summaryrefslogtreecommitdiff
path: root/pcr
diff options
context:
space:
mode:
authoraurelien <tek@localhost.localdomain>2012-11-13 17:00:03 +0100
committeraurelien <tek@localhost.localdomain>2012-11-13 17:00:03 +0100
commitcf319581703bfe2836e7df909dd5f9c0ab0d54e5 (patch)
tree43f3f7b82a28ea3440929e83da45f82968c3ba2c /pcr
parent5ae2d0f4bb7b2d29aca46139292207252616ac1f (diff)
downloadabslibre-cf319581703bfe2836e7df909dd5f9c0ab0d54e5.tar.gz
abslibre-cf319581703bfe2836e7df909dd5f9c0ab0d54e5.tar.bz2
abslibre-cf319581703bfe2836e7df909dd5f9c0ab0d54e5.zip
version i686 of the build of end of October 201
Diffstat (limited to 'pcr')
-rw-r--r--pcr/anyremote/PKGBUILD24
-rw-r--r--pcr/anyremote/anyremote.install6
-rw-r--r--pcr/bup/PKGBUILD34
-rw-r--r--pcr/fwsnort/PKGBUILD44
-rw-r--r--pcr/fwsnort/install_pl.patch27
-rw-r--r--pcr/maruku/PKGBUILD24
-rw-r--r--pcr/moblock/MoBlock-nfq.sh.patch53
-rwxr-xr-xpcr/moblock/PKGBUILD55
-rw-r--r--pcr/moblock/config30
-rwxr-xr-xpcr/moblock/moblock70
-rwxr-xr-xpcr/moblock/moblock-update174
-rw-r--r--pcr/moblock/moblock.install26
-rw-r--r--pcr/moblock/moblock.logrotate11
-rw-r--r--pcr/moblock/moblock_0.9_rc2.patch912
-rw-r--r--pcr/moblock/moblock_include.patch10
-rw-r--r--pcr/oinkmaster/PKGBUILD34
-rw-r--r--pcr/perl-iptables-parse/PKGBUILD22
-rw-r--r--pcr/python2-fabric/PKGBUILD23
-rw-r--r--pcr/python2-paramiko/PKGBUILD33
-rw-r--r--pcr/python2-ssh/PKGBUILD26
-rw-r--r--pcr/ruby-haml/PKGBUILD35
-rw-r--r--pcr/ruby-haml/ruby-yard/PKGBUILD36
-rw-r--r--pcr/ruby-libnotify/PKGBUILD23
-rw-r--r--pcr/ruby-syntax/PKGBUILD23
-rw-r--r--pcr/ruby-yard/PKGBUILD36
-rw-r--r--pcr/spice-gtk3/PKGBUILD38
26 files changed, 1829 insertions, 0 deletions
diff --git a/pcr/anyremote/PKGBUILD b/pcr/anyremote/PKGBUILD
new file mode 100644
index 000000000..96e030245
--- /dev/null
+++ b/pcr/anyremote/PKGBUILD
@@ -0,0 +1,24 @@
+# Contributor: Andrea Fagiani <andfagiani_at_gmail_dot_com>
+# Contributor: hb <hb.at.spamers.dot.net>
+# Contributor: Lisa Denia <eiffel56@gmail.com>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=anyremote
+pkgver=6.0
+pkgrel=1
+pkgdesc="Remote control (console-oriented) through bluetooth or IR connection"
+arch=('i686' 'x86_64')
+url="http://anyremote.sourceforge.net"
+license=('GPL')
+depends=('bluez' 'dbus-glib' 'libxtst')
+optdepends=("irda-utils: IRDA support")
+install=anyremote.install
+source=(http://downloads.sourceforge.net/sourceforge/anyremote/$pkgname-$pkgver.tar.gz)
+
+build() {
+ cd $srcdir/$pkgname-$pkgver
+ ./configure --prefix=/usr
+ make
+ make DESTDIR=$pkgdir install
+}
+md5sums=('f39da5df07f3e1a0c59bc3f95347dbe7')
diff --git a/pcr/anyremote/anyremote.install b/pcr/anyremote/anyremote.install
new file mode 100644
index 000000000..012444ce0
--- /dev/null
+++ b/pcr/anyremote/anyremote.install
@@ -0,0 +1,6 @@
+post_install () {
+ echo "
+ >>>Download the java client for your phone at
+ >>>http://anyremote.sourceforge.net/dload.html
+ "
+}
diff --git a/pcr/bup/PKGBUILD b/pcr/bup/PKGBUILD
new file mode 100644
index 000000000..bdc2abeeb
--- /dev/null
+++ b/pcr/bup/PKGBUILD
@@ -0,0 +1,34 @@
+# Contributor: Bram Schoenmakers <me@bramschoenmakers.nl>
+# Contributor: henning mueller <henning@orgizm.net>
+# Maintainer : Parabola GNU / Linux-libre Aurélien Desbrières <aurelien@cwb.io>
+
+# If you'd like to have documentation, please set the variable below to 1.
+# This implies installing pandoc, which in turn depends on many Haskell packages.
+_havedocs=0
+
+pkgname=bup
+pkgver=0.25rc1
+_pkgver=0.25-rc1
+pkgrel=2
+pkgdesc="Backup tool using git pack files."
+arch=('i686' 'x86_64')
+url="http://github.com/apenwarr/bup"
+license=('GPL')
+depends=('python2-fuse' 'par2cmdline')
+[ $_havedocs = 1 ] && makedepends=('haskell-pandoc')
+source=("https://github.com/apenwarr/${pkgname}/archive/${pkgname}-${_pkgver}.tar.gz")
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgname}-${_pkgver}"
+
+ find . -name \*.py | xargs sed -i 's:env python:env python2:'
+ sed -i 's:PYTHON=python:PYTHON=python2:' Makefile
+
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgname}-${_pkgver}"
+ make DESTDIR=$pkgdir install
+}
+md5sums=('9d9af10900d84e2951aa64631ff4860d')
diff --git a/pcr/fwsnort/PKGBUILD b/pcr/fwsnort/PKGBUILD
new file mode 100644
index 000000000..37a863822
--- /dev/null
+++ b/pcr/fwsnort/PKGBUILD
@@ -0,0 +1,44 @@
+# Contributor: Colin Shea <colin@evaryont.me>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=fwsnort
+pkgver=1.6.2
+pkgrel=1
+pkgdesc="application layer IDS/IPS by translating snort rules into iptables"
+arch=('any')
+url="http://www.cipherdyne.org/fwsnort/"
+license=('GPL')
+depends=('perl' 'perl-net-ipv4addr' 'perl-iptables-parse' 'iptables' 'net-tools')
+makedepends=('wget')
+source=(http://www.cipherdyne.org/$pkgname/download/$pkgname-$pkgver.tar.bz2
+ 'install_pl.patch')
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ mkdir -p $pkgdir/var/log/fwsnort \
+ $pkgdir/usr/lib/fwsnort \
+ $pkgdir/usr/share/man/man8 \
+ $pkgdir/usr/sbin \
+ $pkgdir/etc/fwsnort/snort_rules \
+ $pkgdir/etc/fwsnort/archive \
+ $pkgdir/etc/fwsnort/snort_rules_queue
+
+ patch -p0 -i $srcdir/install_pl.patch
+ sed -e "/mpath.*man8/s|/usr|$pkgdir&|" \
+ -e "/^my\\ \\\$sbin/s|/usr|$pkgdir&|" \
+ -i install.pl
+
+ cp fwsnort.conf fwsnort.conf.bak
+
+ sed -e "s|/var/log/fwsnort|$pkgdir&|" \
+ -e "s|/usr/lib/fwsnort|$pkgdir&|" \
+ -e "s|/etc/fwsnort|$pkgdir&|" \
+ ./fwsnort.conf -i
+ # -S skips installing the perl modules, which we did with packages
+ echo y | ./install.pl -S
+ mv -f fwsnort.conf.bak $pkgdir/etc/fwsnort/fwsnort.conf
+ chmod 755 $pkgdir/usr/sbin/fwsnort
+}
+
+# vim:set ts=2 sw=2 et:
diff --git a/pcr/fwsnort/install_pl.patch b/pcr/fwsnort/install_pl.patch
new file mode 100644
index 000000000..b9cfb4a33
--- /dev/null
+++ b/pcr/fwsnort/install_pl.patch
@@ -0,0 +1,27 @@
+--- install.pl 2011-02-05 05:02:38.845785881 -0700
++++ install2.pl 2011-02-05 05:03:21.350360881 -0700
+@@ -120,10 +120,6 @@
+ ### make sure the system binaries are where we think they are.
