From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 682431395E2 for ; Sun, 27 Nov 2016 00:17:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 20281E09A9; Sun, 27 Nov 2016 00:17:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id EACE1E09A9 for ; Sun, 27 Nov 2016 00:17:48 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 9ABF93412C1 for ; Sun, 27 Nov 2016 00:17:47 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9885C91A for ; Sun, 27 Nov 2016 00:17:45 +0000 (UTC) From: "Aric Belsito" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Aric Belsito" Message-ID: <1480205712.0b6cfad274a8bb1c47599cee1ee4482d64626ecc.lluixhi@gentoo> Subject: [gentoo-commits] proj/musl:master commit in: net-firewall/iptables/, net-firewall/iptables/files/, ... X-VCS-Repository: proj/musl X-VCS-Files: net-firewall/iptables/Manifest net-firewall/iptables/files/iptables-1.4.13-r1.init net-firewall/iptables/files/iptables-1.4.21-musl.patch net-firewall/iptables/files/iptables-1.6.0-musl.patch net-firewall/iptables/files/iptables.init net-firewall/iptables/files/systemd/ip6tables-restore.service net-firewall/iptables/files/systemd/iptables-restore.service net-firewall/iptables/iptables-1.4.21-r1.ebuild net-firewall/iptables/iptables-1.4.21-r99.ebuild net-firewall/iptables/iptables-1.6.0-r1.ebuild net-firewall/iptables/metadata.xml X-VCS-Directories: net-firewall/iptables/ net-firewall/iptables/files/ net-firewall/iptables/files/systemd/ X-VCS-Committer: lluixhi X-VCS-Committer-Name: Aric Belsito X-VCS-Revision: 0b6cfad274a8bb1c47599cee1ee4482d64626ecc X-VCS-Branch: master Date: Sun, 27 Nov 2016 00:17:45 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: c35a812d-5689-407e-a725-91da8695cfa8 X-Archives-Hash: c0b72aee815b29f10f4b37a7ba5a77cf commit: 0b6cfad274a8bb1c47599cee1ee4482d64626ecc Author: Aric Belsito gmail com> AuthorDate: Sun Nov 27 00:15:12 2016 +0000 Commit: Aric Belsito gmail com> CommitDate: Sun Nov 27 00:15:12 2016 +0000 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=0b6cfad2 net-firewall/iptables: Add 1.6.0-r1 Sync with upstream Drop r99 postfix Remove some lines in the patch that don't break the build. net-firewall/iptables/Manifest | 16 +++--- .../iptables/files/iptables-1.4.13-r1.init | 2 +- .../iptables/files/iptables-1.4.21-musl.patch | 60 ---------------------- .../iptables/files/iptables-1.6.0-musl.patch | 38 ++++++++++++++ .../{iptables-1.4.13-r1.init => iptables.init} | 16 +++--- .../files/systemd/ip6tables-restore.service | 4 +- .../files/systemd/iptables-restore.service | 4 +- ...1.4.21-r99.ebuild => iptables-1.4.21-r1.ebuild} | 10 ++-- ...-1.4.21-r99.ebuild => iptables-1.6.0-r1.ebuild} | 42 +++++++++++---- net-firewall/iptables/metadata.xml | 3 ++ 10 files changed, 102 insertions(+), 93 deletions(-) diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 00a5c0c..408f0d2 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -1,13 +1,17 @@ AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10 -AUX iptables-1.4.13-r1.init 2772 SHA256 e8f75993729bc559b82cde4d978bcd3b5527069ea94190a3bea2da12a2e907d6 SHA512 c87eed9ae2a1cee9782ddc2c20b5a2644e571d20f25eab76831d5cbb185d18b7d078599e2fac8dac7945674c3af19d00220fa1e2c2053e415cb5c83fcfdf4d8a WHIRLPOOL 889bf1164b67f9f8d8dd96ea3f6c1b4542ea87afa4e74040d43cd488d13c6dc3672ecb2058699a60d7d0bf34c82b452d6f80fc815d85d7ae20c8dbb7ae99ba2f +AUX iptables-1.4.13-r1.init 2773 SHA256 eca52b98f6d7cc0f74ad2ba65f3a4ea96a0a46424ddab321928c4e82ebf1f5aa