From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1438739-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id CCE7C158094
	for <garchives@archives.gentoo.org>; Fri, 23 Sep 2022 02:15:01 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 14929E0ABB;
	Fri, 23 Sep 2022 02:15:01 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id ECF25E09E8
	for <gentoo-commits@lists.gentoo.org>; Fri, 23 Sep 2022 02:15:00 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 348D7340139
	for <gentoo-commits@lists.gentoo.org>; Fri, 23 Sep 2022 02:15:00 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 95C9C5CD
	for <gentoo-commits@lists.gentoo.org>; Fri, 23 Sep 2022 02:14:58 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1663899216.72df47c7b128fc5e8b7019dee4632ddf9b20ed35.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-firewall/iptables/Manifest net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch net-firewall/iptables/iptables-1.8.7-r2.ebuild
X-VCS-Directories: net-firewall/iptables/ net-firewall/iptables/files/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 72df47c7b128fc5e8b7019dee4632ddf9b20ed35
X-VCS-Branch: master
Date: Fri, 23 Sep 2022 02:14:58 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: d4523524-4a37-4c50-82fe-78fcd260934a
X-Archives-Hash: 67adcaecefe5d291ead2ac414d984131

commit:     72df47c7b128fc5e8b7019dee4632ddf9b20ed35
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 23 02:12:39 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Sep 23 02:13:36 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72df47c7

net-firewall/iptables: drop 1.8.7-r2

Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-firewall/iptables/Manifest                     |   1 -
 .../files/iptables-1.8.7-cache-double-free.patch   |  61 -------
 net-firewall/iptables/iptables-1.8.7-r2.ebuild     | 176 ---------------------
 3 files changed, 238 deletions(-)

diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 76320a6fa208..44c1d5abb450 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,2 +1 @@
-DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
 DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59

diff --git a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
deleted file mode 100644
index fc88636d2944..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-commit 4318961230bce82958df82b57f1796143bf2f421
-Author: Phil Sutter <phil@nwl.cc>
-Date:   Tue Sep 21 11:39:45 2021 +0200
-
-    nft: cache: Avoid double free of unrecognized base-chains
-    
-    On error, nft_cache_add_chain() frees the allocated nft_chain object
-    along with the nftnl_chain it points at. Fix nftnl_chain_list_cb() to
-    not free the nftnl_chain again in that case.
-    
-    Fixes: 176c92c26bfc9 ("nft: Introduce a dedicated base chain array")
-    Signed-off-by: Phil Sutter <phil@nwl.cc>
-
-diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
-index 2c88301c..9a03bbfb 100644
---- a/iptables/nft-cache.c
-+++ b/iptables/nft-cache.c
-@@ -314,9 +314,7 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
- 		goto out;
- 	}
- 
--	if (nft_cache_add_chain(h, t, c))
--		goto out;
--
-+	nft_cache_add_chain(h, t, c);
- 	return MNL_CB_OK;
- out:
- 	nftnl_chain_free(c);
-diff --git a/iptables/tests/shell/testcases/chain/0004extra-base_0 b/iptables/tests/shell/testcases/chain/0004extra-base_0
-new file mode 100755
-index 00000000..1b85b060
---- /dev/null
-+++ b/iptables/tests/shell/testcases/chain/0004extra-base_0
-@@ -0,0 +1,27 @@
-+#!/bin/bash
-+
-+case $XT_MULTI in
-+*xtables-nft-multi)
-+	;;
-+*)
-+	echo skip $XT_MULTI
-+	exit 0
-+	;;
-+esac
-+
-+set -e
-+
-+nft -f - <<EOF
-+table ip filter {
-+        chain INPUT {
-+                type filter hook input priority filter
-+                counter packets 218 bytes 91375 accept
-+        }
-+
-+        chain x {
-+                type filter hook input priority filter
-+        }
-+}
-+EOF
-+
-+$XT_MULTI iptables -L

