summaryrefslogtreecommitdiff
path: root/net-firewall
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/Manifest.gzbin4540 -> 4541 bytes
-rw-r--r--net-firewall/conntrack-tools/Manifest8
-rw-r--r--net-firewall/conntrack-tools/conntrack-tools-1.4.5.ebuild101
-rw-r--r--net-firewall/conntrack-tools/conntrack-tools-1.4.6-r1.ebuild104
-rw-r--r--net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-rpc.patch41
-rw-r--r--net-firewall/conntrack-tools/metadata.xml1
-rw-r--r--net-firewall/nftables/Manifest5
-rw-r--r--net-firewall/nftables/nftables-1.0.6.ebuild219
-rw-r--r--net-firewall/nftables/nftables-9999.ebuild10
-rw-r--r--net-firewall/ufw/Manifest5
-rw-r--r--net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch45
-rw-r--r--net-firewall/ufw/files/ufw-0.36-move-path.patch174
-rw-r--r--net-firewall/ufw/files/ufw-0.36-shebang.patch15
-rw-r--r--net-firewall/ufw/ufw-0.36-r1.ebuild219
14 files changed, 229 insertions, 718 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index 251f8f204b06..e43745e401f9 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
Binary files differ
diff --git a/net-firewall/conntrack-tools/Manifest b/net-firewall/conntrack-tools/Manifest
index 54d8ffd2a5dd..1420a8f293d8 100644
--- a/net-firewall/conntrack-tools/Manifest
+++ b/net-firewall/conntrack-tools/Manifest
@@ -1,17 +1,11 @@
AUX conntrack-tools-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch 1255 BLAKE2B 67c2e85fdb408669ac26cc7aa4b83aa68f5737d340e99559b2eaa803231450672dc346b10f1c48192c119bf3dc00bf6901da60e46472703ddcc14fa9dfa87b7f SHA512 cf62f80f2a2a8cf2c3ce6a1f017dff9d5e2eb023de33a05975233ab3565080662e3752c447e92b85c85eea8b2d7e7709578edbd8210911766c0ee20eb2a28347
AUX conntrack-tools-1.4.5-0002-Fix-Wstrict-prototypes.patch 522 BLAKE2B f4105ae41d6e22942f9486bf87f5de72919c7972bd0a6fdbb5f084b72e32b5fc3e49e817e87c927ae702ad5bc198fc608ad256a906628bf40068c9b2854442b7 SHA512 e7e77ee06e23bc0b354f24c31796e63603f8daa36558b338f408b31b6b52b3fc9cca6d7c645cc42ceb3a5edd643c428a1cd52cf4992f174f845ea2add1afd340
AUX conntrack-tools-1.4.5-0003-Fix-Wimplicit-function-declaration.patch 1240 BLAKE2B adf5ed3528d0196544b498b284ece55f05c93b09e617e4a3062baa82660b2a981877bed496d9f42c5289a476ce60efac5285fa0b886a8e86a1a595f1248193b4 SHA512 4f8b6039b6f9d7d5fe1cd09a00ff7c2ca51932ebad6c7f06bcdec4be358f272c50dd380215d58629335a6dee1914ef0ad7b9b55bfa148d7885c102ae88ec5157
-AUX conntrack-tools-1.4.5-rpc.patch 1555 BLAKE2B d92009c2bc4de820956ad2d7459a19cde970356aff4e960e3c17808a28a76483a104df7beaf437dfa30b124d5a2b90bd41db27b4b3b76ab57c3dd2e8bf6bad5f SHA512 55cf7451c3e36e414c8bdc43c46b235259f259b0f7c0b5a11d6543438308ed74621b363ae157160634d00bf45d6115e06badc06848951157facec6b8d496026c
AUX conntrackd.confd-r2 441 BLAKE2B 5898c470f1d99beb47d01c9215c8e3da2e624455f65c3c41e77dbf26db3ebfa4624ac6556098f303c4f4588e093b7f94ae29921b1a6cdc4a881060eaf0dc425c SHA512 3d72d56d44094593f6ff1eac421fe6a4f0d20450ce698c175adf1b18a859b1a24c7120fa60431b2a00da62ae3749c4619106c8e93fb8fc763ceefc26a82d2ed2
AUX conntrackd.initd-r3 2238 BLAKE2B 711bf4ab403f61d5d528e0dc504d272a7e410be70c529d8f7a624f742ca66f4692b683f3283b79f000589bdab7f83598130e4ca1a0ae2bed9afce80ec78d00c8 SHA512 445c19ad42e92136e9dfd6b7885334075e72971b73ff7178c6bf16a31e0c037f17d9d039394fa8002f0ad5182a353f7c803d3f900e8873b671eecca94ced78fe
AUX conntrackd.service 273 BLAKE2B 24df8adeaf71d208d3314c3eec6d4d05ba9e211c3ae7f28034071beec69ea85c0703052a2b7fe385242d9647bd9d3a1cd313c9b9c6bdb9a3add8266c7fda99b2 SHA512 a8e0589ddbfcdcf4c2cd0534d7185503901c0b21c87727ea99afa13adbd077a3832902c6e81c1b208742082107f15e6cee6ad6a051232f8cb9be0c0b4a12e3ad
-DIST conntrack-tools-1.4.5.tar.bz2 479562 BLAKE2B 229531d1c6c237e539df5b83525dca5ce0b009a76a2a5f873282eabc73cc00095c15c686bc68f9364e81efc846bfa8eac8b08f7fd476199d10d0c25190ca2456 SHA512 480fe2cc4420bc8477a2ba67b3d052bcb39c6b3ec000cff27fc12db70b42ec94fa3b5fe12ee35d439e88d9a631a33cd12ae470b69dde6d371d4e53af62a2eed1
