* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/, net-firewall/nftables/files/
@ 2016-07-11 7:35 Sam Jorna
0 siblings, 0 replies; 5+ messages in thread
From: Sam Jorna @ 2016-07-11 7:35 UTC (permalink / raw
To: gentoo-commits
commit: 43c988c13be72ad3b4444b9fcd96b4377743ced9
Author: Nicholas Vinson <nvinson234 <AT> gmail <DOT> com>
AuthorDate: Sun Jul 10 22:07:00 2016 +0000
Commit: Sam Jorna <wraeth <AT> gentoo <DOT> org>
CommitDate: Mon Jul 11 07:35:24 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43c988c1
net-firewall/nftables: backport null payload desc fix
nftables-0.6 handling of payload context descriptions was changed from
version 0.5. This change causes the code to segfault when the desc
variable in payload_expr_pctx_update() is set to null. The issue
appears to be fixed with upstream commit
3503738f77cdbe521da1054a37f59ac2e442b4cf. Therefore, backporting that
commit to 0.6 to fix this issue.
Gentoo-bug: 588192
Package-Manager: portage-2.3.0
Closes: https://github.com/gentoo/gentoo/pull/1865
.../files/nftables-0.6-null-payload-desc-fix.patch | 14 ++++++++++++++
.../{nftables-0.6-r1.ebuild => nftables-0.6-r2.ebuild} | 5 ++++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch
new file mode 100644
index 0000000..3ea59e7
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch
@@ -0,0 +1,14 @@
+diff --git a/src/payload.c b/src/payload.c
+index ac0e917..9ba980a 100644
+--- a/src/payload.c
++++ b/src/payload.c
+@@ -85,6 +85,9 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
+ base = ctx->protocol[left->payload.base].desc;
+ desc = proto_find_upper(base, proto);
+
++ if (!desc)
++ return;
++
+ assert(desc->base <= PROTO_BASE_MAX);
+ if (desc->base == base->base) {
+ assert(base->length > 0);
diff --git a/net-firewall/nftables/nftables-0.6-r1.ebuild b/net-firewall/nftables/nftables-0.6-r2.ebuild
similarity index 95%
rename from net-firewall/nftables/nftables-0.6-r1.ebuild
rename to net-firewall/nftables/nftables-0.6-r2.ebuild
index 550c6da..7874baf 100644
--- a/net-firewall/nftables/nftables-0.6-r1.ebuild
+++ b/net-firewall/nftables/nftables-0.6-r2.ebuild
@@ -28,7 +28,10 @@ DEPEND="${RDEPEND}
S="${WORKDIR}/v${PV}"
-PATCHES=( "${FILESDIR}/${PN}-0.5-pdf-doc.patch" )
+PATCHES=(
+ "${FILESDIR}/${PN}-0.5-pdf-doc.patch"
+ "${FILESDIR}/${P}-null-payload-desc-fix.patch"
+)
pkg_setup() {
if kernel_is ge 3 13; then
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/, net-firewall/nftables/files/
@ 2020-09-28 23:18 Patrick McLean
0 siblings, 0 replies; 5+ messages in thread
From: Patrick McLean @ 2020-09-28 23:18 UTC (permalink / raw
To: gentoo-commits
commit: ee0604e2b7263e058c65d222f4c654da3ffdbbd3
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 28 23:18:39 2020 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Mon Sep 28 23:18:39 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee0604e2
net-firewall/nftables-0.9.6-r1: revbump, fix init script (bug #744955)
Closes: https://bugs.gentoo.org/744955
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
net-firewall/nftables/files/nftables.init-r1 | 105 ++++++++++++++++
net-firewall/nftables/nftables-0.9.6-r1.ebuild | 162 +++++++++++++++++++++++++
2 files changed, 267 insertions(+)
diff --git a/net-firewall/nftables/files/nftables.init-r1 b/net-firewall/nftables/files/nftables.init-r1
new file mode 100644
index 00000000000..45b2abdbda7
--- /dev/null
+++ b/net-firewall/nftables/files/nftables.init-r1
@@ -0,0 +1,105 @@
+#!/sbin/openrc-run
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="check clear list panic save soft_panic"
+extra_started_commands="reload"
+
+depend() {
+ need localmount #434774
+ before net
+}
+
+checkkernel() {
+ if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then
+ eerror "Your kernel lacks nftables support, please load"
+ eerror "appropriate modules and try again."
