gentoo resync : 27.10.2018

4 files changed, 175 insertions, 0 deletions

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index 456d0b8b9877..66fbd03c498f 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 4303bdf63169..a7c2a0307385 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -5,6 +5,7 @@ AUX iptables-1.4.21-configure.patch 1066 BLAKE2B 59bf725aeaae131b57e04b556957dd3
 AUX iptables-1.4.21-static-connlabel-config.patch 2195 BLAKE2B 237c59c2fd3312efa26181f363c2ad4dfe19b0cb494f90048e50ff464ed8abbb8ec46d406df51b9f3ba75f717a045ebb4fa38cc0ca5741f5efbfc3322171e04f SHA512 d838773bf2db9f97548d2f7eaab0ce3205265a7ec8b274df479fcecb474ba09ed061abae50534c0379a1290479c2e94927595eca0f4570b27744ec165348b6b1
 AUX iptables-1.8.0-fix-building-without-nft-backend.patch 1324 BLAKE2B 3393141e30d41250b7dc89c8e7c353bade835ce718156873f78d05036bae573a881d0a3c883a2437302498716613bc278c608f3ce9dfa57236467ab91b9a8203 SHA512 77382aedac7829654fa6af0537cb1e7fdffe5cc0609b8255b42de5eb077ac915b48db9e99e99b834ab3c2a3e96f38b36fd862fa27af522a82f719c8eca1bd839
 AUX iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch 1792 BLAKE2B ab5e961f279e1fadcd5f892f869ec1a0f5499c54cc79c21b85e01ad6617753dc51ba001df36e5cb1d5074b062af664c80e751d0010d8dc5951e11d2c11542bdf SHA512 1722b4a49ec8c397df9de5a3748fd5b90053dcee2121b4fd40e0f9f2efe5b27dc09e0321ca6855cf6158bbe400372d119ed825bde7a0b4e6c597f7630ac83c93
+AUX iptables-1.8.1-build_limit_without_libnftnl_fix.patch 1499 BLAKE2B 01b8f257577b37749da8c7449e5a830373fc7556885be0e1fd8233b2105cde52e95e6393eaee3f2c7b0e335286b89d0b7b638a23921998375b333d8ccf8223df SHA512 a900d1544098f58326537684bd5de20df114402abacf1971c625431a0c03e988382a9b9f4860c761923c9bd54600424ae1a3769e16518a6c6e7ba1f61caf5ddd
 AUX iptables.init 2787 BLAKE2B 79c17ba2970d63791dd4d137536b3ccf0f9b6a637d0445049a6fac338ca4e2d1fad927038dfa7ad42a1eb321feac1dc834af09ce0baec554fc9767f199e10b6b SHA512 317c71bee98f5b1bbfd17ea961e5e268532c2320fc865b7876f7cc4e02a66b6a012fc336f8880045a83e101f161197c0a1d106220af6240407cebafbf38022db
 AUX systemd/ip6tables-restore.service 404 BLAKE2B 35cdf804e787aa5cc382cc638de523735ab47b878168c41d8eef85eb592e5bebd9319e75a10db28f0eba6618efae355c90f03ac0798239edeb80d01108e98a47 SHA512 34730df7464354bce11ca5bdceb5cf305e8ab7e2ded2c2689448379e74ff93252e7a83cfe05c2f3238f59a2ade69cd9c328291c28c43b6612bfb7b29fcb0feee
 AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a1a48c681b77b6e3e1b2fa6f2ada7204f23df0f0894218599e95c2ccea71024e86cda7c82b6ff5a55d016d04d71cb1487 SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10
@@ -16,9 +17,11 @@ DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B e30f25581a118b91781dcc02761d4c8c420f
 DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
 DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
 DIST iptables-1.8.0.tar.bz2 677980 BLAKE2B ce874572d736087f46ea5a6e393cf9b32bf7328efda0fd9faee94dfa11428fc0e124d5ed81329484032ac4ebe89b2604b26dbb135e152c0e0f4c74d88db52d00 SHA512 5f3fe4c15f02e29a2e6ee2905a242f450f8a3b51553618e0cdc59301c35b8bb663e8f2ea70dfcaed8d4e53192c01519906b60ff649385c693e0602622742890f
+DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B 671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd SHA512 96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
 EBUILD iptables-1.4.21-r1.ebuild 2442 BLAKE2B caa1b23d35ccb9a8e5631f932fe4a6816358782ea620d71ad1d64498df64b18015b3610f48b345a13caafaca51bb504d364ed4167804383c03d70439ca4154c2 SHA512 b0d5b1de2c24dbe4aa3eec29e3adefac12f72529fa850fbe5b956d1835fc5ea25ceed8172d8b5bc2d5c1bff63a609cae04c3da923c783ccdfeed126ef2bde831
 EBUILD iptables-1.4.21-r5.ebuild 2975 BLAKE2B f9fdeaf8c242b1553b59586346e81735dae31100a435a9cf2d0817c69a8fb6a0652b76944f5261eca8b5c5be60f38db50fb22a3940573e493c3326ec068396e0 SHA512 dab27d6601b69dae4c0be6b48f0cbc7daf7b93066ad398d962f81ec625628d6d2ce9e0188810941364e1cbc7d9c6b4511f3ab832ee736d69d8b977f80d52657d
 EBUILD iptables-1.6.1-r3.ebuild 3252 BLAKE2B f563c16417790e7f44eae5f0492e39b76cbcf88173e29d4e7321aa9cedce927d8c0fd96a342e6c654ba99cae50a92373b935e68c8b057a3f3d01bf4a1f59dda4 SHA512 5d338acc6ac76f184086d244d23a7634af7b7001c4e9520125a284329636275aca456cb3a36f6801e94ef840d4625d5d4eb27aed57172bf2f49dd948e8801861
 EBUILD iptables-1.6.2-r2.ebuild 3327 BLAKE2B c4d683d81f4d3be5efb9d043d63b8ee7b20f4b735cce0d7e31c85e159d2693568b83b28fe1e517ba658ee240dfd063b7810590cbf94029975992b0e5aeab479e SHA512 dc12b299d205f5404bd6486b36a933b611d567be45e00f8f02dd010036c701510824184a3d3d0d52798c89e5b57bfbe402e79bbfbeb50e4f0d26de1627b387d3
 EBUILD iptables-1.8.0-r1.ebuild 3657 BLAKE2B 4ba94eef2bf4cf41b4d102932cec1e913f1b0296115e665feedc8f1f719b4185e3c79bc4482e201a8ef419227b56722f8c40737182ad82fb9265ffb0b9d7a7dc SHA512 0701b7c7400b189a14f74e9c56b446bb52e75f7a9b8d7522354254371af8fb1f24eadad0655d6d68b103287f6d6ccc1a1c38e8945a28092d3034363fba9b87b0
+EBUILD iptables-1.8.1.ebuild 3476 BLAKE2B 71c1fa76f2d33ff9b4286420c7d244c12361bf0f3d5c021622b076b2e2189af05505b2f5b41b79f689e4e496c30dc3f314a21e147c10c9eebf50aa286af18e52 SHA512 145b3ff05e4cb83920eee5c54459c82955f8eca60542d2434f97d8477a44a3c46efc92cec25987b865d2c9940220bc77799a2068f873f16a61533d672da71881
 MISC metadata.xml 1465 BLAKE2B c60f98672fb6153499b700a436b26b63c0f271c8f8519a3391e486b761ba673c362a7dc5e23b86e3af887270596a1682ea993e643a08215f670f7e3804f095bd SHA512 26bf7e3008dfd705995b15eccaaaa8c79fd488be191570a874b76571a2f9d4648a7c19eb576399ca7bbe849336d7d193f5b6b58a3ff83f87f3c157c53333e987
diff --git a/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
new file mode 100644
index 000000000000..a0fca7efa93a
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
@@ -0,0 +1,44 @@
+From b2fc2a368562d55fadad94d995247bb8cd7e68a3 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Wed, 24 Oct 2018 12:00:11 +0200
+Subject: extensions: limit: unbreak build without libnftnl
+
+Lars Wendler reported 1.8.1 build failure when trying to build without nft backend:
+
+  In file included from ../iptables/nft.h:5, from libxt_limit.c:18: libnftnl/rule.h: No such file or directory
+
+Reported-by: Lars Wendler <polynomial-c@gentoo.org>
