* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2015-08-14 9:28 Mike Frysinger
0 siblings, 0 replies; 12+ messages in thread
From: Mike Frysinger @ 2015-08-14 9:28 UTC (permalink / raw
To: gentoo-commits
commit: 2368abbabde1c09c2bb28404f39590a6ac9fb678
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 08:55:34 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 09:28:23 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2368abba
net-firewall/iptables: drop old
net-firewall/iptables/Manifest | 14 ---
net-firewall/iptables/files/ip6tables-1.3.2.confd | 11 --
net-firewall/iptables/files/iptables-1.3.2.confd | 11 --
net-firewall/iptables/files/iptables-1.3.2.init | 115 --------------------
.../files/iptables-1.4.11.1-man-fixes.patch | 17 ---
net-firewall/iptables/files/iptables-1.4.11.init | 117 ---------------------
.../iptables-1.4.12.1-conntrack-v2-ranges.patch | 48 ---------
.../iptables/files/iptables-1.4.12.1-lm.patch | 61 -----------
net-firewall/iptables/files/iptables-1.4.13.init | 116 --------------------
.../iptables/files/iptables-1.4.16.2-static.patch | 55 ----------
.../iptables/files/iptables-1.4.17-libip6tc.patch | 32 ------
.../files/iptables-1.4.18-extensions-link.patch | 74 -------------
.../files/iptables-1.4.18-ipv6-linkage.patch | 88 ----------------
net-firewall/iptables/iptables-1.4.10-r1.ebuild | 83 ---------------
net-firewall/iptables/iptables-1.4.10.ebuild | 67 ------------
net-firewall/iptables/iptables-1.4.11.1-r2.ebuild | 86 ---------------
net-firewall/iptables/iptables-1.4.12.1-r1.ebuild | 88 ----------------
net-firewall/iptables/iptables-1.4.12.1.ebuild | 87 ---------------
net-firewall/iptables/iptables-1.4.12.ebuild | 84 ---------------
net-firewall/iptables/iptables-1.4.13-r2.ebuild | 83 ---------------
net-firewall/iptables/iptables-1.4.13.ebuild | 83 ---------------
net-firewall/iptables/iptables-1.4.14-r1.ebuild | 82 ---------------
net-firewall/iptables/iptables-1.4.15-r1.ebuild | 82 ---------------
net-firewall/iptables/iptables-1.4.16.2.ebuild | 85 ---------------
net-firewall/iptables/iptables-1.4.16.3.ebuild | 83 ---------------
net-firewall/iptables/iptables-1.4.17.ebuild | 87 ---------------
net-firewall/iptables/iptables-1.4.18.ebuild | 88 ----------------
net-firewall/iptables/iptables-1.4.19.1.ebuild | 87 ---------------
net-firewall/iptables/iptables-1.4.20.ebuild | 87 ---------------
net-firewall/iptables/iptables-1.4.21.ebuild | 87 ---------------
net-firewall/iptables/iptables-1.4.6.ebuild | 54 ----------
31 files changed, 2242 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 285a257..e3c1f23 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,15 +1 @@
-DIST iptables-1.4.10.tar.bz2 478007 SHA256 7544e437d2222078b15e6cd063b521c6f1ec4dac49e6af9ba3bfece2a6a93445 SHA512 264a974cc303cf9b352ccdf50d3aa1491167cdf1d7919074925645cc94d7f5e40d315cff048d0fab48e31853dcdad64bd65b83ef6fdd05f9e896be4e3317cd1e WHIRLPOOL 4ca6629ed2f43f1393be5a24284147272ff208d27e8bc073ccadb80f27887f2ef2c477e08ab2f8f22414cd11ab6a33dc42071f2ee3168e15026a76a3270cbc2e
-DIST iptables-1.4.11.1.tar.bz2 486926 SHA256 170c294698ca573477b1b2a3815e1563bf9929d182efef6cf0331a6e955c9ade SHA512 432dff8d1bc2b65cd636bb7a8d9ace5402db134df6e5e15c11c2bf1684d513a0f3cf70af099875fbddb25a1ef8868716b4a80791d7475848dd9d7917752d451a WHIRLPOOL ace3dc5ed59f98faea78cce2f1e673cb9b9726360cb1fcaa6ff73b9c36ba2ece8b415f191f1c6862a85829bb857202571bb851132a503ffb272c078d87889cbf
-DIST iptables-1.4.12.1.tar.bz2 473418 SHA256 77e6581f21f15946a814fa311236e5f3f7c6593180f9d695cea06aa95e464aba SHA512 ca8960d6d11faaba293e62169a32f8821d9240907d7ca11741dfca78ce92e32d5e2625f99786f55fb08d27ff7643e2531cc741aa0867f45df61248264b8ffe18 WHIRLPOOL b737fb2704511066d052227f7fe73a1ce64f427c614e56a1a681a7dcc37bac214448f9821b416a35cbe7efdf5436c49d0202f6da77aa0ec60de724137d28abda
-DIST iptables-1.4.12.tar.bz2 487036 SHA256 3e07a0beb746b580fbcfb04b3842ef0bd94a2f281786552f586415b26a7e971c SHA512 e61652cee5b3e691643769ac16dd9674ad7e2d5684f9e3146200be91a6db5674cead4525a97e232644f966692bea9143eb3b0c64a2dc01a32bf34834d3a0b4de WHIRLPOOL c5f5b29387322b36cce9c59fd548bb582b7b9b11da2616f5ff14c4ddc5eec8bc500da3756593406f5a5a4ab5b43d0f0b9d44b028b270479e10d1d8f716e1d0a0
-DIST iptables-1.4.13.tar.bz2 502942 SHA256 321e2600fc4541a958e44cafd85a42864b0035404097e0f2e082d474029b9ded SHA512 598b05aa1446172c65b5103bdd02e29f8c8253eb3395e8cabc33e664e7d7afb4a842deea4f0faaac4645acd29a4fbfc0c0675c55f67e38c822ae28b549eab73c WHIRLPOOL 44df42d7fd66349c6bdef8cfa6d80571e7ec7d58a7092b188ef41a8431cd02394835177bdc4d31255b8a115f088daba269f6ecb9230b8d04df6e01151a926017
-DIST iptables-1.4.14.tar.bz2 507123 SHA256 9be675696f41cd4f35cc332b667d285fe9489ca93c8e1f77804bd04b3315a522 SHA512 3bf6db564359acafa738068980793129982318317bea69f21282d80f40dcb1e16938f8e2928e6cdcc4e77d89b2bc3f6c45aad7eb11ff84063b78e5f8e1907f9e WHIRLPOOL 16f630e38272b76c3d7eefa83869902b0f111d9ffba2eca6fe885759619dc81f1c9fc1bfe2f946adc99edfdfc5f4002a331e412a8fef674f63bfb760aa44e868
-DIST iptables-1.4.15.tar.bz2 514830 SHA256 867c144e60075e7bebe6fcecf0b65169d5e2d1fa5ceec2ebd9780cd5026123ea SHA512 2ef559f1079838b2aa8348e66248aac7bc7549be93014ddbdaf730fbad168a657e20e031dcfd9ffa62ed45a52dbefc3683783a5d9b929d539d07ba6ad6adcfa0 WHIRLPOOL 8a56ed3cffd572f2202f172a3b903283452b4fd9647b6123530a1cc489a150bc88e7eb1f911f896b655d1de37f26c0a5eadd383c06103a0f395a82e1bc321b89
-DIST iptables-1.4.16.2.tar.bz2 536755 SHA256 4468ce7e1d68349a8e30f26110eb7969dbfdbf497d6c53758883123b3f2d6f6e SHA512 1ec9d12cc069a8acb1a443e7325c2bb98f0216e0a454413424b49c90bd6f4f94832ed1187a8fc75bdc7d80aa4ca9f3534e15799c46cb17344886d7b4ad34e4c0 WHIRLPOOL b0c782f41bb7d0df794064b1f57853ec664ddf0f899ab4b1f8cf51df0f98594065b7e7e3a77ee398cbb4fcc03fe360e67cf679bf6f9f730263ad29be394e76e0
-DIST iptables-1.4.16.3.tar.bz2 536872 SHA256 643ccf34099d53d5b839e1d889c05627745a51ec122648e76a9fcec3a8a9ec79 SHA512 c232a927fe63623cc0d336b4a09d7baad2d0c5a2a5e3b7ad083727e9f17cd0b668a826a4c5ff0bbb45233fee6c38c153710b13f458514516af7cf7df10d720e2 WHIRLPOOL 2dadcdb39f7741cb7b3c493bc36792a6edbdd9ddaa0c862d2ec0a6fbb89eb82c55f04ae407ab641f425208b15ef6e689af10ce6c03368e40652367c39dead75f
-DIST iptables-1.4.17.tar.bz2 541137 SHA256 51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925 SHA512 022f89cbf56408842bdeb1adbe05076addaad007599fdb662f32a1c134d743dade28c26842acc7545d2474903164be5fe3ec7fd1e276cd2c37bd3b33b8a30de1 WHIRLPOOL f2cb85d5f4080fce2c6673a58737ace3d55130f74c66207bc515d0c7b4ecd75bd7ac8540a862e8af133e740d34eee40833d72c9c3236c7ef4dc75cd43816ec41
-DIST iptables-1.4.18.tar.bz2 542308 SHA256 14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c SHA512 fc62916bd90863c0868f70d711fd6716cbcb54402c32bdeebfd0cee05137fa3ff1a137f0a4b5b31ee0bb6492e23e60e7025d51914b26c0e0b233181cbb1cb1b5 WHIRLPOOL 5d89e0f8d2dfad0f25a369f936f86386c799b2c475cef9fb13fb3c8cb9fcb201361c7d134a24f68099b2b5468c97476e1982bc116fa6448a07d776c724fddbd3
-DIST iptables-1.4.19.1.tar.bz2 543785 SHA256 dd51d3b942758a462afc7c8495930d25c93058e5319303247375183ad50164d2 SHA512 a3232ae92b997f67b5895c110f2cb8ec3aecbc383e804a870351c61e49cd83c1d7bf750818768f5560d615090157a17cc5c4ef101bc104905915de67fa022088 WHIRLPOOL 99ec72c45eb5a5721e4228b3ae79ffa2d1a67db362a9c67a09190c8bed54f023e6550b300b41d0d119c518d234559d7bc1182313b26460a2d224768d1f7955b3
-DIST iptables-1.4.20.tar.bz2 546864 SHA256 109b8c7ca90b4536bc5de869ae705f6d5efcc0c08ef3003755aad3ed6d2d49ad SHA512 6c8e1d89db66c0cfd76afd7fa7de8a7d451337f6f15f01d811585714f6d488275621ca9a1f4967a2ae99e90f3890cf0e3c7f7a9a3a98fda902b0a56717d7ffe0 WHIRLPOOL 8146d632ec00c663988d4e82e3adfa8b9fa2df269df2e6cc359dae65727e59f4ef614540eb4f970d020eac558d7423731a88246f9df1265718346ca62e59a8e7
DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200
-DIST iptables-1.4.6.tar.bz2 463758 SHA256 6e732798cad62163d6e033aa52e22b771246556a230c0f66cd33fe69e96d72a4 SHA512 0ec1314462a154b5892093b17b997f130760b2ada4fb2b7cdc0f6cb7bb9da9ddaf77400c3fcbe57c4db1400adaec37d38f9debe37f7ed33dabbbe3b58c13e942 WHIRLPOOL 39e1f0f3f46350c81d2fe219b5d40174f4a390180f71ac8c896a634aa29abe98da665c8e93d373465dad351a9604d6c5e36c0f99f7256b85ffbc3615cefa28ae
diff --git a/net-firewall/iptables/files/ip6tables-1.3.2.confd b/net-firewall/iptables/files/ip6tables-1.3.2.confd
deleted file mode 100644
index 93c0bc8..0000000
--- a/net-firewall/iptables/files/ip6tables-1.3.2.confd
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/conf.d/ip6tables
-
-# Location in which iptables initscript will save set rules on
-# service shutdown
-IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
-
-# Options to pass to iptables-save and iptables-restore
-SAVE_RESTORE_OPTIONS="-c"
-
-# Save state on stopping iptables
-SAVE_ON_STOP="yes"
diff --git a/net-firewall/iptables/files/iptables-1.3.2.confd b/net-firewall/iptables/files/iptables-1.3.2.confd
deleted file mode 100644
index 91287de..0000000
--- a/net-firewall/iptables/files/iptables-1.3.2.confd
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/conf.d/iptables
-
-# Location in which iptables initscript will save set rules on
-# service shutdown
-IPTABLES_SAVE="/var/lib/iptables/rules-save"
-
-# Options to pass to iptables-save and iptables-restore
-SAVE_RESTORE_OPTIONS="-c"
-
-# Save state on stopping iptables
-SAVE_ON_STOP="yes"
diff --git a/net-firewall/iptables/files/iptables-1.3.2.init b/net-firewall/iptables/files/iptables-1.3.2.init
deleted file mode 100644
index 907a39e..0000000
--- a/net-firewall/iptables/files/iptables-1.3.2.init
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="save panic"
-extra_started_commands="reload"
-
-iptables_name=${SVCNAME}
-if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
- iptables_name="iptables"
-fi
-
-iptables_bin="/sbin/${iptables_name}"
-case ${iptables_name} in
- iptables) iptables_proc="/proc/net/ip_tables_names"
- iptables_save=${IPTABLES_SAVE};;
- ip6tables) iptables_proc="/proc/net/ip6_tables_names"
- iptables_save=${IP6TABLES_SAVE};;
-esac
-
-depend() {
- before net
- use logger
-}
-
-set_table_policy() {
- local chains table=$1 policy=$2
- case ${table} in
- nat) chains="PREROUTING POSTROUTING OUTPUT";;
- mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
- filter) chains="INPUT FORWARD OUTPUT";;
- *) chains="";;
- esac
- local chain
- for chain in ${chains} ; do
- ${iptables_bin} -t ${table} -P ${chain} ${policy}
- done
-}
-
-checkkernel() {
- if [ ! -e ${iptables_proc} ] ; then
- eerror "Your kernel lacks ${iptables_name} support, please load"
- eerror "appropriate modules and try again."