+ return 1
+ fi
+ return 0
+}
+
+checkconfig() {
+ if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then
+ eerror "Not starting nftables. First create some rules then run:"
+ eerror "/etc/init.d/${SVCNAME} save"
+ return 1
+ fi
+ return 0
+}
+
+start_pre() {
+ checkconfig || return 1
+ checkkernel || return 1
+ check || return 1
+}
+
+start() {
+ ebegin "Loading ${SVCNAME} state and starting firewall"
+ /usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}"
+ eend $?
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+
+ ebegin "Stopping firewall"
+ if [ "${PANIC_ON_STOP}" = "hard" ]; then
+ /usr/libexec/nftables/nftables.sh panic
+ elif [ "${PANIC_ON_STOP}" = "soft" ]; then
+ /usr/libexec/nftables/nftables.sh soft_panic
+ else
+ /usr/libexec/nftables/nftables.sh clear
+ fi
+ eend $?
+}
+
+reload() {
+ start_pre || return 1
+ start
+}
+
+clear() {
+ ebegin "Clearing rules"
+ /usr/libexec/nftables/nftables.sh clear
+ eend $?
+}
+
+list() {
+ /usr/libexec/nftables/nftables.sh list
+}
+
+check() {
+ ebegin "Checking rules"
+ /usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}"
+ eend $?
+}
+
+save() {
+ ebegin "Saving ${SVCNAME} state"
+ checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
+ checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
+ SAVE_OPTIONS="${SAVE_OPTIONS}" \
+ /usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}"
+ eend $?
+}
+
+panic() {
+ if service_started ${SVCNAME}; then
+ rc-service ${SVCNAME} zap
+ fi
+ ebegin "Dropping all packets"
+ /usr/libexec/nftables/nftables.sh panic
+ eend $?
+}
+
+soft_panic() {
+ if service_started ${SVCNAME}; then
+ rc-service ${SVCNAME} zap
+ fi
+ ebegin "Dropping new connections"
+ /usr/libexec/nftables/nftables.sh soft_panic
+ eend $?
+}
diff --git a/net-firewall/nftables/nftables-0.9.6-r1.ebuild b/net-firewall/nftables/nftables-0.9.6-r1.ebuild
new file mode 100644
index 00000000000..be001c0ddd6
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.9.6-r1.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8,9} )
+
+inherit autotools linux-info python-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
+IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.4:0=
+ gmp? ( dev-libs/gmp:0= )
+ json? ( dev-libs/jansson )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:0= )
+ >=net-libs/libnftnl-1.1.7:0=
+ xtables? ( >=net-firewall/iptables-1.6.1 )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ doc? (
+ app-text/asciidoc
+ >=app-text/docbook2X-0.8.8-r4
+ )
+ virtual/pkgconfig
+"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+"
+
+python_make() {
+ emake \
+ -C py \
+ abs_builddir="${S}" \
+ DESTDIR="${D}" \
+ PYTHON_BIN="${PYTHON}" \
+ "${@}"
+}
+
+pkg_setup() {
+ if kernel_is ge 3 13; then
+ if use modern-kernel && kernel_is lt 3 18; then
+ eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+ fi
+ CONFIG_CHECK="~NF_TABLES"
+ linux-info_pkg_setup
+ else
+ eerror "This package requires kernel version 3.13 or newer to work properly."
+ fi
+}
+
+src_prepare() {
+ default
+
+ # fix installation path for doc stuff
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
+ -i files/nftables/Makefile.am || die
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
+ -i files/osf/Makefile.am || die
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ # We handle python separately
+ --disable-python
+ --sbindir="${EPREFIX}"/sbin
+ $(use_enable debug)
+ $(use_enable doc man-doc)
+ $(use_with !gmp mini_gmp)
+ $(use_with json)
+ $(use_with readline cli readline)
+ $(use_enable static-libs static)
+ $(use_with xtables)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ if use python; then
+ python_foreach_impl python_make
+ fi
+}
+
+src_install() {
+ default
+
+ if ! use doc; then
+ pushd doc >/dev/null || die
+ doman *.?
+ popd >/dev/null || die
+ fi
+
+ local mksuffix="$(usex modern-kernel '-mk' '')"
+
+ exeinto /usr/libexec/${PN}
+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+ if use python ; then
+ python_foreach_impl python_make install
+ python_foreach_impl python_optimize
+ fi
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT}/var/lib/nftables/rules-save"
+
+ # In order for the nftables-restore systemd service to start
+ # the save_file must exist.
