* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2015-08-14 12:42 Michał Górny
0 siblings, 0 replies; 15+ messages in thread
From: Michał Górny @ 2015-08-14 12:42 UTC (permalink / raw
To: gentoo-commits
commit: 190ab2e9052a9e2304a9aafac6c6ae17bd4e1ba2
Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 14 12:41:41 2015 +0000
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Fri Aug 14 12:42:00 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=190ab2e9
net-firewall/iptables: Restore 1.4.17 required by dev-perl/IPTables-libiptc
Package-Manager: portage-2.2.20
net-firewall/iptables/Manifest | 1 +
.../iptables/files/iptables-1.4.17-libip6tc.patch | 32 ++++++++
net-firewall/iptables/iptables-1.4.17.ebuild | 87 ++++++++++++++++++++++
3 files changed, 120 insertions(+)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index e3c1f23..8e3fa0b 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1 +1,2 @@
+DIST iptables-1.4.17.tar.bz2 541137 SHA256 51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925 SHA512 022f89cbf56408842bdeb1adbe05076addaad007599fdb662f32a1c134d743dade28c26842acc7545d2474903164be5fe3ec7fd1e276cd2c37bd3b33b8a30de1 WHIRLPOOL f2cb85d5f4080fce2c6673a58737ace3d55130f74c66207bc515d0c7b4ecd75bd7ac8540a862e8af133e740d34eee40833d72c9c3236c7ef4dc75cd43816ec41
DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200
diff --git a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
new file mode 100644
index 0000000..5212dd2
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
@@ -0,0 +1,32 @@
+From d42bc7c100de69396a527e90736198f8e4e3000b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 30 Dec 2012 18:06:15 -0500
+Subject: [PATCH] extensions: fix linking against -lip6tc
+
+The current build forgets to specify a path to find libip6tc which means
+it either fails (if there is no libip6tc in the system), or links against
+an old version (if there is one in the system).
+
+References: https://bugs.gentoo.org/449262
+Reported-by: Mike Gilbert <floppym@gentoo.org>
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ extensions/GNUmakefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index e71e3ff..a605474 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -101,7 +101,7 @@ libxt_state.so: libxt_conntrack.so
+ ln -fs $< $@
+
+ # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
+-ip6t_NETMAP_LIBADD = -lip6tc
++ip6t_NETMAP_LIBADD = -L../libiptc/.libs -lip6tc
+ xt_RATEEST_LIBADD = -lm
+ xt_statistic_LIBADD = -lm
+
+--
+1.8.0
+
diff --git a/net-firewall/iptables/iptables-1.4.17.ebuild b/net-firewall/iptables/iptables-1.4.17.ebuild
new file mode 100644
index 0000000..0bbfa2b
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.17.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+ netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+ epatch "${FILESDIR}"/${P}-libip6tc.patch #449262
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ # Move important libs to /lib
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+ find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2015-08-27 2:08 Mike Frysinger
0 siblings, 0 replies; 15+ messages in thread
From: Mike Frysinger @ 2015-08-27 2:08 UTC (permalink / raw
To: gentoo-commits
commit: adbc9428f6d4f5f6751127f4edc6846b36083d28
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 27 02:07:03 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Aug 27 02:07:43 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adbc9428
net-firewall/iptables: fix from upstream for static builds #558234
Silence constant connlabel.conf warnings when using static libs.
.../iptables-1.4.21-static-connlabel-config.patch | 77 +++++++++++++++
net-firewall/iptables/iptables-1.4.21-r3.ebuild | 104 +++++++++++++++++++++
2 files changed, 181 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
new file mode 100644
index 0000000..a4183d6
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
@@ -0,0 +1,77 @@
+https://bugs.gentoo.org/558234
+http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
+
+From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 5 Sep 2014 20:45:56 +0200
+Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
+ _init hook
+
+else, static builds will print this for every iptables invocation,
+even 'iptables -L'. Delay open until we need to translate a mapping.
+
+Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ extensions/libxt_connlabel.c | 27 ++++++++++++++++++++-------
+ 1 file changed, 20 insertions(+), 7 deletions(-)
+
+diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
+index c84a167..1f83095 100644
+--- a/extensions/libxt_connlabel.c
++++ b/extensions/libxt_connlabel.c
+@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
+ XTOPT_TABLEEND,
+ };
+
++/* cannot do this via _init, else static builds might spew error message
++ * for every iptables invocation.
++ */
++static void connlabel_open(void)
++{
++ if (map)
++ return;
++
++ map = nfct_labelmap_new(NULL);
++ if (!map && errno)
++ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
++ strerror(errno));
++}
++
+ static void connlabel_mt_parse(struct xt_option_call *cb)
+ {
+ struct xt_connlabel_mtinfo *info = cb->data;
+ int tmp;
+
++ connlabel_open();
+ xtables_option_parse(cb);
+
+ switch (cb->entry->id) {
+@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
+
+ static const char *connlabel_get_name(int b)
+ {
+- const char *name = nfct_labelmap_get_name(map, b);
++ const char *name;
++
++ connlabel_open();
++
++ name = nfct_labelmap_get_name(map, b);
+ if (name && strcmp(name, ""))
+ return name;
+ return NULL;
+@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
+
+ void _init(void)
+ {
+- map = nfct_labelmap_new(NULL);
+- if (!map) {
+- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
+- connlabel_mt_reg.name, strerror(errno));
+- return;
+- }
+ xtables_register_match(&connlabel_mt_reg);
+ }
+--
+2.4.4
+
diff --git a/net-firewall/iptables/iptables-1.4.21-r3.ebuild b/net-firewall/iptables/iptables-1.4.21-r3.ebuild
new file mode 100644
index 0000000..ef4eb78
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21-r3.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes. Will have to revisit if other sonames change.
+SLOT="0/10"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink pcap static-libs"
+
+RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
+ netlink? ( net-libs/libnfnetlink )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ epatch "${FILESDIR}"/${P}-configure.patch #557586
+ epatch "${FILESDIR}"/${P}-static-connlabel-config.patch #558234
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable pcap bpf-compiler) \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2018-07-09 14:52 Thomas Deutschmann
0 siblings, 0 replies; 15+ messages in thread
From: Thomas Deutschmann @ 2018-07-09 14:52 UTC (permalink / raw
To: gentoo-commits
commit: 3a10deb82c1bcadbc0977d26dce8650c2bf5ba0a
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 9 14:51:42 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jul 9 14:51:59 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a10deb8
net-firewall/iptables: fix building with USE=-nftables
Closes: https://bugs.gentoo.org/660790
Package-Manager: Portage-2.3.41, Repoman-2.3.9
...es-1.8.0-fix-building-without-nft-backend.patch | 26 ++++++++++++++++++++++
net-firewall/iptables/iptables-1.8.0.ebuild | 7 ++++--
2 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
new file mode 100644
index 00000000000..6b19c87678b
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
@@ -0,0 +1,26 @@
+extensions: don't bother to build libebt/libarp extensions if nft backend was disabled
+
+Bug: https://bugs.gentoo.org/660790
+Reported-by: Thomas Deutschmann <whissi@gentoo.org>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ extensions/GNUmakefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index bee666e80e45..c0d73cd28c03 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -40,8 +40,8 @@ endif
+ # Wildcard module list
+ #
+ pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
+-pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
+-pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c)))
++@ENABLE_NFTABLES_TRUE@ pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
++@ENABLE_NFTABLES_TRUE@ pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c)))
+ pfx_symlinks := NOTRACK state
+ @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
+ @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
+--
+2.17.1
diff --git a/net-firewall/iptables/iptables-1.8.0.ebuild b/net-firewall/iptables/iptables-1.8.0.ebuild
index 78051935b05..d4cee0085fc 100644
--- a/net-firewall/iptables/iptables-1.8.0.ebuild
+++ b/net-firewall/iptables/iptables-1.8.0.ebuild
@@ -41,12 +41,15 @@ RDEPEND="${COMMON_DEPEND}
nftables? ( net-misc/ethertypes )
"
+PATCHES=( "${FILESDIR}"/iptables-1.8.0-fix-building-without-nft-backend.patch )
+
src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
+ default
+
+ eautoreconf
}
src_configure() {
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2018-10-24 13:26 Lars Wendler
0 siblings, 0 replies; 15+ messages in thread
From: Lars Wendler @ 2018-10-24 13:26 UTC (permalink / raw
To: gentoo-commits
commit: 281ad1c5b4f2d41492b69aaf169f5fa6ea1ab20b
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 24 13:26:18 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct 24 13:26:33 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=281ad1c5
net-firewall/iptables: Fixed build with USE="-nftables"
Closes: https://bugs.gentoo.org/669486
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
...es-1.8.1-build_limit_without_libnftnl_fix.patch | 44 ++++++++++++++++++++++
net-firewall/iptables/iptables-1.8.1.ebuild | 2 +
2 files changed, 46 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
new file mode 100644
index 00000000000..a0fca7efa93
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
@@ -0,0 +1,44 @@
+From b2fc2a368562d55fadad94d995247bb8cd7e68a3 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Wed, 24 Oct 2018 12:00:11 +0200
+Subject: extensions: limit: unbreak build without libnftnl
+
+Lars Wendler reported 1.8.1 build failure when trying to build without nft backend:
+
+ In file included from ../iptables/nft.h:5, from libxt_limit.c:18: libnftnl/rule.h: No such file or directory
+
+Reported-by: Lars Wendler <polynomial-c@gentoo.org>
+Fixes: 02b80972c43 ("ebtables: Merge libebt_limit.c into libxt_limit.c")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ extensions/libxt_limit.c | 1 -
+ iptables/nft-bridge.h | 1 +
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
+index c7b66295..1b324657 100644
+--- a/extensions/libxt_limit.c
++++ b/extensions/libxt_limit.c