diff --git a/net-firewall/iptables/iptables-1.8.7-r2.ebuild b/net-firewall/iptables/iptables-1.8.7-r2.ebuild
deleted file mode 100644
index 42fd108f2606..000000000000
--- a/net-firewall/iptables/iptables-1.8.7-r2.ebuild
+++ /dev/null
@@ -1,176 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="conntrack netlink nftables pcap static-libs"
-
-BUILD_DEPEND="
-	>=app-eselect/eselect-iptables-20220320
-"
-COMMON_DEPEND="
-	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
-	netlink? ( net-libs/libnfnetlink )
-	nftables? (
-		>=net-libs/libmnl-1.0:0=
-		>=net-libs/libnftnl-1.1.6:0=
-	)
-	pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
-	virtual/os-headers
-	>=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="${BUILD_DEPEND}
-	virtual/pkgconfig
-	nftables? (
-		sys-devel/flex
-		virtual/yacc
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	${BUILD_DEPEND}
-	nftables? ( net-misc/ethertypes )
-	!<net-firewall/ebtables-2.0.11-r1
-	!<net-firewall/arptables-0.0.5-r1
-"
-
-PATCHES=(
-	"${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
-	"${FILESDIR}/iptables-1.8.2-link.patch"
-	# https://bugs.gentoo.org/831626
-	"${FILESDIR}/iptables-1.8.7-cache-double-free.patch"
-)
-
-src_prepare() {
-	# use the saner headers from the kernel
-	rm include/linux/{kernel,types}.h || die
-
-	default
-	eautoreconf
-}
-
-src_configure() {
-	# Some libs use $(AR) rather than libtool to build #444282
-	tc-export AR
-
-	# Hack around struct mismatches between userland & kernel for some ABIs. #472388
-	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
-	sed -i \
-		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
-		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
-		configure || die
-
-	local myeconfargs=(
-		--sbindir="${EPREFIX}/sbin"
-		--libexecdir="${EPREFIX}/$(get_libdir)"
-		--enable-devel
-		--enable-ipv6
-		--enable-shared
-		$(use_enable nftables)
-		$(use_enable pcap bpf-compiler)
-		$(use_enable pcap nfsynproxy)
-		$(use_enable static-libs static)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	emake V=1
-}
-
-src_install() {
-	default
-	dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
-	# all the iptables binaries are in /sbin, so might as well
-	# put these small files in with them
-	into /
-	dosbin iptables/iptables-apply
-	dosym iptables-apply /sbin/ip6tables-apply
-	doman iptables/iptables-apply.8
-
-	insinto /usr/include
-	doins include/ip{,6}tables.h
-	insinto /usr/include/iptables
-	doins include/iptables/internal.h
-
-	keepdir /var/lib/ip{,6}tables
-	newinitd "${FILESDIR}"/${PN}-r2.init iptables
-	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
-	dosym iptables /etc/init.d/ip6tables
-	newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
-
-	if use nftables; then
-		# Bug 647458
-		rm "${ED}"/etc/ethertypes || die
-
-		# Bugs 660886 and 669894
-		rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
-	fi
-
-	systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
-
-	# Move important libs to /lib #332175
-	gen_usr_ldscript -a ip{4,6}tc xtables
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local default_iptables="xtables-legacy-multi"
-	if ! eselect iptables show &>/dev/null; then
-		elog "Current iptables implementation is unset, setting to ${default_iptables}"
-		eselect iptables set "${default_iptables}"
-	fi
-
-	if use nftables; then
-		local tables
-		for tables in {arp,eb}tables; do
-			if ! eselect ${tables} show &>/dev/null; then
-				elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
-				eselect ${tables} set xtables-nft-multi
-			fi
-		done
-	fi
-
-	eselect iptables show
-}
-
-pkg_prerm() {
-	if [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Unsetting iptables symlinks before removal"
-		eselect iptables unset
-	fi
-
-	if ! has_version 'net-firewall/ebtables'; then
-		elog "Unsetting ebtables symlinks before removal"
-		eselect ebtables unset
-	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Resetting ebtables symlinks to ebtables-legacy"
-		eselect ebtables set ebtables-legacy
-	fi
-
-	if ! has_version 'net-firewall/arptables'; then
-		elog "Unsetting arptables symlinks before removal"
-		eselect arptables unset
-	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Resetting arptables symlinks to arptables-legacy"
-		eselect arptables set arptables-legacy
-	fi
-
-	# the eselect module failing should not be fatal
-	return 0
-}