- return 1
- fi
- return 0
-}
-checkconfig() {
- if [ ! -f ${iptables_save} ] ; then
- eerror "Not starting ${iptables_name}. First create some rules then run:"
- eerror "/etc/init.d/${iptables_name} save"
- return 1
- fi
- return 0
-}
-
-start() {
- checkconfig || return 1
- ebegin "Loading ${iptables_name} state and starting firewall"
- ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
- eend $?
-}
-
-stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
- save || return 1
- fi
- checkkernel || return 1
- ebegin "Stopping firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- set_table_policy $a ACCEPT
-
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
- done
- eend $?
-}
-
-reload() {
- checkkernel || return 1
- ebegin "Flushing firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
- done
- eend $?
-
- start
-}
-
-save() {
- ebegin "Saving ${iptables_name} state"
- touch "${iptables_save}"
- chmod 0600 "${iptables_save}"
- ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
- eend $?
-}
-
-panic() {
- checkkernel || return 1
- service_started ${iptables_name} && svc_stop
-
- local a
- ebegin "Dropping all packets"
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
-
- set_table_policy $a DROP
- done
- eend $?
-}
diff --git a/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch b/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch
deleted file mode 100644
index d83a705..0000000
--- a/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/iptables/Makefile.am b/iptables/Makefile.am
-index 13cca9c..a068278 100644
---- a/iptables/Makefile.am
-+++ b/iptables/Makefile.am
-@@ -51,10 +51,10 @@ v6_sbin_links = ip6tables ip6tables-restore ip6tables-save
- endif
-
- iptables.8: ${srcdir}/iptables.8.in ../extensions/matches4.man ../extensions/targets4.man
-- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@;
-+ ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r ../extensions/matches4.man' -e '/@TARGET@/ r ../extensions/targets4.man' $< >$@;
-
- ip6tables.8: ${srcdir}/ip6tables.8.in ../extensions/matches6.man ../extensions/targets6.man
-- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches6.man' -e '/@TARGET@/ r extensions/targets6.man' $< >$@;
-+ ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r ../extensions/matches6.man' -e '/@TARGET@/ r ../extensions/targets6.man' $< >$@;
-
- pkgconfig_DATA = xtables.pc
-
diff --git a/net-firewall/iptables/files/iptables-1.4.11.init b/net-firewall/iptables/files/iptables-1.4.11.init
deleted file mode 100644
index 6b2b88c..0000000
--- a/net-firewall/iptables/files/iptables-1.4.11.init
+++ /dev/null
@@ -1,117 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="save panic"
-extra_started_commands="reload"
-
-iptables_name=${SVCNAME}
-if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
- iptables_name="iptables"
-fi
-
-iptables_bin="/sbin/${iptables_name}"
-case ${iptables_name} in
- iptables) iptables_proc="/proc/net/ip_tables_names"
- iptables_save=${IPTABLES_SAVE};;
- ip6tables) iptables_proc="/proc/net/ip6_tables_names"
- iptables_save=${IP6TABLES_SAVE};;
-esac
-
-depend() {
- before net
- use logger
-}
-
-set_table_policy() {
- local chains table=$1 policy=$2
- case ${table} in
- nat) chains="PREROUTING POSTROUTING OUTPUT";;
- mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
- filter) chains="INPUT FORWARD OUTPUT";;
- *) chains="";;
- esac
- local chain
- for chain in ${chains} ; do
- ${iptables_bin} -t ${table} -P ${chain} ${policy}
- done
-}
-
-checkkernel() {
- if [ ! -e ${iptables_proc} ] ; then
- eerror "Your kernel lacks ${iptables_name} support, please load"
- eerror "appropriate modules and try again."
- return 1
- fi
- return 0
-}
-checkconfig() {
- if [ ! -f ${iptables_save} ] ; then
- eerror "Not starting ${iptables_name}. First create some rules then run:"
- eerror "/etc/init.d/${iptables_name} save"
- return 1
- fi
- return 0
-}
-
-start() {
- checkconfig || return 1
- ebegin "Loading ${iptables_name} state and starting firewall"
- ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
- eend $?
-}
-
-stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
- save || return 1
- fi
- checkkernel || return 1
- ebegin "Stopping firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- set_table_policy $a ACCEPT
-
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
- done
- eend $?
-}
-
-reload() {
- checkkernel || return 1
- ebegin "Flushing firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
- done
- eend $?
-
- start
-}
-
-save() {
- ebegin "Saving ${iptables_name} state"
- touch "${iptables_save}"
- chmod 0600 "${iptables_save}"
- ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
- eend $?
-}
-
-panic() {
- checkkernel || return 1
- if service_started ${iptables_name}; then
- rc-service ${iptables_name} stop
- fi
-
- local a
- ebegin "Dropping all packets"
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
-
- set_table_policy $a DROP
- done
- eend $?
-}
diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch b/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch
deleted file mode 100644
index 9bbcc67..0000000
--- a/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-commit 3412bd0bfb8b8bac9834cbfd3392b3d5487133bf
-Author: Tom Eastep <teastep@shorewall.net>
-Date: Thu Aug 18 15:11:16 2011 -0700
-
- libxt_conntrack: improve error message on parsing violation
-
- Tom Eastep noted:
-
- $ iptables -A foo -m conntrack --ctorigdstport 22
- iptables v1.4.12: conntrack rev 2 does not support port ranges
- Try `iptables -h' or 'iptables --help' for more information.
-
- Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug,
- but let's include Tom's patch nevertheless for the better error
- message in case one actually does specify a range with rev 2.
-
- References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2
- Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-
-diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
-index 060b947..fff69f8 100644
---- a/extensions/libxt_conntrack.c
-+++ b/extensions/libxt_conntrack.c
-@@ -129,13 +129,20 @@ static const struct xt_option_entry conntrack2_mt_opts[] = {
- .flags = XTOPT_INVERT},
- {.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC,
- .flags = XTOPT_INVERT},
-- {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORT,
-+ /*
-+ * Rev 1 and 2 only store one port, and we would normally use
-+ * %XTTYPE_PORT (rather than %XTTYPE_PORTRC) for that. The resulting
-+ * error message - in case a user passed a range nevertheless -
-+ * "port 22:23 resolved to nothing" is not quite as useful as using
-+ * %XTTYPE_PORTC and libxt_conntrack's own range test.
-+ */
-+ {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC,
- .flags = XTOPT_INVERT | XTOPT_NBO},
-- {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORT,
-+ {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC,
- .flags = XTOPT_INVERT | XTOPT_NBO},
-- {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORT,
-+ {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC,
- .flags = XTOPT_INVERT | XTOPT_NBO},
-- {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORT,
-+ {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC,
- .flags = XTOPT_INVERT | XTOPT_NBO},
- {.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING},
- XTOPT_TABLEEND,
diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch b/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch
deleted file mode 100644
index 4d9e1d8..0000000
--- a/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-parent 2ca6273c73b42e8c74afd5f8b1fe10c5c93ce363 (v1.4.12-43-g2ca6273)
-commit d4e72dc1c684c2f8361d87e6bde2902cd2ee8efb
-Author: Jan Engelhardt <jengelh@medozas.de>
-Date: Sat Sep 3 13:34:40 2011 +0200
-
-libxt_statistic: link with -lm
-
-$ ldd -r libxt_statistic.so
-undefined symbol: lround (./libxt_statistic.so)
-
-References: https://bugs.archlinux.org/task/25358
-Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
----
- extensions/GNUmakefile.in | 5 ++++-
- iptables/Makefile.am | 9 +++++++--
- 2 files changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index 2b48d84..dbf210c 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -90,11 +90,14 @@ init%.o: init%.c
- # Shared libraries
- #
- lib%.so: lib%.oo
-- ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $<;
-+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< ${$*_LIBADD};
-
- lib%.oo: ${srcdir}/lib%.c
- ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
-
-+# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
-+xt_statistic_LIBADD = -lm
-+
-
- #
- # Static bits
-diff --git a/iptables/Makefile.am b/iptables/Makefile.am
-index addb159..f6db32d 100644
---- a/iptables/Makefile.am
-+++ b/iptables/Makefile.am
-@@ -6,12 +6,17 @@ AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}
- lib_LTLIBRARIES = libxtables.la
- libxtables_la_SOURCES = xtables.c xtoptions.c
- libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
-+libxtables_la_LIBADD =
-+if ENABLE_STATIC
-+# With --enable-static, shipped extensions are linked into the main executable,
-+# so we need all the LIBADDs here too
-+libxtables_la_LIBADD += -lm
-+endif
- if ENABLE_SHARED
- libxtables_la_CFLAGS = ${AM_CFLAGS}
--libxtables_la_LIBADD = -ldl
-+libxtables_la_LIBADD += -ldl
- else
- libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
--libxtables_la_LIBADD =
- endif
-
- xtables_multi_SOURCES = xtables-multi.c iptables-xml.c
diff --git a/net-firewall/iptables/files/iptables-1.4.13.init b/net-firewall/iptables/files/iptables-1.4.13.init
deleted file mode 100644
index a45c6d1..0000000
--- a/net-firewall/iptables/files/iptables-1.4.13.init
+++ /dev/null
@@ -1,116 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_commands="save panic"
-extra_started_commands="reload"
-
-iptables_name=${SVCNAME}
-if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
- iptables_name="iptables"
-fi
-
-iptables_bin="/sbin/${iptables_name}"
-case ${iptables_name} in
- iptables) iptables_proc="/proc/net/ip_tables_names"
- iptables_save=${IPTABLES_SAVE};;
- ip6tables) iptables_proc="/proc/net/ip6_tables_names"
- iptables_save=${IP6TABLES_SAVE};;
-esac
-
-depend() {
- before net
-}
-
-set_table_policy() {
- local chains table=$1 policy=$2
- case ${table} in
- nat) chains="PREROUTING POSTROUTING OUTPUT";;
- mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
- filter) chains="INPUT FORWARD OUTPUT";;
- *) chains="";;
- esac
- local chain
- for chain in ${chains} ; do
- ${iptables_bin} -t ${table} -P ${chain} ${policy}
- done
-}
-
-checkkernel() {
- if [ ! -e ${iptables_proc} ] ; then
- eerror "Your kernel lacks ${iptables_name} support, please load"
- eerror "appropriate modules and try again."