+@@ -15,7 +15,6 @@
+ #include <xtables.h>
+ #include <linux/netfilter/x_tables.h>
+ #include <linux/netfilter/xt_limit.h>
+-#include "iptables/nft.h"
+ #include "iptables/nft-bridge.h"
+
+ #define XT_LIMIT_AVG "3/hour"
+diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
+index 9d49ccbe..de52cd71 100644
+--- a/iptables/nft-bridge.h
++++ b/iptables/nft-bridge.h
+@@ -68,6 +68,7 @@ int ebt_get_mac_and_mask(const char *from, unsigned char *to, unsigned char *mas
+ #define EBT_VERDICT_BITS 0x0000000F
+
+ struct nftnl_rule;
++struct iptables_command_state;
+
+ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
+ "ACCEPT",
+--
+cgit v1.2.1
+
diff --git a/net-firewall/iptables/iptables-1.8.1.ebuild b/net-firewall/iptables/iptables-1.8.1.ebuild
index 043562633bd..3db0cde5904 100644
--- a/net-firewall/iptables/iptables-1.8.1.ebuild
+++ b/net-firewall/iptables/iptables-1.8.1.ebuild
@@ -42,6 +42,8 @@ RDEPEND="${COMMON_DEPEND}
"
src_prepare() {
+ eapply "${FILESDIR}/${P}-build_limit_without_libnftnl_fix.patch" #669486
+
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2018-11-14 10:13 Lars Wendler
0 siblings, 0 replies; 15+ messages in thread
From: Lars Wendler @ 2018-11-14 10:13 UTC (permalink / raw
To: gentoo-commits
commit: d3b81429961f996c4a19552ea3c832e1bea615d0
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 14 10:13:15 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 14 10:13:33 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3b81429
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
net-firewall/iptables/Manifest | 1 -
...es-1.8.0-fix-building-without-nft-backend.patch | 26 ----
...ort-nft-suffix-for-arptables-and-ebtables.patch | 44 -------
net-firewall/iptables/iptables-1.8.0-r1.ebuild | 132 ---------------------
4 files changed, 203 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index aaefc0f765c..8808dd33a3a 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,6 +1,5 @@
DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
-DIST iptables-1.8.0.tar.bz2 677980 BLAKE2B ce874572d736087f46ea5a6e393cf9b32bf7328efda0fd9faee94dfa11428fc0e124d5ed81329484032ac4ebe89b2604b26dbb135e152c0e0f4c74d88db52d00 SHA512 5f3fe4c15f02e29a2e6ee2905a242f450f8a3b51553618e0cdc59301c35b8bb663e8f2ea70dfcaed8d4e53192c01519906b60ff649385c693e0602622742890f
DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B 671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd SHA512 96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
DIST iptables-1.8.2.tar.bz2 679858 BLAKE2B 2004d85c89ecbc37ef0d571ac8ece680fd2e11a51b074f6387d6e9c4892da524c785d6bf3f30e26af4e7c2cb1f401d51bf8bcb21a91e380e24945374553139cb SHA512 8cf0f515764e1dc6e03284581d682d1949b33e8f25fea29c27ae856f1089fe8ca7b1814524b85f4378fd1fc7c7c7d002f06557b257ae2bbc945f8555bad0dc76
diff --git a/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
deleted file mode 100644
index 6b19c87678b..00000000000
--- a/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-extensions: don't bother to build libebt/libarp extensions if nft backend was disabled
-
-Bug: https://bugs.gentoo.org/660790
-Reported-by: Thomas Deutschmann <whissi@gentoo.org>
-Signed-off-by: Florian Westphal <fw@strlen.de>
----
- extensions/GNUmakefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index bee666e80e45..c0d73cd28c03 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -40,8 +40,8 @@ endif
- # Wildcard module list
- #
- pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
--pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
--pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c)))
-+@ENABLE_NFTABLES_TRUE@ pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
-+@ENABLE_NFTABLES_TRUE@ pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c)))
- pfx_symlinks := NOTRACK state
- @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
- @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
---
-2.17.1
diff --git a/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
deleted file mode 100644
index 1053c0a338e..00000000000
--- a/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Backport of
-
-https://git.netfilter.org/iptables/commit/?id=565a22395c4c620bf26a002515d9016db0c35824
-
-Bug: https://bugs.gentoo.org/660886
---- a/iptables/Makefile.am
-+++ b/iptables/Makefile.am
-@@ -80,7 +80,9 @@ x_sbin_links = iptables-nft iptables-nft-restore iptables-nft-save \
- ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \
- iptables-translate ip6tables-translate \
- iptables-restore-translate ip6tables-restore-translate \
-- arptables ebtables xtables-monitor
-+ arptables-nft arptables \
-+ ebtables-nft ebtables \
-+ xtables-monitor
- endif
-
- iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man
---- a/iptables/Makefile.in
-+++ b/iptables/Makefile.in
-@@ -526,7 +526,9 @@ vx_bin_links = iptables-xml
- @ENABLE_NFTABLES_TRUE@ ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \
- @ENABLE_NFTABLES_TRUE@ iptables-translate ip6tables-translate \
- @ENABLE_NFTABLES_TRUE@ iptables-restore-translate ip6tables-restore-translate \
--@ENABLE_NFTABLES_TRUE@ arptables ebtables xtables-monitor
-+@ENABLE_NFTABLES_TRUE@ arptables-nft arptables \
-+@ENABLE_NFTABLES_TRUE@ ebtables-nft ebtables \
-+@ENABLE_NFTABLES_TRUE@ xtables-monitor
-
- pkgconfig_DATA = xtables.pc
- all: $(BUILT_SOURCES)
---- a/iptables/xtables-nft-multi.c
-+++ b/iptables/xtables-nft-multi.c
-@@ -31,8 +31,10 @@ static const struct subcommand multi_subcommands[] = {
- {"iptables-restore-translate", xtables_ip4_xlate_restore_main},
- {"ip6tables-restore-translate", xtables_ip6_xlate_restore_main},
- {"arptables", xtables_arp_main},
-+ {"arptables-nft", xtables_arp_main},
- {"ebtables-translate", xtables_eb_xlate_main},
- {"ebtables", xtables_eb_main},
-+ {"ebtables-nft", xtables_eb_main},
- {"xtables-monitor", xtables_monitor_main},
- {NULL},
- };
diff --git a/net-firewall/iptables/iptables-1.8.0-r1.ebuild b/net-firewall/iptables/iptables-1.8.0-r1.ebuild
deleted file mode 100644
index cbef20783c2..00000000000
--- a/net-firewall/iptables/iptables-1.8.0-r1.ebuild
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit multilib systemd toolchain-funcs autotools flag-o-matic
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/12"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.1.1:0=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
- virtual/pkgconfig
- nftables? (
- sys-devel/flex
- virtual/yacc
- )
-"
-RDEPEND="${COMMON_DEPEND}
- nftables? ( net-misc/ethertypes )
-"
-
-src_prepare() {
- eapply "${FILESDIR}"/${P}-fix-building-without-nft-backend.patch
- touch -r configure extensions/GNUmakefile.in || die
-
- eapply "${FILESDIR}"/${P}-support-nft-suffix-for-arptables-and-ebtables.patch
- touch -r configure iptables/Makefile.{am,in} || die
-
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- $(use_enable ipv6)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # Deal with parallel build errors.
- use nftables && emake -C iptables xtables-config-parser.h
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- if use nftables; then
- # Bug 647458
- rm "${ED%/}"/etc/ethertypes || die
-
- # Bug 660886
- rm "${ED%/}"/sbin/{arptables,ebtables} || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- find "${ED}" -name "*.la" -delete || die
-}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2018-11-20 13:54 Lars Wendler
0 siblings, 0 replies; 15+ messages in thread
From: Lars Wendler @ 2018-11-20 13:54 UTC (permalink / raw
To: gentoo-commits
commit: 070fae35cc6d85cdb9c35b92b476394e17c8c144
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 20 13:53:28 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Nov 20 13:54:09 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=070fae35
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
net-firewall/iptables/Manifest | 1 -
.../iptables/files/iptables-1.4.21-configure.patch | 34 -------
.../iptables-1.4.21-static-connlabel-config.patch | 77 ---------------
net-firewall/iptables/iptables-1.4.21-r1.ebuild | 93 ------------------
net-firewall/iptables/iptables-1.4.21-r5.ebuild | 104 ---------------------
5 files changed, 309 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 8808dd33a3a..2d94c7883a8 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,4 +1,3 @@
-DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B 671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd SHA512 96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
deleted file mode 100644
index e827885f168..00000000000
--- a/net-firewall/iptables/files/iptables-1.4.21-configure.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://bugs.gentoo.org/557586
-
-From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 15 Aug 2015 14:12:39 -0400
-Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
-
-The 3rd arg is used when --{enable,disable}-foo are passed in, not when
-the feature is enabled. Use the existing $enableval instead.
-
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/configure
-+++ b/configure
-@@ -11898,14 +11898,14 @@ fi
-
- # Check whether --enable-bpf-compiler was given.
- if test "${enable_bpf_compiler+set}" = set; then :
-- enableval=$enable_bpf_compiler; enable_bpfc="yes"
-+ enableval=$enable_bpf_compiler; enable_bpfc="$enableval"
- else
- enable_bpfc="no"
- fi
-
- # Check whether --enable-nfsynproxy was given.
- if test "${enable_nfsynproxy+set}" = set; then :
-- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
-+ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval"
- else
- enable_nfsynproxy="no"
- fi
diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
deleted file mode 100644
index a4183d6d402..00000000000
--- a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-https://bugs.gentoo.org/558234
-http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
-
-From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
-From: Florian Westphal <fw@strlen.de>
-Date: Fri, 5 Sep 2014 20:45:56 +0200
-Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
- _init hook
-
-else, static builds will print this for every iptables invocation,
-even 'iptables -L'. Delay open until we need to translate a mapping.
-
-Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
-Signed-off-by: Florian Westphal <fw@strlen.de>
----
- extensions/libxt_connlabel.c | 27 ++++++++++++++++++++-------
- 1 file changed, 20 insertions(+), 7 deletions(-)
-
-diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
-index c84a167..1f83095 100644
---- a/extensions/libxt_connlabel.c
-+++ b/extensions/libxt_connlabel.c
-@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
- XTOPT_TABLEEND,
- };
-
-+/* cannot do this via _init, else static builds might spew error message
-+ * for every iptables invocation.