-DIST conntrack-tools-1.4.6.tar.bz2 499806 BLAKE2B 7c1ee1c5fc2b6f9d33c6cf850eca80978b8763317b1a76892cefb776130564f15fbd4e4554fdb08dbba93d9f16b7e4624a1b4dd5a631f747f5fcc0a5b01b8d5e SHA512 a48260308a12b11b584fcf4658ec2c4c1adb2801c9cf9a73fc259e5c30d2fbe401aca21e931972413f03e415f98fbf9bd678d2126faa6c6d5748e8a652e58f1a
-DIST conntrack-tools-1.4.6.tar.bz2.sig 590 BLAKE2B b07232389f098baa467f4ca7ad4d61a0cda737b88114be0da1a82ac66d1a6d304ace7687a294cf9c1d0297bc55c219cb6d31f641f51338cb6fb1a1706f63abfd SHA512 83e7373411a041f2af590fc7d4e5456c8f6543c29185f57460aff55bee83936dbd9aa272207db7f33a8c4d79aece38862880eb483ec6250b0c1eff0544e4e89d
DIST conntrack-tools-1.4.7.tar.bz2 539688 BLAKE2B 42a3cacf8a32a5b8b688a9fd68f66024c591e9814ef3cc349456691094bab0fae15bb1c00befa178b0f8e845bf6fc00715cbf9db55cd7bf2d155c2dfd55f9b1a SHA512 3d37a6b8cd13fd3c149ab80009d686d2184920ba2d0d5c1b57abed6e92e0dd92cba868bfe22f1a155479fe5ab2e291b8bb8a7e72123a73788032202ac142653b
DIST conntrack-tools-1.4.7.tar.bz2.sig 566 BLAKE2B c513cd59d9aeb76bb33bb8c4e0d25c46b6303a9d3f3e359e20248e2d8dd2822777056e217c12da9005ee075036ea05a74dd1ed9f22a44b7d4745ff6917bda15b SHA512 5a2bcc6da792544029ddf0d3a4caf019b215907e66d491e5d98a4f1189fc9c03ec8aad5ad22166799c5f0c81273284cb757e9368c9d9d3049bc49da47c037e05
-EBUILD conntrack-tools-1.4.5.ebuild 2190 BLAKE2B 49e4d6cf2f37939da6d577c6de370d6a68e391a5c57c7f84a5d002befb231560d6e443d5070d0ccde1f888bcae67d9185d93aac4acfcc0dc4ae6359f49509f09 SHA512 7cdf3820923462eab080ab8c2b5ede6d3f4dd08247343aa7e0bcfdb0ed4f1e95538c1ea10a1d427470ce27df652f44bdcc9d1dfee1436adc3b51a5bf123c6e97
-EBUILD conntrack-tools-1.4.6-r1.ebuild 2420 BLAKE2B ed7d870025713656b0282edef43ca4726692391ce31d32cb67b3928efeb2b70b7411d7bf0a605b88a3a30247e5815362f17ede5cba364c26af1bc886bae8b3a8 SHA512 1210b788427d377a68d94a078c2785572a6f6e74ebb1fa7a37bbbb93b4878222455dd13c62abfff33bc7411960ae7d4c48d346a61f7280855a5139fd23c368b2
EBUILD conntrack-tools-1.4.7-r1.ebuild 2743 BLAKE2B cd70071a4fe5efa3c3401da196b9f01c18eecd891bd9de758ec69b51c378a760d81aa403b8c0e45467648a3cd9ed1cca16848b4aeaaba6029d0b1c89c5b0129a SHA512 df9e06c5cf7571861b273926ee27150b3b5c09e7fd6e9af69324051153fff6d24e3697abd18bef45cf4a356b45e1a5207af2142eb59f43626dafcc5ddc09e904
EBUILD conntrack-tools-1.4.7.ebuild 2423 BLAKE2B 791c42b28f53c6adb7405bfc2b45f0a1686e7a2840cb557d99c1d4e664c624485cb8ab6386744c477f27445676d58b22726853bc2a253f85ee58b35c43c86ef7 SHA512 6a1a3b5bc577d040d35dd31b8191a0cfe5a4e8e0286a35ab0f644a660c05b005b3e5879ccdf094fd6b9016ac13d5204054105e64bc57124d646ff3029229606b
-MISC metadata.xml 1049 BLAKE2B 614eabcf8632ae879993c98ee216cb785f3695072029c272a1a86dff2066eabc3e69ec80cea0537e988b1c3f9256235935f45c7b62883d61dedd29786edcbe3c SHA512 74e3be48453d718aeaafb63d1a5c15a35dfb2adf62721f59c2896c7f80fd607a042ed166d275bc7d523de0b5bae4c310d77eec649fbc7ec50fa7d5c9919ec56f
+MISC metadata.xml 971 BLAKE2B 208df8b4957f46de52dd46b4a8bf5dbd879c0de41f7c48f524f088f4fb88b57f4767d5040da35e62d1b42da0082a0820d55366e70582c5057370d1e1aa5053bc SHA512 8dbd44b107bac7ac454d25250933eb34b0396297e0c16afec693a13e1f4ea773feeaf20499fbe369540b3ad70d296ef067d4f9752d0c9d8d81647d1828f0a8f2
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.5.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.5.ebuild
deleted file mode 100644
index 373ac039b6b2..000000000000
--- a/net-firewall/conntrack-tools/conntrack-tools-1.4.5.ebuild
+++ /dev/null
@@ -1,101 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit autotools linux-info
-
-DESCRIPTION="Connection tracking userspace tools"
-HOMEPAGE="http://conntrack-tools.netfilter.org"
-SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm64 ~hppa x86"
-IUSE="doc +cthelper +cttimeout +libtirpc"
-
-RDEPEND="
- >=net-libs/libmnl-1.0.3
- >=net-libs/libnetfilter_conntrack-1.0.7
- cthelper? (
- >=net-libs/libnetfilter_cthelper-1.0.0
- )
- cttimeout? (
- >=net-libs/libnetfilter_cttimeout-1.0.0
- )
- >=net-libs/libnetfilter_queue-1.0.2
- >=net-libs/libnfnetlink-1.0.1
- !libtirpc? ( sys-libs/glibc[rpc(-)] )
- libtirpc? ( net-libs/libtirpc )
-"
-DEPEND="
- ${RDEPEND}
- doc? (
- app-text/docbook-xml-dtd:4.1.2
- app-text/xmlto
- )
- virtual/pkgconfig
- sys-devel/bison
- sys-devel/flex
-"
-PATCHES=(
- "${FILESDIR}"/${PN}-1.4.5-rpc.patch
-)
-
-pkg_setup() {
- linux-info_pkg_setup
-
- if kernel_is lt 2 6 18 ; then
- die "${PN} requires at least 2.6.18 kernel version"
- fi
-
- #netfilter core team has changed some option names with kernel 2.6.20
- if kernel_is lt 2 6 20 ; then
- CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
- else
- CONFIG_CHECK="~NF_CT_NETLINK"
- fi
- CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
- ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
-
- check_extra_config
-
- linux_config_exists || \
- linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
- linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
- ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
- "are not set when one at least should be."
-}
-
-src_prepare() {
- default
-
- # bug #474858
- sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die
-
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_enable cthelper) \
- $(use_enable cttimeout) \
- $(use_with libtirpc)
-}
-
-src_compile() {
- default
- use doc && emake -C doc/manual
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
- newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
-
- insinto /etc/conntrackd
- doins doc/stats/conntrackd.conf
-
- dodoc -r doc/sync doc/stats AUTHORS TODO
- use doc && dodoc doc/manual/${PN}.html
-}
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.6-r1.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.6-r1.ebuild
deleted file mode 100644
index d04d3f3ea2a3..000000000000
--- a/net-firewall/conntrack-tools/conntrack-tools-1.4.6-r1.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit linux-info systemd verify-sig
-
-DESCRIPTION="Connection tracking userspace tools"
-HOMEPAGE="http://conntrack-tools.netfilter.org"
-SRC_URI="https://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2
- verify-sig? ( https://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2.sig )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm64 ~hppa ppc ppc64 ~riscv x86"
-IUSE="doc +cthelper +cttimeout systemd"
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
-
-RDEPEND="
- >=net-libs/libmnl-1.0.3
- >=net-libs/libnetfilter_conntrack-1.0.8
- >=net-libs/libnetfilter_queue-1.0.2
- >=net-libs/libnfnetlink-1.0.1
- net-libs/libtirpc
- cthelper? (
- >=net-libs/libnetfilter_cthelper-1.0.0
- )
- cttimeout? (
- >=net-libs/libnetfilter_cttimeout-1.0.0
- )
- systemd? (
- >=sys-apps/systemd-227
- )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
- sys-devel/bison
- sys-devel/flex
- virtual/pkgconfig
- doc? (
- app-text/docbook-xml-dtd:4.1.2
- app-text/xmlto
- )
- verify-sig? ( sec-keys/openpgp-keys-netfilter )
-"
-
-pkg_setup() {
- linux-info_pkg_setup
-
- if kernel_is lt 2 6 18 ; then
- die "${PN} requires at least 2.6.18 kernel version"
- fi
-
- #netfilter core team has changed some option names with kernel 2.6.20
- if kernel_is lt 2 6 20 ; then
- CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
- else
- CONFIG_CHECK="~NF_CT_NETLINK"
- fi
- CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
- ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
-
- check_extra_config
-
- linux_config_exists || \
- linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
- linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
- ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
- "are not set when one at least should be."
-}
-
-src_prepare() {
- # bug #474858
- sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die
-
- default
-}
-
-src_configure() {
- econf \
- $(use_enable cthelper) \
- $(use_enable cttimeout) \
- $(use_enable systemd)
-}
-
-src_compile() {
- default
- use doc && emake -C doc/manual
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
- newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
-
- insinto /etc/conntrackd
- doins doc/stats/conntrackd.conf
-
- systemd_dounit "${FILESDIR}/conntrackd.service"
-
- dodoc -r doc/sync doc/stats AUTHORS TODO
- use doc && dodoc doc/manual/${PN}.html
-}
diff --git a/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-rpc.patch b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-rpc.patch
deleted file mode 100644
index 1f7fc44f44ad..000000000000
--- a/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-rpc.patch
+++ /dev/null
@@ -1,41 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -50,6 +50,25 @@
- AS_HELP_STRING([--enable-systemd], [Build systemd support]),
- [enable_systemd="$enableval"], [enable_systemd="no"])
-
-+AC_ARG_WITH([libtirpc],
-+ AS_HELP_STRING([--with-libtirpc], [Use libtirpc as RPC implementation (instead of sunrpc)]),
-+ [], [ with_libtirpc=no ])
-+
-+AS_IF([test "x$with_libtirpc" != xno],
-+ [PKG_CHECK_MODULES([TIRPC],
-+ [libtirpc],
-+ [RPC_CFLAGS=$TIRPC_CFLAGS; RPC_LIBS=$TIRPC_LIBS;],
-+ [AC_MSG_ERROR([libtirpc requested, but library not found.])]
-+ )],
-+ [AC_CHECK_HEADER(rpc/rpc.h,
-+ [RPC_CFLAGS=""; RPC_LIBS="";],
-+ [AC_MSG_ERROR([sunrpc requested, but headers are not present.])]
-+ )]
-+)
-+
-+AC_SUBST(RPC_CFLAGS)
-+AC_SUBST(RPC_LIBS)
-+
- PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 1.0.1])
- PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
- PKG_CHECK_MODULES([LIBNETFILTER_CONNTRACK], [libnetfilter_conntrack >= 1.0.7])
---- a/src/helpers/Makefile.am
-+++ b/src/helpers/Makefile.am
-@@ -30,8 +30,8 @@
- ct_helper_mdns_la_CFLAGS = $(HELPER_CFLAGS)
-
- ct_helper_rpc_la_SOURCES = rpc.c
--ct_helper_rpc_la_LDFLAGS = $(HELPER_LDFLAGS)
--ct_helper_rpc_la_CFLAGS = $(HELPER_CFLAGS)
-+ct_helper_rpc_la_LDFLAGS = $(HELPER_LDFLAGS) $(RPC_LIBS)
-+ct_helper_rpc_la_CFLAGS = $(HELPER_CFLAGS) $(RPC_CFLAGS)
-
- ct_helper_tftp_la_SOURCES = tftp.c
- ct_helper_tftp_la_LDFLAGS = $(HELPER_LDFLAGS)
diff --git a/net-firewall/conntrack-tools/metadata.xml b/net-firewall/conntrack-tools/metadata.xml
index 990d814e3fe6..d406b96cdb3f 100644
--- a/net-firewall/conntrack-tools/metadata.xml
+++ b/net-firewall/conntrack-tools/metadata.xml
@@ -16,7 +16,6 @@ interface conntrack.