- return 1
- fi
- return 0
-}
-checkconfig() {
- if [ ! -f ${iptables_save} ] ; then
- eerror "Not starting ${iptables_name}. First create some rules then run:"
- eerror "/etc/init.d/${iptables_name} save"
- return 1
- fi
- return 0
-}
-
-start() {
- checkconfig || return 1
- ebegin "Loading ${iptables_name} state and starting firewall"
- ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
- eend $?
-}
-
-stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
- save || return 1
- fi
- checkkernel || return 1
- ebegin "Stopping firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- set_table_policy $a ACCEPT
-
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
- done
- eend $?
-}
-
-reload() {
- checkkernel || return 1
- ebegin "Flushing firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
- done
- eend $?
-
- start
-}
-
-save() {
- ebegin "Saving ${iptables_name} state"
- touch "${iptables_save}"
- chmod 0600 "${iptables_save}"
- ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
- eend $?
-}
-
-panic() {
- checkkernel || return 1
- if service_started ${iptables_name}; then
- rc-service ${iptables_name} stop
- fi
-
- local a
- ebegin "Dropping all packets"
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
-
- set_table_policy $a DROP
- done
- eend $?
-}
diff --git a/net-firewall/iptables/files/iptables-1.4.16.2-static.patch b/net-firewall/iptables/files/iptables-1.4.16.2-static.patch
deleted file mode 100644
index a5d6fe7..0000000
--- a/net-firewall/iptables/files/iptables-1.4.16.2-static.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-https://bugs.gentoo.org/437712
-
-From 269655d54e22f3a36250bb2c4639dddd102258c6 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Mon, 8 Oct 2012 12:04:56 +0000
-Subject: [PATCH] build: remove symlink-only extensions from static object
- list
-
-$ ./configure --enable-static --disable-shared --enable-ipv4
- --enable-ipv6 && make
-[...]
-make[3]: *** No rule to make target "libxt_NOTRACK.o", needed by
-"libext.a". Stop.
-
-Signed-off-by: Jan Engelhardt <jengelh@inai.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- extensions/GNUmakefile.in | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index 8b38df9..1cef239 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -39,7 +39,7 @@ endif
- # Wildcard module list
- #
- pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
--pfx_build_mod += NOTRACK state
-+pfx_symlinks := NOTRACK state
- @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
- @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
- pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
-@@ -48,7 +48,7 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
- pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
- pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
- pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
--pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod})
-+pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
- pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
- pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
-
-@@ -220,7 +220,7 @@ man_run = \
- done >$@;
-
- matches.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
-- $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod}))
-+ $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
-
- targets.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
-- $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod}))
-+ $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
---
-1.7.12
-
diff --git a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
deleted file mode 100644
index 5212dd2..0000000
--- a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From d42bc7c100de69396a527e90736198f8e4e3000b Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 30 Dec 2012 18:06:15 -0500
-Subject: [PATCH] extensions: fix linking against -lip6tc
-
-The current build forgets to specify a path to find libip6tc which means
-it either fails (if there is no libip6tc in the system), or links against
-an old version (if there is one in the system).
-
-References: https://bugs.gentoo.org/449262
-Reported-by: Mike Gilbert <floppym@gentoo.org>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- extensions/GNUmakefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index e71e3ff..a605474 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -101,7 +101,7 @@ libxt_state.so: libxt_conntrack.so
- ln -fs $< $@
-
- # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
--ip6t_NETMAP_LIBADD = -lip6tc
-+ip6t_NETMAP_LIBADD = -L../libiptc/.libs -lip6tc
- xt_RATEEST_LIBADD = -lm
- xt_statistic_LIBADD = -lm
-
---
-1.8.0
-
diff --git a/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch
deleted file mode 100644
index 33d0481..0000000
--- a/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Sat, 16 Mar 2013 12:15:30 +0100
-Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP"
-
-This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6.
-
-The use of libtool was introduced to resolve linking problems
-in NETMAP (IPv6 version), but that resulted in RPATH problems
-reported from distributors and warnings spotted by libtool at
-linking stage.
-
-Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and
-get rid of libip6tc dependency) fixed the NETMAP issue, let's
-roll back to our previous stage.
-
-A small conflicts in extensions/GNUmakefile.in has been resolved
-in this revert.
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- extensions/GNUmakefile.in | 18 +++++++-----------
- 1 file changed, 7 insertions(+), 11 deletions(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index 3db6985..1ae7f74 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -33,7 +33,6 @@ AM_VERBOSE_CXX = @echo " CXX " $@;
- AM_VERBOSE_CXXLD = @echo " CXXLD " $@;
- AM_VERBOSE_AR = @echo " AR " $@;
- AM_VERBOSE_GEN = @echo " GEN " $@;
--AM_VERBOSE_NULL = @
- endif
-
- #
-@@ -76,7 +75,7 @@ install: ${targets_install}
- if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
-
- clean:
-- rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
-+ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
- rm -f .*.d .*.dd;
-
- distclean: clean
-@@ -90,19 +89,16 @@ init%.o: init%.c
- #
- # Shared libraries
- #
--lib%.so: lib%.la
-- ${AM_VERBOSE_NULL} ln -fs .libs/$@ $@
-+lib%.so: lib%.oo
-+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD};
-
--lib%.la: lib%.lo
-- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
--
--lib%.lo: ${srcdir}/lib%.c
-- ${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<
-+lib%.oo: ${srcdir}/lib%.c
-+ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
-
- libxt_NOTRACK.so: libxt_CT.so
-- ${AM_VERBOSE_GEN} ln -fs $< $@
-+ ln -fs $< $@
- libxt_state.so: libxt_conntrack.so
-- ${AM_VERBOSE_GEN} ln -fs $< $@
-+ ln -fs $< $@
-
- # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
- xt_RATEEST_LIBADD = -lm
---
-1.8.2.1
-
diff --git a/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch
deleted file mode 100644
index 52829de..0000000
--- a/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Sat, 16 Mar 2013 12:11:07 +0100
-Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of
- libip6tc dependency
-
-This patch changes the NETMAP target extension (IPv6 side) to use
-the xtables_ip6mask_to_cidr available in libxtables.
-
-As a side effect, we get rid of the libip6tc dependency.
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- extensions/GNUmakefile.in | 1 -
- extensions/libip6t_NETMAP.c | 2 +-
- include/libiptc/libip6tc.h | 3 ---
- iptables/ip6tables.c | 2 +-
- libiptc/libip6tc.c | 2 +-
- 5 files changed, 3 insertions(+), 7 deletions(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index adad4d6..3db6985 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so
- ${AM_VERBOSE_GEN} ln -fs $< $@
-
- # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
--ip6t_NETMAP_LIBADD = ../libiptc/libip6tc.la
- xt_RATEEST_LIBADD = -lm
- xt_statistic_LIBADD = -lm
-
-diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c
-index d14dece..a4df70e 100644
---- a/extensions/libip6t_NETMAP.c
-+++ b/extensions/libip6t_NETMAP.c
-@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
- printf("%s", xtables_ip6addr_to_numeric(&a));
- for (i = 0; i < 4; i++)
- a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]);
-- bits = ipv6_prefix_length(&a);
-+ bits = xtables_ip6mask_to_cidr(&a);
- if (bits < 0)
- printf("/%s", xtables_ip6addr_to_numeric(&a));
- else
-diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
-index c656bc4..9aed80a 100644
---- a/include/libiptc/libip6tc.h
-+++ b/include/libiptc/libip6tc.h
-@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void);
- /* Translates errno numbers into more human-readable form than strerror. */
- const char *ip6tc_strerror(int err);
-
--/* Return prefix length, or -1 if not contiguous */
--int ipv6_prefix_length(const struct in6_addr *a);
--
- extern void dump_entries6(struct xtc_handle *const);
-
- extern const struct xtc_ops ip6tc_ops;
-diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
-index 4cfbea3..7d02cc1 100644
---- a/iptables/ip6tables.c
-+++ b/iptables/ip6tables.c
-@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
- const struct in6_addr *mask, int invert)
- {
- char buf[51];
-- int l = ipv6_prefix_length(mask);
-+ int l = xtables_ip6mask_to_cidr(mask);
-
- if (l == 0 && !invert)
- return;
-diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
-index 7128e1c..ca01bcb 100644
---- a/libiptc/libip6tc.c
-+++ b/libiptc/libip6tc.c
-@@ -113,7 +113,7 @@ typedef unsigned int socklen_t;
- #define BIT6(a, l) \
- ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1)
-
--int
-+static int
- ipv6_prefix_length(const struct in6_addr *a)
- {
- int l, i;
---
-1.8.2.1
-
diff --git a/net-firewall/iptables/iptables-1.4.10-r1.ebuild b/net-firewall/iptables/iptables-1.4.10-r1.ebuild
deleted file mode 100644
index ff152ec..0000000
--- a/net-firewall/iptables/iptables-1.4.10-r1.ebuild
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="2"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink"
-
-COMMON_DEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="
- ${COMMON_DEPEND}
- virtual/os-headers
-"
-RDEPEND="
- ${COMMON_DEPEND}
-"
-
-src_prepare() {
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \
- configure
- econf \
- --sbindir=/sbin \
- --libexecdir=/$(get_libdir) \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- --enable-static \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1 || die
-}
-
-src_install() {
- emake install DESTDIR="${D}" || die
- doman iptables-apply.8 || die
- dodoc INCOMPATIBILITIES iptables.xslt || die
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables-apply || die
- dosym iptables-apply /sbin/ip6tables-apply || die
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die
- insinto /usr/include/iptables
- doins include/iptables/internal.h || die
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
- find "${D}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.10.ebuild b/net-firewall/iptables/iptables-1.4.10.ebuild
deleted file mode 100644
index 82e42fd..0000000
--- a/net-firewall/iptables/iptables-1.4.10.ebuild
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="2"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="ipv6"
-
-DEPEND="virtual/os-headers"
-RDEPEND=""
-
-src_prepare() {
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- econf \
- --sbindir=/sbin \
- --libexecdir=/$(get_libdir) \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- --enable-static \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1 || die
-}
-
-src_install() {
- emake install DESTDIR="${D}" || die
- dosbin iptables-apply || die
- doman iptables-apply.8 || die
- dodoc INCOMPATIBILITIES iptables.xslt || die
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die
- insinto /usr/include/iptables
- doins include/iptables/internal.h || die
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
- find "${D}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild b/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild
deleted file mode 100644
index 77310ab..0000000
--- a/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="ipv6 netlink"
-
-COMMON_DEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="
- ${COMMON_DEPEND}
- virtual/os-headers
- sys-devel/automake
-"
-RDEPEND="
- ${COMMON_DEPEND}
-"
-
-src_prepare() {
- # Only run autotools if user patched something
- epatch "${FILESDIR}/${P}-man-fixes.patch"
- eautomake
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \
- configure
- econf \
- --sbindir=/sbin \
- --libexecdir=/$(get_libdir) \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- --enable-static \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- emake install DESTDIR="${D}"
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild b/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild
deleted file mode 100644
index 2055cf2..0000000
--- a/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- sys-devel/automake
-"
-
-src_prepare() {
- epatch \
- "${FILESDIR}/iptables-1.4.12.1-lm.patch" \
- "${FILESDIR}/iptables-1.4.12.1-conntrack-v2-ranges.patch"
- eautomake
-
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
- econf \
- --sbindir=/sbin \
- --libexecdir=/$(get_libdir) \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.12.1.ebuild b/net-firewall/iptables/iptables-1.4.12.1.ebuild
deleted file mode 100644
index 2639b2e..0000000
--- a/net-firewall/iptables/iptables-1.4.12.1.ebuild
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="ipv6 netlink"
-
-COMMON_DEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="
- ${COMMON_DEPEND}
- virtual/os-headers
- sys-devel/automake
-"
-RDEPEND="
- ${COMMON_DEPEND}
-"
-
-src_prepare() {
- epatch "${FILESDIR}/iptables-1.4.12.1-lm.patch"