+ &check_commands();
+
+-### check to make sure we are running as root
+-$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",
+- " account) to install/uninstall fwsnort!\n";
+-
+ if ($uninstall) {
+ &uninstall();
+ } else {
+--- install.pl 2011-01-02 18:38:51.000000000 -0700
++++ install2.pl 2011-02-05 04:59:01.653910881 -0700
+@@ -471,8 +471,11 @@
+ sub check_commands() {
+ my @path = qw(
+ /bin
++ /sbin
+ /usr/bin
++ /usr/sbin
+ /usr/local/bin
++ /usr/local/sbin
+ );
+ CMD: for my $cmd (keys %cmds) {
+ unless (-x $cmds{$cmd}) {
diff --git a/pcr/maruku/PKGBUILD b/pcr/maruku/PKGBUILD
new file mode 100644
index 000000000..a647e5a12
--- /dev/null
+++ b/pcr/maruku/PKGBUILD
@@ -0,0 +1,24 @@
+# Contributor: Adam Lloyd <lloyda2 (at) rpi (dot) edu>
+# Maintainter : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=maruku
+pkgver=0.6.0
+pkgrel=1
+pkgdesc="A Markdown-superset interpreter"
+arch=(any)
+url="http://maruku.rubyforge.org/"
+license=('GPL2')
+depends=(ruby ruby-syntax)
+makedepends=(rubygems)
+source=(http://gems.rubyforge.org/gems/maruku-$pkgver.gem)
+noextract=(maruku-$pkgver.gem)
+md5sums=('6e2575e43b675eb4e15bbcee0fd1fd29')
+
+build() {
+ cd $srcdir
+ local _gemdir="$(ruby -rubygems -e'puts Gem.default_dir')"
+ gem install --ignore-dependencies -i "$pkgdir$_gemdir" maruku-$pkgver.gem
+}
+
+# vim:set ts=2 sw=2 et:
+md5sums=('6e2575e43b675eb4e15bbcee0fd1fd29')
diff --git a/pcr/moblock/MoBlock-nfq.sh.patch b/pcr/moblock/MoBlock-nfq.sh.patch
new file mode 100644
index 000000000..f9136c3c7
--- /dev/null
+++ b/pcr/moblock/MoBlock-nfq.sh.patch
@@ -0,0 +1,53 @@
+--- MoBlock-0.8/MoBlock-nfq.sh.orig 2008-11-30 03:44:02.000000000 -0500
++++ MoBlock-0.8/MoBlock-nfq.sh 2008-12-01 18:56:15.000000000 -0500
+@@ -3,14 +3,10 @@
+ # MoBlock.sh - MoBlock start script
+ # ---------------------------------
+
+-ACTIVATE_CHAINS=1
+-WHITE_TCP_IN=""
+-WHITE_UDP_IN=""
+-WHITE_TCP_OUT=""
+-WHITE_UDP_OUT=""
+-WHITE_TCP_FORWARD=""
+-WHITE_UDP_FORWARD=""
++# Some configuration options have been moved to an external conf file
++# This should make maintenance and upgrading easier
+
++. /etc/moblock/config
+
+ PIDF=/var/run/moblock.pid
+
+@@ -78,6 +74,17 @@
+ iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
+ done
+
++# For added IP whitelisting support
++
++for IP in $WHITE_IP_OUT; do
++ iptables -I MOBLOCK_OUT -p all -m iprange --dst-range $IP -j ACCEPT
++done
++for IP in $WHITE_IP_IN; do
++ iptables -I MOBLOCK_IN -p all -m iprange --src-range $IP -j ACCEPT
++done
++for IP in $WHITE_IP_FW; do
++ iptables -I MOBLOCK_FW -p all -m iprange --dst-range $IP -j ACCEPT
++done
+
+ # Loopback traffic fix
+
+@@ -85,7 +92,8 @@
+ iptables -I OUTPUT -p all -o lo -j ACCEPT
+
+ # Here you can change block list and log files
+-./moblock -p /etc/guarding.p2p ./moblock.log
++#./moblock -p /etc/guarding.p2p ./moblock.log
++/usr/bin/moblock -p /etc/moblock/banned.list /var/log/moblock.log >/dev/null 2>&1
+
+ # On exit delete the rules we added
+
+@@ -108,3 +116,4 @@
+ if [ -f $PIDF ]; then
+ rm $PIDF;
+ fi
++
diff --git a/pcr/moblock/PKGBUILD b/pcr/moblock/PKGBUILD
new file mode 100755
index 000000000..15504d1c1
--- /dev/null
+++ b/pcr/moblock/PKGBUILD
@@ -0,0 +1,55 @@
+# Contributor: Kevin Edmonds <edmondskevin@hotmail.com>
+# Contributor: Filip Wojciechowski, filip at loka dot pl
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=moblock
+pkgver=0.9rc2
+pkgrel=8
+pkgdesc="Console application that blocks connections from/to hosts listed in a file in peerguardian format"
+arch=('i686' 'x86_64')
+url="http://moblock.berlios.de/"
+license=('GPL')
+depends=(libnetfilter_queue iptables)
+backup=(etc/moblock/config)
+install=moblock.install
+source=(http://download.berlios.de/moblock/MoBlock-0.8-i586.tar.bz2 \
+ moblock_0.9_rc2.patch \
+ MoBlock-nfq.sh.patch \
+ moblock_include.patch \
+ config \
+ moblock-update \
+ moblock \
+ moblock.logrotate)
+
+build() {
+ cd $startdir/src/MoBlock-0.8
+
+ # patch to update moblock to the latest cvs version
+ patch -Np1 -i ../moblock_0.9_rc2.patch || return 1
+ # add IP whitelisting and move configs to a separate conf file
+ patch -Np1 -i ../MoBlock-nfq.sh.patch || return 1
+ # necessary to make moblock build with recent kernels
+ patch -Np1 -i ../moblock_include.patch || return 1
+
+ # change the CFLAGS for both i686 and x84_64 builds
+ sed -i "s#-Wall -O.*-ffast-math#$CFLAGS#g" Makefile
+
+ # build
+ make || return 1
+
+ #move the files
+ install -D -m 755 ./MoBlock-nfq.sh $startdir/pkg/usr/bin/moblock-nfq || return 1
+ install -D -m 744 ./moblock $startdir/pkg/usr/bin/moblock || return 1
+ install -D -m 755 ../moblock-update $startdir/pkg/usr/bin/moblock-update || return 1
+ install -D -m 744 ../moblock $startdir/pkg/etc/rc.d/moblock || return 1
+ install -D -m 644 ../config $startdir/pkg/etc/moblock/config || return 1
+ install -D -m 644 ../moblock.logrotate $startdir/pkg/etc/logrotate.d/moblock || return 1
+}
+md5sums=('199967adb48b153be90db10fe21325c5'
+ 'e4e33c515677fa53eaca4616591d4e44'
+ 'e9f3c6b09f5e07dee948450780340ea3'
+ 'b23b5214965df59632de5cec317ddbde'
+ '840bb52a99529305e49212a69c9ced8a'
+ '49a16feb221d4d912cc7200313517f7b'
+ '1bdc949fcff0ce751a5096e489061513'
+ 'a8285fd3e68043cd8d21993d3dbbf9d4')
diff --git a/pcr/moblock/config b/pcr/moblock/config
new file mode 100644
index 000000000..7d7c287cc
--- /dev/null
+++ b/pcr/moblock/config
@@ -0,0 +1,30 @@
+# Original MoBlock configuration options from MoBlock-nfq.sh file
+ACTIVATE_CHAINS=1
+WHITE_TCP_IN=""
+WHITE_UDP_IN=""
+WHITE_TCP_OUT="" # Add "http https" here to prevent moblock from blocking webpages
+WHITE_UDP_OUT=""
+WHITE_TCP_FORWARD=""
+WHITE_UDP_FORWARD=""
+
+# Added IP whitelisting support
+WHITE_IP_IN=""
+WHITE_IP_OUT=""
+WHITE_IP_FW=""
+
+# Individual lists can be disabled by prefixing them with '!'
+# Bluetack blacklists (http://www.bluetack.co.uk)
+BLUETACK=(level1 level2 !level3 !edu ads-trackers-and-bad-pr0n bogon spyware spider Microsoft !proxy hijacked templist !rangetest dshield)
+
+# blocklist.org lists (currently doesn't work)
+#BLOCKLIST=(p2p gov spy ads edu)
+
+# backup lists (might be outdated)
+#PHOENIXLABS=(!p2b.p2b edu.txt spider.txt spyware.txt level1.txt !level2.txt !level3.txt)
+
+# Change to 'yes' if you want to backup up the old list before writing
+# a new one. Only one backup copy will be kept.
+BACKUP_OLD_LIST="no"
+
+# Options passed to wget
+WGET_OPTS="-q"
diff --git a/pcr/moblock/moblock b/pcr/moblock/moblock
new file mode 100755
index 000000000..d88bd2e8d
--- /dev/null
+++ b/pcr/moblock/moblock
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+case "$1" in
+ start)
+ stat_busy "Starting MoBlock"
+ if [ ! -f /var/run/moblock.pid ]
+ then
+ /usr/bin/moblock-nfq &
+ if [ $? -gt 0 ]
+ then
+ stat_fail
+ else
+ add_daemon moblock
+ stat_done
+ fi
+ else
+ stat_fail
+ fi
+ ;;
+ update)
+ stat_busy "Updating MoBlock block list..."