SHA512 4e5b555dc32d8358c5a15f50d573c6581c5dc1a726976a46739f13f8f2e0a2524dc6e8faa41d38665cb9068cdfe1785bc91f34104a3bcb0078ad3b1451a418e1 WHIRLPOOL d823437736fcabf54605b7ddbee2c898bb7315cb05f536565714798dea36d66c5141dc4a4dc4a5cff75323f6b09eb361dcd635bc228d8dba4923d5d5159cf779 AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b -AUX iptables-1.4.21-musl.patch 3947 SHA256 1d5fbdcb4752c480a4198a0188b067352fdd6b99a221de18ab8a106a5b115ee0 SHA512 6fc3c0c29da8f767892b1022e659f341c2ff97bc83a70b4b19fffe3b7385cd4879fe53e9630a6ec9f9449f3b5b20d34a060c4af0c5f186829069da0d075c9dfe WHIRLPOOL f6fe339c790fdfd5de544cc0791b775df2a2c486b7c4b2092ee2cd400874ddb53677abcd5c74022c2dc7079e919890e7da6d481a240b5396bd38162681ce7f54 -AUX systemd/ip6tables-restore.service 395 SHA256 679ba8327bf037e991ff07d8cf910009c67026b0faf8112d75c945b64f4b64de SHA512 e41f7bc55b2b58452b993ccb42014b5bc2701aeeef46eee845a2b016b334299ff4e6d11ba22f3aaff47195f1049dc7fd4be41a7055911420230107b1ee4c6ba3 WHIRLPOOL 232d90f8591358fe853c8c4b569b2825ba02ced59d390232a7f7fb535e3bfbbcb70972938506cbead5e6b57845310f5a91c1fd225898f185cffb96ba7d4d97f3 +AUX iptables-1.4.21-musl.patch 2165 SHA256 1f202ca1f6549af674a7a8300376ca2c451aba5dc1a3203a799ab4c1e6fc7c76 SHA512 1460408bc9a3e08d65a2cf208badb55f927974ae8b364b16f20b15c788fab1720ea55b4d1f3d61f3fb8adcfe8f748dbd817b1ed0d9f2ca9f8be94d585980af0f WHIRLPOOL 05d0254a60872dcb1a767d503c784eca534cf66c71bf448f1863e0b88c753eece249a5b56e57f7e2abf5d1fdf14a6f53e55d045b8af2770ca292482dbf877513 +AUX iptables-1.6.0-musl.patch 1192 SHA256 c1c18e1ba5294af84c9cd8a24648c20486355ed2d27f7c5b0042ea33e131a613 SHA512 abcba22aeab80ac59ca6a5293dd88c258bfa03ca46ad3d83f1298f7f019a1e6fdadf5debf6c7129c4a401af58684658a4b0e5dbfb9336b66975c0865927a434b WHIRLPOOL 53fe9b560b60a1a24cba51f03a7b597a7939eb9d80d0f4629d9c0177dd34cbefbf471dceaef591ff67d4cfe5e73993ea4625f8225e35bae3ad9b3f29b6f21ed8 +AUX iptables.init 2794 SHA256 9e83a7dae3a75a4fd58721cf8df2888c661af9e32e478a59a2507d234bd3d95f SHA512 0fccbdd6152ff422d86bab82eea1ddd09f554107f1eab9423e5703ab805930394086ad52717241d767f9793d3e1b4accf7c9539c9431020610711ca5313d9a16 WHIRLPOOL 65a108a045910c97c7d76bf351c4283e9dc19771f54c632351063785251589aeb302ee04b58910e3faf18ee4af208396fc6af69e692b9e3806de394094bbc554 +AUX systemd/ip6tables-restore.service 398 SHA256 611fb01a539f421a06d443ac5bec4ee412699021bb8f99bcc52056b825b72baa SHA512 4df4f73b14e123c463003656631d1affa431f722c9f598cdde6a63a531432aa3f97635b32c59aa2e1ddc4b45f500169c88da1c055fccac6c8ce89db23d015a7a WHIRLPOOL eabe0338f58a300ea53c15e09e35f8c1eb10ac9574213fbe30aff75eb350eaa676f0c927a14e24e7b2eaad6b69124645ff0df995204e65f2a23f0bc00d5d2e1c AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6 AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0 -AUX systemd/iptables-restore.service 391 SHA256 ace3b2085700bde96f0597e8c6f3b8524c28d4f9b6c924deb09b164a5b8e979c SHA512 222a088d487f8e5c199aec4a3619f8c8ee620ffca13c35fd3da8daf926db25fa5203226a6f4a2c426622d935ffd57c02ad4ff5edbca922f8168e29fc3e52c516 WHIRLPOOL 507cfef3650fcce3a17d56edfb39110d08397bbd96c88cb21c2cdb74c69b920142f0f68f71312ae7a6013057e0ab500546a0075806dd424fc85b9aebdb76b5f4 +AUX systemd/iptables-restore.service 394 SHA256 611debe959039341f2ee93c276290046365622e4a168c98a9f39684bee9565de SHA512 f0d042b487beaaa0dab0884ccb12c1cb63f9f5949b58187dcd4fcdb28a5b9874fd7b9cc8c14862f8a311a6e4016e2472edc51a776904c9940e1280da7dd3c01b WHIRLPOOL 