- eautomake
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \
- configure || die
- econf \
- --sbindir=/sbin \
- --libexecdir=/$(get_libdir) \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- --enable-static \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- emake install DESTDIR="${D}"
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.12.ebuild b/net-firewall/iptables/iptables-1.4.12.ebuild
deleted file mode 100644
index 80e13cc..0000000
--- a/net-firewall/iptables/iptables-1.4.12.ebuild
+++ /dev/null
@@ -1,84 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink"
-
-COMMON_DEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="
- ${COMMON_DEPEND}
- virtual/os-headers
- sys-devel/automake
-"
-RDEPEND="
- ${COMMON_DEPEND}
-"
-
-src_prepare() {
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \
- configure || die
- econf \
- --sbindir=/sbin \
- --libexecdir=/$(get_libdir) \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- --enable-static \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- emake install DESTDIR="${D}"
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.13-r2.ebuild b/net-firewall/iptables/iptables-1.4.13-r2.ebuild
deleted file mode 100644
index e10df94..0000000
--- a/net-firewall/iptables/iptables-1.4.13-r2.ebuild
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- !>=sys-kernel/linux-headers-3.5
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.13.ebuild b/net-firewall/iptables/iptables-1.4.13.ebuild
deleted file mode 100644
index efa45e2..0000000
--- a/net-firewall/iptables/iptables-1.4.13.ebuild
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- !>=sys-kernel/linux-headers-3.5
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.14-r1.ebuild b/net-firewall/iptables/iptables-1.4.14-r1.ebuild
deleted file mode 100644
index 829beb0..0000000
--- a/net-firewall/iptables/iptables-1.4.14-r1.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- !>=sys-kernel/linux-headers-3.5
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.15-r1.ebuild b/net-firewall/iptables/iptables-1.4.15-r1.ebuild
deleted file mode 100644
index 829beb0..0000000
--- a/net-firewall/iptables/iptables-1.4.15-r1.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- !>=sys-kernel/linux-headers-3.5
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.16.2.ebuild b/net-firewall/iptables/iptables-1.4.16.2.ebuild
deleted file mode 100644
index 4dc89f6..0000000
--- a/net-firewall/iptables/iptables-1.4.16.2.ebuild
+++ /dev/null
@@ -1,85 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- epatch "${FILESDIR}"/${P}-static.patch #437712
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.16.3.ebuild b/net-firewall/iptables/iptables-1.4.16.3.ebuild
deleted file mode 100644
index a5c40e6..0000000
--- a/net-firewall/iptables/iptables-1.4.16.3.ebuild
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.17.ebuild b/net-firewall/iptables/iptables-1.4.17.ebuild
deleted file mode 100644
index 0bbfa2b..0000000
--- a/net-firewall/iptables/iptables-1.4.17.ebuild
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
- epatch "${FILESDIR}"/${P}-libip6tc.patch #449262
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.18.ebuild b/net-firewall/iptables/iptables-1.4.18.ebuild
deleted file mode 100644
index 6976767..0000000
--- a/net-firewall/iptables/iptables-1.4.18.ebuild
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.netfilter.org/projects/iptables/"
-SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
- epatch "${FILESDIR}"/${P}-extensions-link.patch
- epatch "${FILESDIR}"/${P}-ipv6-linkage.patch
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.19.1.ebuild b/net-firewall/iptables/iptables-1.4.19.1.ebuild
deleted file mode 100644
index 052c7e7..0000000
--- a/net-firewall/iptables/iptables-1.4.19.1.ebuild
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.netfilter.org/projects/iptables/"
-SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.4.20.ebuild b/net-firewall/iptables/iptables-1.4.20.ebuild
deleted file mode 100644
index 43dc46c..0000000
--- a/net-firewall/iptables/iptables-1.4.20.ebuild
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.netfilter.org/projects/iptables/"
-SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.4.21.ebuild b/net-firewall/iptables/iptables-1.4.21.ebuild
deleted file mode 100644
index 56a8118..0000000
--- a/net-firewall/iptables/iptables-1.4.21.ebuild
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.netfilter.org/projects/iptables/"
-SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.4.6.ebuild b/net-firewall/iptables/iptables-1.4.6.ebuild
deleted file mode 100644
index c8e790c..0000000
--- a/net-firewall/iptables/iptables-1.4.6.ebuild
+++ /dev/null
@@ -1,54 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-inherit eutils multilib toolchain-funcs
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="ipv6"
-
-DEPEND="virtual/os-headers
- !>=sys-kernel/linux-headers-2.6.33"
-RDEPEND=""
-
-src_unpack() {
- unpack ${P}.tar.bz2
- cd "${S}"
- epatch_user
-}
-
-src_compile() {
- econf \
- --sbindir=/sbin \
- --libexecdir=/$(get_libdir) \
- --enable-devel \
- --enable-libipq \
- --enable-shared \
- --enable-static \
- $(use_enable ipv6)
- emake V=1 || die
-}
-
-src_install() {
- emake install DESTDIR="${D}" || die
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die
- insinto /usr/include/iptables
- doins include/iptables/internal.h || die
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die
- fi
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2015-08-14 9:28 Mike Frysinger
0 siblings, 0 replies; 12+ messages in thread
From: Mike Frysinger @ 2015-08-14 9:28 UTC (permalink / raw
To: gentoo-commits
commit: 4943e7bd0065e98269afcf3a0d321881ec6bacaf
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 09:10:41 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 09:28:25 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4943e7bd
net-firewall/iptables: revbump (no real changes)
net-firewall/iptables/files/iptables.init | 130 ++++++++++++++++++++++++
net-firewall/iptables/iptables-1.4.21-r2.ebuild | 94 +++++++++++++++++
2 files changed, 224 insertions(+)
diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init
new file mode 100755
index 0000000..440e840
--- /dev/null
+++ b/net-firewall/iptables/files/iptables.init
@@ -0,0 +1,130 @@
+#!/sbin/runscript
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+iptables|ip6tables) ;;
+*) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+ iptables) iptables_proc="/proc/net/ip_tables_names"
+ iptables_save=${IPTABLES_SAVE};;
+ ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+ iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+ need localmount #434774
+ before net
+}
+
+set_table_policy() {
+ local chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+ local chain
+ for chain in ${chains} ; do
+ ${iptables_bin} -t ${table} -P ${chain} ${policy}
+ done
+}
+
+checkkernel() {
+ if [ ! -e ${iptables_proc} ] ; then
+ eerror "Your kernel lacks ${iptables_name} support, please load"
+ eerror "appropriate modules and try again."
+ return 1
+ fi
+ return 0
+}
+checkconfig() {
+ if [ ! -f ${iptables_save} ] ; then
+ eerror "Not starting ${iptables_name}. First create some rules then run:"
+ eerror "/etc/init.d/${iptables_name} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ${iptables_name} state and starting firewall"
+ ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+ checkkernel || return 1
+ ebegin "Stopping firewall"
+ local a
+ for a in $(cat ${iptables_proc}) ; do
+ set_table_policy $a ACCEPT
+
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+ done
+ eend $?
+}
+
+reload() {
+ checkkernel || return 1
+ checkrules || return 1
+ ebegin "Flushing firewall"
+ local a
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+ done
+ eend $?
+
+ start
+}
+
+checkrules() {
+ ebegin "Checking rules"
+ ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+check() {
+ # Short name for users of init.d script.
+ checkrules
+}
+
+save() {
+ ebegin "Saving ${iptables_name} state"
+ checkpath -q -d "$(dirname "${iptables_save}")"
+ checkpath -q -m 0600 -f "${iptables_save}"
+ ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+ eend $?
+}
+
+panic() {
+ checkkernel || return 1
+ if service_started ${iptables_name}; then
+ rc-service ${iptables_name} stop
+ fi
+
+ local a
+ ebegin "Dropping all packets"
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+
+ set_table_policy $a DROP
+ done
+ eend $?
+}
diff --git a/net-firewall/iptables/iptables-1.4.21-r2.ebuild b/net-firewall/iptables/iptables-1.4.21-r2.ebuild
new file mode 100644
index 0000000..c05cbf6
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21-r2.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink static-libs"
+
+RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
+ netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+ fi
+
+ # Move important libs to /lib
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2015-08-15 18:19 Mike Frysinger
0 siblings, 0 replies; 12+ messages in thread
From: Mike Frysinger @ 2015-08-15 18:19 UTC (permalink / raw
To: gentoo-commits
commit: 1f367931c8e234cc3ac1f20ec191f80aa3a91c2a
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 15 18:18:43 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Aug 15 18:18:43 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f367931
net-firewall/iptables: fix configure enable flag parsing #557586
.../iptables/files/iptables-1.4.21-configure.patch | 34 ++++++++++++++++++++++
net-firewall/iptables/iptables-1.4.21-r2.ebuild | 2 ++
2 files changed, 36 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
new file mode 100644
index 0000000..e827885
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/557586
+
+From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 15 Aug 2015 14:12:39 -0400
+Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
+
+The 3rd arg is used when --{enable,disable}-foo are passed in, not when
+the feature is enabled. Use the existing $enableval instead.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/configure
++++ b/configure
+@@ -11898,14 +11898,14 @@ fi
+
+ # Check whether --enable-bpf-compiler was given.
+ if test "${enable_bpf_compiler+set}" = set; then :
+- enableval=$enable_bpf_compiler; enable_bpfc="yes"
++ enableval=$enable_bpf_compiler; enable_bpfc="$enableval"
+ else
+ enable_bpfc="no"
+ fi
+
+ # Check whether --enable-nfsynproxy was given.
+ if test "${enable_nfsynproxy+set}" = set; then :
+- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
++ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval"
+ else
+ enable_nfsynproxy="no"
+ fi
diff --git a/net-firewall/iptables/iptables-1.4.21-r2.ebuild b/net-firewall/iptables/iptables-1.4.21-r2.ebuild
index e70cf33..268e0f7 100644
--- a/net-firewall/iptables/iptables-1.4.21-r2.ebuild
+++ b/net-firewall/iptables/iptables-1.4.21-r2.ebuild
@@ -34,6 +34,8 @@ src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
+ epatch "${FILESDIR}"/${P}-configure.patch #557586
+
# Only run autotools if user patched something
epatch_user && eautoreconf || elibtoolize
}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2017-01-28 14:24 Lars Wendler
0 siblings, 0 replies; 12+ messages in thread
From: Lars Wendler @ 2017-01-28 14:24 UTC (permalink / raw
To: gentoo-commits
commit: c89ca3f2027933f4b5dc49b50b71bdc7c3a2af8d
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 28 14:23:56 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan 28 14:24:19 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c89ca3f2
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.3, Repoman-2.3.1
net-firewall/iptables/Manifest | 1 -
.../iptables/files/iptables-1.4.17-libip6tc.patch | 32 -------
net-firewall/iptables/iptables-1.4.17.ebuild | 87 -----------------
net-firewall/iptables/iptables-1.4.21-r2.ebuild | 103 --------------------
net-firewall/iptables/iptables-1.4.21-r3.ebuild | 104 ---------------------
5 files changed, 327 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 9da9756..da65235 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,4 +1,3 @@
-DIST iptables-1.4.17.tar.bz2 541137 SHA256 51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925 SHA512 022f89cbf56408842bdeb1adbe05076addaad007599fdb662f32a1c134d743dade28c26842acc7545d2474903164be5fe3ec7fd1e276cd2c37bd3b33b8a30de1 WHIRLPOOL f2cb85d5f4080fce2c6673a58737ace3d55130f74c66207bc515d0c7b4ecd75bd7ac8540a862e8af133e740d34eee40833d72c9c3236c7ef4dc75cd43816ec41
DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200
DIST iptables-1.6.0.tar.bz2 608288 SHA256 4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60 SHA512 60360910db76e3265fb7b6456a55b91708263bde9c4e5b9cadf3832d2e2a9db3e6cb60c82e278ea0672618bd5c9566c374e00d19d35a2e8f330116c3ab6aaf51 WHIRLPOOL e5ab2398b0650883d31ea144777a6b00904a4e02434f0420037aa54cfc5e47359b95604e945ae3a1abbf3037c37aea2143d3a5457a500e12f1c1139b11655015
DIST iptables-1.6.1.tar.bz2 620890 SHA256 0fc2d7bd5d7be11311726466789d4c65fb4c8e096c9182b56ce97440864f0cf5 SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8 WHIRLPOOL e34fffbad8a5aea278cdfd11f042e2318862f8e6045a94a2eff35e6cb233ec62d030d83838613338ca2d928f6982cebf9665d039ba61218399139745c9cb08f9
diff --git a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
deleted file mode 100644
index 5212dd2..00000000
--- a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From d42bc7c100de69396a527e90736198f8e4e3000b Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 30 Dec 2012 18:06:15 -0500
-Subject: [PATCH] extensions: fix linking against -lip6tc
-
-The current build forgets to specify a path to find libip6tc which means
-it either fails (if there is no libip6tc in the system), or links against
-an old version (if there is one in the system).