+ error=0
+ /usr/bin/moblock-update || error=1
+ stat_busy "Updating MoBlock block list"
+ if [ $error -eq 1 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ ;;
+ stats)
+ stat_busy "Logging stats to /var/log/MoBlock.stats"
+ PID=`cat /var/run/moblock.pid 2>/dev/null`
+ if [ ! -z "$PID" ]; then
+ /bin/kill -USR2 $PID
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ else
+ stat_fail
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping MoBlock"
+ PID=`cat /var/run/moblock.pid 2>/dev/null`
+ if [ ! -z "$PID" ]; then
+ /bin/kill $PID
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm_daemon moblock
+ stat_done
+ fi
+ else
+ stat_fail
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 2
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart|update|stats}"
+esac
diff --git a/pcr/moblock/moblock-update b/pcr/moblock/moblock-update
new file mode 100755
index 000000000..aae861d13
--- /dev/null
+++ b/pcr/moblock/moblock-update
@@ -0,0 +1,174 @@
+#!/bin/bash
+
+. /etc/moblock/config
+
+CONF_DIR=/etc/moblock
+TEMP_DIR=$(/usr/bin/mktemp -t -d moblock-updateXXXXXXXX)
+LIST_FILE=banned.list
+
+USECOLOR="no"
+. /etc/rc.d/functions
+PREFIX_REG=" >"
+PREFIX_HL="::"
+
+function extract()
+{
+ /usr/bin/find $TEMP_DIR -type f -name '*.gz' -o -name '*.zip' |\
+ while read N
+ do
+ case "$N" in
+ *.zip) /usr/bin/unzip -oqq "$N" 2>/dev/null
+ if [ $? -gt 0 ]; then
+ rm -f "$N"
+ return 1
+ else
+ rm -f "$N"
+ fi
+ ;;
+ *.gz) /bin/gunzip -f "$N" 2>/dev/null
+ if [ $? -gt 0 ]; then
+ rm -f "$N"
+ return 1
+ fi
+ ;;
+ *) continue
+ ;;
+ esac
+ done
+ return 0
+}
+
+cd $TEMP_DIR
+
+printf "${C_SEPARATOR} ------------------------------\n"
+printhl "Downloading and extracting files:\n"
+
+# Bluetack lists (with fallback)
+for i in ${BLUETACK[@]}
+do
+ if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then
+ stat_busy "BLUETACK '${i}'... "
+ /usr/bin/wget ${WGET_OPTS} "http://www.bluetack.co.uk/config/${i}.gz" && extract
+ if [ $? -gt 0 ] || [ ! -f ${i} ]; then
+ stat_fail
+ bfile=$i
+ if [ "$bfile" = "ads-trackers-and-bad-pr0n" ]; then
+ bfile="ads"
+ elif [ "$bfile" = "Microsoft" ];then
+ bfile="microsoft"
+ fi
+ stat_busy "[!!] BLUETACK '${i}' (fallback link)... "
+ /usr/bin/wget ${WGET_OPTS} "http://list.iblocklist.com/?list=bt_${bfile%%-*}" -O "${i}.gz" && extract
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ else
+ stat_done
+ fi
+ fi
+done
+
+# Blocklist lists
+for i in ${BLOCKLIST[@]}
+do
+ if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then
+ stat_busy "BLOCKLIST '${i}'... "
+ /usr/bin/wget ${WGET_OPTS} "blocklist.org/${i}.p2b.gz" && extract
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ fi
+done
+
+# Old phoenixlabs.org lists
+for i in ${PHOENIXLABS[@]}
+do
+ if [ $(echo $i | /bin/grep '^[^\!]' | /usr/bin/wc -l) -eq 1 ]; then
+ stat_busy "PHOENIXLABS '${i}'... "
+ /usr/bin/wget ${WGET_OPTS} "fox.phoenixlabs.org/${i}" && extract
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ fi
+done
+
+if [ $(/bin/cat "$TEMP_DIR"/* | /usr/bin/wc -l) -eq 0 ]; then
+ printf "\n"
+ printhl "ERROR: No files were downloaded"
+ printf "${C_SEPARATOR} ------------------------------\n"
+ exit 1
+fi
+
+# Check files
+printsep
+printhl "Checking integrity of downloaded files:\n"
+
+/usr/bin/find -type f | while read N
+do
+ stat_busy "File '$(echo $N | /bin/awk -F/ '{print $NF}')'... "
+ scan1=$(/bin/cat "$N" | /usr/bin/wc -l)
+ scan2=$(/bin/egrep -o ":[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*-[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" "$N" | /usr/bin/wc -l)
+ if [ $scan1 -eq $scan2 ]; then
+ stat_done
+ else
+ if [ $scan2 -gt 0 ]; then
+ if [ $scan1 -gt $scan2 ]; then
+ stat_append "$(($scan1-$scan2)) of $scan1 entries failed validation; keeping the file"
+ stat_done
+ fi
+ else
+ stat_fail
+ stat_busy "[!!] Removing corrupted file... "
+ rm "$N" 2>/dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ exit 1
+ else
+ stat_done
+ fi
+ fi
+ fi
+done
+
+printsep
+printhl "Saving the list:\n"
+
+# Make backup
+if [ "$BACKUP_OLD_LIST" = "yes" ] && [ -f "$CONF_DIR"/"$LIST_FILE" ]; then
+ stat_busy "Backing up old list to '$CONF_DIR/$LIST_FILE.gz'... "
+ /bin/gzip -f "$CONF_DIR"/"$LIST_FILE" 2>/dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+fi
+
+# Save the list
+stat_busy "Saving new list to '$CONF_DIR/$LIST_FILE'... "
+/bin/cat "$TEMP_DIR"/* > "$CONF_DIR"/"$LIST_FILE" 2>&1
+if [ $? -gt 0 ]; then
+ stat_fail
+ exit 1
+else
+ stat_done
+ printf "\n"
+ printhl "Saved `cat "$CONF_DIR"/"$LIST_FILE" | wc -l` ranges"
+ printf "${C_SEPARATOR} ------------------------------\n"
+fi
+
+rm -rf "$TEMP_DIR"
+
+# Restart MoBlock
+if [ -f /var/run/moblock.pid ]; then
+ /bin/kill -HUP `cat /var/run/moblock.pid` >/dev/null 2>&1
+fi
+
+exit 0
+
diff --git a/pcr/moblock/moblock.install b/pcr/moblock/moblock.install
new file mode 100644
index 000000000..6afe1d5d9
--- /dev/null
+++ b/pcr/moblock/moblock.install
@@ -0,0 +1,26 @@
+post_install() {
+ #clean up after an old hack
+ if [ -h /usr/lib/libnfnetlink.so.1 ]; then
+ rm /usr/lib/libnfnetlink.so.1
+ fi
+ echo ""
+ echo ">>> moblock-update script no longer uses /var/spool/moblock"
+ echo ">>> as a temporary directory. You can safely delete it."
+ echo ""
+}
+
+post_upgrade() {
+ #clean up after an old hack
+ if [ -h /usr/lib/libnfnetlink.so.1 ]; then
+ rm /usr/lib/libnfnetlink.so.1
+ fi
+ echo ""
+ echo ">>> moblock-update script no longer uses /var/spool/moblock"
+ echo ">>> as a temporary directory. You can safely delete it."
+ echo ""
+}
+
+op=$1
+shift
+$op $*
+
diff --git a/pcr/moblock/moblock.logrotate b/pcr/moblock/moblock.logrotate
new file mode 100644
index 000000000..6ed64bb81
--- /dev/null
+++ b/pcr/moblock/moblock.logrotate
@@ -0,0 +1,11 @@
+"/var/log/moblock.log" /var/log/MoBlock.stats {
+ daily
+ missingok
+ notifempty
+ sharedscripts
+ postrotate
+ /usr/bin/test -f /var/run/moblock.pid && /bin/kill -HUP `cat /var/run/moblock.pid 2>/dev/null` 2>/dev/null || exit 0
+ endscript
+ compress
+}
+
diff --git a/pcr/moblock/moblock_0.9_rc2.patch b/pcr/moblock/moblock_0.9_rc2.patch
new file mode 100644
index 000000000..69994ffe8
--- /dev/null
+++ b/pcr/moblock/moblock_0.9_rc2.patch
@@ -0,0 +1,912 @@
+diff -Naur MoBlock-0.8_orig/Changelog MoBlock-0.8/Changelog
+--- MoBlock-0.8_orig/Changelog 2006-03-22 12:44:31.000000000 -0500
++++ MoBlock-0.8/Changelog 2008-02-10 11:56:08.000000000 -0500
+@@ -4,6 +4,23 @@
+
+ ---
+
++0.9: - fix for kernel 2.6.23
++ - support for MARKing packets instead of DROPping or
++ ACCEPTing
++ - example start script that REJECTs packets instead of
++ DROPping.
++ - Integrated a patch from David Walluck for proper loading
++ of p2b files (version 2)
++ - command line options for logging to syslog, stdout
++ and log timestamping
++ - fixed loading pg1 lists with comments (lines starting
++ with '#')
++ - fixed a bug in ranges merge
++ - applied patch 2223 by badfish99: "IPs logged with bytes
++ reversed on big-endian m/c"
++
++---
++
+ 0.8: - support for NFQUEUE-ing from iptables FORWARD chain (thx to
+ hyakki for suggestions and testing!)
+ - included patches from Maximilian Mehnert to support log file
+diff -Naur MoBlock-0.8_orig/Makefile MoBlock-0.8/Makefile
+--- MoBlock-0.8_orig/Makefile 2006-03-22 12:44:31.000000000 -0500
++++ MoBlock-0.8/Makefile 2007-11-22 08:10:44.000000000 -0500
+@@ -1,4 +1,3 @@
+-
+ # To use the old-soon-to-be-deprecated libipq interface
+ # uncomment the following line and comment the NFQUEUE one,
+ # then comment the gcc line with netfilter_queue and
+@@ -7,7 +6,7 @@
+ #QUEUE_LIB=LIBIPQ
+ QUEUE_LIB=NFQUEUE
+
+-CFLAGS=-Wall -O2 -march=i586 -mtune=i686 -fomit-frame-pointer -ffast-math \
++CFLAGS=-Wall -O3 -march=i586 -mtune=i686 -fomit-frame-pointer -ffast-math \
+ -D_GNU_SOURCE -D$(QUEUE_LIB) -L/usr/include/libipq
+ CC=gcc
+
+diff -Naur MoBlock-0.8_orig/MoBlock-nfq-reject.sh MoBlock-0.8/MoBlock-nfq-reject.sh
+--- MoBlock-0.8_orig/MoBlock-nfq-reject.sh 1969-12-31 19:00:00.000000000 -0500
++++ MoBlock-0.8/MoBlock-nfq-reject.sh 2007-11-22 08:10:44.000000000 -0500
+@@ -0,0 +1,104 @@
++#!/bin/sh
++#
++# MoBlock.sh - MoBlock start script
++# ---------------------------------
++
++ACTIVATE_CHAINS=1
++WHITE_TCP_IN=""
++WHITE_UDP_IN=""
++WHITE_TCP_OUT=""
++WHITE_UDP_OUT=""
++WHITE_TCP_FORWARD=""
++WHITE_UDP_FORWARD=""
++REJECT_MARK="10"
++
++PIDF=/var/run/moblock.pid
++
++FNAME=`basename $0 .sh`
++MODE=`echo $FNAME|awk -F- '{print $2}'`
++
++if [ -f $PIDF ]; then
++ PID=`cat $PIDF`
++ if [ `ps -p $PID|wc -l` -gt 1 ]; then
++ echo "$0: $PIDF exists and processs seems to be running. Exiting."