-+ */
-+static void connlabel_open(void)
-+{
-+ if (map)
-+ return;
-+
-+ map = nfct_labelmap_new(NULL);
-+ if (!map && errno)
-+ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
-+ strerror(errno));
-+}
-+
- static void connlabel_mt_parse(struct xt_option_call *cb)
- {
- struct xt_connlabel_mtinfo *info = cb->data;
- int tmp;
-
-+ connlabel_open();
- xtables_option_parse(cb);
-
- switch (cb->entry->id) {
-@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
-
- static const char *connlabel_get_name(int b)
- {
-- const char *name = nfct_labelmap_get_name(map, b);
-+ const char *name;
-+
-+ connlabel_open();
-+
-+ name = nfct_labelmap_get_name(map, b);
- if (name && strcmp(name, ""))
- return name;
- return NULL;
-@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
-
- void _init(void)
- {
-- map = nfct_labelmap_new(NULL);
-- if (!map) {
-- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
-- connlabel_mt_reg.name, strerror(errno));
-- return;
-- }
- xtables_register_match(&connlabel_mt_reg);
- }
---
-2.4.4
-
diff --git a/net-firewall/iptables/iptables-1.4.21-r1.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
deleted file mode 100644
index 47f4a175748..00000000000
--- a/net-firewall/iptables/iptables-1.4.21-r1.ebuild
+++ /dev/null
@@ -1,93 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib systemd toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="conntrack ipv6 netlink static-libs"
-
-RDEPEND="
- conntrack? ( net-libs/libnetfilter_conntrack )
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.4.21-r5.ebuild b/net-firewall/iptables/iptables-1.4.21-r5.ebuild
deleted file mode 100644
index 6dbce98c427..00000000000
--- a/net-firewall/iptables/iptables-1.4.21-r5.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/10"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="conntrack ipv6 netlink pcap static-libs"
-
-RDEPEND="
- conntrack? ( net-libs/libnetfilter_conntrack )
- netlink? ( net-libs/libnfnetlink )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- epatch "${FILESDIR}"/${P}-configure.patch #557586
- epatch "${FILESDIR}"/${P}-static-connlabel-config.patch #558234
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable pcap bpf-compiler) \
- $(use_enable pcap nfsynproxy) \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2018-11-20 14:23 Lars Wendler
0 siblings, 0 replies; 15+ messages in thread
From: Lars Wendler @ 2018-11-20 14:23 UTC (permalink / raw
To: gentoo-commits
commit: 7ed84d5b5c472c3251c4acb752d9fed6880bf973
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 20 14:21:32 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Nov 20 14:22:55 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ed84d5b
Revert "net-firewall/iptables: Removed old."
This reverts commit 070fae35cc6d85cdb9c35b92b476394e17c8c144.
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
net-firewall/iptables/Manifest | 1 +
.../iptables/files/iptables-1.4.21-configure.patch | 34 +++++++
.../iptables-1.4.21-static-connlabel-config.patch | 77 +++++++++++++++
net-firewall/iptables/iptables-1.4.21-r1.ebuild | 93 ++++++++++++++++++
net-firewall/iptables/iptables-1.4.21-r5.ebuild | 104 +++++++++++++++++++++
5 files changed, 309 insertions(+)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 2d94c7883a8..8808dd33a3a 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,3 +1,4 @@
+DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B 671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd SHA512 96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
new file mode 100644
index 00000000000..e827885f168
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/557586
+
+From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 15 Aug 2015 14:12:39 -0400
+Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
+
+The 3rd arg is used when --{enable,disable}-foo are passed in, not when
+the feature is enabled. Use the existing $enableval instead.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/configure
++++ b/configure
+@@ -11898,14 +11898,14 @@ fi
+
+ # Check whether --enable-bpf-compiler was given.
+ if test "${enable_bpf_compiler+set}" = set; then :
+- enableval=$enable_bpf_compiler; enable_bpfc="yes"
++ enableval=$enable_bpf_compiler; enable_bpfc="$enableval"
+ else
+ enable_bpfc="no"
+ fi
+
+ # Check whether --enable-nfsynproxy was given.
+ if test "${enable_nfsynproxy+set}" = set; then :
+- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
++ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval"
+ else
+ enable_nfsynproxy="no"
+ fi
diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
new file mode 100644
index 00000000000..a4183d6d402
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
@@ -0,0 +1,77 @@
+https://bugs.gentoo.org/558234
+http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
+
+From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 5 Sep 2014 20:45:56 +0200
+Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
+ _init hook
+
+else, static builds will print this for every iptables invocation,
+even 'iptables -L'. Delay open until we need to translate a mapping.
+
+Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ extensions/libxt_connlabel.c | 27 ++++++++++++++++++++-------
+ 1 file changed, 20 insertions(+), 7 deletions(-)
+
+diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
+index c84a167..1f83095 100644
+--- a/extensions/libxt_connlabel.c
++++ b/extensions/libxt_connlabel.c
+@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
+ XTOPT_TABLEEND,
+ };
+
++/* cannot do this via _init, else static builds might spew error message
++ * for every iptables invocation.
++ */
++static void connlabel_open(void)
++{
++ if (map)
++ return;
++
++ map = nfct_labelmap_new(NULL);
++ if (!map && errno)
++ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
++ strerror(errno));
++}
++
+ static void connlabel_mt_parse(struct xt_option_call *cb)
+ {
+ struct xt_connlabel_mtinfo *info = cb->data;
+ int tmp;
+
++ connlabel_open();
+ xtables_option_parse(cb);
+
+ switch (cb->entry->id) {
+@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
+
+ static const char *connlabel_get_name(int b)
+ {
+- const char *name = nfct_labelmap_get_name(map, b);
++ const char *name;
++
++ connlabel_open();
++
++ name = nfct_labelmap_get_name(map, b);
+ if (name && strcmp(name, ""))
+ return name;
+ return NULL;
+@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
+
+ void _init(void)
+ {
+- map = nfct_labelmap_new(NULL);
+- if (!map) {
+- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
+- connlabel_mt_reg.name, strerror(errno));
+- return;
+- }
+ xtables_register_match(&connlabel_mt_reg);
+ }
+--
+2.4.4
+
diff --git a/net-firewall/iptables/iptables-1.4.21-r1.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
new file mode 100644
index 00000000000..47f4a175748
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="conntrack ipv6 netlink static-libs"
+
+RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
+ netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
diff --git a/net-firewall/iptables/iptables-1.4.21-r5.ebuild b/net-firewall/iptables/iptables-1.4.21-r5.ebuild
new file mode 100644
index 00000000000..6dbce98c427
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21-r5.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes. Will have to revisit if other sonames change.
+SLOT="0/10"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink pcap static-libs"
+
+RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
+ netlink? ( net-libs/libnfnetlink )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ epatch "${FILESDIR}"/${P}-configure.patch #557586
+ epatch "${FILESDIR}"/${P}-static-connlabel-config.patch #558234
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable pcap bpf-compiler) \
+ $(use_enable pcap nfsynproxy) \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2018-11-20 15:36 Thomas Deutschmann
0 siblings, 0 replies; 15+ messages in thread
From: Thomas Deutschmann @ 2018-11-20 15:36 UTC (permalink / raw
To: gentoo-commits
commit: cdc003118830087bbb409761fe4e0e2c19ea103a
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 20 15:36:22 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 20 15:36:38 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cdc00311
net-firewall/iptables: multiple fixes for runscript
- We are now passing iptables "--wait" option to every iptables
command which needs to aquire a lock. [Bug 501710]
- In addition, "--wait" (IPTABLES_LOCK_WAIT_TIME) and "--wait-interval"
(IPTABLES_LOCK_WAIT_INTERVAL) is now configurable via
/etc/conf.d/{iptables,ip6tables}.
- We are now only installing one runscript and now using a symlink
for the ip6tables runscript.
- Error detection improved/added.
Closes: https://bugs.gentoo.org/501710
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
net-firewall/iptables/files/ip6tables-r1.confd | 27 +++++
net-firewall/iptables/files/iptables-r1.confd | 27 +++++
net-firewall/iptables/files/iptables-r1.init | 159 +++++++++++++++++++++++++
net-firewall/iptables/iptables-1.8.2-r1.ebuild | 129 ++++++++++++++++++++
4 files changed, 342 insertions(+)
diff --git a/net-firewall/iptables/files/ip6tables-r1.confd b/net-firewall/iptables/files/ip6tables-r1.confd
new file mode 100644
index 00000000000..e608f41d1ea
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables-r1.confd
@@ -0,0 +1,27 @@
+# /etc/conf.d/ip6tables
+
+# Set wait option for xtables lock in seconds
+# DEFAULT: 60
+#IPTABLES_LOCK_WAIT_TIME="60"
+
+# Set wait interval option for xtables lock in microseconds
+# DEFAULT: 1000
+#IPTABLES_LOCK_WAIT_INTERVAL="1000"
+
+# Location in which ip6tables initscript will save set rules on
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to ip6tables-save and ip6tables-restore
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping ip6tables
+SAVE_ON_STOP="yes"
+
+# If you need to log ip6tables messages as soon as ip6tables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-r1.confd b/net-firewall/iptables/files/iptables-r1.confd
new file mode 100644
index 00000000000..d5055e0a5d2
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-r1.confd
@@ -0,0 +1,27 @@
+# /etc/conf.d/iptables
+
+# Set wait option for xtables lock in seconds
+# DEFAULT: 60
+#IPTABLES_LOCK_WAIT_TIME="60"
+
+# Set wait interval option for xtables lock in microseconds
+# DEFAULT: 1000
+#IPTABLES_LOCK_WAIT_INTERVAL="1000"
+
+# Location in which iptables initscript will save set rules on
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-r1.init b/net-firewall/iptables/files/iptables-r1.init
new file mode 100755
index 00000000000..708dcce6d3c
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-r1.init
@@ -0,0 +1,159 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_lock_wait_time=${IPTABLES_LOCK_WAIT_TIME:-"60"}
+iptables_lock_wait_interval=${IPTABLES_LOCK_WAIT_INTERVAL:-"1000"}
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+ iptables|ip6tables) ;;
+ *) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+ iptables) iptables_proc="/proc/net/ip_tables_names"
+ iptables_save=${IPTABLES_SAVE};;
+ ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+ iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+ need localmount #434774
+ before net
+}
+
+set_table_policy() {
+ local has_errors=0 chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+
+ local chain
+ for chain in ${chains} ; do
+ ${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -t ${table} -P ${chain} ${policy}
+ [ $? -ne 0 ] && has_errors=1
+ done
+
+ return ${has_errors}
+}
+
+checkkernel() {
+ if [ ! -e ${iptables_proc} ] ; then
+ eerror "Your kernel lacks ${iptables_name} support, please load"
+ eerror "appropriate modules and try again."