+ if [[ ! -f "${save_file}" ]]; then
+ ( umask 177; touch "${save_file}" )
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
+ fi
+
+ if has_version 'sys-apps/systemd'; then
+ elog "If you wish to enable the firewall rules on boot (on systemd) you"
+ elog "will need to enable the nftables-restore service."
+ elog " 'systemctl enable ${PN}-restore.service'"
+ elog
+ elog "If you are creating firewall rules before the next system restart"
+ elog "the nftables-restore service must be manually started in order to"
+ elog "save those rules on shutdown."
+ fi
+ if has_version 'sys-apps/openrc'; then
+ elog "If you wish to enable the firewall rules on boot (on openrc) you"
+ elog "will need to enable the nftables service."
+ elog " 'rc-update add ${PN} default'"
+ elog
+ elog "If you are creating or updating the firewall rules and wish to save"
+ elog "them to be loaded on the next restart, use the \"save\" functionality"
+ elog "in the init script."
+ elog " 'rc-service ${PN} save'"
+ fi
+}
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/, net-firewall/nftables/files/
@ 2022-02-24 23:53 Sam James
0 siblings, 0 replies; 5+ messages in thread
From: Sam James @ 2022-02-24 23:53 UTC (permalink / raw
To: gentoo-commits
commit: 1dfcad644e14a6095f13e17bd16a5e9b39466b90
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 24 20:15:00 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 24 23:53:24 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dfcad64
net-firewall/nftables: restore slibtool patch, API export fix
Signed-off-by: Sam James <sam <AT> gentoo.org>
...-explicitly-pass-version-script-to-linker.patch | 27 +++++++++++++++++++
.../files/nftables-1.0.2-compilation.patch | 2 ++
....map-export-new-nft_ctx_-get-set-_optimiz.patch | 31 ++++++++++++++++++++++
...ables-1.0.2.ebuild => nftables-1.0.2-r1.ebuild} | 2 ++
4 files changed, 62 insertions(+)
diff --git a/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch b/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch
new file mode 100644
index 000000000000..41c3de5bc83b
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch
@@ -0,0 +1,27 @@
+https://git.netfilter.org/nftables/commit/src?id=1d507ce7f1d3c12481ee24bd1dcac2fc1984ee9f
+
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Feb 2022 19:45:43 +0000
+Subject: build: explicitly pass --version-script to linker
+
+--version-script is a linker option, so let's use -Wl, so that
+libtool handles it properly. It seems like the previous method gets silently
+ignored with GNU libtool in some cases(?) and downstream in Gentoo,
+we had to apply this change to make the build work with slibtool anyway.
+
+But it's indeed correct in any case, so let's swap.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -91,7 +91,7 @@ libparser_la_CFLAGS = ${AM_CFLAGS} \
+
+ libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la
+ libnftables_la_LDFLAGS = -version-info ${libnftables_LIBVERSION} \
+- --version-script=$(srcdir)/libnftables.map
++ -Wl,--version-script=$(srcdir)/libnftables.map
+
+ if BUILD_MINIGMP
+ noinst_LTLIBRARIES += libminigmp.la
+cgit v1.2.3
diff --git a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
index 166063587485..96670c1d9531 100644
--- a/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
+++ b/net-firewall/nftables/files/nftables-1.0.2-compilation.patch
@@ -1,3 +1,5 @@
+https://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3
+
From 18a08fb7f0443f8bde83393bd6f69e23a04246b3 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 22 Feb 2022 00:56:36 +0100
diff --git a/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch b/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch
new file mode 100644
index 000000000000..09841d482222
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch
@@ -0,0 +1,31 @@
+https://git.netfilter.org/nftables/commit/src?id=e98a9b83cd52c7c75bedb3dad46539b197ed17ba
+
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Feb 2022 19:45:42 +0000
+Subject: libnftables.map: export new nft_ctx_{get,set}_optimize API
+
+[ Remove incorrect symbol names were exported via .map file ]
+
+Without this, we're not explicitly saying this is part of the
+public API.
+
+This new API was added in 1.0.2 and is used by e.g. the main
+nft binary. Noticed when fixing the version-script option
+(separate patch) which picked up this problem when .map
+was missing symbols (related to when symbol visibility
+options get set).