++ exit 1;
++ fi;
++fi;
++
++if [ $MODE == "ipq" ]; then
++ modprobe ip_queue
++ TARGET="QUEUE"
++elif [ $MODE == "nfq" ]; then
++ modprobe ipt_NFQUEUE
++ TARGET="NFQUEUE"
++fi;
++
++modprobe ipt_state
++
++# Filter all traffic, edit for your needs
++
++iptables -N MOBLOCK_IN
++iptables -N MOBLOCK_OUT
++iptables -N MOBLOCK_FW
++
++if [ $ACTIVATE_CHAINS -eq 1 ]; then
++ iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN
++ iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
++ iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW
++fi;
++
++
++iptables -I MOBLOCK_IN -p all -j $TARGET
++
++iptables -I MOBLOCK_OUT -p all -j $TARGET
++
++iptables -I MOBLOCK_FW -p all -j $TARGET
++
++for PORT in $WHITE_TCP_OUT; do
++ iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT
++done
++for PORT in $WHITE_UDP_OUT; do
++ iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT
++done
++
++for PORT in $WHITE_TCP_IN; do
++ iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT
++done
++for PORT in $WHITE_UDP_IN; do
++ iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT
++done
++
++for PORT in $WHITE_TCP_FORWARD; do
++ iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT
++done
++for PORT in $WHITE_UDP_FORWARD; do
++ iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
++done
++
++iptables -I OUTPUT -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT
++iptables -I FORWARD -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT
++
++# Here you can change block list and log files
++./moblock -d /etc/ipfilter.dat -t -s -r $REJECT_MARK ./moblock.log
++
++# On exit delete the rules we added
++
++if [ $ACTIVATE_CHAINS -eq 1 ]; then
++ iptables -D INPUT -p all -m state --state NEW -j MOBLOCK_IN
++ iptables -D OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
++ iptables -D FORWARD -p all -m state --state NEW -j MOBLOCK_FW
++fi;
++
++iptables -D OUTPUT -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT
++iptables -D FORWARD -p all -m state --state NEW -m mark --mark $REJECT_MARK -j REJECT
++
++iptables -F MOBLOCK_IN
++iptables -X MOBLOCK_IN
++iptables -F MOBLOCK_OUT
++iptables -X MOBLOCK_OUT
++iptables -F MOBLOCK_FW
++iptables -X MOBLOCK_FW
++
++if [ -f $PIDF ]; then
++ rm $PIDF;
++fi
+diff -Naur MoBlock-0.8_orig/MoBlock.c MoBlock-0.8/MoBlock.c
+--- MoBlock-0.8_orig/MoBlock.c 2006-03-22 12:44:31.000000000 -0500
++++ MoBlock-0.8/MoBlock.c 2008-02-10 11:56:08.000000000 -0500
+@@ -35,6 +35,8 @@
+ #include <linux/netfilter_ipv4.h>
+ #include <signal.h>
+ #include <regex.h>
++#include <time.h>
++#include <syslog.h>
+
+ // in Makefile define LIBIPQ to use soon-to-be-deprecated ip_queue,
+ // NFQUEUE for ipt_NFQUEUE (from kernel 2.6.14)
+@@ -46,7 +48,7 @@
+ #include <libnetfilter_queue/libnetfilter_queue.h>
+ #endif
+
+-#define MB_VERSION "0.8"
++#define MB_VERSION "0.9rc2"
+
+ #define BUFSIZE 2048
+ #define PAYLOADSIZE 21
+@@ -58,6 +60,9 @@
+ #define SRC_ADDR(payload) (*(in_addr_t *)((payload)+12))
+ #define DST_ADDR(payload) (*(in_addr_t *)((payload)+16))
+
++#define likely(x) __builtin_expect((x),1)
++#define unlikely(x) __builtin_expect((x),0)
++
+ // rbt datatypes/functions
+
+ typedef enum {
+@@ -96,7 +101,8 @@
+ char filename[100];
+ } blocklist_info;
+
+-int merged_ranges=0, skipped_ranges=0;
++u_int32_t merged_ranges=0, skipped_ranges=0, accept_mark=0, reject_mark=0;
++u_int8_t log2syslog=0, log2file=0, log2stdout=0, timestamp=0;
+
+ #ifdef LIBIPQ
+ static void die(struct ipq_handle *h)
+@@ -112,11 +118,13 @@
+ static char buf[2][ sizeof("aaa.bbb.ccc.ddd") ];
+ static short int index=0;
+
++ ip = ntohl(ip);
++
+ sprintf(buf[index],"%d.%d.%d.%d",
+- (ip) & 0xff,
+- (ip >> 8) & 0xff,
++ (ip >> 24) & 0xff,
+ (ip >> 16) & 0xff,
+- (ip >> 24) & 0xff);
++ (ip >> 8) & 0xff,
++ (ip) & 0xff);
+
+ if (index) {
+ index=0;
+@@ -134,10 +142,38 @@
+ fflush(stdout);
+ }
+
++void log_action(char *msg)
++{
++ char timestr[30];
++ time_t tv;
++
++ if (timestamp) {
++ tv = time(NULL);
++ strncpy(timestr, ctime(&tv), 19);
++ timestr[19] = '\0';
++ strcat(timestr, "| ");
++ }
++ else strcpy(timestr, "");
++
++ if (log2syslog) {
++ syslog(LOG_INFO, msg);
++ }
++
++ if (log2file) {
++ fprintf(logfile,"%s%s",timestr,msg);
++ fflush(logfile);
++ }
++
++ if (log2stdout) {
++ fprintf(stdout,"%s%s",timestr,msg);
++ }
++}
++
+ inline void ranged_insert(char *name,char *ipmin,char *ipmax)
+ {
+ recType tmprec;
+ int ret;
++ char msgbuf[255];
+
+ if ( strlen(name) > (BNAME_LEN-1) ) {
+ strncpy(tmprec.blockname, name, BNAME_LEN);
+@@ -149,10 +185,11 @@
+ if ( (ret=insert(ntohl(inet_addr(ipmin)),&tmprec)) != STATUS_OK )
+ switch(ret) {
+ case STATUS_MEM_EXHAUSTED:
+- fprintf(logfile,"Error inserting range, MEM_EXHAUSTED.\n");
++ log_action("Error inserting range, MEM_EXHAUSTED.\n");
+ break;
+ case STATUS_DUPLICATE_KEY:
+- fprintf(logfile,"Duplicated range ( %s )\n",name);
++ sprintf(msgbuf,"Duplicated range ( %s )\n",name);
++ log_action(msgbuf);
+ break;
+ case STATUS_MERGED:
+ merged_ranges++;
+@@ -161,8 +198,9 @@
+ skipped_ranges++;
+ break;
+ default:
+- fprintf(logfile,"Unexpected return value from ranged_insert()!\n");
+- fprintf(logfile,"Return value was: %d\n",ret);
++ log_action("Unexpected return value from ranged_insert()!\n");
++ sprintf(msgbuf,"Return value was: %d\n",ret);
++ log_action(msgbuf);
+ break;
+ }
+ }
+@@ -177,15 +215,19 @@
+ regex_t regmain;
+ regmatch_t matches[4];
+ int i;
++ char msgbuf[255];
+
+ regcomp(&regmain, "^(.*)[:]([0-9.]*)[-]([0-9.]*)$", REG_EXTENDED);
+
+ fp=fopen(filename,"r");
+ if ( fp == NULL ) {
+- fprintf(logfile,"Error opening %s, aborting...\n", filename);
++ sprintf(msgbuf,"Error opening %s, aborting...\n", filename);
++ log_action(msgbuf);
+ exit(-1);
+ }
+ while ( (count=getline(&line,&len,fp)) != -1 ) {
++ if ( line[0] == '#' ) //comment line, skip
++ continue;
+ for(i=count-1; i>=0; i--) {
+ if ((line[i] == '\r') || (line[i] == '\n') || (line[i] == ' ')) {
+ line[i] = 0;
+@@ -207,36 +249,78 @@
+ line+matches[3].rm_so);
+ ntot++;
+ } else {
+- fprintf(logfile,"Short guarding.p2p line %s, skipping it...\n", line);
++ sprintf(msgbuf,"Short guarding.p2p line %s, skipping it...\n", line);
++ log_action(msgbuf);
+ }
+ }
+ if (line)
+ free(line);
+ fclose(fp);
+- fprintf(logfile,"Ranges loaded: %d\n",ntot);
+- printf("* Ranges loaded: %d\n",ntot);
++ sprintf(msgbuf, "* Ranges loaded: %d\n", ntot);
++ log_action(msgbuf);
++ if ( !log2stdout )
++ printf(msgbuf);
+ }
+
+-void loadlist_pg2(char *filename) // experimental, no check for list sanity
++void loadlist_pg2(char *filename) // supports only v2 files
+ {
+ FILE *fp;
+- int i,retval,ntot=0;
+- char name[100],ipmin[16]; // hope we don't have a list with longer names...
++ int i, j, c, retval=0, ntot=0;
++ char name[100],ipmin[16], msgbuf[255]; // hope we don't have a list with longer names...