+ return 1
+ fi
+ return 0
+}
+
+checkconfig() {
+ if [ -z "${iptables_save}" -o ! -f "${iptables_save}" ] ; then
+ eerror "Not starting ${iptables_name}. First create some rules then run:"
+ eerror "/etc/init.d/${iptables_name} save"
+ return 1
+ fi
+ return 0
+}
+
+start_pre() {
+ checkkernel || return 1
+ checkconfig || return 1
+}
+
+start() {
+ ebegin "Loading ${iptables_name} state and starting firewall"
+ ${iptables_bin}-restore --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+stop_pre() {
+ checkkernel || return 1
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+
+ ebegin "Stopping firewall"
+ local has_errors=0 a
+ for a in $(cat ${iptables_proc}) ; do
+ set_table_policy $a ACCEPT
+ [ $? -ne 0 ] && has_errors=1
+
+ ${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -F -t $a
+ [ $? -ne 0 ] && has_errors=1
+
+ ${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -X -t $a
+ [ $? -ne 0 ] && has_errors=1
+ done
+ eend ${has_errors}
+}
+
+reload() {
+ checkkernel || return 1
+ checkrules || return 1
+ ebegin "Flushing firewall"
+ local has_errors=0 a
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -F -t $a
+ [ $? -ne 0 ] && has_errors=1
+
+ ${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -X -t $a
+ [ $? -ne 0 ] && has_errors=1
+ done
+ eend ${has_errors}
+
+ start
+}
+
+checkrules() {
+ ebegin "Checking rules"
+ ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+check() {
+ # Short name for users of init.d script.
+ checkrules
+}
+
+save() {
+ ebegin "Saving ${iptables_name} state"
+ checkpath -q -d "$(dirname "${iptables_save}")"
+ checkpath -q -m 0600 -f "${iptables_save}"
+ ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+ eend $?
+}
+
+panic() {
+ checkkernel || return 1
+ if service_started ${iptables_name}; then
+ rc-service ${iptables_name} stop
+ fi
+
+ local has_errors=0 a
+ ebegin "Dropping all packets"
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -F -t $a
+ [ $? -ne 0 ] && has_errors=1
+
+ ${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -X -t $a
+ [ $? -ne 0 ] && has_errors=1
+
+ if [ "${a}" != "nat" ]; then
+ # The "nat" table is not intended for filtering, the use of DROP is therefore inhibited.
+ set_table_policy $a DROP
+ [ $? -ne 0 ] && has_errors=1
+ fi
+ done
+ eend ${has_errors}
+}
diff --git a/net-firewall/iptables/iptables-1.8.2-r1.ebuild b/net-firewall/iptables/iptables-1.8.2-r1.ebuild
new file mode 100644
index 00000000000..9279db2ecc5
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.2-r1.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes. Will have to revisit if other sonames change.
+SLOT="0/12"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:0=
+ >=net-libs/libnftnl-1.1.1:0=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
+"
+RDEPEND="${COMMON_DEPEND}
+ nftables? ( net-misc/ethertypes )
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ # Only run autotools if user patched something
+ eapply_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ local myeconfargs=(
+ --sbindir="${EPREFIX}/sbin"
+ --libexecdir="${EPREFIX}/$(get_libdir)"
+ --enable-devel
+ --enable-shared
+ $(use_enable nftables)
+ $(use_enable pcap bpf-compiler)
+ $(use_enable pcap nfsynproxy)
+ $(use_enable static-libs static)
+ $(use_enable ipv6)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ # Deal with parallel build errors.
+ use nftables && emake -C iptables xtables-config-parser.h
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}-r1.init iptables
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ dosym iptables /etc/init.d/ip6tables
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+ fi
+
+ if use nftables; then
+ # Bug 647458
+ rm "${ED%/}"/etc/ethertypes || die
+
+ # Bug 660886
+ rm "${ED%/}"/sbin/{arptables,ebtables} || die
+
+ # Bug 669894
+ rm "${ED%/}"/sbin/ebtables-{save,restore} || die
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ find "${ED}" -name "*.la" -delete || die
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2019-05-28 0:41 Lars Wendler
0 siblings, 0 replies; 15+ messages in thread
From: Lars Wendler @ 2019-05-28 0:41 UTC (permalink / raw
To: gentoo-commits
commit: 81518bff4f1a83cba9c65438f6a812f8e523b162
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue May 28 00:39:51 2019 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue May 28 00:41:08 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81518bff
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.67, Repoman-2.3.13
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
net-firewall/iptables/Manifest | 2 -
.../iptables/files/iptables-1.4.21-configure.patch | 34 ------
.../iptables-1.4.21-static-connlabel-config.patch | 77 ------------
...es-1.8.1-build_limit_without_libnftnl_fix.patch | 44 -------
net-firewall/iptables/iptables-1.4.21-r1.ebuild | 93 ---------------
net-firewall/iptables/iptables-1.4.21-r5.ebuild | 104 ----------------
net-firewall/iptables/iptables-1.8.1-r1.ebuild | 131 ---------------------
net-firewall/iptables/iptables-1.8.2.ebuild | 129 --------------------
8 files changed, 614 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 5e0703efb12..0199e509e2c 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,6 +1,4 @@
-DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
-DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B 671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd SHA512 96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
DIST iptables-1.8.2.tar.bz2 679858 BLAKE2B 2004d85c89ecbc37ef0d571ac8ece680fd2e11a51b074f6387d6e9c4892da524c785d6bf3f30e26af4e7c2cb1f401d51bf8bcb21a91e380e24945374553139cb SHA512 8cf0f515764e1dc6e03284581d682d1949b33e8f25fea29c27ae856f1089fe8ca7b1814524b85f4378fd1fc7c7c7d002f06557b257ae2bbc945f8555bad0dc76
DIST iptables-1.8.3.tar.bz2 716257 BLAKE2B 58c606a5753ae2cb8ada9039e4653d2abe03c7c9b6aeef1e458baa3e10e818893f35e8f2aed5221e692415115e618aa673c8fcd33d172f85e9d1b609ed79c7b8 SHA512 84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
deleted file mode 100644
index e827885f168..00000000000
--- a/net-firewall/iptables/files/iptables-1.4.21-configure.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://bugs.gentoo.org/557586
-
-From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 15 Aug 2015 14:12:39 -0400
-Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
-
-The 3rd arg is used when --{enable,disable}-foo are passed in, not when
-the feature is enabled. Use the existing $enableval instead.
-
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/configure
-+++ b/configure
-@@ -11898,14 +11898,14 @@ fi
-
- # Check whether --enable-bpf-compiler was given.
- if test "${enable_bpf_compiler+set}" = set; then :
-- enableval=$enable_bpf_compiler; enable_bpfc="yes"
-+ enableval=$enable_bpf_compiler; enable_bpfc="$enableval"
- else
- enable_bpfc="no"
- fi
-
- # Check whether --enable-nfsynproxy was given.
- if test "${enable_nfsynproxy+set}" = set; then :
-- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
-+ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval"
- else
- enable_nfsynproxy="no"
- fi
diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
deleted file mode 100644
index a4183d6d402..00000000000
--- a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-https://bugs.gentoo.org/558234
-http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
-
-From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
-From: Florian Westphal <fw@strlen.de>
-Date: Fri, 5 Sep 2014 20:45:56 +0200
-Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
- _init hook
-
-else, static builds will print this for every iptables invocation,
-even 'iptables -L'. Delay open until we need to translate a mapping.
-
-Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
-Signed-off-by: Florian Westphal <fw@strlen.de>
----
- extensions/libxt_connlabel.c | 27 ++++++++++++++++++++-------
- 1 file changed, 20 insertions(+), 7 deletions(-)
-
-diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
-index c84a167..1f83095 100644
---- a/extensions/libxt_connlabel.c
-+++ b/extensions/libxt_connlabel.c
-@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
- XTOPT_TABLEEND,
- };
-
-+/* cannot do this via _init, else static builds might spew error message
-+ * for every iptables invocation.