-
-References: https://bugs.gentoo.org/449262
-Reported-by: Mike Gilbert <floppym@gentoo.org>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- extensions/GNUmakefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index e71e3ff..a605474 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -101,7 +101,7 @@ libxt_state.so: libxt_conntrack.so
- ln -fs $< $@
-
- # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
--ip6t_NETMAP_LIBADD = -lip6tc
-+ip6t_NETMAP_LIBADD = -L../libiptc/.libs -lip6tc
- xt_RATEEST_LIBADD = -lm
- xt_statistic_LIBADD = -lm
-
---
-1.8.0
-
diff --git a/net-firewall/iptables/iptables-1.4.17.ebuild b/net-firewall/iptables/iptables-1.4.17.ebuild
deleted file mode 100644
index 0bbfa2b..00000000
--- a/net-firewall/iptables/iptables-1.4.17.ebuild
+++ /dev/null
@@ -1,87 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 netlink static-libs"
-
-RDEPEND="
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
- epatch "${FILESDIR}"/${P}-libip6tc.patch #449262
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- # Move important libs to /lib
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
- find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
-}
diff --git a/net-firewall/iptables/iptables-1.4.21-r2.ebuild b/net-firewall/iptables/iptables-1.4.21-r2.ebuild
deleted file mode 100644
index e87e4ed..00000000
--- a/net-firewall/iptables/iptables-1.4.21-r2.ebuild
+++ /dev/null
@@ -1,103 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.netfilter.org/projects/iptables/"
-SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/10"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="conntrack ipv6 netlink pcap static-libs"
-
-RDEPEND="
- conntrack? ( net-libs/libnetfilter_conntrack )
- netlink? ( net-libs/libnfnetlink )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- epatch "${FILESDIR}"/${P}-configure.patch #557586
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable pcap bpf-compiler) \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.4.21-r3.ebuild b/net-firewall/iptables/iptables-1.4.21-r3.ebuild
deleted file mode 100644
index ef4eb78..00000000
--- a/net-firewall/iptables/iptables-1.4.21-r3.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.netfilter.org/projects/iptables/"
-SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/10"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="conntrack ipv6 netlink pcap static-libs"
-
-RDEPEND="
- conntrack? ( net-libs/libnetfilter_conntrack )
- netlink? ( net-libs/libnfnetlink )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- epatch "${FILESDIR}"/${P}-configure.patch #557586
- epatch "${FILESDIR}"/${P}-static-connlabel-config.patch #558234
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable pcap bpf-compiler) \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2018-07-11 14:23 Thomas Deutschmann
0 siblings, 0 replies; 12+ messages in thread
From: Thomas Deutschmann @ 2018-07-11 14:23 UTC (permalink / raw
To: gentoo-commits
commit: 6f554459eb5269d28c4005456c409c99c6d93ba1
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 11 14:22:15 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jul 11 14:22:56 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f554459
net-firewall/iptables: don't install /sbin/{arptables,ebtables} symlink
If you want to use arptables or ebtables from iptables package, please
call arptables-nft or ebtables-nft.
Closes: https://bugs.gentoo.org/660886
Package-Manager: Portage-2.3.41, Repoman-2.3.9
...ort-nft-suffix-for-arptables-and-ebtables.patch | 44 ++++++++++++++++++++++
...ables-1.8.0.ebuild => iptables-1.8.0-r1.ebuild} | 8 +++-
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
new file mode 100644
index 00000000000..1053c0a338e
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
@@ -0,0 +1,44 @@
+Backport of
+
+https://git.netfilter.org/iptables/commit/?id=565a22395c4c620bf26a002515d9016db0c35824
+
+Bug: https://bugs.gentoo.org/660886
+--- a/iptables/Makefile.am
++++ b/iptables/Makefile.am
+@@ -80,7 +80,9 @@ x_sbin_links = iptables-nft iptables-nft-restore iptables-nft-save \
+ ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \
+ iptables-translate ip6tables-translate \
+ iptables-restore-translate ip6tables-restore-translate \
+- arptables ebtables xtables-monitor
++ arptables-nft arptables \
++ ebtables-nft ebtables \
++ xtables-monitor
+ endif
+
+ iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man
+--- a/iptables/Makefile.in
++++ b/iptables/Makefile.in
+@@ -526,7 +526,9 @@ vx_bin_links = iptables-xml
+ @ENABLE_NFTABLES_TRUE@ ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \
+ @ENABLE_NFTABLES_TRUE@ iptables-translate ip6tables-translate \
+ @ENABLE_NFTABLES_TRUE@ iptables-restore-translate ip6tables-restore-translate \
+-@ENABLE_NFTABLES_TRUE@ arptables ebtables xtables-monitor
++@ENABLE_NFTABLES_TRUE@ arptables-nft arptables \
++@ENABLE_NFTABLES_TRUE@ ebtables-nft ebtables \
++@ENABLE_NFTABLES_TRUE@ xtables-monitor
+
+ pkgconfig_DATA = xtables.pc
+ all: $(BUILT_SOURCES)
+--- a/iptables/xtables-nft-multi.c
++++ b/iptables/xtables-nft-multi.c
+@@ -31,8 +31,10 @@ static const struct subcommand multi_subcommands[] = {
+ {"iptables-restore-translate", xtables_ip4_xlate_restore_main},
+ {"ip6tables-restore-translate", xtables_ip6_xlate_restore_main},
+ {"arptables", xtables_arp_main},
++ {"arptables-nft", xtables_arp_main},
+ {"ebtables-translate", xtables_eb_xlate_main},
+ {"ebtables", xtables_eb_main},
++ {"ebtables-nft", xtables_eb_main},
+ {"xtables-monitor", xtables_monitor_main},
+ {NULL},
+ };
diff --git a/net-firewall/iptables/iptables-1.8.0.ebuild b/net-firewall/iptables/iptables-1.8.0-r1.ebuild
similarity index 92%
rename from net-firewall/iptables/iptables-1.8.0.ebuild
rename to net-firewall/iptables/iptables-1.8.0-r1.ebuild
index e8e9447e3dd..cbef20783c2 100644
--- a/net-firewall/iptables/iptables-1.8.0.ebuild
+++ b/net-firewall/iptables/iptables-1.8.0-r1.ebuild
@@ -42,9 +42,12 @@ RDEPEND="${COMMON_DEPEND}
"
src_prepare() {
- eapply "${FILESDIR}"/iptables-1.8.0-fix-building-without-nft-backend.patch
+ eapply "${FILESDIR}"/${P}-fix-building-without-nft-backend.patch
touch -r configure extensions/GNUmakefile.in || die
+ eapply "${FILESDIR}"/${P}-support-nft-suffix-for-arptables-and-ebtables.patch
+ touch -r configure iptables/Makefile.{am,in} || die
+
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
@@ -112,6 +115,9 @@ src_install() {
if use nftables; then
# Bug 647458
rm "${ED%/}"/etc/ethertypes || die
+
+ # Bug 660886
+ rm "${ED%/}"/sbin/{arptables,ebtables} || die
fi
systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2018-12-02 15:50 Thomas Deutschmann
0 siblings, 0 replies; 12+ messages in thread
From: Thomas Deutschmann @ 2018-12-02 15:50 UTC (permalink / raw
To: gentoo-commits
commit: 8addacfd7c0364953240840246f7256bebc87e0a
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 2 15:46:25 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Dec 2 15:49:19 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8addacfd
net-firewall/iptables: allow for iptables' module autoload functionality
In commit cdc003118830087bbb409761fe4e0e2c19ea103a, a non working check
were fixed. In addition, error handling was added.
However, this introduced a behavior change for users who didn't load
iptables on their own and relied on iptables' own capability to autoload
required modules.
This new revision restores previous behavior and allows for relying on
iptables' module autoload capability again.
Closes: https://bugs.gentoo.org/672366
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
.../iptables/files/{iptables-r1.init => iptables-r2.init} | 10 ++++++++--
.../{iptables-1.8.2-r1.ebuild => iptables-1.8.2-r2.ebuild} | 2 +-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/net-firewall/iptables/files/iptables-r1.init b/net-firewall/iptables/files/iptables-r2.init
similarity index 93%
rename from net-firewall/iptables/files/iptables-r1.init
rename to net-firewall/iptables/files/iptables-r2.init
index 708dcce6d3c..3dcabb0dfb4 100755
--- a/net-firewall/iptables/files/iptables-r1.init
+++ b/net-firewall/iptables/files/iptables-r2.init
@@ -64,7 +64,6 @@ checkconfig() {
}
start_pre() {
- checkkernel || return 1
checkconfig || return 1
}
@@ -135,7 +134,14 @@ save() {
}
panic() {
- checkkernel || return 1
+ # use iptables autoload capability to load at least all required
+ # modules and filter table
+ ${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -S >/dev/null
+ if [ $? -ne 0 ] ; then
+ eerror "${iptables_bin} failed to load"
+ return 1
+ fi
+
if service_started ${iptables_name}; then
rc-service ${iptables_name} stop
fi
diff --git a/net-firewall/iptables/iptables-1.8.2-r1.ebuild b/net-firewall/iptables/iptables-1.8.2-r2.ebuild
similarity index 98%
rename from net-firewall/iptables/iptables-1.8.2-r1.ebuild
rename to net-firewall/iptables/iptables-1.8.2-r2.ebuild
index 9279db2ecc5..3a922d3ad65 100644
--- a/net-firewall/iptables/iptables-1.8.2-r1.ebuild
+++ b/net-firewall/iptables/iptables-1.8.2-r2.ebuild
@@ -98,7 +98,7 @@ src_install() {
doins include/iptables/internal.h
keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-r1.init iptables
+ newinitd "${FILESDIR}"/${PN}-r2.init iptables
newconfd "${FILESDIR}"/${PN}-r1.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2019-12-31 18:11 Sebastian Pipping
0 siblings, 0 replies; 12+ messages in thread
From: Sebastian Pipping @ 2019-12-31 18:11 UTC (permalink / raw
To: gentoo-commits
commit: 1dea22c44a8b1b99c603759f42b96120789e3b87
Author: Sebastian Pipping <sping <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 31 18:08:06 2019 +0000
Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org>
CommitDate: Tue Dec 31 18:11:24 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dea22c4
net-firewall/iptables: Fix USE="conntrack static-libs" compilation
Closes: https://bugs.gentoo.org/586106
Signed-off-by: Sebastian Pipping <sping <AT> gentoo.org>
Package-Manager: Portage-2.3.83, Repoman-2.3.20
.../iptables/files/iptables-1.8.2-link.patch | 24 ++++++++++++++++++++++
net-firewall/iptables/iptables-1.8.2-r2.ebuild | 5 +++--
net-firewall/iptables/iptables-1.8.3-r1.ebuild | 5 +++--
net-firewall/iptables/iptables-1.8.4.ebuild | 5 +++--
4 files changed, 33 insertions(+), 6 deletions(-)
diff --git a/net-firewall/iptables/files/iptables-1.8.2-link.patch b/net-firewall/iptables/files/iptables-1.8.2-link.patch
new file mode 100644
index 00000000000..c20f2e54b80
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.2-link.patch
@@ -0,0 +1,24 @@
+From ee4fc7c558d9eb9c37035250046d4eac9af3fa28 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Thu, 27 Dec 2018 23:47:33 +0100
+Subject: [PATCH] Fix link errors for USE="conntrack static-libs" (bug #586106)
+
+---
+ iptables/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/iptables/Makefile.am b/iptables/Makefile.am
+index 581dc32..2c3db86 100644
+--- a/iptables/Makefile.am
++++ b/iptables/Makefile.am
+@@ -26,6 +26,7 @@ xtables_legacy_multi_LDADD += ../libiptc/libip6tc.la ../extensions/libext6.a
+ endif
+ xtables_legacy_multi_SOURCES += xshared.c
+ xtables_legacy_multi_LDADD += ../libxtables/libxtables.la -lm
++xtables_legacy_multi_LDADD += ${libnetfilter_conntrack_LIBS}
+
+ # iptables using nf_tables api
+ if ENABLE_NFTABLES
+--
+2.19.1
+
diff --git a/net-firewall/iptables/iptables-1.8.2-r2.ebuild b/net-firewall/iptables/iptables-1.8.2-r2.ebuild
index 65bb18d8aad..6fdac74e6d4 100644
--- a/net-firewall/iptables/iptables-1.8.2-r2.ebuild
+++ b/net-firewall/iptables/iptables-1.8.2-r2.ebuild
@@ -45,8 +45,9 @@ src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
+ eapply "${FILESDIR}"/${P}-link.patch
+ eapply_user
+ eautoreconf
}
src_configure() {
diff --git a/net-firewall/iptables/iptables-1.8.3-r1.ebuild b/net-firewall/iptables/iptables-1.8.3-r1.ebuild
index 10842671810..52246a8ac41 100644
--- a/net-firewall/iptables/iptables-1.8.3-r1.ebuild
+++ b/net-firewall/iptables/iptables-1.8.3-r1.ebuild
@@ -47,8 +47,9 @@ src_prepare() {
# use the saner headers from the kernel
rm include/linux/{kernel,types}.h || die
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
+ eapply "${FILESDIR}"/${PN}-1.8.2-link.patch
+ eapply_user
+ eautoreconf
}
src_configure() {
diff --git a/net-firewall/iptables/iptables-1.8.4.ebuild b/net-firewall/iptables/iptables-1.8.4.ebuild
index 890475e4e57..8cb78dfb30b 100644
--- a/net-firewall/iptables/iptables-1.8.4.ebuild
+++ b/net-firewall/iptables/iptables-1.8.4.ebuild
@@ -47,8 +47,9 @@ src_prepare() {
# use the saner headers from the kernel
rm include/linux/{kernel,types}.h || die
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
+ eapply "${FILESDIR}"/${PN}-1.8.2-link.patch
+ eapply_user
+ eautoreconf
}
src_configure() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2020-03-20 0:10 Patrick McLean
0 siblings, 0 replies; 12+ messages in thread
From: Patrick McLean @ 2020-03-20 0:10 UTC (permalink / raw
To: gentoo-commits
commit: 18c5c5cab882f71e7917ebfaa670478ed07fb41e
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Fri Mar 20 00:09:37 2020 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Mar 20 00:09:53 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18c5c5ca
net-firewall/iptables-1.8.4-r1: revbump, add eselect (bug 698746)
This makes the ebuild compatible with eselect-iptables.