8fc540b450347ea78e56d03591be2d22bbccadbe65dfe021c23231f9efcda3405d5555a6d5b93f38fbf5cc16855d397da104a873a5dd0fa01270d3b542f9403d AUX systemd/iptables-store.service 240 SHA256 14965fd0f3cd4285e77ea1e3d9975a818b0d64fb0026b925d8434896b2cbf839 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e WHIRLPOOL e3a5b77b2c19ad8445a21cc9c8680c2d632d968483357221fac1c309275bd17aa25c05cf23188d5ae644d5b1266c64b3dd5fe8fbdec9f2a439a212c3d1c767db AUX systemd/iptables.service 130 SHA256 c404c54c98521817aca75b96774a24684e0c7ed2fc8de2ced78f4ae4d8a6b99d SHA512 87114ccc7eb079d1ed43d77be35cf4c91702ca960883a4bbca5dfcf74aa6f086e44f4a4251441ac3a277c93eb10e7482157caf2d62bbf2a7f5327947ede25bef WHIRLPOOL 844296866dfe2fe6b1207c99d2f938f4c87a37592e95576f9504fe056fe82fc29878b9aa1a204fa31d6711fbe7ba5cd48f7a639e4839bbe366e6220246a0d3c3 DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200 -EBUILD iptables-1.4.21-r99.ebuild 2312 SHA256 755030496807570ff3360caa6af8fd21532eda2f67aa6b7de083946f50bac6ee SHA512 460a070319b983cb15ed291beec759e88f3571bfdd1d4f864419593b3cc9cb7940cee086e343b24188020450438fc36a29ca216598b5f67c52c1d1f14588fcb9 WHIRLPOOL d96e8d68f566f5da874606b730cdf2e9ce22a76d28e231a765dc3af17739ab0503e0e5b13af883cdc8ae323d660ddabb194c38b2684d5d0e168d5eebbc6bcba4 -MISC metadata.xml 1158 SHA256 7e9055478930c0b06aa6c9660c59cf250b8dd9ee5e3062c9cf05e521a24655ea SHA512 50a5daa8a84ce9a79e26af31bbb4b3786f0449e11399e7759472d86a895d935a84c0476c7fd7c3c91e7d2aada86979b783153dbd2b27fb3d8a5eaafef84ddfd9 WHIRLPOOL 94c5a196bb01e1d19b42f092d27920687bfbd9efd620e902a531fe95b239b7429002fffbf201fdc65c6efa86988d97dbd8ee273238177c4b27274b82eb8c6a31 +DIST iptables-1.6.0.tar.bz2 608288 SHA256 4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60 SHA512 60360910db76e3265fb7b6456a55b91708263bde9c4e5b9cadf3832d2e2a9db3e6cb60c82e278ea0672618bd5c9566c374e00d19d35a2e8f330116c3ab6aaf51 WHIRLPOOL e5ab2398b0650883d31ea144777a6b00904a4e02434f0420037aa54cfc5e47359b95604e945ae3a1abbf3037c37aea2143d3a5457a500e12f1c1139b11655015 +EBUILD iptables-1.4.21-r1.ebuild 2484 SHA256 a0b493d89bb704f35e835d8fffd1d73ea8528cfaac3f7288e9b7fc9e3b63e0ae SHA512 8145a17bbcccca9aab848150f4068589f2a67562654dd5923ddce6cfdb1f1488027c9d1db878d0d6c5993e9dab1023a7a57ec28c62c924a78cce99d2380bfc67 WHIRLPOOL ca1591bfe3908d020a38c89085b92b2e5483e83f48e0579aeb897d6ff0af1f52e4f786fe600e704aa131015e978061a1376a98030b52940285b773aaac203d7d +EBUILD iptables-1.6.0-r1.ebuild 3159 SHA256 71a6c1db9fabdc44348bd76e1253c69df7bc658f7148eaf230b2952311ddfb22 SHA512 facfb6d9c6f03a3f04f6f0e32149bb6b90034c7d90aa97624f0326036b10694f85dfa9da61e26be83c7ab2bb6fcdc17d26bee246751f6f1a0c414980a3f5ceee WHIRLPOOL 6a53d4b6685e0178ea9035f52f1e84044beecfce3795c725c53cb5310ac047236a52e96e1e005ae62016969f2c4efec0fb49cf1983cc0f29d53b0f2fc819d8e1 +MISC metadata.xml 1450 SHA256 12a59ccb10431b7760a10a4421f05fd3763eb14c91d27239f04d9bcacec548ab SHA512 3cd157fddc3a2aeca4ba563509b021ae52f02e23a721488eaf47b2aa701e6fee5ab8432603ca9999e6854b4d8a69950cf1a156104ee5db35f9232302326601f1 WHIRLPOOL 4d48988fd6ec8b53a643206c939789a773ab59253506c4659b83f7d563bd558924845dd04bb03702dff160cc49f72a319fa68b7e1e49988022270eeac7cfe82c diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init index 440e840..56d2a70 100644 --- a/net-firewall/iptables/files/iptables-1.4.13-r1.init +++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ diff --git a/net-firewall/iptables/files/iptables-1.4.21-musl.patch b/net-firewall/iptables/files/iptables-1.4.21-musl.patch index 286ea87..f6ad3c7 100644 --- a/net-firewall/iptables/files/iptables-1.4.21-musl.patch +++ b/net-firewall/iptables/files/iptables-1.4.21-musl.patch @@ -74,63 +74,3 @@ diff -ru a/iptables-1.4.21/include/linux/netfilter_ipv4/ip_tables.h b/iptables-1 #include -diff -ru a/iptables-1.4.21/iptables/ip6tables-restore.c b/iptables-1.4.21/iptables/ip6tables-restore.c ---- a/iptables-1.4.21/iptables/ip6tables-restore.c -+++ b/iptables-1.4.21/iptables/ip6tables-restore.c -@@ -9,7 +9,7 @@ - */ - - #include --#include -+#include - #include - #include - #include -diff -ru a/iptables-1.4.21/iptables/ip6tables-save.c b/iptables-1.4.21/iptables/ip6tables-save.c ---- a/iptables-1.4.21/iptables/ip6tables-save.c -+++ b/iptables-1.4.21/iptables/ip6tables-save.c -@@ -6,7 +6,7 @@ - * This code is distributed under the terms of GNU GPL v2 - */ - #include --#include -+#include - #include - #include - #include -diff -ru a/iptables-1.4.21/iptables/iptables-restore.c b/iptables-1.4.21/iptables/iptables-restore.c ---- a/iptables-1.4.21/iptables/iptables-restore.c -+++ b/iptables-1.4.21/iptables/iptables-restore.c -@@ -6,7 +6,7 @@ - */ - - #include --#include -+#include - #include - #include - #include -diff -ru a/iptables-1.4.21/iptables/iptables-save.c b/iptables-1.4.21/iptables/iptables-save.c ---- a/iptables-1.4.21/iptables/iptables-save.c -+++ b/iptables-1.4.21/iptables/iptables-save.c -@@ -6,7 +6,7 @@ - * - */ - #include --#include -+#include - #include - #include - #include -diff -ru a/iptables-1.4.21/iptables/iptables-xml.c b/iptables-1.4.21/iptables/iptables-xml.c ---- a/iptables-1.4.21/iptables/iptables-xml.c -+++ b/iptables-1.4.21/iptables/iptables-xml.c -@@ -7,7 +7,7 @@ - */ - - #include --#include -+#include - #include - #include - #include diff --git a/net-firewall/iptables/files/iptables-1.6.0-musl.patch b/net-firewall/iptables/files/iptables-1.6.0-musl.patch new file mode 100644 index 0000000..d5d99ad --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.6.0-musl.patch @@ -0,0 +1,38 @@ +diff -Naurw iptables-1.6.0.orig/extensions/libip6t_ipv6header.c iptables-1.6.0/extensions/libip6t_ipv6header.c +--- iptables-1.6.0.orig/extensions/libip6t_ipv6header.c 2015-12-09 04:55:06.000000000 -0800 ++++ iptables-1.6.0/extensions/libip6t_ipv6header.c 2015-12-23 17:22:56.757094312 -0800 +@@ -10,6 +10,9 @@ + #include + #include + #include ++#ifndef IPPROTO_HOPOPTS ++# define IPPROTO_HOPOPTS 0 ++#endif + + enum { + O_HEADER = 0, +diff -Naurw iptables-1.6.0.orig/extensions/libxt_TCPOPTSTRIP.c iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c +--- iptables-1.6.0.orig/extensions/libxt_TCPOPTSTRIP.c 2015-12-09 04:55:06.000000000 -0800 ++++ iptables-1.6.0/extensions/libxt_TCPOPTSTRIP.c 2015-12-23 17:21:50.463763843 -0800 +@@ -12,6 +12,21 @@ + #ifndef TCPOPT_MD5SIG + # define TCPOPT_MD5SIG 19 + #endif ++#ifndef TCPOPT_MAXSEG ++# define TCPOPT_MAXSEG 2 ++#endif ++#ifndef TCPOPT_WINDOW ++# define TCPOPT_WINDOW 3 ++#endif ++#ifndef TCPOPT_SACK_PERMITTED ++# define TCPOPT_SACK_PERMITTED 4 ++#endif ++#ifndef TCPOPT_SACK ++# define TCPOPT_SACK 5 ++#endif ++#ifndef TCPOPT_TIMESTAMP ++# define TCPOPT_TIMESTAMP 8 ++#endif + + enum { + O_STRIP_OPTION = 0, diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables.init old mode 100644 new mode 100755 similarity index 90% copy from net-firewall/iptables/files/iptables-1.4.13-r1.init copy to net-firewall/iptables/files/iptables.init