-+ */
-+static void connlabel_open(void)
-+{
-+ if (map)
-+ return;
-+
-+ map = nfct_labelmap_new(NULL);
-+ if (!map && errno)
-+ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
-+ strerror(errno));
-+}
-+
- static void connlabel_mt_parse(struct xt_option_call *cb)
- {
- struct xt_connlabel_mtinfo *info = cb->data;
- int tmp;
-
-+ connlabel_open();
- xtables_option_parse(cb);
-
- switch (cb->entry->id) {
-@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
-
- static const char *connlabel_get_name(int b)
- {
-- const char *name = nfct_labelmap_get_name(map, b);
-+ const char *name;
-+
-+ connlabel_open();
-+
-+ name = nfct_labelmap_get_name(map, b);
- if (name && strcmp(name, ""))
- return name;
- return NULL;
-@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
-
- void _init(void)
- {
-- map = nfct_labelmap_new(NULL);
-- if (!map) {
-- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
-- connlabel_mt_reg.name, strerror(errno));
-- return;
-- }
- xtables_register_match(&connlabel_mt_reg);
- }
---
-2.4.4
-
diff --git a/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
deleted file mode 100644
index a0fca7efa93..00000000000
--- a/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From b2fc2a368562d55fadad94d995247bb8cd7e68a3 Mon Sep 17 00:00:00 2001
-From: Florian Westphal <fw@strlen.de>
-Date: Wed, 24 Oct 2018 12:00:11 +0200
-Subject: extensions: limit: unbreak build without libnftnl
-
-Lars Wendler reported 1.8.1 build failure when trying to build without nft backend:
-
- In file included from ../iptables/nft.h:5, from libxt_limit.c:18: libnftnl/rule.h: No such file or directory
-
-Reported-by: Lars Wendler <polynomial-c@gentoo.org>
-Fixes: 02b80972c43 ("ebtables: Merge libebt_limit.c into libxt_limit.c")
-Signed-off-by: Florian Westphal <fw@strlen.de>
----
- extensions/libxt_limit.c | 1 -
- iptables/nft-bridge.h | 1 +
- 2 files changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
-index c7b66295..1b324657 100644
---- a/extensions/libxt_limit.c
-+++ b/extensions/libxt_limit.c
-@@ -15,7 +15,6 @@
- #include <xtables.h>
- #include <linux/netfilter/x_tables.h>
- #include <linux/netfilter/xt_limit.h>
--#include "iptables/nft.h"
- #include "iptables/nft-bridge.h"
-
- #define XT_LIMIT_AVG "3/hour"
-diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
-index 9d49ccbe..de52cd71 100644
---- a/iptables/nft-bridge.h
-+++ b/iptables/nft-bridge.h
-@@ -68,6 +68,7 @@ int ebt_get_mac_and_mask(const char *from, unsigned char *to, unsigned char *mas
- #define EBT_VERDICT_BITS 0x0000000F
-
- struct nftnl_rule;
-+struct iptables_command_state;
-
- static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
- "ACCEPT",
---
-cgit v1.2.1
-
diff --git a/net-firewall/iptables/iptables-1.4.21-r1.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
deleted file mode 100644
index 47f4a175748..00000000000
--- a/net-firewall/iptables/iptables-1.4.21-r1.ebuild
+++ /dev/null
@@ -1,93 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib systemd toolchain-funcs autotools
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-IUSE="conntrack ipv6 netlink static-libs"
-
-RDEPEND="
- conntrack? ( net-libs/libnetfilter_conntrack )
- netlink? ( net-libs/libnfnetlink )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.4.21-r5.ebuild b/net-firewall/iptables/iptables-1.4.21-r5.ebuild
deleted file mode 100644
index 6dbce98c427..00000000000
--- a/net-firewall/iptables/iptables-1.4.21-r5.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/10"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="conntrack ipv6 netlink pcap static-libs"
-
-RDEPEND="
- conntrack? ( net-libs/libnetfilter_conntrack )
- netlink? ( net-libs/libnfnetlink )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${RDEPEND}
- virtual/os-headers
- virtual/pkgconfig
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- epatch "${FILESDIR}"/${P}-configure.patch #557586
- epatch "${FILESDIR}"/${P}-static-connlabel-config.patch #558234
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable pcap bpf-compiler) \
- $(use_enable pcap nfsynproxy) \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.8.1-r1.ebuild b/net-firewall/iptables/iptables-1.8.1-r1.ebuild
deleted file mode 100644
index 0183b70bd77..00000000000
--- a/net-firewall/iptables/iptables-1.8.1-r1.ebuild
+++ /dev/null
@@ -1,131 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit multilib systemd toolchain-funcs autotools flag-o-matic
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/12"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.1.1:0=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
- virtual/pkgconfig
- nftables? (
- sys-devel/flex
- virtual/yacc
- )
-"
-RDEPEND="${COMMON_DEPEND}
- nftables? ( net-misc/ethertypes )
-"
-
-src_prepare() {
- eapply "${FILESDIR}/${P}-build_limit_without_libnftnl_fix.patch" #669486
-
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- $(use_enable ipv6)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # Deal with parallel build errors.
- use nftables && emake -C iptables xtables-config-parser.h
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- if use nftables; then
- # Bug 647458
- rm "${ED%/}"/etc/ethertypes || die
-
- # Bug 660886
- rm "${ED%/}"/sbin/{arptables,ebtables} || die
-
- # Bug 669894
- rm "${ED%/}"/sbin/ebtables-{save,restore} || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- find "${ED}" -name "*.la" -delete || die
-}
diff --git a/net-firewall/iptables/iptables-1.8.2.ebuild b/net-firewall/iptables/iptables-1.8.2.ebuild
deleted file mode 100644
index cbf85327a99..00000000000
--- a/net-firewall/iptables/iptables-1.8.2.ebuild
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit multilib systemd toolchain-funcs autotools flag-o-matic
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/12"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.1.1:0=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
- virtual/pkgconfig
- nftables? (
- sys-devel/flex
- virtual/yacc
- )
-"
-RDEPEND="${COMMON_DEPEND}
- nftables? ( net-misc/ethertypes )
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- $(use_enable ipv6)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # Deal with parallel build errors.
- use nftables && emake -C iptables xtables-config-parser.h
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- if use nftables; then
- # Bug 647458
- rm "${ED%/}"/etc/ethertypes || die
-
- # Bug 660886
- rm "${ED%/}"/sbin/{arptables,ebtables} || die
-
- # Bug 669894
- rm "${ED%/}"/sbin/ebtables-{save,restore} || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- find "${ED}" -name "*.la" -delete || die
-}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2021-01-16 23:36 Lars Wendler
0 siblings, 0 replies; 15+ messages in thread
From: Lars Wendler @ 2021-01-16 23:36 UTC (permalink / raw
To: gentoo-commits
commit: 3124aea6bcf75de81f6619cee0a345499c177c19
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 16 23:35:22 2021 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan 16 23:36:09 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3124aea6
net-firewall/iptables: Removed old
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
net-firewall/iptables/Manifest | 3 -
net-firewall/iptables/files/ip6tables-1.4.13.confd | 19 ---
net-firewall/iptables/files/iptables-1.4.13.confd | 19 ---
net-firewall/iptables/iptables-1.6.1-r3.ebuild | 119 --------------
net-firewall/iptables/iptables-1.6.2-r2.ebuild | 123 --------------
net-firewall/iptables/iptables-1.8.4-r2.ebuild | 179 ---------------------
6 files changed, 462 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 6124f5ea369..2e92db50183 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,6 +1,3 @@
-DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
-DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
-DIST iptables-1.8.4.tar.bz2 704312 BLAKE2B f677bb9ed2c86e6a39953c0565766991e9647224effdc7db2b563f3f491f6ace2f9073ecc8e865d489101a9f80cf964d9775ab81536412dbd4ca85937432de94 SHA512 a7faaab58608ffaa51e26e8056551c0e91a49187439d30fcf5cce2800274cc3c0515db6cfba0f4c85613fb80779cf96089b8915db0e89161e9980a6384faebdb
DIST iptables-1.8.5.tar.bz2 713769 BLAKE2B 49659fc2f1f284f31637048fa1e6edb4853e9bf6ac0b6ada5599a7af34a4449205b5eb6b85b630ce4757b49cf3f8ac9ad6220e07c2c22abb688a3aeb5cf99cd2 SHA512 6a6baa541bb7aa331b176e0a91894e0766859814b59e77c71351ac34d6ebd337487981db48c70e476a48c67bcf891cfc663221a7582feb1496ad1df56eb28da8
DIST iptables-1.8.6.tar.bz2 715744 BLAKE2B 72167610b396054fe18c495d7a9e23051d217116074ee39198af989a3e50b9908cb75f42b9172d3cfd76343835386a78a2c51d1153ed5d219a6d68209e11dc9c SHA512 d06e4cddb69822c4618664a35877fc5811992936cade2040bb0e4eb25a4d879eadc7c84401c40fb39ffac7888568505adcb1cfe995cd166a15c702237daf6acf
DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd
deleted file mode 100644
index 3bb36989d37..00000000000
--- a/net-firewall/iptables/files/ip6tables-1.4.13.confd
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/conf.d/ip6tables
-
-# Location in which iptables initscript will save set rules on
-# service shutdown
-IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
-
-# Options to pass to iptables-save and iptables-restore
-SAVE_RESTORE_OPTIONS="-c"
-
-# Save state on stopping iptables
-SAVE_ON_STOP="yes"
-
-# If you need to log iptables messages as soon as iptables starts,
-# AND your logger does NOT depend on the network, then you may wish
-# to uncomment the next line.
-# If your logger depends on the network, and you uncomment this line
-# you will create an unresolvable circular dependency during startup.
-# After commenting or uncommenting this line, you must run 'rc-update -u'.
-#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd
deleted file mode 100644
index 7225374c3a8..00000000000
--- a/net-firewall/iptables/files/iptables-1.4.13.confd
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/conf.d/iptables
-
-# Location in which iptables initscript will save set rules on
-# service shutdown
-IPTABLES_SAVE="/var/lib/iptables/rules-save"
-
-# Options to pass to iptables-save and iptables-restore
-SAVE_RESTORE_OPTIONS="-c"
-
-# Save state on stopping iptables
-SAVE_ON_STOP="yes"
-
-# If you need to log iptables messages as soon as iptables starts,
-# AND your logger does NOT depend on the network, then you may wish
-# to uncomment the next line.
-# If your logger depends on the network, and you uncomment this line
-# you will create an unresolvable circular dependency during startup.
-# After commenting or uncommenting this line, you must run 'rc-update -u'.
-#rc_use="logger"
diff --git a/net-firewall/iptables/iptables-1.6.1-r3.ebuild b/net-firewall/iptables/iptables-1.6.1-r3.ebuild
deleted file mode 100644
index d024b756fa0..00000000000
--- a/net-firewall/iptables/iptables-1.6.1-r3.ebuild
+++ /dev/null
@@ -1,119 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic ltprune usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/12"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.0.5:0=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
- virtual/pkgconfig
- nftables? (
- sys-devel/flex
- virtual/yacc
- )
-"
-RDEPEND="${COMMON_DEPEND}
- nftables? (
- !<net-firewall/ebtables-2.0.10.4-r2
- !net-misc/ethertypes
- )
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- epatch_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- econf \
- --sbindir="${EPREFIX}/sbin" \
- --libexecdir="${EPREFIX}/$(get_libdir)" \
- --enable-devel \
- --enable-shared \
- $(use_enable nftables) \
- $(use_enable pcap bpf-compiler) \
- $(use_enable pcap nfsynproxy) \
- $(use_enable static-libs static) \
- $(use_enable ipv6)
-}
-
-src_compile() {
- # Deal with parallel build errors.