Closes: https://bugs.gentoo.org/698746
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
.../files/iptables-1.8.4-no-symlinks.patch | 19 +++
net-firewall/iptables/iptables-1.8.4-r1.ebuild | 153 +++++++++++++++++++++
2 files changed, 172 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch b/net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch
new file mode 100644
index 00000000000..349a01abd5f
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch
@@ -0,0 +1,19 @@
+diff --git a/iptables/Makefile.am b/iptables/Makefile.am
+index 71b1b1d4..30c77f9a 100644
+--- a/iptables/Makefile.am
++++ b/iptables/Makefile.am
+@@ -71,12 +71,10 @@ CLEANFILES = iptables.8 xtables-monitor.8 \
+
+ vx_bin_links = iptables-xml
+ if ENABLE_IPV4
+-v4_sbin_links = iptables-legacy iptables-legacy-restore iptables-legacy-save \
+- iptables iptables-restore iptables-save
++v4_sbin_links = iptables-legacy iptables-legacy-restore iptables-legacy-save
+ endif
+ if ENABLE_IPV6
+-v6_sbin_links = ip6tables-legacy ip6tables-legacy-restore ip6tables-legacy-save \
+- ip6tables ip6tables-restore ip6tables-save
++v6_sbin_links = ip6tables-legacy ip6tables-legacy-restore ip6tables-legacy-save
+ endif
+ if ENABLE_NFTABLES
+ x_sbin_links = iptables-nft iptables-nft-restore iptables-nft-save \
diff --git a/net-firewall/iptables/iptables-1.8.4-r1.ebuild b/net-firewall/iptables/iptables-1.8.4-r1.ebuild
new file mode 100644
index 00000000000..5fd44252e76
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.4-r1.ebuild
@@ -0,0 +1,153 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+ app-eselect/eselect-iptables
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:0=
+ >=net-libs/libnftnl-1.1.5:0=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
+"
+RDEPEND="${COMMON_DEPEND}
+ nftables? ( net-misc/ethertypes )
+"
+
+PATCHES=(
+ "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
+ "${FILESDIR}/iptables-1.8.2-link.patch"
+)
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm include/linux/{kernel,types}.h || die
+
+ default
+ eautoreconf
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ local myeconfargs=(
+ --sbindir="${EPREFIX}/sbin"
+ --libexecdir="${EPREFIX}/$(get_libdir)"
+ --enable-devel
+ --enable-shared
+ $(use_enable nftables)
+ $(use_enable pcap bpf-compiler)
+ $(use_enable pcap nfsynproxy)
+ $(use_enable static-libs static)
+ $(use_enable ipv6)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}-r2.init iptables
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ dosym iptables /etc/init.d/ip6tables
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+ fi
+
+ if use nftables; then
+ # Bug 647458
+ rm "${ED}"/etc/ethertypes || die
+
+ # Bug 660886
+ rm "${ED}"/sbin/{arptables,ebtables} || die
+
+ # Bug 669894
+ rm "${ED}"/sbin/ebtables-{save,restore} || die
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc xtables
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local default_iptables="xtables-legacy-multi"
+ if ! eselect iptables show &>/dev/null; then
+ elog "Current iptables implementation is unset, setting to ${default_iptables}"
+ eselect iptables set "${default_iptables}"
+ use ipv6 && eselect iptables set --ipv6 "${default_iptables}"
+ fi
+ eselect iptables show
+}
+
+pkg_prerm() {
+ elog "Unsetting iptables symlinks before removal"
+ eselect iptables unset
+
+ # the eselect module failing should not be fatal
+ return 0
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2022-01-20 19:12 Patrick McLean
0 siblings, 0 replies; 12+ messages in thread
From: Patrick McLean @ 2022-01-20 19:12 UTC (permalink / raw
To: gentoo-commits
commit: 30b1ce27e3082d81d6c4c5f488c1ec452f01bbab
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Thu Jan 20 19:11:25 2022 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Jan 20 19:12:26 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30b1ce27
net-firewall/iptables: revbump upstream double-free (bug #831626)
Closes: https://bugs.gentoo.org/831626
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
.../files/iptables-1.8.7-cache-double-free.patch | 61 +++++++
net-firewall/iptables/iptables-1.8.7-r1.ebuild | 183 +++++++++++++++++++++
2 files changed, 244 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
new file mode 100644
index 000000000000..fc88636d2944
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
@@ -0,0 +1,61 @@
+commit 4318961230bce82958df82b57f1796143bf2f421
+Author: Phil Sutter <phil@nwl.cc>
+Date: Tue Sep 21 11:39:45 2021 +0200
+
+ nft: cache: Avoid double free of unrecognized base-chains
+
+ On error, nft_cache_add_chain() frees the allocated nft_chain object
+ along with the nftnl_chain it points at. Fix nftnl_chain_list_cb() to
+ not free the nftnl_chain again in that case.
+
+ Fixes: 176c92c26bfc9 ("nft: Introduce a dedicated base chain array")
+ Signed-off-by: Phil Sutter <phil@nwl.cc>
+
+diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
+index 2c88301c..9a03bbfb 100644
+--- a/iptables/nft-cache.c
++++ b/iptables/nft-cache.c
+@@ -314,9 +314,7 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
+ goto out;
+ }
+
+- if (nft_cache_add_chain(h, t, c))
+- goto out;
+-
++ nft_cache_add_chain(h, t, c);
+ return MNL_CB_OK;
+ out:
+ nftnl_chain_free(c);
+diff --git a/iptables/tests/shell/testcases/chain/0004extra-base_0 b/iptables/tests/shell/testcases/chain/0004extra-base_0
+new file mode 100755
+index 00000000..1b85b060
+--- /dev/null
++++ b/iptables/tests/shell/testcases/chain/0004extra-base_0
+@@ -0,0 +1,27 @@
++#!/bin/bash
++
++case $XT_MULTI in
++*xtables-nft-multi)
++ ;;
++*)
++ echo skip $XT_MULTI
++ exit 0
++ ;;
++esac
++
++set -e
++
++nft -f - <<EOF
++table ip filter {
++ chain INPUT {
++ type filter hook input priority filter
++ counter packets 218 bytes 91375 accept
++ }
++
++ chain x {
++ type filter hook input priority filter
++ }
++}
++EOF
++
++$XT_MULTI iptables -L
diff --git a/net-firewall/iptables/iptables-1.8.7-r1.ebuild b/net-firewall/iptables/iptables-1.8.7-r1.ebuild
new file mode 100644
index 000000000000..f748bdb9f289
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.7-r1.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+BUILD_DEPEND="
+ >=app-eselect/eselect-iptables-20200508
+"
+COMMON_DEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:0=
+ >=net-libs/libnftnl-1.1.6:0=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="${BUILD_DEPEND}
+ app-eselect/eselect-iptables
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
+"
+RDEPEND="${COMMON_DEPEND}
+ ${BUILD_DEPEND}
+ nftables? ( net-misc/ethertypes )
+ !<net-firewall/ebtables-2.0.11-r1
+ !<net-firewall/arptables-0.0.5-r1
+"
+
+PATCHES=(
+ "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
+ "${FILESDIR}/iptables-1.8.2-link.patch"
+ # https://bugs.gentoo.org/831626
+ "${FILESDIR}/iptables-1.8.7-cache-double-free.patch"
+)
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm include/linux/{kernel,types}.h || die
+
+ default
+ eautoreconf
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ local myeconfargs=(
+ --sbindir="${EPREFIX}/sbin"
+ --libexecdir="${EPREFIX}/$(get_libdir)"
+ --enable-devel
+ --enable-shared
+ $(use_enable nftables)
+ $(use_enable pcap bpf-compiler)
+ $(use_enable pcap nfsynproxy)
+ $(use_enable static-libs static)
+ $(use_enable ipv6)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}-r2.init iptables
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ dosym iptables /etc/init.d/ip6tables
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+ fi
+
+ if use nftables; then
+ # Bug 647458
+ rm "${ED}"/etc/ethertypes || die
+
+ # Bugs 660886 and 669894
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc xtables
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local default_iptables="xtables-legacy-multi"
+ if ! eselect iptables show &>/dev/null; then
+ elog "Current iptables implementation is unset, setting to ${default_iptables}"
+ eselect iptables set "${default_iptables}"
+ fi
+
+ if use nftables; then
+ local tables
+ for tables in {arp,eb}tables; do
+ if ! eselect ${tables} show &>/dev/null; then
+ elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+ eselect ${tables} set xtables-nft-multi
+ fi
+ done
+ fi
+
+ eselect iptables show
+}
+
+pkg_prerm() {
+ if [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Unsetting iptables symlinks before removal"
+ eselect iptables unset
+ fi
+
+ if ! has_version 'net-firewall/ebtables'; then
+ elog "Unsetting ebtables symlinks before removal"
+ eselect ebtables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting ebtables symlinks to ebtables-legacy"
+ eselect ebtables set ebtables-legacy
+ fi
+
+ if ! has_version 'net-firewall/arptables'; then
+ elog "Unsetting arptables symlinks before removal"
+ eselect arptables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting arptables symlinks to arptables-legacy"
+ eselect arptables set arptables-legacy
+ fi
+
+ # the eselect module failing should not be fatal
+ return 0
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2022-05-20 3:27 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-05-20 3:27 UTC (permalink / raw
To: gentoo-commits
commit: 68abaa58cd88af0dcfe1168fa06e0189668f3ff9
Author: Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Fri May 20 01:05:00 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 20 03:26:56 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68abaa58
net-firewall/iptables: Remove obsolete option from init script
Upstream changed how locking is handled and removed --wait-interval.
