diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 20:52:04 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 20:52:04 +0100 |
| commit | 71bc00c87bba1ce31de0dac6c3b7fd1aee6917fc (patch) | |
| tree | 7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /net-firewall | |
| parent | 6612a728ea11526a849618ec515ad57131d64416 (diff) | |
gentoo resync : 14.07.2018
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/Manifest.gz | bin | 5561 -> 5558 bytes | |||
| -rw-r--r-- | net-firewall/iptables/Manifest | 5 | ||||
| -rw-r--r-- | net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch | 26 | ||||
| -rw-r--r-- | net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch | 44 | ||||
| -rw-r--r-- | net-firewall/iptables/iptables-1.8.0-r1.ebuild (renamed from net-firewall/iptables/iptables-1.6.2-r1.ebuild) | 25 |
5 files changed, 92 insertions, 8 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz Binary files differindex 72e44b084db2..65de999fa010 100644 --- a/net-firewall/Manifest.gz +++ b/net-firewall/Manifest.gz diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 2979180c2aec..f3110f47ae9a 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -3,6 +3,8 @@ AUX iptables-1.4.13-r1.init 2766 BLAKE2B 1941ba5383055bfedd57b8eb6a390cab5fc3438 AUX iptables-1.4.13.confd 687 BLAKE2B 78b2242454b5f3228661f1e41b790aaa458c1225162a222da5a309a15eca56a531c756a5ceb49e506095461998305189efe136fde0bfe5916cc2d00661de1789 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 AUX iptables-1.4.21-configure.patch 1066 BLAKE2B 59bf725aeaae131b57e04b556957dd3316f2282ea5a1d9e931f63865dd48484831c9f7674085b7134e2ef4c2dcddbc3b06c8f8e85a45840746a25e386c390f86 SHA512 45445d1460072ed19ba617be983be82094fdd0535a25de4f6159173de4a08be9bee9da13c7aeea419291beb92402ca25efba3a0e269510e221f7eacc8bcd5176 AUX iptables-1.4.21-static-connlabel-config.patch 2195 BLAKE2B 237c59c2fd3312efa26181f363c2ad4dfe19b0cb494f90048e50ff464ed8abbb8ec46d406df51b9f3ba75f717a045ebb4fa38cc0ca5741f5efbfc3322171e04f SHA512 d838773bf2db9f97548d2f7eaab0ce3205265a7ec8b274df479fcecb474ba09ed061abae50534c0379a1290479c2e94927595eca0f4570b27744ec165348b6b1 +AUX iptables-1.8.0-fix-building-without-nft-backend.patch 1324 BLAKE2B 3393141e30d41250b7dc89c8e7c353bade835ce718156873f78d05036bae573a881d0a3c883a2437302498716613bc278c608f3ce9dfa57236467ab91b9a8203 SHA512 77382aedac7829654fa6af0537cb1e7fdffe5cc0609b8255b42de5eb077ac915b48db9e99e99b834ab3c2a3e96f38b36fd862fa27af522a82f719c8eca1bd839 +AUX iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch 1792 BLAKE2B ab5e961f279e1fadcd5f892f869ec1a0f5499c54cc79c21b85e01ad6617753dc51ba001df36e5cb1d5074b062af664c80e751d0010d8dc5951e11d2c11542bdf SHA512 1722b4a49ec8c397df9de5a3748fd5b90053dcee2121b4fd40e0f9f2efe5b27dc09e0321ca6855cf6158bbe400372d119ed825bde7a0b4e6c597f7630ac83c93 AUX iptables.init 2787 BLAKE2B 79c17ba2970d63791dd4d137536b3ccf0f9b6a637d0445049a6fac338ca4e2d1fad927038dfa7ad42a1eb321feac1dc834af09ce0baec554fc9767f199e10b6b SHA512 317c71bee98f5b1bbfd17ea961e5e268532c2320fc865b7876f7cc4e02a66b6a012fc336f8880045a83e101f161197c0a1d106220af6240407cebafbf38022db AUX systemd/ip6tables-restore.service 404 BLAKE2B 35cdf804e787aa5cc382cc638de523735ab47b878168c41d8eef85eb592e5bebd9319e75a10db28f0eba6618efae355c90f03ac0798239edeb80d01108e98a47 SHA512 34730df7464354bce11ca5bdceb5cf305e8ab7e2ded2c2689448379e74ff93252e7a83cfe05c2f3238f59a2ade69cd9c328291c28c43b6612bfb7b29fcb0feee AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a1a48c681b77b6e3e1b2fa6f2ada7204f23df0f0894218599e95c2ccea71024e86cda7c82b6ff5a55d016d04d71cb1487 SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 @@ -13,9 +15,10 @@ AUX systemd/iptables.service 130 BLAKE2B 1b4881253eae9fd24c831931e5836efc3d3bb6f DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8 DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0 +DIST iptables-1.8.0.tar.bz2 677980 BLAKE2B ce874572d736087f46ea5a6e393cf9b32bf7328efda0fd9faee94dfa11428fc0e124d5ed81329484032ac4ebe89b2604b26dbb135e152c0e0f4c74d88db52d00 SHA512 5f3fe4c15f02e29a2e6ee2905a242f450f8a3b51553618e0cdc59301c35b8bb663e8f2ea70dfcaed8d4e53192c01519906b60ff649385c693e0602622742890f EBUILD iptables-1.4.21-r1.ebuild 2442 BLAKE2B caa1b23d35ccb9a8e5631f932fe4a6816358782ea620d71ad1d64498df64b18015b3610f48b345a13caafaca51bb504d364ed4167804383c03d70439ca4154c2 SHA512 b0d5b1de2c24dbe4aa3eec29e3adefac12f72529fa850fbe5b956d1835fc5ea25ceed8172d8b5bc2d5c1bff63a609cae04c3da923c783ccdfeed126ef2bde831 EBUILD iptables-1.4.21-r5.ebuild 2975 BLAKE2B f9fdeaf8c242b1553b59586346e81735dae31100a435a9cf2d0817c69a8fb6a0652b76944f5261eca8b5c5be60f38db50fb22a3940573e493c3326ec068396e0 SHA512 dab27d6601b69dae4c0be6b48f0cbc7daf7b93066ad398d962f81ec625628d6d2ce9e0188810941364e1cbc7d9c6b4511f3ab832ee736d69d8b977f80d52657d EBUILD iptables-1.6.1-r3.ebuild 3258 BLAKE2B 069cae36e3e4cbb04865f6f7d6c5b3f17cffd8868adc3fe3360519bc7eedd8b5f10bcd866bd1d03047a98a3675eb0bfc06b8ed882ff02596e56a5167778935dc SHA512 6ccc44b38eba7b0cc8d9195af7cc8e19214d5c8944f3c16ba75dbfe3856f84c5a5b922b435b63598ca9f074f0e4eb17798cb692037e8d8819e52f4d8096cebed -EBUILD iptables-1.6.2-r1.ebuild 3289 BLAKE2B 313dae5931d2e12a4bedb4650f7057704e7e1203a32de405e6fe45221aac84085b106973acec1e47e8499f7dbafcf41856173ed0495adaf378b0548989d486cf SHA512 30be32e28aae346cd108969613abef7d948c266a203c5968cef1f3e160172a0698487fb25683f35116477e1991559eb4c47466c18a821030081b7a3254037284 EBUILD iptables-1.6.2-r2.ebuild 3327 BLAKE2B c4d683d81f4d3be5efb9d043d63b8ee7b20f4b735cce0d7e31c85e159d2693568b83b28fe1e517ba658ee240dfd063b7810590cbf94029975992b0e5aeab479e SHA512 dc12b299d205f5404bd6486b36a933b611d567be45e00f8f02dd010036c701510824184a3d3d0d52798c89e5b57bfbe402e79bbfbeb50e4f0d26de1627b387d3 +EBUILD iptables-1.8.0-r1.ebuild 3657 BLAKE2B 4ba94eef2bf4cf41b4d102932cec1e913f1b0296115e665feedc8f1f719b4185e3c79bc4482e201a8ef419227b56722f8c40737182ad82fb9265ffb0b9d7a7dc SHA512 0701b7c7400b189a14f74e9c56b446bb52e75f7a9b8d7522354254371af8fb1f24eadad0655d6d68b103287f6d6ccc1a1c38e8945a28092d3034363fba9b87b0 MISC metadata.xml 1465 BLAKE2B c60f98672fb6153499b700a436b26b63c0f271c8f8519a3391e486b761ba673c362a7dc5e23b86e3af887270596a1682ea993e643a08215f670f7e3804f095bd SHA512 26bf7e3008dfd705995b15eccaaaa8c79fd488be191570a874b76571a2f9d4648a7c19eb576399ca7bbe849336d7d193f5b6b58a3ff83f87f3c157c53333e987 diff --git a/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch new file mode 100644 index 000000000000..6b19c87678b1 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch @@ -0,0 +1,26 @@ +extensions: don't bother to build libebt/libarp extensions if nft backend was disabled + +Bug: https://bugs.gentoo.org/660790 +Reported-by: Thomas Deutschmann <whissi@gentoo.org> +Signed-off-by: Florian Westphal <fw@strlen.de> +--- + extensions/GNUmakefile.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index bee666e80e45..c0d73cd28c03 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -40,8 +40,8 @@ endif + # Wildcard module list + # + pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c))) +-pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c))) +-pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c))) ++@ENABLE_NFTABLES_TRUE@ pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c))) ++@ENABLE_NFTABLES_TRUE@ pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c))) + pfx_symlinks := NOTRACK state + @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c))) + @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c))) +-- +2.17.1 diff --git a/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch new file mode 100644 index 000000000000..1053c0a338ed --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch @@ -0,0 +1,44 @@ +Backport of + +https://git.netfilter.org/iptables/commit/?id=565a22395c4c620bf26a002515d9016db0c35824 + +Bug: https://bugs.gentoo.org/660886 +--- a/iptables/Makefile.am ++++ b/iptables/Makefile.am +@@ -80,7 +80,9 @@ x_sbin_links = iptables-nft iptables-nft-restore iptables-nft-save \ + ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \ + iptables-translate ip6tables-translate \ + iptables-restore-translate ip6tables-restore-translate \ +- arptables ebtables xtables-monitor ++ arptables-nft arptables \ ++ ebtables-nft ebtables \ ++ xtables-monitor + endif + + iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man +--- a/iptables/Makefile.in ++++ b/iptables/Makefile.in +@@ -526,7 +526,9 @@ vx_bin_links = iptables-xml + @ENABLE_NFTABLES_TRUE@ ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \ + @ENABLE_NFTABLES_TRUE@ iptables-translate ip6tables-translate \ + @ENABLE_NFTABLES_TRUE@ iptables-restore-translate ip6tables-restore-translate \ +-@ENABLE_NFTABLES_TRUE@ arptables ebtables xtables-monitor ++@ENABLE_NFTABLES_TRUE@ arptables-nft arptables \ ++@ENABLE_NFTABLES_TRUE@ ebtables-nft ebtables \ ++@ENABLE_NFTABLES_TRUE@ xtables-monitor + + pkgconfig_DATA = xtables.pc + all: $(BUILT_SOURCES) +--- a/iptables/xtables-nft-multi.c ++++ b/iptables/xtables-nft-multi.c +@@ -31,8 +31,10 @@ static const struct subcommand multi_subcommands[] = { + {"iptables-restore-translate", xtables_ip4_xlate_restore_main}, + {"ip6tables-restore-translate", xtables_ip6_xlate_restore_main}, + {"arptables", xtables_arp_main}, ++ {"arptables-nft", xtables_arp_main}, + {"ebtables-translate", xtables_eb_xlate_main}, + {"ebtables", xtables_eb_main}, ++ {"ebtables-nft", xtables_eb_main}, + {"xtables-monitor", xtables_monitor_main}, + {NULL}, + }; diff --git a/net-firewall/iptables/iptables-1.6.2-r1.ebuild b/net-firewall/iptables/iptables-1.8.0-r1.ebuild index 6c819b048e5a..cbef20783c21 100644 --- a/net-firewall/iptables/iptables-1.6.2-r1.ebuild +++ b/net-firewall/iptables/iptables-1.8.0-r1.ebuild @@ -6,7 +6,7 @@ EAPI=6 # Force users doing their own patches to install their own tools AUTOTOOLS_AUTO_DEPEND=no -inherit ltprune multilib systemd toolchain-funcs autotools flag-o-matic +inherit multilib systemd toolchain-funcs autotools flag-o-matic DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" HOMEPAGE="https://www.netfilter.org/projects/iptables/" @@ -24,7 +24,7 @@ COMMON_DEPEND=" netlink? ( net-libs/libnfnetlink ) nftables? ( >=net-libs/libmnl-1.0:0= - >=net-libs/libnftnl-1.0.5:0= + >=net-libs/libnftnl-1.1.1:0= ) pcap? ( net-libs/libpcap ) " @@ -38,13 +38,16 @@ DEPEND="${COMMON_DEPEND} ) " RDEPEND="${COMMON_DEPEND} - nftables? ( - !<net-firewall/ebtables-2.0.10.4-r2 - !net-misc/ethertypes - ) + nftables? ( net-misc/ethertypes ) " src_prepare() { + eapply "${FILESDIR}"/${P}-fix-building-without-nft-backend.patch + touch -r configure extensions/GNUmakefile.in || die + + eapply "${FILESDIR}"/${P}-support-nft-suffix-for-arptables-and-ebtables.patch + touch -r configure iptables/Makefile.{am,in} || die + # use the saner headers from the kernel rm -f include/linux/{kernel,types}.h @@ -109,6 +112,14 @@ src_install() { newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables fi + if use nftables; then + # Bug 647458 + rm "${ED%/}"/etc/ethertypes || die + + # Bug 660886 + rm "${ED%/}"/sbin/{arptables,ebtables} || die + fi + systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service if use ipv6 ; then systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service @@ -117,5 +128,5 @@ src_install() { # Move important libs to /lib #332175 gen_usr_ldscript -a ip{4,6}tc iptc xtables - prune_libtool_files + find "${ED}" -name "*.la" -delete || die } |