- use nftables && emake -C iptables xtables-config-parser.h
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.6.2-r2.ebuild b/net-firewall/iptables/iptables-1.6.2-r2.ebuild
deleted file mode 100644
index abd85bcb2eb..00000000000
--- a/net-firewall/iptables/iptables-1.6.2-r2.ebuild
+++ /dev/null
@@ -1,123 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit ltprune multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot tracks libxtables as that's the one other packages generally link
-# against and iptables changes. Will have to revisit if other sonames change.
-SLOT="0/12"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.0.5:0=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
- virtual/pkgconfig
- nftables? (
- sys-devel/flex
- virtual/yacc
- )
-"
-RDEPEND="${COMMON_DEPEND}
- nftables? ( net-misc/ethertypes )
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm -f include/linux/{kernel,types}.h
-
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- $(use_enable ipv6)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # Deal with parallel build errors.
- use nftables && emake -C iptables xtables-config-parser.h
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}.init iptables
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
- fi
-
- if use nftables; then
- # Bug 647458
- rm "${ED%/}"/etc/ethertypes || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- prune_libtool_files
-}
diff --git a/net-firewall/iptables/iptables-1.8.4-r2.ebuild b/net-firewall/iptables/iptables-1.8.4-r2.ebuild
deleted file mode 100644
index 3298be20c0a..00000000000
--- a/net-firewall/iptables/iptables-1.8.4-r2.ebuild
+++ /dev/null
@@ -1,179 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-BUILD_DEPEND="
- >=app-eselect/eselect-iptables-20200508
-"
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.1.5:0=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="${BUILD_DEPEND}
- app-eselect/eselect-iptables
- virtual/pkgconfig
- nftables? (
- sys-devel/flex
- virtual/yacc
- )
-"
-RDEPEND="${COMMON_DEPEND}
- ${BUILD_DEPEND}
- nftables? ( net-misc/ethertypes )
- !<net-firewall/ebtables-2.0.11-r1
- !<net-firewall/arptables-0.0.5-r1
-"
-
-PATCHES=(
- "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
- "${FILESDIR}/iptables-1.8.2-link.patch"
-)
-
-src_prepare() {
- # use the saner headers from the kernel
- rm include/linux/{kernel,types}.h || die
-
- default
- eautoreconf
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- $(use_enable ipv6)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-r2.init iptables
- newconfd "${FILESDIR}"/${PN}-r1.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- dosym iptables /etc/init.d/ip6tables
- newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
- fi
-
- if use nftables; then
- # Bug 647458
- rm "${ED}"/etc/ethertypes || die
-
- # Bugs 660886 and 669894
- rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc xtables
-
- find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
- local default_iptables="xtables-legacy-multi"
- if ! eselect iptables show &>/dev/null; then
- elog "Current iptables implementation is unset, setting to ${default_iptables}"
- eselect iptables set "${default_iptables}"
- fi
-
- if use nftables; then
- local tables
- for tables in {arp,eb}tables; do
- if ! eselect ${tables} show &>/dev/null; then
- elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
- eselect ${tables} set xtables-nft-multi
- fi
- done
- fi
-
- eselect iptables show
-}
-
-pkg_prerm() {
- elog "Unsetting iptables symlinks before removal"
- eselect iptables unset
-
- if ! has_version 'net-firewall/ebtables'; then
- elog "Unsetting ebtables symlinks before removal"
- eselect ebtables unset
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Resetting ebtables symlinks to ebtables-legacy"
- eselect ebtables set ebtables-legacy
- fi
-
- if ! has_version 'net-firewall/arptables'; then
- elog "Unsetting arptables symlinks before removal"
- eselect arptables unset
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Resetting arptables symlinks to arptables-legacy"
- eselect arptables set arptables-legacy
- fi
-
- # the eselect module failing should not be fatal
- return 0
-}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2022-05-14 21:24 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2022-05-14 21:24 UTC (permalink / raw
To: gentoo-commits
commit: 9b5cb98661907b8e44b7c5b61fc9f7d7c4fc7703
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 14 03:46:57 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 14 21:22:22 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b5cb986
net-firewall/iptables: add 1.8.8
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/iptables/Manifest | 1 +
.../files/iptables-1.8.8-format-security.patch | 21 +++
net-firewall/iptables/iptables-1.8.8.ebuild | 176 +++++++++++++++++++++
3 files changed, 198 insertions(+)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 20be9ec24c2d..76320a6fa208 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1 +1,2 @@
DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
+DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
diff --git a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
new file mode 100644
index 000000000000..fafc435379b5
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
@@ -0,0 +1,21 @@
+https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a
+
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 13 May 2022 16:51:58 +0200
+Subject: xshared: Fix build for -Werror=format-security
+
+Gcc complains about the omitted format string.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+--- a/iptables/xshared.c
++++ b/iptables/xshared.c
+@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg)
+ return;
+
+ if (args->family != NFPROTO_ARP)
+- xtables_error(PARAMETER_PROBLEM, msg);
++ xtables_error(PARAMETER_PROBLEM, "%s", msg);
+
+ fprintf(stderr, "%s", msg);
+ }
+cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8.ebuild b/net-firewall/iptables/iptables-1.8.8.ebuild
new file mode 100644
index 000000000000..e65230759e5f
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.8.ebuild
@@ -0,0 +1,176 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs"
+
+BUILD_DEPEND="
+ >=app-eselect/eselect-iptables-20220320
+"
+COMMON_DEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:0=
+ >=net-libs/libnftnl-1.1.6:0=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="${BUILD_DEPEND}
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
+"
+RDEPEND="${COMMON_DEPEND}
+ ${BUILD_DEPEND}
+ nftables? ( net-misc/ethertypes )
+ !<net-firewall/ebtables-2.0.11-r1
+ !<net-firewall/arptables-0.0.5-r1
+"
+
+PATCHES=(
+ "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
+ "${FILESDIR}/iptables-1.8.2-link.patch"
+
+ "${FILESDIR}/${P}-format-security.patch"
+)
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm include/linux/{kernel,types}.h || die
+
+ default
+ eautoreconf
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ local myeconfargs=(
+ --sbindir="${EPREFIX}/sbin"
+ --libexecdir="${EPREFIX}/$(get_libdir)"
+ --enable-devel
+ --enable-ipv6
+ --enable-shared
+ $(use_enable nftables)
+ $(use_enable pcap bpf-compiler)
+ $(use_enable pcap nfsynproxy)
+ $(use_enable static-libs static)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/ip{,6}tables.h
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/ip{,6}tables
+ newinitd "${FILESDIR}"/${PN}-r2.init iptables
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+ dosym iptables /etc/init.d/ip6tables
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+
+ if use nftables; then
+ # Bug 647458
+ rm "${ED}"/etc/ethertypes || die
+
+ # Bugs 660886 and 669894
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc xtables
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local default_iptables="xtables-legacy-multi"
+ if ! eselect iptables show &>/dev/null; then
+ elog "Current iptables implementation is unset, setting to ${default_iptables}"
+ eselect iptables set "${default_iptables}"
+ fi
+
+ if use nftables; then
+ local tables
+ for tables in {arp,eb}tables; do
+ if ! eselect ${tables} show &>/dev/null; then
+ elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+ eselect ${tables} set xtables-nft-multi
+ fi
+ done
+ fi
+
+ eselect iptables show
+}
+
+pkg_prerm() {
+ if [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Unsetting iptables symlinks before removal"
+ eselect iptables unset
+ fi
+
+ if ! has_version 'net-firewall/ebtables'; then
+ elog "Unsetting ebtables symlinks before removal"
+ eselect ebtables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting ebtables symlinks to ebtables-legacy"
+ eselect ebtables set ebtables-legacy
+ fi
+
+ if ! has_version 'net-firewall/arptables'; then
+ elog "Unsetting arptables symlinks before removal"
+ eselect arptables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting arptables symlinks to arptables-legacy"
+ eselect arptables set arptables-legacy
+ fi
+
+ # the eselect module failing should not be fatal
+ return 0
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2022-05-18 20:52 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2022-05-18 20:52 UTC (permalink / raw
To: gentoo-commits
commit: d8ae486250804a820434c22df25be9cfdb584f31
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed May 18 20:52:39 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed May 18 20:52:47 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8ae4862
net-firewall/iptables: fix build w/ musl (and installed headers)
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../iptables/files/iptables-1.8.8-uint-musl.patch | 135 +++++++++++++++++++++
...ables-1.8.8.ebuild => iptables-1.8.8-r1.ebuild} | 1 +
2 files changed, 136 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
new file mode 100644
index 000000000000..40302f624e23
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
@@ -0,0 +1,135 @@
+https://git.netfilter.org/iptables/commit/?id=f319389525b066b7dc6d389c88f16a0df3b8f189
+
+From: Nick Hainke <vincent@systemli.org>
+Date: Mon, 16 May 2022 18:16:41 +0200
+Subject: treewide: use uint* instead of u_int*
+
+Gcc complains about missing types. Some commits introduced u_int* instead
+of uint*. Use uint treewide.
+
+Fixes errors in the form of:
+In file included from xtables-legacy-multi.c:5:
+xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
+ 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
+ | ^~~~~~~~~
+ | uint16_t
+make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1
+
+Avoid libipq API breakage by adjusting libipq.h include accordingly. For
+arpt_mangle.h kernel uAPI header, apply same change as in kernel commit
+e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t").