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/846518
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Closes: https://github.com/gentoo/gentoo/pull/25568
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/iptables/files/iptables-r3.init | 165 +++++++++++++++++++++++
net-firewall/iptables/iptables-1.8.8-r2.ebuild | 177 +++++++++++++++++++++++++
2 files changed, 342 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-r3.init b/net-firewall/iptables/files/iptables-r3.init
new file mode 100644
index 000000000000..53eb4246c59f
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-r3.init
@@ -0,0 +1,165 @@
+#!/sbin/openrc-run
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_lock_wait_time=${IPTABLES_LOCK_WAIT_TIME:-"60"}
+iptables_lock_wait_interval=${IPTABLES_LOCK_WAIT_INTERVAL:-"1000"}
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+ iptables|ip6tables) ;;
+ *) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+ iptables) iptables_proc="/proc/net/ip_tables_names"
+ iptables_save=${IPTABLES_SAVE};;
+ ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+ iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+ need localmount #434774
+ before net
+}
+
+set_table_policy() {
+ local has_errors=0 chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+
+ local chain
+ for chain in ${chains} ; do
+ ${iptables_bin} --wait ${iptables_lock_wait_time} -t ${table} -P ${chain} ${policy}
+ [ $? -ne 0 ] && has_errors=1
+ done
+
+ return ${has_errors}
+}
+
+checkkernel() {
+ if [ ! -e ${iptables_proc} ] ; then
+ eerror "Your kernel lacks ${iptables_name} support, please load"
+ eerror "appropriate modules and try again."
+ return 1
+ fi
+ return 0
+}
+
+checkconfig() {
+ if [ -z "${iptables_save}" -o ! -f "${iptables_save}" ] ; then
+ eerror "Not starting ${iptables_name}. First create some rules then run:"
+ eerror "/etc/init.d/${iptables_name} save"
+ return 1
+ fi
+ return 0
+}
+
+start_pre() {
+ checkconfig || return 1
+}
+
+start() {
+ ebegin "Loading ${iptables_name} state and starting firewall"
+ ${iptables_bin}-restore --wait ${iptables_lock_wait_time} ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+stop_pre() {
+ checkkernel || return 1
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+
+ ebegin "Stopping firewall"
+ local has_errors=0 a
+ for a in $(cat ${iptables_proc}) ; do
+ set_table_policy $a ACCEPT
+ [ $? -ne 0 ] && has_errors=1
+
+ ${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a
+ [ $? -ne 0 ] && has_errors=1
+
+ ${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a
+ [ $? -ne 0 ] && has_errors=1
+ done
+ eend ${has_errors}
+}
+
+reload() {
+ checkkernel || return 1
+ checkrules || return 1
+ ebegin "Flushing firewall"
+ local has_errors=0 a
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a
+ [ $? -ne 0 ] && has_errors=1
+
+ ${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a
+ [ $? -ne 0 ] && has_errors=1
+ done
+ eend ${has_errors}
+
+ start
+}
+
+checkrules() {
+ ebegin "Checking rules"
+ ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+check() {
+ # Short name for users of init.d script.
+ checkrules
+}
+
+save() {
+ ebegin "Saving ${iptables_name} state"
+ checkpath -q -d "$(dirname "${iptables_save}")"
+ checkpath -q -m 0600 -f "${iptables_save}"
+ ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+ eend $?
+}
+
+panic() {
+ # use iptables autoload capability to load at least all required
+ # modules and filter table
+ ${iptables_bin} --wait ${iptables_lock_wait_time} -S >/dev/null
+ if [ $? -ne 0 ] ; then
+ eerror "${iptables_bin} failed to load"
+ return 1
+ fi
+
+ if service_started ${iptables_name}; then
+ rc-service ${iptables_name} stop
+ fi
+
+ local has_errors=0 a
+ ebegin "Dropping all packets"
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a
+ [ $? -ne 0 ] && has_errors=1
+
+ ${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a
+ [ $? -ne 0 ] && has_errors=1
+
+ if [ "${a}" != "nat" ]; then
+ # The "nat" table is not intended for filtering, the use of DROP is therefore inhibited.
+ set_table_policy $a DROP
+ [ $? -ne 0 ] && has_errors=1
+ fi
+ done
+ eend ${has_errors}
+}
diff --git a/net-firewall/iptables/iptables-1.8.8-r2.ebuild b/net-firewall/iptables/iptables-1.8.8-r2.ebuild
new file mode 100644
index 000000000000..03c908c9d9b1
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.8-r2.ebuild
@@ -0,0 +1,177 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs"
+
+BUILD_DEPEND="
+ >=app-eselect/eselect-iptables-20220320
+"
+COMMON_DEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:0=
+ >=net-libs/libnftnl-1.1.6:0=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="${BUILD_DEPEND}
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
+"
+RDEPEND="${COMMON_DEPEND}
+ ${BUILD_DEPEND}
+ nftables? ( net-misc/ethertypes )
+ !<net-firewall/ebtables-2.0.11-r1
+ !<net-firewall/arptables-0.0.5-r1
+"
+
+PATCHES=(
+ "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
+ "${FILESDIR}/iptables-1.8.2-link.patch"
+
+ "${FILESDIR}/${P}-format-security.patch"
+ "${FILESDIR}/${P}-uint-musl.patch"
+)
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm include/linux/{kernel,types}.h || die
+
+ default
+ eautoreconf
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ local myeconfargs=(
+ --sbindir="${EPREFIX}/sbin"
+ --libexecdir="${EPREFIX}/$(get_libdir)"
+ --enable-devel
+ --enable-ipv6
+ --enable-shared
+ $(use_enable nftables)
+ $(use_enable pcap bpf-compiler)
+ $(use_enable pcap nfsynproxy)
+ $(use_enable static-libs static)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/ip{,6}tables.h
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/ip{,6}tables
+ newinitd "${FILESDIR}"/${PN}-r3.init iptables
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+ dosym iptables /etc/init.d/ip6tables
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+
+ if use nftables; then
+ # Bug 647458
+ rm "${ED}"/etc/ethertypes || die
+
+ # Bugs 660886 and 669894
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc xtables
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local default_iptables="xtables-legacy-multi"
+ if ! eselect iptables show &>/dev/null; then
+ elog "Current iptables implementation is unset, setting to ${default_iptables}"
+ eselect iptables set "${default_iptables}"
+ fi
+
+ if use nftables; then
+ local tables
+ for tables in {arp,eb}tables; do
+ if ! eselect ${tables} show &>/dev/null; then
+ elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+ eselect ${tables} set xtables-nft-multi
+ fi
+ done
+ fi
+
+ eselect iptables show
+}
+
+pkg_prerm() {
+ if [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Unsetting iptables symlinks before removal"
+ eselect iptables unset
+ fi
+
+ if ! has_version 'net-firewall/ebtables'; then
+ elog "Unsetting ebtables symlinks before removal"
+ eselect ebtables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting ebtables symlinks to ebtables-legacy"
+ eselect ebtables set ebtables-legacy
+ fi
+
+ if ! has_version 'net-firewall/arptables'; then
+ elog "Unsetting arptables symlinks before removal"
+ eselect arptables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting arptables symlinks to arptables-legacy"
+ eselect arptables set arptables-legacy
+ fi
+
+ # the eselect module failing should not be fatal
+ return 0
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2023-01-13 4:40 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2023-01-13 4:40 UTC (permalink / raw
To: gentoo-commits
commit: f8bbf22f0e946d472150088e713de2b100439974
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 13 04:26:30 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 04:34:27 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8bbf22f
net-firewall/iptables: add 1.8.9
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/iptables/Manifest | 1 +
.../files/iptables-1.8.9-format-security.patch | 26 +++
net-firewall/iptables/iptables-1.8.9.ebuild | 180 +++++++++++++++++++++
3 files changed, 207 insertions(+)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 44c1d5abb450..87a9224bf3ed 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1 +1,2 @@
DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
+DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70
diff --git a/net-firewall/iptables/files/iptables-1.8.9-format-security.patch b/net-firewall/iptables/files/iptables-1.8.9-format-security.patch
new file mode 100644
index 000000000000..a95c43600986
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.9-format-security.patch
@@ -0,0 +1,26 @@
+https://git.netfilter.org/iptables/commit/?id=ed4082a7405a5838c205a34c1559e289949200cc
+
+From ed4082a7405a5838c205a34c1559e289949200cc Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 12 Jan 2023 14:38:44 +0100
+Subject: extensions: NAT: Fix for -Werror=format-security
+
+Have to pass either a string literal or format string to xt_xlate_add().
+
+Fixes: f30c5edce0413 ("extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+--- a/extensions/libxt_NAT.c
++++ b/extensions/libxt_NAT.c
+@@ -424,7 +424,7 @@ __NAT_xlate(struct xt_xlate *xl, const struct nf_nat_range2 *r,
+ if (r->flags & NF_NAT_RANGE_PROTO_OFFSET)
+ return 0;
+
+- xt_xlate_add(xl, tgt);
++ xt_xlate_add(xl, "%s", tgt);
+ if (strlen(range_str))
+ xt_xlate_add(xl, " to %s", range_str);
+ if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) {
+--
+cgit v1.2.3
+
+
diff --git a/net-firewall/iptables/iptables-1.8.9.ebuild b/net-firewall/iptables/iptables-1.8.9.ebuild
new file mode 100644
index 000000000000..09aace20ecdd
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.9.ebuild
@@ -0,0 +1,180 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:=
+ >=net-libs/libnftnl-1.1.6:=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="
+ ${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ app-alternatives/yacc
+ )
+"
+RDEPEND="
+ ${COMMON_DEPEND}
+ nftables? ( net-misc/ethertypes )
+ !<net-firewall/ebtables-2.0.11-r1
+ !<net-firewall/arptables-0.0.5-r1
+"
+IDEPEND=">=app-eselect/eselect-iptables-20220320"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.8.4-no-symlinks.patch
+ "${FILESDIR}"/${P}-format-security.patch
+)
+
+src_prepare() {
+ # Use the saner headers from the kernel
+ rm include/linux/{kernel,types}.h || die
+
+ default
+ eautoreconf
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build, bug #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs
+ # bug #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ local myeconfargs=(
+ --sbindir="${EPREFIX}/sbin"
+ --libexecdir="${EPREFIX}/$(get_libdir)"
+ --enable-devel
+ --enable-ipv6
+ --enable-shared
+ $(use_enable nftables)
+ $(use_enable pcap bpf-compiler)
+ $(use_enable pcap nfsynproxy)
+ $(use_enable static-libs static)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+
+ # Managed by eselect-iptables
+ # https://bugs.gentoo.org/881295
+ rm "${ED}/usr/bin/iptables-xml" || die
+
+ dodoc iptables/iptables.xslt
+
+ # All the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/ip{,6}tables.h
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/ip{,6}tables
+ newinitd "${FILESDIR}"/${PN}-r3.init iptables
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+ dosym iptables /etc/init.d/ip6tables
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+
+ if use nftables; then
+ # Bug #647458
+ rm "${ED}"/etc/ethertypes || die
+
+ # Bugs #660886 and #669894
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
+
+ # Move important libs to /lib, bug #332175
+ gen_usr_ldscript -a ip{4,6}tc xtables
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local default_iptables="xtables-legacy-multi"
+ if ! eselect iptables show &>/dev/null; then
+ elog "Current iptables implementation is unset, setting to ${default_iptables}"
+ eselect iptables set "${default_iptables}"
+ fi
+
+ if use nftables; then
+ local tables
+ for tables in {arp,eb}tables; do
+ if ! eselect ${tables} show &>/dev/null; then
+ elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+ eselect ${tables} set xtables-nft-multi
+ fi
+ done
+ fi
+
+ eselect iptables show
+}
+
+pkg_prerm() {
+ if [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Unsetting iptables symlinks before removal"
+ eselect iptables unset
+ fi
+
+ if ! has_version 'net-firewall/ebtables'; then
+ elog "Unsetting ebtables symlinks before removal"
+ eselect ebtables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting ebtables symlinks to ebtables-legacy"
+ eselect ebtables set ebtables-legacy
+ fi
+
+ if ! has_version 'net-firewall/arptables'; then
+ elog "Unsetting arptables symlinks before removal"
+ eselect arptables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting arptables symlinks to arptables-legacy"
+ eselect arptables set arptables-legacy
+ fi
+
+ # The eselect module failing should not be fatal
+ return 0
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/
@ 2024-02-20 5:06 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2024-02-20 5:06 UTC (permalink / raw
To: gentoo-commits
commit: abe879d8c30def9dd1d576bd863bd6f4f4f1831f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 20 05:04:38 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb 20 05:04:38 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abe879d8
net-firewall/iptables: drop 1.8.8-r5
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/iptables/Manifest | 1 -
.../files/iptables-1.8.8-format-security.patch | 21 ---
| 59 -------
.../files/iptables-1.8.8-out-of-tree-build.patch | 26 ---
.../iptables/files/iptables-1.8.8-uint-musl.patch | 135 ---------------
net-firewall/iptables/iptables-1.8.8-r5.ebuild | 185 ---------------------
6 files changed, 427 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index b3cf64b04da5..2de1a22873c0 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,3 +1,2 @@
DIST iptables-1.8.10.tar.xz 641168 BLAKE2B 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 SHA512 71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153
-DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70
diff --git a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
deleted file mode 100644
index fafc435379b5..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a
-
-From: Phil Sutter <phil@nwl.cc>
-Date: Fri, 13 May 2022 16:51:58 +0200
-Subject: xshared: Fix build for -Werror=format-security
-
-Gcc complains about the omitted format string.