index 440e840..de9f39f --- a/net-firewall/iptables/files/iptables-1.4.13-r1.init +++ b/net-firewall/iptables/files/iptables.init @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ @@ -35,7 +35,7 @@ set_table_policy() { esac local chain for chain in ${chains} ; do - ${iptables_bin} -t ${table} -P ${chain} ${policy} + ${iptables_bin} -w -t ${table} -P ${chain} ${policy} done } @@ -73,8 +73,8 @@ stop() { for a in $(cat ${iptables_proc}) ; do set_table_policy $a ACCEPT - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a done eend $? } @@ -85,8 +85,8 @@ reload() { ebegin "Flushing firewall" local a for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a done eend $? @@ -121,8 +121,8 @@ panic() { local a ebegin "Dropping all packets" for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a set_table_policy $a DROP done diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service index 88415fa..c149e92 100644 --- a/net-firewall/iptables/files/systemd/ip6tables-restore.service +++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service @@ -3,8 +3,8 @@ Description=Restore ip6tables firewall rules # if both are queued for some reason, don't store before restoring :) Before=ip6tables-store.service # sounds reasonable to have firewall up before any of the services go up -Before=network.target -Conflicts=shutdown.target +Before=network-pre.target +Wants=network-pre.target [Service] Type=oneshot diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service index 9d568d7..2474ee3 100644 --- a/net-firewall/iptables/files/systemd/iptables-restore.service +++ b/net-firewall/iptables/files/systemd/iptables-restore.service @@ -3,8 +3,8 @@ Description=Restore iptables firewall rules # if both are queued for some reason, don't store before restoring :) Before=iptables-store.service # sounds reasonable to have firewall up before any of the services go up -Before=network.target -Conflicts=shutdown.target +Before=network-pre.target +Wants=network-pre.target [Service] Type=oneshot diff --git a/net-firewall/iptables/iptables-1.4.21-r99.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild similarity index 87% copy from net-firewall/iptables/iptables-1.4.21-r99.ebuild copy to net-firewall/iptables/iptables-1.4.21-r1.ebuild index b024219..b680012 100644 --- a/net-firewall/iptables/iptables-1.4.21-r99.ebuild +++ b/net-firewall/iptables/iptables-1.4.21-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ @@ -15,10 +15,11 @@ SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="amd64 arm ~mips ppc x86" -IUSE="ipv6 netlink static-libs" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="conntrack ipv6 netlink static-libs" RDEPEND=" + conntrack? ( net-libs/libnetfilter_conntrack ) netlink? ( net-libs/libnfnetlink ) " DEPEND="${RDEPEND} @@ -42,6 +43,7 @@ src_configure() { sed -i \ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ configure || die econf \ @@ -87,7 +89,7 @@ src_install() { systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service fi - # Move important libs to /lib + # Move important libs to /lib #332175 gen_usr_ldscript -a ip{4,6}tc iptc xtables prune_libtool_files diff --git a/net-firewall/iptables/iptables-1.4.21-r99.ebuild b/net-firewall/iptables/iptables-1.6.0-r1.ebuild similarity index 58% rename from net-firewall/iptables/iptables-1.4.21-r99.ebuild rename to net-firewall/iptables/iptables-1.6.0-r1.ebuild index b024219..16d079a 100644 --- a/net-firewall/iptables/iptables-1.4.21-r99.ebuild +++ b/net-firewall/iptables/iptables-1.6.0-r1.ebuild @@ -7,30 +7,43 @@ EAPI="5" # Force users doing their own patches to install their own tools AUTOTOOLS_AUTO_DEPEND=no -inherit eutils multilib systemd toolchain-funcs autotools +inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" HOMEPAGE="http://www.netfilter.org/projects/iptables/" SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm ~mips ppc x86" -IUSE="ipv6 netlink static-libs" +# Subslot tracks libxtables as that's the one other packages generally link +# against and iptables changes. Will have to revisit if other sonames change. +SLOT="0/11" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="conntrack ipv6 netlink nftables pcap static-libs" RDEPEND=" + conntrack? ( net-libs/libnetfilter_conntrack ) netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0 + >=net-libs/libnftnl-1.0.5 + ) + pcap? ( net-libs/libpcap ) " DEPEND="${RDEPEND} virtual/os-headers virtual/pkgconfig + nftables? ( + sys-devel/flex + virtual/yacc + ) " src_prepare() { # use the saner headers from the kernel rm -f include/linux/{kernel,types}.h - epatch ${FILESDIR}/${P}-musl.patch + # Fix for MUSL + epatch "${FILESDIR}"/${P}-musl.patch # Only run autotools if user patched something epatch_user && eautoreconf || elibtoolize @@ -40,8 +53,12 @@ src_configure() { # Some libs use $(AR) rather than libtool to build #444282 tc-export AR + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + sed -i \ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ configure || die econf \ @@ -49,11 +66,16 @@ src_configure() { --libexecdir="${EPREFIX}/$(get_libdir)" \ --enable-devel \ --enable-shared \ + $(use_enable nftables) \ + $(use_enable pcap bpf-compiler) \ + $(use_enable pcap nfsynproxy) \ $(use_enable static-libs static) \ $(use_enable ipv6) } src_compile() { + # Deal with parallel build errors. + use nftables && emake -C iptables xtables-config-parser.h emake V=1 } @@ -74,20 +96,20 @@ src_install() { doins include/iptables/internal.h keepdir /var/lib/iptables - newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newinitd "${FILESDIR}"/${PN}.init iptables newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables if use ipv6 ; then keepdir /var/lib/ip6tables - newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newinitd "${FILESDIR}"/iptables.init ip6tables newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables fi - systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service + systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service if use ipv6 ; then - systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service + systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service fi - # Move important libs to /lib + # Move important libs to /lib #332175 gen_usr_ldscript -a ip{4,6}tc iptc xtables prune_libtool_files diff --git a/net-firewall/iptables/metadata.xml b/net-firewall/iptables/metadata.xml index f57b4a4..92f454b 100644 --- a/net-firewall/iptables/metadata.xml +++ b/net-firewall/iptables/metadata.xml @@ -6,7 +6,10 @@ Gentoo Base System + Build against net-libs/libnetfilter_conntrack when enables the connlabel matcher Build against libnfnetlink which enables the nfnl_osf util + Support nftables kernel interface + Build against net-libs/libpcap which enables the nfbpf_compile util iptables is the userspace command line program used to set up, maintain, and