<remote-id type="cpe">cpe:/a:netfilter:conntrack-tools</remote-id>
</upstream>
<use>
-<flag name="libtirpc">Use <pkg>net-libs/libtirpc</pkg> for RPC support</flag>
<flag name="cthelper">Use <pkg>net-libs/libnetfilter_cthelper</pkg> for userspace conntrack helper support</flag>
<flag name="cttimeout">Use <pkg>net-libs/libnetfilter_cttimeout</pkg> for conntrack timeout support</flag>
</use>
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 843f5386a9a0..88c7e1d7ee42 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -16,8 +16,11 @@ DIST nftables-1.0.4.tar.bz2 979540 BLAKE2B 1b2c596245cb7f1bc574250d13b9ff6f424f9
DIST nftables-1.0.4.tar.bz2.sig 566 BLAKE2B 1ac42a2eb678abcc21d01bbaf5f9a3af3f4c49fa1f0732f2522d3da14e94aacbb12075650d2786224f8fef869fcdc94a1463bd76272aa44fc50ea31a8ebae1bf SHA512 2d2acd4810c1ede844e1eac81a5480866ad40ae71dfcf92d166fd9295290adff70d35d7de8cf1ec81ab63d184b221419ff144bc7010e18884afa992173723af8
DIST nftables-1.0.5.tar.bz2 982538 BLAKE2B 5d58170b8fc6feccc1581653cd0815d37b59b43b7f4f9bff9f7fb46928c6c7eee5a6f07150c404f7cf42f5a1d2e980860a4dd2589b99773179e019a093c42cfa SHA512 51cbf10579db7eed58f4358044840f2ce1bffe84533c5fb03e0ebcc702970856455576ac793169c94d38a9f8148e33631ad91444e54a8be189d93af7c27feb9a
DIST nftables-1.0.5.tar.bz2.sig 566 BLAKE2B 7744a84c213999b35c3094fa5d9f974acec6fedac3d310422834285823825bcb14fb55b463d88b91fa41d79e33ce34498769992d912b7178fa1f70bd7a1e0977 SHA512 fbff6b5b28d81e964d4523729c7866d0b52d764d090cae70a43d850bc579b17308ec41a3d7fe6707877850028e99ad09c33b5e87fa16ac5199dfeba193a61511
+DIST nftables-1.0.6.tar.xz 834584 BLAKE2B 7c14db883f0ee9394b603870c93dcc92ce472bf0349a59d0e377f1d44efc870df3449d6f2dc9a198f2e396e5d73b19532dac498e832083ca8cf65cc78db9ccd4 SHA512 afe08381acd27d39cc94743190b07c579f8c49c4182c9b8753d5b3a0b7d1fe89ed664fdbc19cef1547c3ca4a0c1e32ca4303dba9ec626272fa08c77e88c11119
+DIST nftables-1.0.6.tar.xz.sig 566 BLAKE2B 3f90c48f521a1c433be9d0bee3b2beb080ac51f07c213f598af217b2d1b2e883e432f014c1a378c18eac4b8620e323fbdebb654aa53b345210a3f62ccfe93507 SHA512 83657d213e675c8ffa377112efc7fb0f5b756287f06aa9ccd3716eb76b87a14dab01a3ee82929511f26f7e9ce407d8b7ac0dd706c8211ad007fdfcf11d679a93
EBUILD nftables-1.0.2-r1.ebuild 5163 BLAKE2B 02bacad62aea322b42251fb73ea3e23e061167ae5bde03f751231db9b33f3d85cb8a8b0b28038140264092c2a1776e0a4c9b0a464775a0e30c57cc988ac09a36 SHA512 2b55eb2c17686e13ddde19d4da06d0ac1efe09500fd62cc205fcf95d9977f7d2478369aec51e2455aed69c49869afcc54badd08bc3c4bcf26d58972d095c8aa8
EBUILD nftables-1.0.4-r2.ebuild 6033 BLAKE2B 146c896057b823592e367319da736f1308b505089b64b5959b8dbc8987a0e2c8d9af94cabd19c339d3c3f97dcac20e68b329d26b5ef38c9aed4fce68cda2ba1c SHA512 daae97981fcc9b60c89b0134da5d49c068ba333301d94c4674f2beea640161282dc408fc8783671eed3879806bbc41ce0bc46862df80dac0d6b8711eacf77afa
EBUILD nftables-1.0.5.ebuild 5944 BLAKE2B 1b229a8f663b6deac5e0e128df643ee0f692cf57b56de55c15bd89a077f7dea77ffeb912105c1143140d04753c99e92407114fc38948448b77f8a00d4ec20af5 SHA512 8ed956950eb5483d60dc7b7f69d05bbebe10e88dfdbd2eea899745497c2c4e9d8375d1eb7625787a177059f694f3a81034c589c4a7fcd2775456720f391e7d4d
-EBUILD nftables-9999.ebuild 5945 BLAKE2B 8ea7e7df9c30eb528886a4d85cc0bf83a772b6981827a8793f4bc4f9a69641014f0bea944bd71ac57a154fef4fc68635306a0d774388d1da9009fd86f165e010 SHA512 43096cee331905decbec8f79d91d76da0139131e8cbf59a40da928a7d68f6a3097388cdca6aa570b90df3e56af5cf91e3df046e03dad51913e1f70385d197cf7
+EBUILD nftables-1.0.6.ebuild 5948 BLAKE2B d589efae99fcb836b4672cc7acb8660270589c06977b6877a486fc3cb355c5d71eb7e31913d498f966a5611d35eb34fe867ebb9c259d3c8af4567788b6642c2c SHA512 fc8f3fc879a8117d71ca21b1fe4c5a471aa70fc5ad482e58d0e198654ab564196325bde910466c63416285b8842e2988fa19fb64544da5502c08718db18333ff
+EBUILD nftables-9999.ebuild 5948 BLAKE2B d589efae99fcb836b4672cc7acb8660270589c06977b6877a486fc3cb355c5d71eb7e31913d498f966a5611d35eb34fe867ebb9c259d3c8af4567788b6642c2c SHA512 fc8f3fc879a8117d71ca21b1fe4c5a471aa70fc5ad482e58d0e198654ab564196325bde910466c63416285b8842e2988fa19fb64544da5502c08718db18333ff
MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25