-
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg)
- return;
-
- if (args->family != NFPROTO_ARP)
-- xtables_error(PARAMETER_PROBLEM, msg);
-+ xtables_error(PARAMETER_PROBLEM, "%s", msg);
-
- fprintf(stderr, "%s", msg);
- }
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
deleted file mode 100644
index 52e2c7019972..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e
-https://bugs.gentoo.org/846377
-
-From: Phil Sutter <phil@nwl.cc>
-Date: Wed, 18 May 2022 16:04:09 +0200
-Subject: Revert "fix build for missing ETH_ALEN definition"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke
-compiling against musl libc. Might be a bug in the latter, but for the
-time being try to please both by avoiding the include and instead
-defining ETH_ALEN if unset.
-
-While being at it, move netinet/ether.h include up.
-
-Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing support")
-Signed-off-by: Phil Sutter <phil@nwl.cc>
-Reviewed-by: Maciej Żenczykowski <maze@google.com>
---- a/libxtables/xtables.c
-+++ b/libxtables/xtables.c
-@@ -28,6 +28,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <netinet/ether.h>
- #include <sys/socket.h>
- #include <sys/stat.h>
- #include <sys/statfs.h>
-@@ -45,7 +46,6 @@
-
- #include <xtables.h>
- #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
--#include <linux/if_ether.h> /* ETH_ALEN */
- #include <linux/netfilter_ipv4/ip_tables.h>
- #include <linux/netfilter_ipv6/ip6_tables.h>
- #include <libiptc/libxtc.h>
-@@ -72,6 +72,10 @@
- #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
- #endif
-
-+#ifndef ETH_ALEN
-+#define ETH_ALEN 6
-+#endif
-+
- /* we need this for ip6?tables-restore. ip6?tables-restore.c sets line to the
- * current line of the input file, in order to give a more precise error
- * message. ip6?tables itself doesn't need this, so it is initialized to the
-@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, unsigned int format)
- printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
- }
-
--#include <netinet/ether.h>
--
- static const unsigned char mac_type_unicast[ETH_ALEN] = {};
- static const unsigned char msk_type_unicast[ETH_ALEN] = {1};
- static const unsigned char mac_type_multicast[ETH_ALEN] = {1};
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
deleted file mode 100644
index ee9e218b5dbd..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=0ebf52fc951b2a4d98a166afb34af4f364bbeece
-
-From: Ben Brown <ben@demerara.io>
-Date: Wed, 25 May 2022 16:26:13 +0100
-Subject: build: Fix error during out of tree build
-
-Fixes the following error:
-
- ../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No such file or directory
- 52 | #include <libiptc/linux_list.h>
-
-Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table")
-Signed-off-by: Ben Brown <ben@demerara.io>
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/libxtables/Makefile.am
-+++ b/libxtables/Makefile.am
-@@ -1,7 +1,7 @@
- # -*- Makefile -*-
-
- AM_CFLAGS = ${regular_CFLAGS}
--AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS}
-+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir} ${kinclude_CPPFLAGS}
-
- lib_LTLIBRARIES = libxtables.la
- libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
deleted file mode 100644
index 40302f624e23..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=f319389525b066b7dc6d389c88f16a0df3b8f189
-
-From: Nick Hainke <vincent@systemli.org>
-Date: Mon, 16 May 2022 18:16:41 +0200
-Subject: treewide: use uint* instead of u_int*
-
-Gcc complains about missing types. Some commits introduced u_int* instead
-of uint*. Use uint treewide.
-
-Fixes errors in the form of:
-In file included from xtables-legacy-multi.c:5:
-xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
- 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
- | ^~~~~~~~~
- | uint16_t
-make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1
-
-Avoid libipq API breakage by adjusting libipq.h include accordingly. For
-arpt_mangle.h kernel uAPI header, apply same change as in kernel commit
-e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t").
-
-Signed-off-by: Nick Hainke <vincent@systemli.org>
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/extensions/libxt_conntrack.c
-+++ b/extensions/libxt_conntrack.c
-@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
-
- static void
- conntrack_dump_ports(const char *prefix, const char *opt,
-- u_int16_t port_low, u_int16_t port_high)
-+ uint16_t port_low, uint16_t port_high)
- {
- if (port_high == 0 || port_low == port_high)
- printf(" %s%s %u", prefix, opt, port_low);
---- a/include/libipq/libipq.h
-+++ b/include/libipq/libipq.h
-@@ -24,7 +24,7 @@
- #include <errno.h>
- #include <unistd.h>
- #include <fcntl.h>
--#include <sys/types.h>
-+#include <stdint.h>
- #include <sys/socket.h>
- #include <sys/uio.h>
- #include <asm/types.h>
-@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t;
- struct ipq_handle
- {
- int fd;
-- u_int8_t blocking;
-+ uint8_t blocking;
- struct sockaddr_nl local;
- struct sockaddr_nl peer;
- };
-
--struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
-+struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol);
-
- int ipq_destroy_handle(struct ipq_handle *h);
-
- ssize_t ipq_read(const struct ipq_handle *h,
- unsigned char *buf, size_t len, int timeout);
-
--int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
-+int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len);
-
- ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
-
---- a/include/libiptc/libxtc.h
-+++ b/include/libiptc/libxtc.h
-@@ -10,7 +10,7 @@ extern "C" {
- #endif
-
- #ifndef XT_MIN_ALIGN
--/* xt_entry has pointers and u_int64_t's in it, so if you align to
-+/* xt_entry has pointers and uint64_t's in it, so if you align to
- it, you'll also align to any crazy matches and targets someone
- might write */
- #define XT_MIN_ALIGN (__alignof__(struct xt_entry))
---- a/include/linux/netfilter_arp/arpt_mangle.h
-+++ b/include/linux/netfilter_arp/arpt_mangle.h
-@@ -13,7 +13,7 @@ struct arpt_mangle
- union {
- struct in_addr tgt_ip;
- } u_t;
-- u_int8_t flags;
-+ __u8 flags;
- int target;
- };
-
---- a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
- };
-
- void
--set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-+set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
- bool invert)
- {
- if (*options & option)
---- a/iptables/xshared.h
-+++ b/iptables/xshared.h
-@@ -80,7 +80,7 @@ struct xtables_target;
- #define IPT_INV_ARPHRD 0x0800
-
- void
--set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-+set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
- bool invert);
-
- /**
---- a/libipq/ipq_create_handle.3
-+++ b/libipq/ipq_create_handle.3
-@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles.
- .br
- .B #include <libipq.h>
- .sp
--.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");"
-+.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");"
- .br
- .BI "int ipq_destroy_handle(struct ipq_handle *" h );
- .SH DESCRIPTION
---- a/libipq/ipq_set_mode.3
-+++ b/libipq/ipq_set_mode.3
-@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode
- .br
- .B #include <libipq.h>
- .sp
--.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range );
-+.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range );
- .SH DESCRIPTION
- The
- .B ipq_set_mode
-cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8-r5.ebuild b/net-firewall/iptables/iptables-1.8.8-r5.ebuild
deleted file mode 100644
index cf0ad131a044..000000000000
--- a/net-firewall/iptables/iptables-1.8.8-r5.ebuild
+++ /dev/null
@@ -1,185 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="conntrack netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:=
- >=net-libs/libnftnl-1.1.6:=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="
- ${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="
- virtual/pkgconfig
- nftables? (
- app-alternatives/lex
- app-alternatives/yacc
- )
-"
-RDEPEND="
- ${COMMON_DEPEND}
- nftables? ( net-misc/ethertypes )
- !<net-firewall/ebtables-2.0.11-r1
- !<net-firewall/arptables-0.0.5-r1
-"
-IDEPEND=">=app-eselect/eselect-iptables-20220320"
-
-PATCHES=(
- "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
- "${FILESDIR}/iptables-1.8.2-link.patch"
-
- "${FILESDIR}/${P}-format-security.patch"
- "${FILESDIR}/${P}-uint-musl.patch"
- "${FILESDIR}/${P}-musl-headers.patch"
- "${FILESDIR}/${P}-out-of-tree-build.patch"
-)
-
-src_prepare() {
- # Use the saner headers from the kernel
- rm include/linux/{kernel,types}.h || die
-
- default
- eautoreconf
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build, bug #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs
- # bug #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-ipv6
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- )
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
-
- # Managed by eselect-iptables
- # https://bugs.gentoo.org/881295
- rm "${ED}/usr/bin/iptables-xml" || die
-
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # All the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/ip{,6}tables.h
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/ip{,6}tables
- newinitd "${FILESDIR}"/${PN}-r3.init iptables
- newconfd "${FILESDIR}"/${PN}-r1.confd iptables
- dosym iptables /etc/init.d/ip6tables
- newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
-
- if use nftables; then
- # Bug #647458
- rm "${ED}"/etc/ethertypes || die
-
- # Bugs #660886 and #669894
- rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
-
- # Move important libs to /lib, bug #332175
- gen_usr_ldscript -a ip{4,6}tc xtables
-
- find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
- local default_iptables="xtables-legacy-multi"
- if ! eselect iptables show &>/dev/null; then
- elog "Current iptables implementation is unset, setting to ${default_iptables}"
- eselect iptables set "${default_iptables}"
- fi
-
- if use nftables; then
- local tables
- for tables in {arp,eb}tables; do
- if ! eselect ${tables} show &>/dev/null; then
- elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
- eselect ${tables} set xtables-nft-multi
- fi
- done
- fi
-
- eselect iptables show
-}
-
-pkg_prerm() {
- if [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Unsetting iptables symlinks before removal"
- eselect iptables unset
- fi
-
- if ! has_version 'net-firewall/ebtables'; then
- elog "Unsetting ebtables symlinks before removal"
- eselect ebtables unset
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Resetting ebtables symlinks to ebtables-legacy"
- eselect ebtables set ebtables-legacy
- fi
-
- if ! has_version 'net-firewall/arptables'; then
- elog "Unsetting arptables symlinks before removal"
- eselect arptables unset
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Resetting arptables symlinks to arptables-legacy"
- eselect arptables set arptables-legacy
- fi
-
- # The eselect module failing should not be fatal
- return 0
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2024-02-20 5:06 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-14 9:28 [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/, net-firewall/iptables/files/ Mike Frysinger
-- strict thread matches above, loose matches on Subject: below --
2024-02-20 5:06 Sam James
2023-01-13 4:40 Sam James
2022-05-20 3:27 Sam James
2022-01-20 19:12 Patrick McLean
2020-03-20 0:10 Patrick McLean
2019-12-31 18:11 Sebastian Pipping
2018-12-02 15:50 Thomas Deutschmann
2018-07-11 14:23 Thomas Deutschmann
2017-01-28 14:24 Lars Wendler
2015-08-15 18:19 Mike Frysinger
2015-08-14 9:28 Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox