diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-09-23 05:29:14 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-09-23 05:29:14 +0100 |
commit | 7f740fcb9a0165d81bfecf7fb5da647763d76a1b (patch) | |
tree | 45dab58d8bd40ef97234398e9e1850495ea60273 /net-firewall | |
parent | 0bf5c5a0b1ff93d1f4aaa8cdea6acda5e42c2068 (diff) |
gentoo auto-resync : 23:09:2022 - 05:29:13
Diffstat (limited to 'net-firewall')
-rw-r--r-- | net-firewall/Manifest.gz | bin | 4543 -> 4543 bytes | |||
-rw-r--r-- | net-firewall/iptables/Manifest | 3 | ||||
-rw-r--r-- | net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch | 61 | ||||
-rw-r--r-- | net-firewall/iptables/iptables-1.8.7-r2.ebuild | 176 |
4 files changed, 0 insertions, 240 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz Binary files differindex 5e61d70815d3..53faffcb1c64 100644 --- a/net-firewall/Manifest.gz +++ b/net-firewall/Manifest.gz diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 9cb4af6df928..89ff157495fc 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -1,7 +1,6 @@ AUX ip6tables-r1.confd 899 BLAKE2B d8c72df359a35798d7a92958ba9a620ab580427a06765850928181d7b4cc25455c586daaad88bd20e61a9c9218dbc0895de38b006526bb04f4f2e998d8062fbe SHA512 553ddf83558edaccf891a366175e47aad950853be0de556581cfa08f614afa1f4139c94b8d8d2884ed69018513edeb966331d4d6a615829ada65fac2066840e5 AUX iptables-1.8.2-link.patch 785 BLAKE2B 2ef5ac495260eef324f341d5d807e8c59afee8ac4853b46ef8c88765ed786396888d0bcd15822765da5584c25c6cdbbbc6b8b85eb0b8dbdd9b300662b1d59479 SHA512 10f6fdc4e4a37a0becb87f99c49888df366248f02b17037faf83068ef00824ecb61022a40b5551f9c8d2db22262ad738d554296bd6b78765dd5f8baf524b2388 AUX iptables-1.8.4-no-symlinks.patch 800 BLAKE2B 721d2dcc881f781031d2be48659dcd54568b3e8c25ad19d0505699f0cf8276990b41f2ddf9d5eda5c2a77f66ae9a16ae542c42c6fc2d91b085cc5922121f9b00 SHA512 79601d8a8a352f82f0f3eaf85a7b1f830c9ddc400ae0fadaf08eb1848bb9a2801a886b2b0803bf498e353db1828c0976aa8d30c9ece5fdcf61a203070ed4d7cd -AUX iptables-1.8.7-cache-double-free.patch 1574 BLAKE2B 475ed5b4d267b32a03b921cb009fa76931a7fc737ecabb70aed3d13b1f64d94bbb69194892c178fed9784d31c3478b00ab6dbc0d6fc5dd0b86a3ae86d8dcd681 SHA512 79e908845804b36a4a581485f61028570f58645aaaee9682d4a7b9609d4a410c8fb7547d082c5b02deafcf342f675da6e2a7e3436333d0ae6f3ce1a770afdc1a AUX iptables-1.8.8-format-security.patch 639 BLAKE2B df5c843d0cd6634740b372300263dd19df3289466ad83d3a10ba9f270519d738d90152cdef273d07c94502166082d6fa5a8908b603289e6d4c9bc9d6987b8b16 SHA512 6e1da61b648259dac02662eee995f9b5117bc8b8c028f0e2afc3346d82a94b7e7faf8ae5cfd484b7dd1a6530973191c1f147579f11e57ebda945115b40134094 AUX iptables-1.8.8-musl-headers.patch 2061 BLAKE2B 6876d083d179a055c60422397e67a24137ae5bb72cba02f732d4dd7313171c10717202a41f1256196d5b64bc29d22e98d8d0eb9861130fa93481b527d0117e96 SHA512 136f3c7dae7c88739ed1c2d2c14e9a8381013c8a376bee80a7f994098810bb61d76dd143dc65430f0ec7b44d542b64242dd947134936468155840a4a26e6ce79 AUX iptables-1.8.8-out-of-tree-build.patch 1058 BLAKE2B 5a358632780b607533033dc3bf6b6e24ac1af49dbbc26afae05668187c2a4072dba1cdbf51647b6b5f7c5f68e5a3d64fa82b5b0477d3cd4e936d466b731707fb SHA512 453ed9a2b3b2dddb3ccc9a099386c28290416ea356884084fd4d9bd2b026e21732b91f020fbe55de12ba970b815993f2e3a18a52a6774ab7738383e2f144a973 @@ -13,8 +12,6 @@ AUX systemd/ip6tables-restore.service 404 BLAKE2B 35cdf804e787aa5cc382cc638de523 AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a1a48c681b77b6e3e1b2fa6f2ada7204f23df0f0894218599e95c2ccea71024e86cda7c82b6ff5a55d016d04d71cb1487 SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 AUX systemd/iptables-restore.service 400 BLAKE2B cd7f700cf717a2efb6504770308f7dcb90a1968f64cca98ea5e7437cf3cf2a2e8f575e3743ac19eec8738c665f4243f537a101c00d5d1cc94648688d4e240a59 SHA512 8c005e321ad041068f243e4baa6588b24b0ffd69991f2129dfab0a34d0ebaf702ff2be8b7328126c84abdc3bbd300e1c387a690c5f6a002b50b2e9148feeb8ef AUX systemd/iptables-store.service 240 BLAKE2B 7ddb4425e63cd41f421767fab25a7b055087fddde5927291b3fce6e0e978f0cb3b734bcacf02f78257eec99274056b69058436a847dcb366f5fb70032e410355 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e -DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 -EBUILD iptables-1.8.7-r2.ebuild 4561 BLAKE2B f0ce89cf5c49c7856f8702aad182b91abe99ce79b82c6e13194ca7a1499dd0fbe2112189e673aaedfbe0e40a030266e2b5d4bfa2d1b542b5ef744388af7d4dc7 SHA512 8f546a3ddef734f215cb0b9673cbd31b4be90a85ff99299c12f0a19cc053f56a095103e4d9c03d104542a0d978cbaff295074fca147db5f57a75d337fb5ca297 EBUILD iptables-1.8.8-r4.ebuild 4618 BLAKE2B f124e4218ddfc49e0540971666c7217b0b12e9f78b56c3408b51fd9b6e1dc6bd02a69dcd741a6dd03fec84f849041942a11c974eba7df609871ba80607687e5e SHA512 27b028bd9f0d1592a1967ec27e748ec17023330bcd24ae6429f6aba3a4fac721d9a7c8f2fe6219af84be156466778ddc37cb3b5b6bdcb9c321cd4c1628921d2e MISC metadata.xml 1466 BLAKE2B 7378fedb44c6e6d19e508a764ec997911f966beccd40b1f93096ad3343b7cd72f9ca129e67a666c54ca4382348a448597bd607197ffe6b94669d84306c81d127 SHA512 f89038980e81bfceaf872ff1938c47e8ad12060bbe9ff48e0e9ca9dd5acc0196b2261d2b22a156cbfd7be89d1d67448969d39ff9b28efb0896702760afa14842 diff --git a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch deleted file mode 100644 index fc88636d2944..000000000000 --- a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch +++ /dev/null @@ -1,61 +0,0 @@ -commit 4318961230bce82958df82b57f1796143bf2f421 -Author: Phil Sutter <phil@nwl.cc> -Date: Tue Sep 21 11:39:45 2021 +0200 - - nft: cache: Avoid double free of unrecognized base-chains - - On error, nft_cache_add_chain() frees the allocated nft_chain object - along with the nftnl_chain it points at. Fix nftnl_chain_list_cb() to - not free the nftnl_chain again in that case. - - Fixes: 176c92c26bfc9 ("nft: Introduce a dedicated base chain array") - Signed-off-by: Phil Sutter <phil@nwl.cc> - -diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c -index 2c88301c..9a03bbfb 100644 ---- a/iptables/nft-cache.c -+++ b/iptables/nft-cache.c -@@ -314,9 +314,7 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data) - goto out; - } - -- if (nft_cache_add_chain(h, t, c)) -- goto out; -- -+ nft_cache_add_chain(h, t, c); - return MNL_CB_OK; - out: - nftnl_chain_free(c); -diff --git a/iptables/tests/shell/testcases/chain/0004extra-base_0 b/iptables/tests/shell/testcases/chain/0004extra-base_0 -new file mode 100755 -index 00000000..1b85b060 ---- /dev/null -+++ b/iptables/tests/shell/testcases/chain/0004extra-base_0 -@@ -0,0 +1,27 @@ -+#!/bin/bash -+ -+case $XT_MULTI in -+*xtables-nft-multi) -+ ;; -+*) -+ echo skip $XT_MULTI -+ exit 0 -+ ;; -+esac -+ -+set -e -+ -+nft -f - <<EOF -+table ip filter { -+ chain INPUT { -+ type filter hook input priority filter -+ counter packets 218 bytes 91375 accept -+ } -+ -+ chain x { -+ type filter hook input priority filter -+ } -+} -+EOF -+ -+$XT_MULTI iptables -L diff --git a/net-firewall/iptables/iptables-1.8.7-r2.ebuild b/net-firewall/iptables/iptables-1.8.7-r2.ebuild deleted file mode 100644 index 42fd108f2606..000000000000 --- a/net-firewall/iptables/iptables-1.8.7-r2.ebuild +++ /dev/null @@ -1,176 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript - -DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://www.netfilter.org/projects/iptables/" -SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" - -LICENSE="GPL-2" -# Subslot reflects PV when libxtables and/or libip*tc was changed -# the last time. -SLOT="0/1.8.3" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="conntrack netlink nftables pcap static-libs" - -BUILD_DEPEND=" - >=app-eselect/eselect-iptables-20220320 -" -COMMON_DEPEND=" - conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) - netlink? ( net-libs/libnfnetlink ) - nftables? ( - >=net-libs/libmnl-1.0:0= - >=net-libs/libnftnl-1.1.6:0= - ) - pcap? ( net-libs/libpcap ) -" -DEPEND="${COMMON_DEPEND} - virtual/os-headers - >=sys-kernel/linux-headers-4.4:0 -" -BDEPEND="${BUILD_DEPEND} - virtual/pkgconfig - nftables? ( - sys-devel/flex - virtual/yacc - ) -" -RDEPEND="${COMMON_DEPEND} - ${BUILD_DEPEND} - nftables? ( net-misc/ethertypes ) - !<net-firewall/ebtables-2.0.11-r1 - !<net-firewall/arptables-0.0.5-r1 -" - -PATCHES=( - "${FILESDIR}/iptables-1.8.4-no-symlinks.patch" - "${FILESDIR}/iptables-1.8.2-link.patch" - # https://bugs.gentoo.org/831626 - "${FILESDIR}/iptables-1.8.7-cache-double-free.patch" -) - -src_prepare() { - # use the saner headers from the kernel - rm include/linux/{kernel,types}.h || die - - default - eautoreconf -} - -src_configure() { - # Some libs use $(AR) rather than libtool to build #444282 - tc-export AR - - # Hack around struct mismatches between userland & kernel for some ABIs. #472388 - use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct - - sed -i \ - -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ - -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ - configure || die - - local myeconfargs=( - --sbindir="${EPREFIX}/sbin" - --libexecdir="${EPREFIX}/$(get_libdir)" - --enable-devel - --enable-ipv6 - --enable-shared - $(use_enable nftables) - $(use_enable pcap bpf-compiler) - $(use_enable pcap nfsynproxy) - $(use_enable static-libs static) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - emake V=1 -} - -src_install() { - default - dodoc INCOMPATIBILITIES iptables/iptables.xslt - - # all the iptables binaries are in /sbin, so might as well - # put these small files in with them - into / - dosbin iptables/iptables-apply - dosym iptables-apply /sbin/ip6tables-apply - doman iptables/iptables-apply.8 - - insinto /usr/include - doins include/ip{,6}tables.h - insinto /usr/include/iptables - doins include/iptables/internal.h - - keepdir /var/lib/ip{,6}tables - newinitd "${FILESDIR}"/${PN}-r2.init iptables - newconfd "${FILESDIR}"/${PN}-r1.confd iptables - dosym iptables /etc/init.d/ip6tables - newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables - - if use nftables; then - # Bug 647458 - rm "${ED}"/etc/ethertypes || die - - # Bugs 660886 and 669894 - rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die - fi - - systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service - - # Move important libs to /lib #332175 - gen_usr_ldscript -a ip{4,6}tc xtables - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local default_iptables="xtables-legacy-multi" - if ! eselect iptables show &>/dev/null; then - elog "Current iptables implementation is unset, setting to ${default_iptables}" - eselect iptables set "${default_iptables}" - fi - - if use nftables; then - local tables - for tables in {arp,eb}tables; do - if ! eselect ${tables} show &>/dev/null; then - elog "Current ${tables} implementation is unset, setting to ${default_iptables}" - eselect ${tables} set xtables-nft-multi - fi - done - fi - - eselect iptables show -} - -pkg_prerm() { - if [[ -z ${REPLACED_BY_VERSION} ]]; then - elog "Unsetting iptables symlinks before removal" - eselect iptables unset - fi - - if ! has_version 'net-firewall/ebtables'; then - elog "Unsetting ebtables symlinks before removal" - eselect ebtables unset - elif [[ -z ${REPLACED_BY_VERSION} ]]; then - elog "Resetting ebtables symlinks to ebtables-legacy" - eselect ebtables set ebtables-legacy - fi - - if ! has_version 'net-firewall/arptables'; then - elog "Unsetting arptables symlinks before removal" - eselect arptables unset - elif [[ -z ${REPLACED_BY_VERSION} ]]; then - elog "Resetting arptables symlinks to arptables-legacy" - eselect arptables set arptables-legacy - fi - - # the eselect module failing should not be fatal - return 0 -} |