+Fixes: 02b80972c43 ("ebtables: Merge libebt_limit.c into libxt_limit.c")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ extensions/libxt_limit.c | 1 -
+ iptables/nft-bridge.h    | 1 +
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
+index c7b66295..1b324657 100644
+--- a/extensions/libxt_limit.c
++++ b/extensions/libxt_limit.c
+@@ -15,7 +15,6 @@
+ #include <xtables.h>
+ #include <linux/netfilter/x_tables.h>
+ #include <linux/netfilter/xt_limit.h>
+-#include "iptables/nft.h"
+ #include "iptables/nft-bridge.h"
+ 
+ #define XT_LIMIT_AVG	"3/hour"
+diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
+index 9d49ccbe..de52cd71 100644
+--- a/iptables/nft-bridge.h
++++ b/iptables/nft-bridge.h
+@@ -68,6 +68,7 @@ int ebt_get_mac_and_mask(const char *from, unsigned char *to, unsigned char *mas
+ #define EBT_VERDICT_BITS 0x0000000F
+ 
+ struct nftnl_rule;
++struct iptables_command_state;
+ 
+ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
+ 	"ACCEPT",
+-- 
+cgit v1.2.1
+
diff --git a/net-firewall/iptables/iptables-1.8.1.ebuild b/net-firewall/iptables/iptables-1.8.1.ebuild
new file mode 100644
index 000000000000..3db0cde59048
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.1.ebuild
@@ -0,0 +1,128 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes.  Will have to revisit if other sonames change.
+SLOT="0/12"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+	netlink? ( net-libs/libnfnetlink )
+	nftables? (
+		>=net-libs/libmnl-1.0:0=
+		>=net-libs/libnftnl-1.1.1:0=
+	)
+	pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+	virtual/os-headers
+	>=sys-kernel/linux-headers-4.4:0
+	virtual/pkgconfig
+	nftables? (
+		sys-devel/flex
+		virtual/yacc
+	)
+"
+RDEPEND="${COMMON_DEPEND}
+	nftables? ( net-misc/ethertypes )
+"
+
+src_prepare() {
+	eapply "${FILESDIR}/${P}-build_limit_without_libnftnl_fix.patch" #669486
+
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	eapply_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	# Hack around struct mismatches between userland & kernel for some ABIs. #472388
+	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+		configure || die
+
+	local myeconfargs=(
+		--sbindir="${EPREFIX}/sbin"
+		--libexecdir="${EPREFIX}/$(get_libdir)"
+		--enable-devel
+		--enable-shared
+		$(use_enable nftables)
+		$(use_enable pcap bpf-compiler)
+		$(use_enable pcap nfsynproxy)
+		$(use_enable static-libs static)
+		$(use_enable ipv6)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	# Deal with parallel build errors.
+	use nftables && emake -C iptables xtables-config-parser.h
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	if use nftables; then
+		# Bug 647458
+		rm "${ED%/}"/etc/ethertypes || die
+
+		# Bug 660886
+		rm "${ED%/}"/sbin/{arptables,ebtables} || die
+	fi
+
+	systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+	if use ipv6 ; then
+		systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+	fi
+
+	# Move important libs to /lib #332175
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+	find "${ED}" -name "*.la" -delete || die
+}