diff --git a/net-firewall/nftables/nftables-1.0.6.ebuild b/net-firewall/nftables/nftables-1.0.6.ebuild
new file mode 100644
index 000000000000..7355f2e856c6
--- /dev/null
+++ b/net-firewall/nftables/nftables-1.0.6.ebuild
@@ -0,0 +1,219 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_OPTIONAL=1
+PYTHON_COMPAT=( python3_{8..11} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
+inherit edo linux-info distutils-r1 systemd verify-sig
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
+ inherit autotools git-r3
+ EGIT_REPO_URI="https://git.netfilter.org/${PN}"
+
+ BDEPEND="
+ sys-devel/bison
+ sys-devel/flex
+ "
+else
+ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.xz
+ verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )"
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+ BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
+fi
+
+LICENSE="GPL-2"
+SLOT="0/1"
+IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.4:=
+ >=net-libs/libnftnl-1.2.4:=
+ gmp? ( dev-libs/gmp:= )
+ json? ( dev-libs/jansson:= )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:= )
+ xtables? ( >=net-firewall/iptables-1.6.1:= )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND+="
+ virtual/pkgconfig
+ doc? (
+ app-text/asciidoc
+ >=app-text/docbook2X-0.8.8-r4
+ )
+ python? ( ${PYTHON_DEPS} )
+"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+ libedit? ( !readline )
+"
+
+pkg_setup() {
+ if kernel_is ge 3 13; then
+ if use modern-kernel && kernel_is lt 3 18; then
+ eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+ fi
+ CONFIG_CHECK="~NF_TABLES"
+ linux-info_pkg_setup
+ else
+ eerror "This package requires kernel version 3.13 or newer to work properly."
+ fi
+}
+
+src_prepare() {
+ default
+
+ if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
+ eautoreconf
+ fi
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_prepare
+ popd >/dev/null || die
+ fi
+}
+
+src_configure() {
+ local myeconfargs=(
+ # We handle python separately
+ --disable-python
+ --disable-static
+ --sbindir="${EPREFIX}"/sbin
+ $(use_enable debug)
+ $(use_enable doc man-doc)
+ $(use_with !gmp mini_gmp)
+ $(use_with json)
+ $(use_with libedit cli editline)
+ $(use_with readline cli readline)
+ $(use_enable static-libs static)
+ $(use_with xtables)
+ )
+ econf "${myeconfargs[@]}"
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_configure
+ popd >/dev/null || die
+ fi
+}
+
+src_compile() {
+ default
+
+ if use python; then
+ pushd py >/dev/null || die
+ distutils-r1_src_compile
+ popd >/dev/null || die
+ fi
+}
+
+src_test() {
+ emake check
+
+ if [[ ${EUID} == 0 ]]; then
+ edo tests/shell/run-tests.sh -v
+ else
+ ewarn "Skipping shell tests (requires root)"
+ fi
+
+ # Need to rig up Python eclass if using this, but it doesn't seem to work
+ # for me anyway.
+ #cd tests/py || die
+ #"${EPYTHON}" nft-test.py || die
+}
+
+src_install() {
+ default
+
+ if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
+ pushd doc >/dev/null || die
+ doman *.?
+ popd >/dev/null || die
+ fi
+
+ # Do it here instead of in src_prepare to avoid eautoreconf
+ # rmdir lets us catch if more files end up installed in /etc/nftables
+ dodir /usr/share/doc/${PF}/skels/
+ mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
+ rmdir "${ED}"/etc/nftables || die
+
+ local mksuffix="$(usex modern-kernel '-mk' '')"
+
+ exeinto /usr/libexec/${PN}
+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+ if use python ; then
+ pushd py >/dev/null || die
+ distutils-r1_src_install
+ popd >/dev/null || die
+ fi
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_preinst() {
+ if [[ -d /sys/module/nf_tables ]] && [[ -x /sbin/nft ]] && [[ -z ${ROOT} ]]; then
+ if ! /sbin/nft -t list ruleset | "${ED}"/sbin/nft -c -f -; then
+ eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
+ eerror "nft. This probably means that there is a regression introduced by v${PV}."
+ eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
+
+ if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
+ die "Aborting because of failed nft reload!"