+
+Signed-off-by: Sam James <sam@gentoo.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+--- a/src/libnftables.map
++++ b/src/libnftables.map
+@@ -30,6 +30,6 @@ LIBNFTABLES_2 {
+ } LIBNFTABLES_1;
+
+ LIBNFTABLES_3 {
+- nft_set_optimize;
+- nft_get_optimize;
++ nft_ctx_set_optimize;
++ nft_ctx_get_optimize;
+ } LIBNFTABLES_2;
+cgit v1.2.3
diff --git a/net-firewall/nftables/nftables-1.0.2.ebuild b/net-firewall/nftables/nftables-1.0.2-r1.ebuild
similarity index 96%
rename from net-firewall/nftables/nftables-1.0.2.ebuild
rename to net-firewall/nftables/nftables-1.0.2-r1.ebuild
index 0bbf94f10942..8b7db17f23e8 100644
--- a/net-firewall/nftables/nftables-1.0.2.ebuild
+++ b/net-firewall/nftables/nftables-1.0.2-r1.ebuild
@@ -54,6 +54,8 @@ REQUIRED_USE="
PATCHES=(
"${FILESDIR}/nftables-1.0.2-compilation.patch"
+ "${FILESDIR}/nftables-1.0.2-build-explicitly-pass-version-script-to-linker.patch"
+ "${FILESDIR}/nftables-1.0.2-libnftables.map-export-new-nft_ctx_-get-set-_optimiz.patch"
)
pkg_setup() {
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/, net-firewall/nftables/files/
@ 2022-06-05 6:56 Sam James
0 siblings, 0 replies; 5+ messages in thread
From: Sam James @ 2022-06-05 6:56 UTC (permalink / raw
To: gentoo-commits
commit: 9996c079375c4db6aa9a5b35f3e947608c4b99c5
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 5 06:41:40 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jun 5 06:44:57 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9996c079
net-firewall/nftables: backport crash fix; add test infrastructure
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/nftables-1.0.3-optimize-segfault.patch | 64 ++++++++++++++++++++++
.../files/nftables-1.0.3-test-shell-sets.patch | 21 +++++++
...tables-9999.ebuild => nftables-1.0.3-r1.ebuild} | 48 +++++++++++-----
net-firewall/nftables/nftables-9999.ebuild | 48 +++++++++++-----
4 files changed, 153 insertions(+), 28 deletions(-)
diff --git a/net-firewall/nftables/files/nftables-1.0.3-optimize-segfault.patch b/net-firewall/nftables/files/nftables-1.0.3-optimize-segfault.patch
new file mode 100644
index 000000000000..95e53adc0b2f
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.3-optimize-segfault.patch
@@ -0,0 +1,64 @@
+https://git.netfilter.org/nftables/commit/?id=59bd944f6d75e99fe0c8d743e7fd482672640c2d
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 1 Jun 2022 10:14:22 +0200
+Subject: optimize: segfault when releasing unsupported statement
+
+Call xfree() instead since stmt_alloc() does not initialize the
+statement type fields.
+
+Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1609
+Fixes: ea1f1c9ff608 ("optimize: memleak in statement matrix")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+--- a/src/optimize.c
++++ b/src/optimize.c
+@@ -304,7 +304,7 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
+ clone->nat.type_flags = stmt->nat.type_flags;
+ break;
+ default:
+- stmt_free(clone);
++ xfree(clone);
+ continue;
+ }
+
+--- a/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft
++++ b/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft
+@@ -1,4 +1,10 @@
+ table ip x {
++ set s {
++ type ipv4_addr
++ size 65535
++ flags dynamic
++ }
++
+ chain filter_in_tcp {
+ }
+
+@@ -6,6 +12,7 @@ table ip x {
+ }
+
+ chain y {
++ update @s { ip saddr limit rate 12/minute burst 30 packets } accept
+ tcp dport vmap { 80 : accept, 81 : accept, 443 : accept, 8000-8100 : accept, 24000-25000 : accept }
+ meta l4proto vmap { tcp : goto filter_in_tcp, udp : goto filter_in_udp }
+ log
+--- a/tests/shell/testcases/optimizations/merge_vmaps
++++ b/tests/shell/testcases/optimizations/merge_vmaps
+@@ -3,11 +3,16 @@
+ set -e
+
+ RULESET="table ip x {
++ set s {
++ type ipv4_addr
++ flags dynamic
++ }
+ chain filter_in_tcp {
+ }
+ chain filter_in_udp {
+ }
+ chain y {
++ update @s { ip saddr limit rate 12/minute burst 30 packets } accept
+ tcp dport vmap {
+ 80 : accept,
+ 81 : accept,
+cgit v1.2.3
diff --git a/net-firewall/nftables/files/nftables-1.0.3-test-shell-sets.patch b/net-firewall/nftables/files/nftables-1.0.3-test-shell-sets.patch
new file mode 100644