+
+Signed-off-by: Nick Hainke <vincent@systemli.org>
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+--- a/extensions/libxt_conntrack.c
++++ b/extensions/libxt_conntrack.c
+@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
+
+ static void
+ conntrack_dump_ports(const char *prefix, const char *opt,
+- u_int16_t port_low, u_int16_t port_high)
++ uint16_t port_low, uint16_t port_high)
+ {
+ if (port_high == 0 || port_low == port_high)
+ printf(" %s%s %u", prefix, opt, port_low);
+--- a/include/libipq/libipq.h
++++ b/include/libipq/libipq.h
+@@ -24,7 +24,7 @@
+ #include <errno.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+-#include <sys/types.h>
++#include <stdint.h>
+ #include <sys/socket.h>
+ #include <sys/uio.h>
+ #include <asm/types.h>
+@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t;
+ struct ipq_handle
+ {
+ int fd;
+- u_int8_t blocking;
++ uint8_t blocking;
+ struct sockaddr_nl local;
+ struct sockaddr_nl peer;
+ };
+
+-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
++struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol);
+
+ int ipq_destroy_handle(struct ipq_handle *h);
+
+ ssize_t ipq_read(const struct ipq_handle *h,
+ unsigned char *buf, size_t len, int timeout);
+
+-int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
++int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len);
+
+ ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
+
+--- a/include/libiptc/libxtc.h
++++ b/include/libiptc/libxtc.h
+@@ -10,7 +10,7 @@ extern "C" {
+ #endif
+
+ #ifndef XT_MIN_ALIGN
+-/* xt_entry has pointers and u_int64_t's in it, so if you align to
++/* xt_entry has pointers and uint64_t's in it, so if you align to
+ it, you'll also align to any crazy matches and targets someone
+ might write */
+ #define XT_MIN_ALIGN (__alignof__(struct xt_entry))
+--- a/include/linux/netfilter_arp/arpt_mangle.h
++++ b/include/linux/netfilter_arp/arpt_mangle.h
+@@ -13,7 +13,7 @@ struct arpt_mangle
+ union {
+ struct in_addr tgt_ip;
+ } u_t;
+- u_int8_t flags;
++ __u8 flags;
+ int target;
+ };
+
+--- a/iptables/xshared.c
++++ b/iptables/xshared.c
+@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
+ };
+
+ void
+-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
++set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
+ bool invert)
+ {
+ if (*options & option)
+--- a/iptables/xshared.h
++++ b/iptables/xshared.h
+@@ -80,7 +80,7 @@ struct xtables_target;
+ #define IPT_INV_ARPHRD 0x0800
+
+ void
+-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
++set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
+ bool invert);
+
+ /**
+--- a/libipq/ipq_create_handle.3
++++ b/libipq/ipq_create_handle.3
+@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles.
+ .br
+ .B #include <libipq.h>
+ .sp
+-.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");"
++.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");"
+ .br
+ .BI "int ipq_destroy_handle(struct ipq_handle *" h );
+ .SH DESCRIPTION
+--- a/libipq/ipq_set_mode.3
++++ b/libipq/ipq_set_mode.3
+@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode
+ .br
+ .B #include <libipq.h>
+ .sp
+-.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range );
++.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range );
+ .SH DESCRIPTION
+ The
+ .B ipq_set_mode
+cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8.ebuild b/net-firewall/iptables/iptables-1.8.8-r1.ebuild
similarity index 99%
rename from net-firewall/iptables/iptables-1.8.8.ebuild
rename to net-firewall/iptables/iptables-1.8.8-r1.ebuild
index e65230759e5f..2a2b9aa257c0 100644
--- a/net-firewall/iptables/iptables-1.8.8.ebuild
+++ b/net-firewall/iptables/iptables-1.8.8-r1.ebuild
@@ -51,6 +51,7 @@ PATCHES=(
"${FILESDIR}/iptables-1.8.2-link.patch"
"${FILESDIR}/${P}-format-security.patch"
+ "${FILESDIR}/${P}-uint-musl.patch"
)
src_prepare() {
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2022-05-28 2:52 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2022-05-28 2:52 UTC (permalink / raw
To: gentoo-commits
commit: 56a695955754b0947cc12f99da838eab57f939de
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 28 02:52:03 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 28 02:52:21 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56a69595
net-firewall/iptables: fix musl build
Closes: https://bugs.gentoo.org/846377
Signed-off-by: Sam James <sam <AT> gentoo.org>
| 59 ++++++++++++++++++++++
.../files/iptables-1.8.8-out-of-tree-build.patch | 26 ++++++++++
net-firewall/iptables/iptables-1.8.8-r2.ebuild | 2 +
3 files changed, 87 insertions(+)
--git a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
new file mode 100644
index 000000000000..52e2c7019972
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
@@ -0,0 +1,59 @@
+https://git.netfilter.org/iptables/commit/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e
+https://bugs.gentoo.org/846377
+
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 18 May 2022 16:04:09 +0200
+Subject: Revert "fix build for missing ETH_ALEN definition"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke
+compiling against musl libc. Might be a bug in the latter, but for the
+time being try to please both by avoiding the include and instead
+defining ETH_ALEN if unset.
+
+While being at it, move netinet/ether.h include up.
+
+Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing support")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Reviewed-by: Maciej Żenczykowski <maze@google.com>
+--- a/libxtables/xtables.c
++++ b/libxtables/xtables.c
+@@ -28,6 +28,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
++#include <netinet/ether.h>
+ #include <sys/socket.h>
+ #include <sys/stat.h>
+ #include <sys/statfs.h>
+@@ -45,7 +46,6 @@
+
+ #include <xtables.h>
+ #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
+-#include <linux/if_ether.h> /* ETH_ALEN */
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter_ipv6/ip6_tables.h>
+ #include <libiptc/libxtc.h>
+@@ -72,6 +72,10 @@
+ #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
+ #endif
+
++#ifndef ETH_ALEN
++#define ETH_ALEN 6
++#endif
++
+ /* we need this for ip6?tables-restore. ip6?tables-restore.c sets line to the
+ * current line of the input file, in order to give a more precise error
+ * message. ip6?tables itself doesn't need this, so it is initialized to the
+@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, unsigned int format)
+ printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
+ }
+
+-#include <netinet/ether.h>
+-
+ static const unsigned char mac_type_unicast[ETH_ALEN] = {};
+ static const unsigned char msk_type_unicast[ETH_ALEN] = {1};
+ static const unsigned char mac_type_multicast[ETH_ALEN] = {1};
+cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
new file mode 100644
index 000000000000..ee9e218b5dbd
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
@@ -0,0 +1,26 @@
+https://git.netfilter.org/iptables/commit/?id=0ebf52fc951b2a4d98a166afb34af4f364bbeece
+
+From: Ben Brown <ben@demerara.io>
+Date: Wed, 25 May 2022 16:26:13 +0100
+Subject: build: Fix error during out of tree build
+
+Fixes the following error:
+
+ ../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No such file or directory
+ 52 | #include <libiptc/linux_list.h>
+
+Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table")
+Signed-off-by: Ben Brown <ben@demerara.io>
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+--- a/libxtables/Makefile.am
++++ b/libxtables/Makefile.am
+@@ -1,7 +1,7 @@
+ # -*- Makefile -*-
+
+ AM_CFLAGS = ${regular_CFLAGS}
+-AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS}
++AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir} ${kinclude_CPPFLAGS}
+
+ lib_LTLIBRARIES = libxtables.la
+ libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c
+cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8-r2.ebuild b/net-firewall/iptables/iptables-1.8.8-r2.ebuild
index 03c908c9d9b1..c4fcdc0fb260 100644
--- a/net-firewall/iptables/iptables-1.8.8-r2.ebuild
+++ b/net-firewall/iptables/iptables-1.8.8-r2.ebuild
@@ -52,6 +52,8 @@ PATCHES=(
"${FILESDIR}/${P}-format-security.patch"
"${FILESDIR}/${P}-uint-musl.patch"
+ "${FILESDIR}/${P}-musl-headers.patch"
+ "${FILESDIR}/${P}-out-of-tree-build.patch"
)
src_prepare() {
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2022-09-23 2:14 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2022-09-23 2:14 UTC (permalink / raw
To: gentoo-commits
commit: 72df47c7b128fc5e8b7019dee4632ddf9b20ed35
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 23 02:12:39 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Sep 23 02:13:36 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72df47c7
net-firewall/iptables: drop 1.8.7-r2
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-firewall/iptables/Manifest | 1 -
.../files/iptables-1.8.7-cache-double-free.patch | 61 -------
net-firewall/iptables/iptables-1.8.7-r2.ebuild | 176 ---------------------
3 files changed, 238 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 76320a6fa208..44c1d5abb450 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,2 +1 @@
-DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
diff --git a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
deleted file mode 100644
index fc88636d2944..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-commit 4318961230bce82958df82b57f1796143bf2f421
-Author: Phil Sutter <phil@nwl.cc>
-Date: Tue Sep 21 11:39:45 2021 +0200
-
- nft: cache: Avoid double free of unrecognized base-chains
-
- On error, nft_cache_add_chain() frees the allocated nft_chain object
- along with the nftnl_chain it points at. Fix nftnl_chain_list_cb() to
- not free the nftnl_chain again in that case.