+ uint32_t start_ip, end_ip;
+ struct in_addr startaddr,endaddr;
++ size_t s;
+
+ fp=fopen(filename,"r");
+ if ( fp == NULL ) {
+- fprintf(logfile,"Error opening %s, aborting...\n", filename);
++ sprintf(msgbuf, "Error opening %s, aborting...\n", filename);
++ log_action(msgbuf);
+ exit(-1);
+ }
+
+- fgetc(fp); // skip first 4 bytes, don't know what they are
+- fgetc(fp);
+- fgetc(fp);
+- retval=fgetc(fp);
++ for (j=0; j<4; j++) {
++ c=fgetc(fp);
++ if ( c != 0xff ) {
++ sprintf(msgbuf,"Byte %d: 0x%x != 0xff, aborting...\n", j+1, c);
++ log_action(msgbuf);
++ fclose(fp);
++ exit(-1);
++ }
++ }
++
++ c=fgetc(fp);
++ if ( c != 'P' ) {
++ sprintf(msgbuf,"Byte 5: %c != P, aborting...\n", c);
++ log_action(msgbuf);
++ fclose(fp);
++ exit(-1);
++ }
++
++ c=fgetc(fp);
++ if ( c != '2' ) {
++ sprintf(msgbuf,"Byte 6: %c != 2, aborting...\n", c);
++ log_action(msgbuf);
++ fclose(fp);
++ exit(-1);
++ }
+
+- while ( retval != EOF ) {
++ c=fgetc(fp);
++ if ( c != 'B' ) {
++ sprintf(msgbuf,"Byte 7: %c != B, aborting...\n", c);
++ log_action(msgbuf);
++ fclose(fp);
++ exit(-1);
++ }
++
++ c=fgetc(fp);
++ if ( c != 0x02 ) {
++ sprintf(msgbuf,"Byte 8: version: %d != 2, aborting...\n", c);
++ log_action(msgbuf);
++ fclose(fp);
++ exit(-1);
++ }
++
++ do {
+ i=0;
+ do {
+ name[i]=fgetc(fp);
+@@ -244,9 +328,22 @@
+ } while ( name[i-1] != 0x00 && name[i-1] != EOF);
+ if ( name[i-1] != EOF ) {
+ name[i-1]='\0';
+- fread(&start_ip,4,1,fp);
+- fread(&end_ip,4,1,fp);
+- startaddr.s_addr=start_ip;
++ s=fread(&start_ip,4,1,fp);
++ if ( s != 1 ) {
++ sprintf(msgbuf,"Failed to read start IP: %d != 1, aborting...\n", (int)s);
++ log_action(msgbuf);
++ fclose(fp);
++ exit(-1);
++ }
++ s=fread(&end_ip,4,1,fp);
++ if ( s != 1 ) {
++ sprintf(msgbuf,"Failed to read end IP: %d != 1, aborting...\n", (int)s);
++ log_action(msgbuf);
++ fclose(fp);
++ exit(-1);
++ }
++
++ startaddr.s_addr=start_ip;
+ endaddr.s_addr=end_ip;
+ strcpy(ipmin,inet_ntoa(startaddr));
+ ranged_insert(name,ipmin,inet_ntoa(endaddr));
+@@ -255,22 +352,25 @@
+ else {
+ retval=EOF;
+ }
+- }
++ } while ( retval != EOF );
+ fclose(fp);
+- fprintf(logfile,"Ranges loaded: %d\n",ntot);
+- printf("* Ranges loaded: %d\n",ntot);
++ sprintf(msgbuf, "* Ranges loaded: %d\n",ntot);
++ log_action(msgbuf);
++ if ( !log2stdout )
++ printf(msgbuf);
+ }
+
+ void loadlist_dat(char *filename)
+ {
+ FILE *fp;
+ int ntot=0;
+- char readbuf[200], *name, start_ip[16], end_ip[16];
++ char readbuf[200], *name, start_ip[16], end_ip[16], msgbuf[255];
+ unsigned short ip1_0, ip1_1, ip1_2, ip1_3, ip2_0, ip2_1, ip2_2, ip2_3;
+
+ fp=fopen(filename,"r");
+ if ( fp == NULL ) {
+- fprintf(logfile,"Error opening %s, aborting...\n", filename);
++ sprintf(msgbuf,"Error opening %s, aborting...\n", filename);
++ log_action(msgbuf);
+ exit(-1);
+ }
+
+@@ -286,38 +386,45 @@
+ ntot++;
+ }
+ fclose(fp);
+- fprintf(logfile,"Ranges loaded: %d\n",ntot);
+- printf("* Ranges loaded: %d\n",ntot);
++ sprintf(msgbuf, "* Ranges loaded: %d\n", ntot);
++ log_action(msgbuf);
++ if ( !log2stdout )
++ printf(msgbuf);
+ }
+
+ void reopen_logfile(void)
+ {
++ char msgbuf[255];
++
+ if (logfile != NULL) {
+ fclose(logfile);
+ logfile=NULL;
+ }
+ logfile=fopen(logfile_name,"a");
+ if (logfile == NULL) {
+- fprintf(stderr, "Unable to open logfile %s\n", logfile_name);
++ sprintf(msgbuf, "Unable to open logfile %s\n", logfile_name);
++ log_action(msgbuf);
+ exit(-1);
+ }
+- fprintf(logfile, "Reopening logfile.\n");
++ log_action("Reopening logfile.\n");
+ }
+
+ void my_sahandler(int sig)
+ {
++ char msgbuf[255];
++
+ switch( sig ) {
+ case SIGUSR1:
+- fprintf(logfile,"Got SIGUSR1! Dumping stats...\n");
++ log_action("Got SIGUSR1! Dumping stats...\n");
+ ll_show(logfile);
+ reopen_logfile();
+ break;
+ case SIGUSR2:
+- fprintf(logfile,"Got SIGUSR2! Dumping stats to /var/log/MoBlock.stats\n");
++ log_action("Got SIGUSR2! Dumping stats to /var/log/MoBlock.stats\n");
+ ll_log();
+ break;
+ case SIGHUP:
+- fprintf(logfile,"\nGot SIGHUP! Dumping and resetting stats, reloading blocklist\n\n");
++ log_action("Got SIGHUP! Dumping and resetting stats, reloading blocklist\n");
+ ll_log();
+ ll_clear(); // clear stats list
+ destroy_tree(); // clear loaded ranges
+@@ -332,17 +439,18 @@
+ loadlist_pg2(blocklist_info.filename);
+ break;
+ default:
+- fprintf(logfile,"Unknown blocklist type while reloading list, contact the developer!\n");
++ log_action("Unknown blocklist type while reloading list, contact the developer!\n");
+ break;
+ }
+ reopen_logfile();
+ break;
+ case SIGTERM:
+- fprintf(logfile,"Got SIGTERM! Dumping stats and exiting.\n");
++ log_action("Got SIGTERM! Dumping stats and exiting.\n");
+ ll_log();
+ exit(0);
+ default:
+- fprintf(logfile,"Received signal = %d but not handled\n",sig);
++ sprintf(msgbuf,"Received signal = %d but not handled\n",sig);
++ log_action(msgbuf);
+ break;
+ }
+ }
+@@ -378,7 +486,7 @@
+ {
+ int id=0, status=0;
+ struct nfqnl_msg_packet_hdr *ph;
+- char *payload;
++ char *payload, msgbuf[255];
+ recType tmprec;
+
+ ph = nfq_get_msg_packet_hdr(nfa);
+@@ -389,34 +497,78 @@
+ switch (ph->hook) {
+ case NF_IP_LOCAL_IN:
+ if ( find(ntohl(SRC_ADDR(payload)),&tmprec) == STATUS_OK ) {
++ // we drop the packet instead of rejecting
++ // we don't want the other host to know we are alive
+ status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
+- fprintf(logfile,"Blocked IN: %s,hits: %d,SRC: %s\n",tmprec.blockname,tmprec.hits,ip2str(SRC_ADDR(payload)));
+- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
++ sprintf(msgbuf,"Blocked IN: %s,hits: %d,SRC: %s\n",tmprec.blockname,tmprec.hits,ip2str(SRC_ADDR(payload)));
++ log_action(msgbuf);
++ }
++ else if ( unlikely(accept_mark) ) {
++ // we set the user-defined accept_mark and set NF_REPEAT verdict
++ // it's up to other iptables rules to decide what to do with this marked packet
++ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
++ }
++ else {
++ // no accept_mark, just NF_ACCEPT the packet
++ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
++ }
+ break;
+ case NF_IP_LOCAL_OUT:
+ if ( find(ntohl(DST_ADDR(payload)),&tmprec) == STATUS_OK ) {
+- status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
+- fprintf(logfile,"Blocked OUT: %s,hits: %d,DST: %s\n",tmprec.blockname,tmprec.hits,ip2str(DST_ADDR(payload)));
+- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
++ if ( likely(reject_mark) ) {
++ // we set the user-defined reject_mark and set NF_REPEAT verdict
++ // it's up to other iptables rules to decide what to do with this marked packet
++ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, reject_mark, 0, NULL);
++ }
++ else {
++ status = nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
++ }
++ sprintf(msgbuf,"Blocked OUT: %s,hits: %d,DST: %s\n",tmprec.blockname,tmprec.hits,ip2str(DST_ADDR(payload)));
++ log_action(msgbuf);
++ }
++ else if ( unlikely(accept_mark) ) {
++ // we set the user-defined accept_mark and set NF_REPEAT verdict
++ // it's up to other iptables rules to decide what to do with this marked packet
++ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
++ }
++ else {
++ // no accept_mark, just NF_ACCEPT the packet
++ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
++ }
+ break;
+ case NF_IP_FORWARD:
+ if ( find2(ntohl(SRC_ADDR(payload)), ntohl(DST_ADDR(payload)), &tmprec) == STATUS_OK ) {
+- status=nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
+- fprintf(logfile,"Blocked FWD: %s,hits: %d,SRC: %s, DST: %s\n",
++ if ( likely(reject_mark) ) {
++ // we set the user-defined reject_mark and set NF_REPEAT verdict
++ // it's up to other iptables rules to decide what to do with this marked packet
++ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, reject_mark, 0, NULL);
++ }
++ else {
++ status = nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
++ }
++ sprintf(msgbuf,"Blocked FWD: %s,hits: %d,SRC: %s, DST: %s\n",
+ tmprec.blockname, tmprec.hits, ip2str(SRC_ADDR(payload)), ip2str(DST_ADDR(payload)));
+- fflush(logfile);
+- } else status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
++ log_action(msgbuf);
++ }
++ else if ( unlikely(accept_mark) ) {
++ // we set the user-defined accept_mark and set NF_REPEAT verdict
++ // it's up to other iptables rules to decide what to do with this marked packet
++ status = nfq_set_verdict_mark(qh, id, NF_REPEAT, accept_mark, 0, NULL);
++ }
++ else {
++ // no accept_mark, just NF_ACCEPT the packet
++ status = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
++ }
+ break;
+ default:
+- fprintf(logfile,"Not NF_LOCAL_IN/OUT/FORWARD packet!\n");
++ log_action("Not NF_LOCAL_IN/OUT/FORWARD packet!\n");
+ break;
+ }
+ }
+ else {
+- fprintf(logfile,"NFQUEUE: can't get msg packet header.\n");
++ log_action("NFQUEUE: can't get msg packet header.\n");
+ return(1); // from nfqueue source: 0 = ok, >0 = soft error, <0 hard error
+ }
+- fflush(logfile);
+ return(0);
+ }
+ #endif
+@@ -492,46 +644,48 @@
+ struct nfq_q_handle *qh;
+ struct nfnl_handle *nh;
+ int fd,rv;
+- char buf[BUFSIZE];
++ char buf[BUFSIZE], msgbuf[255];
+
+ h = nfq_open();
+ if (!h) {
+- fprintf(logfile, "Error during nfq_open()\n");
++ log_action("Error during nfq_open()\n");
+ exit(-1);
+ }
+
+ if (nfq_unbind_pf(h, AF_INET) < 0) {
+- fprintf(logfile, "error during nfq_unbind_pf()\n");
+- exit(-1);
++ log_action("error during nfq_unbind_pf()\n");
++ //exit(-1);
+ }
+
+ if (nfq_bind_pf(h, AF_INET) < 0) {
+- fprintf(logfile, "Error during nfq_bind_pf()\n");
++ log_action("Error during nfq_bind_pf()\n");
+ exit(-1);
+ }
+
+- fprintf(logfile,"NFQUEUE: binding to queue '%hd'\n", queuenum);
++ sprintf(msgbuf,"NFQUEUE: binding to queue '%hd'\n", queuenum);
++ log_action(msgbuf);
+ qh = nfq_create_queue(h, queuenum, &nfqueue_cb, NULL);
+ if (!qh) {
+- fprintf(logfile, "error during nfq_create_queue()\n");
++ log_action("error during nfq_create_queue()\n");
+ exit(-1);
+ }
+
+ if (nfq_set_mode(qh, NFQNL_COPY_PACKET, PAYLOADSIZE) < 0) {
+- fprintf(logfile, "can't set packet_copy mode\n");
++ log_action("can't set packet_copy mode\n");
+ exit(-1);
+ }
+
+ nh = nfq_nfnlh(h);
+ fd = nfnl_fd(nh);
+
+- while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
++ while ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
+ nfq_handle_packet(h, buf, rv);
+ }
+
+- printf("NFQUEUE: unbinding from queue 0\n");
++ log_action("NFQUEUE: unbinding from queue 0\n");
+ nfq_destroy_queue(qh);
+ nfq_close(h);
++ nfq_unbind_pf(h, AF_INET);
+ return(0);
+ #endif
+
+@@ -540,11 +694,16 @@
+ void print_options(void)
+ {
+ printf("\nMoBlock %s by Morpheus",MB_VERSION);
+- printf("\nSyntax: MoBlock -dnp <blocklist> [-b] [-q 0-65535] <logfile>\n\n");
++ printf("\nSyntax: MoBlock -dnp <blocklist> [-q 0-65535] <logfile>\n\n");
+ printf("\t-d\tblocklist is an ipfilter.dat file\n");
+ printf("\t-n\tblocklist is a peerguardian 2.x file (.p2b)\n");
+ printf("\t-p\tblocklist is a peerguardian file (.p2p)\n");
+ printf("\t-q\t0-65535 NFQUEUE number (as specified in --queue-num with iptables)\n");
++ printf("\t-r MARK\tmark packet with MARK instead of DROP\n");
++ printf("\t-a MARK\tmark packet with MARK instead of ACCEPT\n");
++ printf("\t-l\tlog to stdout\n");
++ printf("\t-s\tlog to syslog\n");
++ printf("\t-t\tlog timestamping\n\n");
+ }
+
+ void on_quit()
+@@ -556,6 +715,7 @@
+ {
+ int ret=0;
+ unsigned short int queuenum=0;
++ char msgbuf[255];
+
+ if (argc < 3) {
+ print_options();
+@@ -591,10 +751,11 @@
+ }
+ logfile_name=malloc(strlen(argv[argc-1])+1);
+ strcpy(logfile_name,argv[argc-1]);
++ log2file = 1;
+ printf("* Logging to %s\n",logfile_name);
+
+ while (1) { //scan command line options
+- ret=getopt(argc, argv, "d:n:p:q:");
++ ret=getopt(argc, argv, "d:n:p:q:a:r:stl");
+ if ( ret == -1 ) break;
+
+ switch (ret) {
+@@ -619,6 +780,28 @@
+ case 'q':
+ queuenum=(unsigned short int)atoi(optarg);
+ break;
++ case 'r':
++ reject_mark=(u_int32_t)atoi(optarg);
++ printf("* DROP MARK: %d\n", reject_mark);
++ reject_mark=htonl(reject_mark);
++ break;
++ case 'a':
++ accept_mark=(u_int32_t)atoi(optarg);
++ printf("* ACCEPT MARK: %d\n", accept_mark);
++ accept_mark=htonl(accept_mark);
++ break;
++ case 's':
++ log2syslog = 1;
++ printf("* Logging to syslog\n");
++ break;
++ case 't':
++ timestamp = 1;
++ printf("* Log timestamp enabled\n");
++ break;
++ case 'l':
++ log2stdout = 1;
++ printf("* Log to stdout enabled\n");
++ break;
+ case '?': // unknown option
+ print_options();
+ exit(-1);
+@@ -626,10 +809,14 @@
+ }
+ }
+
+- printf("* Merged ranges: %d\n", merged_ranges);
+- fprintf(logfile, "Merged ranges: %d\n", merged_ranges);
+- printf("* Skipped useless ranges: %d\n", skipped_ranges);
+- fprintf(logfile,"Skipped useless ranges: %d\n", skipped_ranges);
++ sprintf(msgbuf, "* Merged ranges: %d\n", merged_ranges);
++ log_action(msgbuf);
++ if ( !log2stdout )
++ printf(msgbuf);
++ sprintf(msgbuf,"* Skipped useless ranges: %d\n", skipped_ranges);
++ log_action(msgbuf);
++ if ( !log2stdout )
++ printf(msgbuf);
+ fflush(NULL);
+
+ netlink_loop(queuenum);
+diff -Naur MoBlock-0.8_orig/README MoBlock-0.8/README
+--- MoBlock-0.8_orig/README 2006-03-22 12:44:31.000000000 -0500
++++ MoBlock-0.8/README 2007-11-22 08:10:44.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-MoBlock README v0.8
++MoBlock README v0.9
+ http://moblock.berlios.de
+
+ .Introduction.
+@@ -47,6 +47,22 @@
+ ip_conntrack 40044 1 ipt_state
+ iptable_filter 2176 1
+ ip_tables 17600 3 ipt_NFQUEUE,ipt_state,iptable_filter
++
++ ...and these with kernel 2.6.23 using NFQUEUE interface:
++
++ nfnetlink_queue 9344 1
++ nfnetlink 4568 2 nfnetlink_queue
++ ipt_REJECT 3520 2
++ xt_mark 1600 2
++ nf_conntrack_ipv4 12424 5
++ iptable_filter 2308 1
++ ip_tables 10328 1 iptable_filter
++ xt_state 1984 5
++ nf_conntrack 48356 2 nf_conntrack_ipv4,xt_state
++ xt_NFQUEUE 1664 3
++ x_tables 11396 5 ipt_REJECT,xt_mark,ip_tables,xt_state,xt_NFQUEUE
++
++ (notice that ipt_NFQUEUE has changed to xt_NFQUEUE, same thing for other modules too)
+
+ 2) A valid guarding.p2p/ipfilter.dat/p2p.p2b host file in /etc ( /etc/guarding.p2p ).
+ MoBlock tries to skip malformed or duplicate ranges but
+@@ -140,8 +156,18 @@
+ To specify a NFQUEUE queue number:
+
+ ./moblock -p /etc/guarding.p2p -q 5 MoBlock.log
++
++ From version 0.9 MoBlock supports MARKing packets and RETURN them to
++ iptables, there's an example start script (MoBlock-nfq-reject.sh) that
++ uses this feature to REJECT packet instead of dropping them. It can help
++ in complex firewall configuration where you need more control of packets
++ flow after MoBlock inspection.
++ See the mentioned start script for reference, you can set the MARK value
++ for packets that MoBlock would drop (ip in list) with the "-r" command line
++ option and for packets that MoBlock would accept (ip not in list) with
++ the "-a" command line option.
+
+- To stop it:
++ To stop MoBlock:
+
+ kill -TERM <MoBlockPid>
+
+@@ -149,7 +175,7 @@
+ To obtain stats about blocked ranges while it's running:
+
+ kill -USR1 <MoBlockPid> # write stats to logfile
+- kill -USR2 <MoBlockPid> # write stats to /var/log/MoBlock.stats
++ kill -USR2 <MoBlockPid> # write stats to /var/log/MoBlock.stats
+
+ ** NEW: to reload the blocklist while MoBlock is running send to it the
+ HUP signal:
+@@ -168,7 +194,10 @@
+ took some code and ideas from his FTwall
+ - Andrew de Quincey (adq at lidskialf dot net) for regular expressions
+ and command line args patch
+-- Maximilian Mehnert (clessing at freenet dot de) for logfile rotation
++- clessing at freenet dot de for logfile rotation
+ patches, pid file creation, start script, fixes/files for debian packaging
++- David Walluck, patch for proper loading of p2b files
++- jre, for continuing clessing work on debian packaging and many other
++ contributions
+
+-Last Updated: 20/Mar/2006
++Last Updated: 15/Oct/2007
+diff -Naur MoBlock-0.8_orig/rbt.c MoBlock-0.8/rbt.c
+--- MoBlock-0.8_orig/rbt.c 2006-03-22 12:44:31.000000000 -0500
++++ MoBlock-0.8/rbt.c 2008-02-10 11:56:08.000000000 -0500
+@@ -19,7 +19,7 @@
+ #include <stdarg.h>
+ #include <time.h>
+
+-#define RBT_VERSION 0.8
++#define RBT_VERSION 0.9
+ #define BNAME_LEN 80
+
+ /* implementation dependend declarations */
+@@ -421,7 +421,7 @@
+
+ statusEnum insert(keyType key, recType *rec) {
+ nodeType *current, *parent, *x;
+- keyType tmpkey;
++ //keyType tmpkey;
+ recType tmprec;
+ int ret;
+
+@@ -433,6 +433,23 @@
+ current = root;
+ parent = 0;
+ while (current != NIL) {
++ if (compEQ2(current->key, key, rec->ipmax)) { // current node key is inside new range to be inserted
++ strcpy(tmprec.blockname, rec->blockname); // block name from new range
++ if (compLT(current->rec.ipmax, rec->ipmax))
++ tmprec.ipmax = rec->ipmax;
++ else tmprec.ipmax = current->rec.ipmax;
++ tmprec.hits = 0;
++ //printf("deleting node :%lu\n", current->key);
++ ret=delete(current->key);
++ if ( ret != STATUS_OK )
++ return(ret);
++ ret=insert(key, &tmprec);
++ if ( ret == STATUS_OK ) {
++ printf("new merge\n");
++ return(STATUS_MERGED);
++ }
++ else return(ret);
++ }
+ if (compEQ(key, current->key)) {
+ if ( rec->ipmax > current->rec.ipmax ) {
+ current->rec.ipmax=rec->ipmax;
+@@ -458,7 +475,7 @@
+ }
+ }
+ //check if higher ip (ipmax) is already in a range
+- if (compEQ2(rec->ipmax,current->key,current->rec.ipmax)) {
++ /*if (compEQ2(rec->ipmax,current->key,current->rec.ipmax)) {
+ fprintf(logfile,"higher ip in range\n");
+ tmpkey=key;
+ strcpy(tmprec.blockname,current->rec.blockname);
+@@ -470,7 +487,7 @@
+ if ( ret == STATUS_OK )
+ return(STATUS_MERGED);
+ else return(ret);
+- }
++ }*/
+ parent = current;
+ current = compLT(key, current->key) ?
+ current->left : current->right;
+@@ -495,7 +512,7 @@
+ } else {
+ root = x;
+ }
+-
++ //printf("new node, key: %lu, parent: %lu\n", x->key, parent ? parent->key : 0);
+ insertFixup(x);
+ lastFind = NULL;
+
diff --git a/pcr/moblock/moblock_include.patch b/pcr/moblock/moblock_include.patch
new file mode 100644
index 000000000..644e8240e
--- /dev/null
+++ b/pcr/moblock/moblock_include.patch
@@ -0,0 +1,10 @@
+--- MoBlock-0.8/MoBlock.c.orig 2008-08-15 14:41:49.000000000 -0400
++++ MoBlock-0.8/MoBlock.c 2008-08-15 14:43:45.000000000 -0400
+@@ -32,6 +32,7 @@
+ #include <netinet/udp.h>
+ #include <sys/socket.h>
+ #include <arpa/inet.h>
++#include <limits.h>
+ #include <linux/netfilter_ipv4.h>
+ #include <signal.h>
+ #include <regex.h>
diff --git a/pcr/oinkmaster/PKGBUILD b/pcr/oinkmaster/PKGBUILD
new file mode 100644
index 000000000..f533e3663
--- /dev/null
+++ b/pcr/oinkmaster/PKGBUILD
@@ -0,0 +1,34 @@
+# Contributor: Robert Knauer <robert@privatdemail.net>
+# Contributor: Kessia Pinheiro <kessiapinheiro @ gmail.com>
+# Maintainer : Parabola GNU / Linux-libre Aurélien Desbrières <aurelien@cwb.io>
+
+pkgname=oinkmaster
+pkgver=2.0
+pkgrel=7
+pkgdesc="A script that will help you update and manage your Snort rules"
+arch=('i686' 'x86_64')
+license=('BSD')
+url="http://oinkmaster.sourceforge.net/"
+depends=('snort')
+backup=(
+ 'etc/oinkmaster.conf'
+)
+source=(
+ "http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+)
+sha256sums=(
+ '3d52f0426aa7c81b122cef22b80d708d8bb8337537e48754a065804f46c46162'
+)
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ install -m0655 -D 'oinkmaster.pl' "${pkgdir}/usr/bin/oinkmaster.pl"
+ install -m0644 -D 'oinkmaster.conf' "${pkgdir}/etc/oinkmaster.conf"
+ install -m0644 -D 'oinkmaster.1' "${pkgdir}/usr/man/man1/oinkmaster.1"
+ install -d -m0644 "${pkgdir}/usr/share/oinkmaster/"
+ install -d -m0755 "${pkgdir}/usr/share/licenses/oinkmaster/"
+ install -m0644 -D 'template-examples.conf' "${pkgdir}/usr/share/oinkmaster/"
+ cp -R 'contrib/' "${pkgdir}/usr/share/oinkmaster/"
+ install -m0644 [[:upper:]]* "${pkgdir}/usr/share/oinkmaster/"
+ install -m0644 -D 'LICENSE' "${pkgdir}/usr/share/licenses/${pkgname}/"
+}
diff --git a/pcr/perl-iptables-parse/PKGBUILD b/pcr/perl-iptables-parse/PKGBUILD
new file mode 100644
index 000000000..94fe8e17a
--- /dev/null
+++ b/pcr/perl-iptables-parse/PKGBUILD
@@ -0,0 +1,22 @@
+# Contributor: Weirch Sodora <sodora@gmail.com>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=perl-iptables-parse
+pkgver=1.1
+pkgrel=1
+pkgdesc="IPTables::Parse - Perl extension for parsing iptables and ip6tables firewall rulesets"
+arch=('i686' 'x86_64')
+url="http://search.cpan.org/~mrash/IPTables-Parse/"
+license=('GPL' 'PerlArtistic')
+depends=('perl' 'iptables')
+options=('!emptydirs')
+source=(http://search.cpan.org/CPAN/authors/id/M/MR/MRASH/IPTables-Parse-$pkgver.tar.gz)
+
+build() {
+ cd $startdir/src/IPTables-Parse-$pkgver
+ PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+ make || return 1
+ make install DESTDIR=$startdir/pkg || return 1
+ find $startdir/pkg -name '.packlist' -delete
+ find $startdir/pkg -name '*.pod' -delete
+}
diff --git a/pcr/python2-fabric/PKGBUILD b/pcr/python2-fabric/PKGBUILD
new file mode 100644
index 000000000..7552eaabc
--- /dev/null
+++ b/pcr/python2-fabric/PKGBUILD
@@ -0,0 +1,23 @@
+# Maintainer: Sven-Hendrik Haase <sh@lutzhaase.com>
+# Contributor: Francois Boulogne <fboulogne at april dot org>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=python2-fabric
+pkgver=1.5.0
+pkgrel=2
+pkgdesc="Python library and command-line tool designed to streamline deploying applications or performing system administration tasks via the SSH protocol"
+url="http://fabfile.org/"
+license=('BSD')
+arch=('any')
+depends=('python2>=2.5' 'pycrypto' 'python2-paramiko>=1.9.0' 'python2-distribute' 'python2-ssh')
+source=("http://pypi.python.org/packages/source/F/Fabric/Fabric-${pkgver}.tar.gz")
+md5sums=('13b7b98149497fb7ab6f880e3e875f89')
+
+build() {
+ cd ${srcdir}/Fabric-${pkgver}
+ python2 setup.py install --root=${pkgdir} --optimize=1
+
+ install -D -m644 README.rst ${pkgdir}/usr/share/doc/${pkgname}/README.rst
+ install -D -m644 LICENSE ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE
+}
+md5sums=('13b7b98149497fb7ab6f880e3e875f89')
diff --git a/pcr/python2-paramiko/PKGBUILD b/pcr/python2-paramiko/PKGBUILD
new file mode 100644
index 000000000..da62b4e28
--- /dev/null
+++ b/pcr/python2-paramiko/PKGBUILD
@@ -0,0 +1,33 @@
+# $Id$
+# Maintainer: Chris Brannon <cmbrannon79@gmail.com>
+# Contributor: Douglas Soares de Andrade <douglas@archlinux.org>
+# Contributor: Mario Danic <mario.danic@gmail.com>
+
+pkgbase=python-paramiko
+pkgname=python2-paramiko
+pkgver=1.9.0
+pkgrel=1
+pkgdesc="Python module that implements the SSH2 protocol"
+url="http://www.lag.net/paramiko/"
+license=('LGPL')
+arch=('any')
+depends=('python2-crypto')
+conflicts=()
+replaces=()
+source=(http://pypi.python.org/packages/source/p/paramiko/paramiko-$pkgver.tar.gz)
+
+
+package_python2-paramiko() {
+ cd "$srcdir/paramiko-$pkgver"
+
+ python2 setup.py install --root="$pkgdir" --optimize=1
+ install -Dm644 README "$pkgdir/usr/share/doc/$pkgname/README"
+ install -dm755 "$pkgdir/usr/share/doc/$pkgname/demos"
+ install -m644 demos/* "$pkgdir/usr/share/doc/$pkgname/demos"
+ chmod 755 "$pkgdir/usr/share/doc/$pkgname/demos/"*.py
+
+ find "$pkgdir" -name '*.py' -print0 |xargs -0 \
+ sed -i -e 's,^#!/usr/bin/env python$,#!/usr/bin/env python2,' \
+ -e 's,^#!/usr/bin/python$,#!/usr/bin/python2,'
+}
+md5sums=('b78472021ff6586dd61ad6972032f54f')
diff --git a/pcr/python2-ssh/PKGBUILD b/pcr/python2-ssh/PKGBUILD
new file mode 100644
index 000000000..84005f0ac
--- /dev/null
+++ b/pcr/python2-ssh/PKGBUILD
@@ -0,0 +1,26 @@
+# Contributor: Your Name <youremail@domain.com>
+
+pkgname=python2-ssh
+pkgver=1.8.0
+pkgrel=1
+pkgdesc="Python SSH2 protocol library"
+arch=(any)
+url="http://pypi.python.org/pypi/ssh"
+license=('LGPL')
+depends=('python2' 'pycrypto')
+makedepends=()
+provides=()
+conflicts=()
+replaces=()
+backup=()
+options=(!emptydirs)
+install=
+source=("http://pypi.python.org/packages/source/s/ssh/ssh-$pkgver.tar.gz")
+
+package() {
+ cd "$srcdir/ssh-$pkgver"
+ python2 setup.py install --root="$pkgdir/" --optimize=1
+
+ install -D -m644 LICENSE ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE
+}
+md5sums=('bc4dd59ec0c7bdf78a3840652cac824e')
diff --git a/pcr/ruby-haml/PKGBUILD b/pcr/ruby-haml/PKGBUILD
new file mode 100644
index 000000000..37290484a
--- /dev/null
+++ b/pcr/ruby-haml/PKGBUILD
@@ -0,0 +1,35 @@
+# Contributor: Renzo Carbonara <gnuk0001@gmail.com>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=ruby-haml
+pkgver=3.1.6
+pkgrel=1
+pkgdesc="An elegant, structured XHTML/XML templating engine. Comes with Sass, a similar CSS templating engine."