index 000000000000..c5f93e20eea6
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.0.3-test-shell-sets.patch
@@ -0,0 +1,21 @@
+https://git.netfilter.org/nftables/commit/?id=3835de19fe5773baac5b79f35484d0f0e99bcfe1
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 1 Jun 2022 18:17:02 +0200
+Subject: tests: shell: sets_with_ifnames release netns on exit
+
+Missing ip netns del call from cleanup()
+
+Fixes: d6fdb0d8d482 ("sets_with_ifnames: add test case for concatenated range")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+--- a/tests/shell/testcases/sets/sets_with_ifnames
++++ b/tests/shell/testcases/sets/sets_with_ifnames
+@@ -13,6 +13,7 @@ ns2="nft2ifname-$rnd"
+ cleanup()
+ {
+ ip netns del "$ns1"
++ ip netns del "$ns2"
+ }
+
+ trap cleanup EXIT
+cgit v1.2.3
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-1.0.3-r1.ebuild
similarity index 82%
copy from net-firewall/nftables/nftables-9999.ebuild
copy to net-firewall/nftables/nftables-1.0.3-r1.ebuild
index fa427dadfaab..d4ace7fe057b 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-1.0.3-r1.ebuild
@@ -3,15 +3,16 @@
EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
DISTUTILS_OPTIONAL=1
-inherit autotools linux-info distutils-r1 systemd verify-sig
+PYTHON_COMPAT=( python3_{8..11} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
+inherit edo linux-info distutils-r1 systemd verify-sig
DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
HOMEPAGE="https://netfilter.org/projects/nftables/"
if [[ ${PV} =~ ^[9]{4,}$ ]]; then
- inherit git-r3
+ inherit autotools git-r3
EGIT_REPO_URI="https://git.netfilter.org/${PN}"
BDEPEND="
@@ -22,13 +23,13 @@ else
SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
- VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
fi
LICENSE="GPL-2"
SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
+IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
+RESTRICT="test? ( userpriv ) !test? ( test )"
RDEPEND="
>=net-libs/libmnl-1.0.4:0=
@@ -43,11 +44,12 @@ RDEPEND="
DEPEND="${RDEPEND}"
BDEPEND+="
+ virtual/pkgconfig
doc? (
app-text/asciidoc
>=app-text/docbook2X-0.8.8-r4
)
- virtual/pkgconfig
+ python? ( ${PYTHON_DEPS} )
"
REQUIRED_USE="
@@ -55,6 +57,11 @@ REQUIRED_USE="
libedit? ( !readline )
"
+PATCHES=(
+ "${FILESDIR}"/${P}-optimize-segfault.patch
+ "${FILESDIR}"/${P}-test-shell-sets.patch
+)
+
pkg_setup() {
if kernel_is ge 3 13; then
if use modern-kernel && kernel_is lt 3 18; then
@@ -70,13 +77,9 @@ pkg_setup() {
src_prepare() {
default
- # fix installation path for doc stuff
- sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
- -i files/nftables/Makefile.am || die
- sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
- -i files/osf/Makefile.am || die
-
- eautoreconf
+ if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
+ eautoreconf
+ fi
if use python; then
pushd py >/dev/null || die
@@ -119,6 +122,17 @@ src_compile() {
fi
}
+src_test() {
+ emake check
+
+ edo tests/shell/run-tests.sh -v
+
+ # Need to rig up Python eclass if using this, but it doesn't seem to work
+ # for me anyway.
+ #cd tests/py || die
+ #"${EPYTHON}" nft-test.py || die
+}
+
src_install() {
default
@@ -128,6 +142,11 @@ src_install() {
popd >/dev/null || die
fi
+ # Do it here instead of in src_prepare to avoid eautoreconf
+ # rmdir lets us catch if more files end up installed in /etc/nftables
+ mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
+ rmdir "${ED}"/etc/nftables || die
+
local mksuffix="$(usex modern-kernel '-mk' '')"
exeinto /usr/libexec/${PN}
@@ -149,7 +168,7 @@ src_install() {
pkg_postinst() {
local save_file
- save_file="${EROOT}/var/lib/nftables/rules-save"
+ save_file="${EROOT}"/var/lib/nftables/rules-save
# In order for the nftables-restore systemd service to start
# the save_file must exist.
@@ -172,6 +191,7 @@ pkg_postinst() {
elog "the nftables-restore service must be manually started in order to"
elog "save those rules on shutdown."
fi
+
if has_version 'sys-apps/openrc'; then
elog "If you wish to enable the firewall rules on boot (on openrc) you"
elog "will need to enable the nftables service."
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
index fa427dadfaab..d4ace7fe057b 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -3,15 +3,16 @@
EAPI=7
-PYTHON_COMPAT=( python3_{8..10} )
DISTUTILS_OPTIONAL=1
-inherit autotools linux-info distutils-r1 systemd verify-sig
+PYTHON_COMPAT=( python3_{8..11} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
+inherit edo linux-info distutils-r1 systemd verify-sig
DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
HOMEPAGE="https://netfilter.org/projects/nftables/"
if [[ ${PV} =~ ^[9]{4,}$ ]]; then
- inherit git-r3
+ inherit autotools git-r3
EGIT_REPO_URI="https://git.netfilter.org/${PN}"
BDEPEND="
@@ -22,13 +23,13 @@ else
SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
- VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
fi
LICENSE="GPL-2"
SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs xtables"
+IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
+RESTRICT="test? ( userpriv ) !test? ( test )"
RDEPEND="
>=net-libs/libmnl-1.0.4:0=
@@ -43,11 +44,12 @@ RDEPEND="
DEPEND="${RDEPEND}"
BDEPEND+="
+ virtual/pkgconfig
doc? (
app-text/asciidoc
>=app-text/docbook2X-0.8.8-r4
)
- virtual/pkgconfig
+ python? ( ${PYTHON_DEPS} )
"
REQUIRED_USE="
@@ -55,6 +57,11 @@ REQUIRED_USE="
libedit? ( !readline )
"
+PATCHES=(
+ "${FILESDIR}"/${P}-optimize-segfault.patch
+ "${FILESDIR}"/${P}-test-shell-sets.patch
+)
+
pkg_setup() {
if kernel_is ge 3 13; then
if use modern-kernel && kernel_is lt 3 18; then
@@ -70,13 +77,9 @@ pkg_setup() {
src_prepare() {
default
- # fix installation path for doc stuff
- sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
- -i files/nftables/Makefile.am || die
- sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
- -i files/osf/Makefile.am || die
-
- eautoreconf
+ if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
+ eautoreconf
+ fi
if use python; then
pushd py >/dev/null || die
@@ -119,6 +122,17 @@ src_compile() {
fi
}
+src_test() {
+ emake check
+
+ edo tests/shell/run-tests.sh -v
+
+ # Need to rig up Python eclass if using this, but it doesn't seem to work
+ # for me anyway.
+ #cd tests/py || die
+ #"${EPYTHON}" nft-test.py || die
+}
+
src_install() {
default
@@ -128,6 +142,11 @@ src_install() {
popd >/dev/null || die
fi
+ # Do it here instead of in src_prepare to avoid eautoreconf
+ # rmdir lets us catch if more files end up installed in /etc/nftables
+ mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
+ rmdir "${ED}"/etc/nftables || die
+
local mksuffix="$(usex modern-kernel '-mk' '')"
exeinto /usr/libexec/${PN}
@@ -149,7 +168,7 @@ src_install() {
pkg_postinst() {
local save_file
- save_file="${EROOT}/var/lib/nftables/rules-save"
+ save_file="${EROOT}"/var/lib/nftables/rules-save
# In order for the nftables-restore systemd service to start
# the save_file must exist.
@@ -172,6 +191,7 @@ pkg_postinst() {
elog "the nftables-restore service must be manually started in order to"
elog "save those rules on shutdown."
fi
+
if has_version 'sys-apps/openrc'; then
elog "If you wish to enable the firewall rules on boot (on openrc) you"
elog "will need to enable the nftables service."
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/, net-firewall/nftables/files/
@ 2024-07-24 11:53 Sam James
0 siblings, 0 replies; 5+ messages in thread
From: Sam James @ 2024-07-24 11:53 UTC (permalink / raw
To: gentoo-commits
commit: 83c0b0b3744ebd4d3a68b7f5ceb4bdb25e025116
Author: Alfred Wingate <parona <AT> protonmail <DOT> com>
AuthorDate: Wed Jul 24 08:58:41 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jul 24 11:53:02 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83c0b0b3
net-firewall/nftables: revert firewalld breaking change
https://lore.kernel.org/netfilter-devel/ZqCw126I4VRE0xKJ@calendula/
Signed-off-by: Alfred Wingate <parona <AT> protonmail.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>
...es-1.1.0-revert-firewalld-breaking-change.patch | 63 ++++++
net-firewall/nftables/nftables-1.1.0-r1.ebuild | 232 +++++++++++++++++++++
2 files changed, 295 insertions(+)
diff --git a/net-firewall/nftables/files/nftables-1.1.0-revert-firewalld-breaking-change.patch b/net-firewall/nftables/files/nftables-1.1.0-revert-firewalld-breaking-change.patch
new file mode 100644
index 000000000000..0cc23d61fb8f
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-1.1.0-revert-firewalld-breaking-change.patch
@@ -0,0 +1,63 @@
+https://git.netfilter.org/nftables/commit/?id=93560d0117639c8685fc287128ab06dec9950fbd
+https://github.com/firewalld/firewalld/issues/1366
+https://lore.kernel.org/netfilter-devel/Zp7FqL_YK3p_dQ8B@egarver-mac/
+
+From 93560d0117639c8685fc287128ab06dec9950fbd Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Wed, 24 Jul 2024 09:38:33 +0200
+Subject: Revert "cache: recycle existing cache with incremental updates"
+
+This reverts commit e791dbe109b6dd891a63a4236df5dc29d7a4b863.
+
+Eric Garver reported two issues:
+
+- index with rule breaks, because NFT_CACHE_REFRESH is missing.
+- simple set updates.
+
+Moreover, the current process could populate the cache with objects for
+listing commands (no generation ID is bumped), while another process
+could update the ruleset. Leading to a inconsistent cache due to the
+genid + 1 check.
+
+This optimization needs more work and more tests for -i/--interactive,
+revert it.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -1184,21 +1184,9 @@ static bool nft_cache_needs_refresh(struct nft_cache *cache, unsigned int flags)
+ (flags & NFT_CACHE_REFRESH);
+ }
+
+-static bool nft_cache_is_updated(struct nft_cache *cache, unsigned int flags,
+- uint16_t genid)
++static bool nft_cache_is_updated(struct nft_cache *cache, uint16_t genid)
+ {
+- if (!genid)
+- return false;
+-
+- if (genid == cache->genid)
+- return true;
+-
+- if (genid == cache->genid + 1) {
+- cache->genid++;
+- return true;
+- }
+-
+- return false;
++ return genid && genid == cache->genid;
+ }
+
+ bool nft_cache_needs_update(struct nft_cache *cache)
+@@ -1223,7 +1211,7 @@ replay:
+ genid = mnl_genid_get(&ctx);
+ if (!nft_cache_needs_refresh(cache, flags) &&
+ nft_cache_is_complete(cache, flags) &&
+- nft_cache_is_updated(cache, flags, genid))
++ nft_cache_is_updated(cache, genid))
+ return 0;
+
+ if (cache->genid)
+--
+cgit v1.2.3
+
diff --git a/net-firewall/nftables/nftables-1.1.0-r1.ebuild b/net-firewall/nftables/nftables-1.1.0-r1.ebuild
new file mode 100644
index 000000000000..eb927df4997e
--- /dev/null
+++ b/net-firewall/nftables/nftables-1.1.0-r1.ebuild
@@ -0,0 +1,232 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_OPTIONAL=1
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..13} )
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc
+inherit edo linux-info distutils-r1 systemd verify-sig
+
+DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
+ inherit autotools git-r3
+ EGIT_REPO_URI="https://git.netfilter.org/${PN}"
+ BDEPEND="app-alternatives/yacc"
+else
+ SRC_URI="
+ https://netfilter.org/projects/nftables/files/${P}.tar.xz
+ verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )
+ "
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+ BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
+fi
+
+# See COPYING: new code is GPL-2+, existing code is GPL-2
+LICENSE="GPL-2 GPL-2+"
+SLOT="0/1"
+IUSE="debug doc +gmp json libedit python +readline static-libs test xtables"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.4:=
+ >=net-libs/libnftnl-1.2.7:=
+ gmp? ( dev-libs/gmp:= )
+ json? ( dev-libs/jansson:= )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+ xtables? ( >=net-firewall/iptables-1.6.1:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND+="
+ app-alternatives/lex
+ virtual/pkgconfig
+ doc? (
+ app-text/asciidoc
+ >=app-text/docbook2X-0.8.8-r4
+ )
+ python? ( ${DISTUTILS_DEPS} )
+"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+ libedit? ( !readline )
+"
+
+PATCHES=(
+ "${FILESDIR}"/nftables-1.1.0-revert-firewalld-breaking-change.patch
+)
+
+src_prepare() {
+ default
+
+ if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
+ eautoreconf
+ fi
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_prepare
+ popd >/dev/null || die
+ fi
+}
+
+src_configure() {
+ local myeconfargs=(
+ --sbindir="${EPREFIX}"/sbin
+ $(use_enable debug)
+ $(use_enable doc man-doc)
+ $(use_with !gmp mini_gmp)
+ $(use_with json)
+ $(use_with libedit cli editline)
+ $(use_with readline cli readline)
+ $(use_enable static-libs static)
+ $(use_with xtables)
+ )
+
+ econf "${myeconfargs[@]}"
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_configure
+ popd >/dev/null || die
+ fi
+}
+
+src_compile() {
+ default
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_compile
+ popd >/dev/null || die
+ fi
+}
+
+src_test() {
+ emake check
+
+ if [[ ${EUID} == 0 ]]; then
+ edo tests/shell/run-tests.sh -v
+ else
+ ewarn "Skipping shell tests (requires root)"
+ fi
+
+ if use python; then
+ pushd tests/py >/dev/null || die
+ distutils-r1_src_test
+ popd >/dev/null || die
+ fi
+}
+
+python_test() {
+ if [[ ${EUID} == 0 ]]; then
+ edo "${EPYTHON}" nft-test.py
+ else
+ ewarn "Skipping Python tests (requires root)"
+ fi
+}
+
+src_install() {
+ default
+
+ if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
+ pushd doc >/dev/null || die
+ doman *.?
+ popd >/dev/null || die
+ fi
+
+ # Do it here instead of in src_prepare to avoid eautoreconf
+ # rmdir lets us catch if more files end up installed in /etc/nftables
+ dodir /usr/share/doc/${PF}/skels/
+ mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
+ rmdir "${ED}"/etc/nftables || die
+
+ exeinto /usr/libexec/${PN}
+ newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh
+ newconfd "${FILESDIR}"/${PN}-mk.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+ if use python ; then
+ pushd py >/dev/null || die
+ distutils-r1_src_install
+ popd >/dev/null || die
+ fi
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_preinst() {
+ local stderr
+
+ # There's a history of regressions with nftables upgrades. Perform a
+ # safety check to help us spot them earlier. For the check to pass, the
+ # currently loaded ruleset, if any, must be successfully evaluated by
+ # the newly built instance of nft(8).
+ if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
+ # Either nftables isn't yet in use or nft(8) cannot be executed.
+ return
+ elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
+ # Report errors induced by trying to list the ruleset but don't
+ # treat them as being fatal.
+ printf '%s\n' "${stderr}" >&2
+ elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
+ # Rulesets generated by iptables-nft are special in nature and
+ # will not always be printed in a way that constitutes a valid
+ # syntax for ntf(8). Ignore them.
+ return
+ elif set -- "${ED}"/usr/lib*/libnftables.so;
+ ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft
+ then
+ eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
+ eerror "nft. This probably means that there is a regression introduced by v${PV}."
+ eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
+ if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
+ die "Aborting because of failed nft reload!"
+ fi
+ fi
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT}"/var/lib/nftables/rules-save
+
+ # In order for the nftables-restore systemd service to start
+ # the save_file must exist.
+ if [[ ! -f "${save_file}" ]]; then
+ ( umask 177; touch "${save_file}" )
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
+ fi
+
+ if has_version 'sys-apps/systemd'; then
+ elog "If you wish to enable the firewall rules on boot (on systemd) you"
+ elog "will need to enable the nftables-restore service."
+ elog " 'systemctl enable ${PN}-restore.service'"
+ elog
+ elog "If you are creating firewall rules before the next system restart"
+ elog "the nftables-restore service must be manually started in order to"
+ elog "save those rules on shutdown."
+ fi
+
+ if has_version 'sys-apps/openrc'; then
+ elog "If you wish to enable the firewall rules on boot (on openrc) you"
+ elog "will need to enable the nftables service."
+ elog " 'rc-update add ${PN} default'"
+ elog
+ elog "If you are creating or updating the firewall rules and wish to save"
+ elog "them to be loaded on the next restart, use the \"save\" functionality"
+ elog "in the init script."
+ elog " 'rc-service ${PN} save'"
+ fi
+}
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-07-24 11:53 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-24 23:53 [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/, net-firewall/nftables/files/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-07-24 11:53 Sam James
2022-06-05 6:56 Sam James
2020-09-28 23:18 Patrick McLean
2016-07-11 7:35 Sam Jorna
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox