
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@ -21,3 +21,8 @@
    This problem is corrected in Shorewall 4.4.4.2.
 5)  An iptables-restore error can occur if port 0 is specified in some
    contexts. 
    In Shorewall 4.4.4.2, port 0 is flagged as an error in all
    contexts.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -173,6 +173,20 @@ Shorewall 4.4.4 Patch Release 1
    default. If, for some reason, you don't want 'track' then specify
    'notrack' for the provider.
 ----------------------------------------------------------------------------
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 4 . 2
 ----------------------------------------------------------------------------
 1)  Previously, DNS names were not accepted in some contexts by
    Shorewall6.
 2)  Validation of IPv6 addresses has been improved and now catches more
    invalid addresses.
 3)  Previously, port 0 was accepted in all contexts with the result
    that iptables-restore errors could occur. Port 0 is now flagged as
    an error.
 ----------------------------------------------------------------------------
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 4 . 1
 ----------------------------------------------------------------------------