+ fi
+ fi
+ fi
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT}"/var/lib/nftables/rules-save
+
+ # In order for the nftables-restore systemd service to start
+ # the save_file must exist.
+ if [[ ! -f "${save_file}" ]]; then
+ ( umask 177; touch "${save_file}" )
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
+ fi
+
+ if has_version 'sys-apps/systemd'; then
+ elog "If you wish to enable the firewall rules on boot (on systemd) you"
+ elog "will need to enable the nftables-restore service."
+ elog " 'systemctl enable ${PN}-restore.service'"
+ elog
+ elog "If you are creating firewall rules before the next system restart"
+ elog "the nftables-restore service must be manually started in order to"
+ elog "save those rules on shutdown."
+ fi
+
+ if has_version 'sys-apps/openrc'; then
+ elog "If you wish to enable the firewall rules on boot (on openrc) you"
+ elog "will need to enable the nftables service."
+ elog " 'rc-update add ${PN} default'"
+ elog
+ elog "If you are creating or updating the firewall rules and wish to save"
+ elog "them to be loaded on the next restart, use the \"save\" functionality"
+ elog "in the init script."
+ elog " 'rc-service ${PN} save'"
+ fi
+}
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
index b6fdb61bd493..7355f2e856c6 100644
--- a/net-firewall/nftables/nftables-9999.ebuild
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -20,9 +20,9 @@ if [[ ${PV} =~ ^[9]{4,}$ ]]; then
sys-devel/flex
"
else
- SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2
- verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.bz2.sig )"
- KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.xz
+ verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )"
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
BDEPEND+="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
fi
@@ -32,8 +32,8 @@ IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs te
RESTRICT="!test? ( test )"
RDEPEND="
- >=net-libs/libmnl-1.0.4:0=
- >=net-libs/libnftnl-1.2.3:0=
+ >=net-libs/libmnl-1.0.4:=
+ >=net-libs/libnftnl-1.2.4:=
gmp? ( dev-libs/gmp:= )
json? ( dev-libs/jansson:= )
python? ( ${PYTHON_DEPS} )
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 310632a95131..4991b72bc4fc 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -2,9 +2,6 @@ AUX rsyslog/ufw.logrotate 178 BLAKE2B 488f56cb61e3d708e771e927b0c92ce354ebd7aa65
AUX syslog-ng/syslog-ng.example 381 BLAKE2B 01026130ac3aec7bb4b3862e9567c225073d5f467eced4701c711842f2aa8ff7b566874e64e302728a5bff15d848325040e3df900776950269d431dda6763950 SHA512 f48d2487679fe179ea216bb4259affbf5ab4c86725b45942581ada8dac24dd0c978f755182805ff5350ab169972fcee7bb54a6d14df760d4b5f62c485af1e49e
AUX syslog-ng/ufw.logrotate 269 BLAKE2B 6dd614ec033e8b9fd6d95e7a6fc69252e5a7fd33da6e760320b7f9fb519936a94f2f46e7833189601ddfa7fa080402237831fab9daf1b18a0872cc49c56715b1 SHA512 22d89f04b68a8b4deeb60aca263239255dd01b9c6e6d23a5d77514daf7bb9dc3910a28cfe9c606f70d2a50f0365bb19c3cf00c5859ee2630c00f0df451ee9c5d
AUX ufw-0.36-bash-completion.patch 328 BLAKE2B 7f88afa8f4ccc12aba70dce1ca82e6992497819cfd7dc005b13c9d17212adb74134115d83907ec2b8c916d40213ab2acea170e649e438744b854f11fd22815bd SHA512 11a9cf4906fa0bd677e745615b3c4d663512a1d05f9c21149d09624237a88938b9ed83b8ca876dbcf9bbac41a4bf7155eba76ec32778e025f013e1ffb07e4abb
-AUX ufw-0.36-dont-check-iptables.patch 1592 BLAKE2B 7b8bb33a04a455fd05bf62b19ec35ff209eb54f7adc77a6296d4a5bbb80996ec11691e48b3ba1f4cffd11c53775545e537319852b0a9a3e27e4799d79c34a655 SHA512 a0c8c7331d46b917cec86763414ce2c70ef120bd069bd8ba67ef4ab2ab5212e7263f01d3d5072c7c8e4301ee36b280c8f464fc21cc19b3805c6d391437df0438