-
- Fixes: 176c92c26bfc9 ("nft: Introduce a dedicated base chain array")
- Signed-off-by: Phil Sutter <phil@nwl.cc>
-
-diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
-index 2c88301c..9a03bbfb 100644
---- a/iptables/nft-cache.c
-+++ b/iptables/nft-cache.c
-@@ -314,9 +314,7 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
- goto out;
- }
-
-- if (nft_cache_add_chain(h, t, c))
-- goto out;
--
-+ nft_cache_add_chain(h, t, c);
- return MNL_CB_OK;
- out:
- nftnl_chain_free(c);
-diff --git a/iptables/tests/shell/testcases/chain/0004extra-base_0 b/iptables/tests/shell/testcases/chain/0004extra-base_0
-new file mode 100755
-index 00000000..1b85b060
---- /dev/null
-+++ b/iptables/tests/shell/testcases/chain/0004extra-base_0
-@@ -0,0 +1,27 @@
-+#!/bin/bash
-+
-+case $XT_MULTI in
-+*xtables-nft-multi)
-+ ;;
-+*)
-+ echo skip $XT_MULTI
-+ exit 0
-+ ;;
-+esac
-+
-+set -e
-+
-+nft -f - <<EOF
-+table ip filter {
-+ chain INPUT {
-+ type filter hook input priority filter
-+ counter packets 218 bytes 91375 accept
-+ }
-+
-+ chain x {
-+ type filter hook input priority filter
-+ }
-+}
-+EOF
-+
-+$XT_MULTI iptables -L
diff --git a/net-firewall/iptables/iptables-1.8.7-r2.ebuild b/net-firewall/iptables/iptables-1.8.7-r2.ebuild
deleted file mode 100644
index 42fd108f2606..000000000000
--- a/net-firewall/iptables/iptables-1.8.7-r2.ebuild
+++ /dev/null
@@ -1,176 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="conntrack netlink nftables pcap static-libs"
-
-BUILD_DEPEND="
- >=app-eselect/eselect-iptables-20220320
-"
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.1.6:0=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="${BUILD_DEPEND}
- virtual/pkgconfig
- nftables? (
- sys-devel/flex
- virtual/yacc
- )
-"
-RDEPEND="${COMMON_DEPEND}
- ${BUILD_DEPEND}
- nftables? ( net-misc/ethertypes )
- !<net-firewall/ebtables-2.0.11-r1
- !<net-firewall/arptables-0.0.5-r1
-"
-
-PATCHES=(
- "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
- "${FILESDIR}/iptables-1.8.2-link.patch"
- # https://bugs.gentoo.org/831626
- "${FILESDIR}/iptables-1.8.7-cache-double-free.patch"
-)
-
-src_prepare() {
- # use the saner headers from the kernel
- rm include/linux/{kernel,types}.h || die
-
- default
- eautoreconf
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-ipv6
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/ip{,6}tables.h
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/ip{,6}tables
- newinitd "${FILESDIR}"/${PN}-r2.init iptables
- newconfd "${FILESDIR}"/${PN}-r1.confd iptables
- dosym iptables /etc/init.d/ip6tables
- newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
-
- if use nftables; then
- # Bug 647458
- rm "${ED}"/etc/ethertypes || die
-
- # Bugs 660886 and 669894
- rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc xtables
-
- find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
- local default_iptables="xtables-legacy-multi"
- if ! eselect iptables show &>/dev/null; then
- elog "Current iptables implementation is unset, setting to ${default_iptables}"
- eselect iptables set "${default_iptables}"
- fi
-
- if use nftables; then
- local tables
- for tables in {arp,eb}tables; do
- if ! eselect ${tables} show &>/dev/null; then
- elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
- eselect ${tables} set xtables-nft-multi
- fi
- done
- fi
-
- eselect iptables show
-}
-
-pkg_prerm() {
- if [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Unsetting iptables symlinks before removal"
- eselect iptables unset
- fi
-
- if ! has_version 'net-firewall/ebtables'; then
- elog "Unsetting ebtables symlinks before removal"
- eselect ebtables unset
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Resetting ebtables symlinks to ebtables-legacy"
- eselect ebtables set ebtables-legacy
- fi
-
- if ! has_version 'net-firewall/arptables'; then
- elog "Unsetting arptables symlinks before removal"
- eselect arptables unset
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Resetting arptables symlinks to arptables-legacy"
- eselect arptables set arptables-legacy
- fi
-
- # the eselect module failing should not be fatal
- return 0
-}
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2023-09-18 8:49 Sam James
0 siblings, 0 replies; 15+ messages in thread
From: Sam James @ 2023-09-18 8:49 UTC (permalink / raw
To: gentoo-commits
commit: e9227501ae5ec3674ba2fd93766df71f85c1da2f
Author: Robert Kolchmeyer <rkolchmeyer <AT> google <DOT> com>
AuthorDate: Thu Aug 31 18:00:02 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Sep 18 08:39:28 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9227501
net-firewall/iptables: fix checking existence of rule
This bug was introduced in 1.8.9, and a release including the fix has
not been made yet. This patch can be removed after upgrading beyond
1.8.9.
Signed-off-by: Robert Kolchmeyer <rkolchmeyer <AT> google.com>
Closes: https://github.com/gentoo/gentoo/pull/32541
Signed-off-by: Sam James <sam <AT> gentoo.org>
...bles-1.8.9-fix-checking-existence-of-rule.patch | 34 ++++
net-firewall/iptables/iptables-1.8.9-r1.ebuild | 181 +++++++++++++++++++++
2 files changed, 215 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch b/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch
new file mode 100644
index 000000000000..16c894f185e7
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch
@@ -0,0 +1,34 @@
+https://git.netfilter.org/iptables/commit/?id=78850e7dba64a949c440dbdbe557f59409c6db48
+
+From 78850e7dba64a949c440dbdbe557f59409c6db48 Mon Sep 17 00:00:00 2001
+From: Markus Boehme <markubo@amazon.com>
+Date: Mon, 3 Apr 2023 23:13:47 +0200
+Subject: [PATCH] ip6tables: Fix checking existence of rule
+
+Pass the proper entry size when creating a match mask for checking the
+existence of a rule. Failing to do so causes wrong results.
+
+Reported-by: Jonathan Caicedo <jonathan@jcaicedo.com>
+Fixes: eb2546a846776 ("xshared: Share make_delete_mask() between ip{,6}tables")
+Signed-off-by: Markus Boehme <markubo@amazon.com>
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ iptables/ip6tables.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
+index 345af451..9afc32c1 100644
+--- a/iptables/ip6tables.c
++++ b/iptables/ip6tables.c
+@@ -331,7 +331,7 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry *fw,
+ int ret = 1;
+ unsigned char *mask;
+
+- mask = make_delete_mask(matches, target, sizeof(fw));
++ mask = make_delete_mask(matches, target, sizeof(*fw));
+ for (i = 0; i < nsaddrs; i++) {
+ fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
+--
+2.42.0.283.g2d96d420d3-goog
+
diff --git a/net-firewall/iptables/iptables-1.8.9-r1.ebuild b/net-firewall/iptables/iptables-1.8.9-r1.ebuild
new file mode 100644
index 000000000000..f3c3728c7812
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.9-r1.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:=
+ >=net-libs/libnftnl-1.1.6:=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="
+ ${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ app-alternatives/yacc
+ )
+"
+RDEPEND="
+ ${COMMON_DEPEND}
+ nftables? ( net-misc/ethertypes )
+ !<net-firewall/ebtables-2.0.11-r1
+ !<net-firewall/arptables-0.0.5-r1
+"
+IDEPEND=">=app-eselect/eselect-iptables-20220320"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.8.4-no-symlinks.patch
+ "${FILESDIR}"/${P}-format-security.patch
+ "${FILESDIR}"/${PN}-1.8.9-fix-checking-existence-of-rule.patch
+)
+
+src_prepare() {
+ # Use the saner headers from the kernel
+ rm include/linux/{kernel,types}.h || die
+
+ default
+ eautoreconf
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build, bug #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs
+ # bug #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ local myeconfargs=(
+ --sbindir="${EPREFIX}/sbin"
+ --libexecdir="${EPREFIX}/$(get_libdir)"
+ --enable-devel
+ --enable-ipv6
+ --enable-shared
+ $(use_enable nftables)
+ $(use_enable pcap bpf-compiler)
+ $(use_enable pcap nfsynproxy)
+ $(use_enable static-libs static)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+
+ # Managed by eselect-iptables
+ # https://bugs.gentoo.org/881295
+ rm "${ED}/usr/bin/iptables-xml" || die
+
+ dodoc iptables/iptables.xslt
+
+ # All the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/ip{,6}tables.h
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/ip{,6}tables
+ newinitd "${FILESDIR}"/${PN}-r3.init iptables
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+ dosym iptables /etc/init.d/ip6tables
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+
+ if use nftables; then
+ # Bug #647458
+ rm "${ED}"/etc/ethertypes || die
+
+ # Bugs #660886 and #669894
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
+
+ # Move important libs to /lib, bug #332175
+ gen_usr_ldscript -a ip{4,6}tc xtables
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local default_iptables="xtables-legacy-multi"
+ if ! eselect iptables show &>/dev/null; then
+ elog "Current iptables implementation is unset, setting to ${default_iptables}"
+ eselect iptables set "${default_iptables}"
+ fi
+
+ if use nftables; then
+ local tables
+ for tables in {arp,eb}tables; do
+ if ! eselect ${tables} show &>/dev/null; then
+ elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+ eselect ${tables} set xtables-nft-multi
+ fi
+ done
+ fi
+
+ eselect iptables show
+}
+
+pkg_prerm() {
+ if [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Unsetting iptables symlinks before removal"
+ eselect iptables unset
+ fi
+
+ if ! has_version 'net-firewall/ebtables'; then
+ elog "Unsetting ebtables symlinks before removal"
+ eselect ebtables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting ebtables symlinks to ebtables-legacy"
+ eselect ebtables set ebtables-legacy
+ fi
+
+ if ! has_version 'net-firewall/arptables'; then
+ elog "Unsetting arptables symlinks before removal"
+ eselect arptables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting arptables symlinks to arptables-legacy"
+ eselect arptables set arptables-legacy
+ fi
+
+ # The eselect module failing should not be fatal
+ return 0
+}
^ permalink raw reply related [flat|nested] 15+ messages in thread
end of thread, other threads:[~2023-09-18 8:49 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-14 21:24 [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2023-09-18 8:49 Sam James
2022-09-23 2:14 Sam James
2022-05-28 2:52 Sam James
2022-05-18 20:52 Sam James
2021-01-16 23:36 Lars Wendler
2019-05-28 0:41 Lars Wendler
2018-11-20 15:36 Thomas Deutschmann
2018-11-20 14:23 Lars Wendler
2018-11-20 13:54 Lars Wendler
2018-11-14 10:13 Lars Wendler
2018-10-24 13:26 Lars Wendler
2018-07-09 14:52 Thomas Deutschmann
2015-08-27 2:08 Mike Frysinger
2015-08-14 12:42 Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox