debian/0000755000000000000000000000000013367114135007172 5ustar debian/changelog0000644000000000000000000000432113367114135011044 0ustar libiptables-parse-perl (1.1-1+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Mike Salvatore Fri, 02 Nov 2018 14:33:01 -0400 libiptables-parse-perl (1.1-1+deb8u1) jessie; urgency=medium * Team upload. * Add CVE-2015-8326.patch patch. CVE-2015-8326: Use of predictable names for temporary files. -- Salvatore Bonaccorso Thu, 26 Nov 2015 17:39:36 +0100 libiptables-parse-perl (1.1-1) unstable; urgency=low * Imported Upstream version 1.1 -- Fabrizio Regalli Sun, 04 Mar 2012 22:30:40 +0100 libiptables-parse-perl (1.0-1) unstable; urgency=low [ Franck Joncourt ] * Bumped up Standards-Version to 3.8.3. + Removed old versioned perl BD. * Email change: Franck Joncourt -> franck@debian.org * Switch to dpkg-source 3.0 (quilt) format. [ gregor herrmann ] * Set Standards-Version to 3.9.1; replace Conflicts with Breaks. [ Ansgar Burchardt ] * debian/control: Convert Vcs-* fields to Git. [ Fabrizio Regalli ] * Imported Upstream version 0.9, 1.0 * Updated d/compat to 8 * Updated debhelper to (>= 8) * Added myself to Uploaders * Bump Standards-Version to 3.9.3 * Changed Homepage to default search.cpan.org * debian/watch: fix CPAN URL, and drop the other location * Removed {Breaks,Replaces}: psad (<= 2.1.2-1) from d/control * d/copyright: + Updated using copyright-format 1.0 + Changed Upstream-Maintainer in Upstream-Contact + Changed Upstream-Source in Source + Updated both licenses text + Changed "|" with "or" in license type + Added myself to debian/* copyright files + Updated year -- Fabrizio Regalli Fri, 02 Mar 2012 11:18:00 +0100 libiptables-parse-perl (0.7-1) unstable; urgency=low * New upstream release * Bumped up Standards-Version to 3.8.0 (no changes). * Updated debian/copyright according to: http://wiki.debian.org/Proposals/CopyrightFormat -- Franck Joncourt Sat, 18 Oct 2008 10:47:35 +0200 libiptables-parse-perl (0.6-1) unstable; urgency=low * Initial release (Closes: #481973) -- Franck Joncourt Tue, 20 May 2008 22:45:32 +0200 debian/compat0000644000000000000000000000000212625674744010405 0ustar 8 debian/rules0000755000000000000000000000003612625674744010266 0ustar #!/usr/bin/make -f %: dh $@ debian/patches/0000755000000000000000000000000012625674744010636 5ustar debian/patches/CVE-2015-8326.patch0000644000000000000000000000317112625674744013263 0ustar Description: Don't use predictable names for temporary files This allows an attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. . Don't recommend users of this module to use predictable names either. Origin: backport, https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1267962 Forwarded: not-needed Author: Salvatore Bonaccorso Last-Update: 2015-11-26 Applied-Upstream: 1.6 --- lib/IPTables/Parse.pm | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/lib/IPTables/Parse.pm +++ b/lib/IPTables/Parse.pm @@ -17,6 +17,7 @@ package IPTables::Parse; use 5.006; use POSIX ":sys_wait_h"; use Carp; +use File::Temp; use strict; use warnings; use vars qw($VERSION); @@ -29,8 +30,8 @@ sub new() { my $self = { _iptables => $args{'iptables'} || $args{'ip6tables'} || '/sbin/iptables', - _iptout => $args{'iptout'} || '/tmp/ipt.out', - _ipterr => $args{'ipterr'} || '/tmp/ipt.err', + _iptout => $args{'iptout'} || mktemp('/tmp/ipt.out.XXXXXX'), + _ipterr => $args{'ipterr'} || mktemp('/tmp/ipt.err.XXXXXX'), _ipt_alarm => $args{'ipt_alarm'} || 30, _debug => $args{'debug'} || 0, _verbose => $args{'verbose'} || 0, @@ -701,8 +702,6 @@ IPTables::Parse - Perl extension for par my %opts = ( 'iptables' => $ipt_bin, - 'iptout' => '/tmp/iptables.out', - 'ipterr' => '/tmp/iptables.err', 'debug' => 0, 'verbose' => 0 ); debian/patches/series0000644000000000000000000000002412625674744012047 0ustar CVE-2015-8326.patch debian/control0000644000000000000000000000207612625674744010617 0ustar Source: libiptables-parse-perl Section: perl Priority: optional Build-Depends: debhelper (>= 8) Build-Depends-Indep: perl Maintainer: Debian Perl Group Uploaders: Franck Joncourt , Fabrizio Regalli Standards-Version: 3.9.3 Homepage: http://search.cpan.org/dist/IPTables-Parse/ Vcs-Git: git://git.debian.org/pkg-perl/packages/libiptables-parse-perl.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libiptables-parse-perl.git Package: libiptables-parse-perl Architecture: all Depends: ${perl:Depends}, ${misc:Depends} Description: Perl extension for parsing iptables firewall rulesets The IPTables::Parse package provides an interface to parse iptables rules on Linux systems through the direct execution of iptables commands, or from parsing a file that contains an iptables policy listing. You can get the current policy applied to a table/chain, look for a specific user-defined chain, check for a default DROP policy, or determing whether or not logging rules exist. debian/source/0000755000000000000000000000000012625674744010507 5ustar debian/source/format0000644000000000000000000000001412625674744011715 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000212412625674744011141 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Contact: Michael Rash Source: http://search.cpan.org/dist/IPTables-Parse/ Upstream-Name: IPTables-Parse Files: * Copyright: 2005-2012, Michael Rash License: Artistic or GPL-1+ Files: debian/* Copyright: 2008, Franck Joncourt 2012, Fabrizio Regalli License: Artistic or GPL-1+ License: Artistic This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License, which comes with Perl. . On Debian systems, the complete text of the Artistic License can be found in `/usr/share/common-licenses/Artistic'. License: GPL-1+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. . On Debian systems, the complete text of version 1 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-1'. debian/watch0000644000000000000000000000016712625674744010244 0ustar version=3 http://search.cpan.org/dist/IPTables-Parse/ .*/IPTables-Parse-v?(\d[\d.-]+)\.(?:tar(?:\.gz|\.bz2)?|tgz|zip)$