+arch=('any')
+url="http://haml-lang.com/"
+license=('MIT')
+groups=()
+depends=('ruby' 'ruby-yard>=0.5.3' 'maruku>=0.5.9')
+makedepends=('rubygems')
+optdepends=()
+provides=()
+conflicts=()
+replaces=()
+backup=()
+options=()
+install=
+source=("http://gems.rubyforge.org/gems/haml-${pkgver}.gem")
+noextract=("haml-${pkgver}.gem")
+
+build() {
+ cd $srcdir
+ local _gemdir="$(ruby -rubygems -e'puts Gem.default_dir')"
+ gem install --ignore-dependencies -i "$pkgdir$_gemdir" haml-$pkgver.gem \
+ -n "$pkgdir/usr/bin"
+}
+
+md5sums=('c73b2755a56cf5461f6a5e430052f436')
+
+# vim:set ts=2 sw=2 et:
+md5sums=('c73b2755a56cf5461f6a5e430052f436')
+md5sums=('c73b2755a56cf5461f6a5e430052f436')
diff --git a/pcr/ruby-haml/ruby-yard/PKGBUILD b/pcr/ruby-haml/ruby-yard/PKGBUILD
new file mode 100644
index 000000000..a686f937d
--- /dev/null
+++ b/pcr/ruby-haml/ruby-yard/PKGBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Matt Harrison <matt at mistbyte dot com>
+# Contributor: Renzo Carbonara <gnuk0001@gmail.com>
+
+pkgname=ruby-yard
+_gemname=${pkgname#ruby-}
+pkgver=0.8.2.1
+pkgrel=2
+pkgdesc="Documentation tool for consistent and usable documentation in Ruby."
+arch=('any')
+url="http://yardoc.org"
+license=('MIT')
+groups=()
+depends=()
+makedepends=('rubygems')
+optdepends=()
+provides=()
+conflicts=()
+replaces=()
+backup=()
+options=()
+install=
+source=("http://gems.rubyforge.org/gems/yard-${pkgver}.gem")
+noextract=("yard-${pkgver}.gem")
+
+build() {
+ cd $srcdir
+ local _gemdir="$(ruby -rubygems -e'puts Gem.default_dir')"
+ gem install --no-user-install --ignore-dependencies -i "$pkgdir$_gemdir" \
+ -n "$pkgdir/usr/bin" ${_gemname}-$pkgver.gem
+ install -D "$pkgdir$_gemdir/gems/${_gemname}-$pkgver/LICENSE" \
+ "$pkgdir/usr/share/licenses/${pkgname}/LICENSE"
+}
+
+md5sums=('08a48d23f8729b68945011cae7d121fe')
+
+# vim:set ts=2 sw=2 et:
diff --git a/pcr/ruby-libnotify/PKGBUILD b/pcr/ruby-libnotify/PKGBUILD
new file mode 100644
index 000000000..f38e10d2d
--- /dev/null
+++ b/pcr/ruby-libnotify/PKGBUILD
@@ -0,0 +1,23 @@
+# Contributor: Luca Russo <vargolo@gmail.com>
+# Contributor: Sigitas Mazaliauskas <sigisnn@gmail.com>
+# Contributor: Andreas W. Hauser <andy-aur@splashground.de>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=ruby-libnotify
+pkgver=0.8.0
+pkgrel=1
+pkgdesc="ruby bindings for libnotify, a library for desktop notifications"
+arch=('i686' 'x86_64')
+url="http://rubygems.org/downloads"
+license=('LGPL')
+depends=('ruby' 'libnotify' 'ruby-gtk2')
+makedepends=('ruby-pkgconfig')
+source=(http://rubygems.org/downloads/${pkgname}-${pkgver}.gem)
+noextract=(${pkgname}-${pkgver}.gem)
+
+build() {
+ cd $srcdir
+ local _gemdir="$(ruby -rubygems -e'puts Gem.default_dir')"
+
+ gem install --ignore-dependencies -i "$pkgdir$_gemdir" ${pkgname}-${pkgver}.gem
+}
diff --git a/pcr/ruby-syntax/PKGBUILD b/pcr/ruby-syntax/PKGBUILD
new file mode 100644
index 000000000..6845206bb
--- /dev/null
+++ b/pcr/ruby-syntax/PKGBUILD
@@ -0,0 +1,23 @@
+# Contributor: Adam Lloyd <lloyda2 (at) rpi (dot) edu>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+pkgname=ruby-syntax
+pkgver=1.0.0
+pkgrel=1
+pkgdesc="Syntax - lexical analysis for syntax highlighting"
+arch=(any)
+url="http://syntax.rubyforge.org/"
+license=('custom:BSD')
+depends=(ruby)
+makedepends=(rubygems)
+source=(http://gems.rubyforge.org/gems/syntax-$pkgver.gem)
+noextract=(syntax-$pkgver.gem)
+md5sums=('d9d2eabc03bc937adfa00e35f228f9a8')
+
+build() {
+ cd $srcdir
+ local _gemdir="$(ruby -rubygems -e'puts Gem.default_dir')"
+ gem install --ignore-dependencies -i "$pkgdir$_gemdir" syntax-$pkgver.gem
+}
+
+# vim:set ts=2 sw=2 et:
+md5sums=('d9d2eabc03bc937adfa00e35f228f9a8')
diff --git a/pcr/ruby-yard/PKGBUILD b/pcr/ruby-yard/PKGBUILD
new file mode 100644
index 000000000..a686f937d
--- /dev/null
+++ b/pcr/ruby-yard/PKGBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Matt Harrison <matt at mistbyte dot com>
+# Contributor: Renzo Carbonara <gnuk0001@gmail.com>
+
+pkgname=ruby-yard
+_gemname=${pkgname#ruby-}
+pkgver=0.8.2.1
+pkgrel=2
+pkgdesc="Documentation tool for consistent and usable documentation in Ruby."
+arch=('any')
+url="http://yardoc.org"
+license=('MIT')
+groups=()
+depends=()
+makedepends=('rubygems')
+optdepends=()
+provides=()
+conflicts=()
+replaces=()
+backup=()
+options=()
+install=
+source=("http://gems.rubyforge.org/gems/yard-${pkgver}.gem")
+noextract=("yard-${pkgver}.gem")
+
+build() {
+ cd $srcdir
+ local _gemdir="$(ruby -rubygems -e'puts Gem.default_dir')"
+ gem install --no-user-install --ignore-dependencies -i "$pkgdir$_gemdir" \
+ -n "$pkgdir/usr/bin" ${_gemname}-$pkgver.gem
+ install -D "$pkgdir$_gemdir/gems/${_gemname}-$pkgver/LICENSE" \
+ "$pkgdir/usr/share/licenses/${pkgname}/LICENSE"
+}
+
+md5sums=('08a48d23f8729b68945011cae7d121fe')
+
+# vim:set ts=2 sw=2 et:
diff --git a/pcr/spice-gtk3/PKGBUILD b/pcr/spice-gtk3/PKGBUILD
new file mode 100644
index 000000000..903b9b56b
--- /dev/null
+++ b/pcr/spice-gtk3/PKGBUILD
@@ -0,0 +1,38 @@
+# Contributor: Stefano Facchini <stefano.facchini@gmail.com>
+# Contributor: Jonathan Lestrelin <zanko@daemontux.org>
+# Derived from the spice-gtk PKGBUILD by
+# Contributor: Lucio Zara <pennega@gmail.com>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io>
+
+pkgname=spice-gtk3
+_pkgname=spice-gtk
+pkgver=0.14
+pkgrel=1
+pkgdesc="A Gtk client and libraries for SPICE remote desktop servers (gtk3 version)."
+arch=('x86_64' 'i686')
+url="http://spice-space.org"
+license=('GPL')
+makedepends=('intltool' 'vala' 'python2-pyparsing')
+depends=('libpulse' 'gtk3' 'spice' 'libusb' 'usbredir')
+conflicts=('spice-gtk')
+options=('!libtool')
+source=("http://www.spice-space.org/download/gtk/$_pkgname-$pkgver.tar.bz2")
+sha256sums=('a16fa27364541493b886cc943f72c8f96ec251083af0a29d405a2c4f490274f5')
+
+build() {
+ cd "$srcdir/$_pkgname-$pkgver"
+
+ sed -i 's,/usr/bin/env python,/usr/bin/python2,' spice-common/spice_codegen.py
+
+ ./configure --prefix=/usr \
+ --with-gtk=3.0 \
+ --enable-vala \
+ --enable-smartcard=no
+ make
+}
+
+package() {
+ cd "$srcdir/$_pkgname-$pkgver"
+
+ make DESTDIR="$pkgdir/" install
+}