-AUX ufw-0.36-move-path.patch 6985 BLAKE2B 1f5ed4b0265fb812acffd1bb756a60a2a1e31b013054c40dae532966fd42449ba7bdde644c181a2f6e0c20103d9ef37a0400d217f7ec843bc10e3528b95eb8bc SHA512 228ed40f800b8ed4bbc217df9478c1c0be5eb1ec154abd2d3a3cd6c92902632f07ef70c3ca3f2478bfe501735a0f6f0b7fa8d8f4991fdaead4332e4c65bad0c9
-AUX ufw-0.36-shebang.patch 714 BLAKE2B adfbc135b1ec2e51a6df59c7caf4b081568eb77fc2b4c3518e4cb875aa75cc51122f09557c1bcaea9a06ca18891c897a3bba546027a9e1a2998c342948713676 SHA512 de3750d2e4361315e43df0ee4ed3da90631d66b148e8b93fabf3607d7d3dae9dca53f60edd94c1dc0315435c1a6c5d05816873782fc310ad15b347b2ba743612
AUX ufw-0.36.1-dont-check-iptables.patch 1956 BLAKE2B 1afb02e74e4855a93a6145756bf4ef2b3f4f457bc5af0844d9b4788f8e01d3fc2e3b9f27fbba8ab5316dd51f0e995632173b5dd5553a17e25f17d95e318317c2 SHA512 6b8f9f09d07a402aaf671a7d2ae899d4deb67fac5525f5733ed5e67b517d108df3d7037151f953dc0e5614997a5a44b32fd5c8746dcea57c5f264ae625d71554
AUX ufw-0.36.1-move-path.patch 4880 BLAKE2B 544dc08b6bb806929f049db4f9aa70dff35526ff0602bdb19ff4d5a8d3c0e19a46e62a617cd52c1bfd9a7300a48642e84478b924ba28f0e9183305486a002a6f SHA512 8b3710f3c0b8ca6a05db1dd74e84088b12fe9556a75da7fb7211788cdd24c3157251b4a82973d21c787b05bc81a27940c2d5fffd56d541334cdbd2e99c532019
AUX ufw-0.36.1-shebang.patch 713 BLAKE2B ad34303c58fd76f47d4ce550c1669c09cbbf9c00cfa986000d79cefbd44319f37b33b2b4090bf4551c9f6c2f961e7e9a3a628a8209fb6c43b8c7741406ff0b9f SHA512 ebf73b60b15292cd35c11262fe488294b229e60acaca81487d70bb2817c080f22d6813f1d8a9edc601fd9d2da141474a6da8dc7195fc99db7f664c7db1848457
@@ -12,7 +9,5 @@ AUX ufw-2.initd 2611 BLAKE2B b6a75e023ad0efeeef168e7e074c716ec66f40d3bde9f99cf1a
AUX ufw.confd 219 BLAKE2B 8ed5dec5dd9acc84715918240e31398268ff36f73bb2cfc10e64e0593e59cc7f5b988f8545ddea37f19d9b40e870d743bea66edd7da1e3d2753b6edda8afa352 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7
AUX ufw.service 329 BLAKE2B e817fc85b3bdb21b47a3089c6f2204292a019eaeae510832530f0e09f8784a312dd636fa3cf90610bb3159d52b4bdaadf803699ac4bff31576b566a3e977b2d2 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7
DIST ufw-0.36.1.tar.gz 583123 BLAKE2B 16e1ee67493d5db10a04667b646a019aa3aeb06345d0facc334fb07eeff4d4f6674a4699b2bd7bd6ed29de1c05c4e14812e9e8ec55c4bfb8579b8e3e2e577f6a SHA512 77d01fef661083eac041be6d6eabffb1d8aedb215f73e44e18a9a63a48da96414b3c0166e3ffd9402c22c72a6de5d774ba14b15368b02997aae8e08d1c5dd4c0
-DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3
-EBUILD ufw-0.36-r1.ebuild 6209 BLAKE2B 3919352c0399111f155fa806b994bfcbc1e52dc6e7757304520c6fa272a6f5e7bdecd7cbd03302008b52e3ff5a335a9d680a4fb3e83ebc885a2884f14ed935b4 SHA512 ed8ef54f90622bdaf6e28380ad909e7a729b887ad3b325aa8199771b827617f7e1ca63583de554db95c161e1661dfd17a0b5f24261ec96887b999caf6ffae5a3
EBUILD ufw-0.36.1.ebuild 6135 BLAKE2B 397e9f5f5abffc3299201bf5433e5546142b87aec1741f511f1b7bae1663a265371b6cf3fbbc0ad7298a81a53e93ba876e6602de31e6a2c826fd21d2f68dd4cb SHA512 cf66e8d5d9efc86f9dd3de6472549d084a9f71896ac41f2e2bffb8a3001dc9b9fac4479f0259a444eb5600fb04bbc3922e5e52cfe766038799feb4df225a8172
MISC metadata.xml 686 BLAKE2B 6d415e2295cf7facf8908aab2fbd7d4150d24595c9eb30ccf7f105ff2263cd7dc6c393dc8ad8303b264d76be37bb11da3ce4d4b666c0648e974b7585e9e7e452 SHA512 c1dee02a7458095069243337abb01a66dc132de15a51114cc1b39778f02b3a05d28a869cfa8cef55cf8701bb7f872232b63d432c1c5e45d71d90fa6099f74dd5
diff --git a/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
deleted file mode 100644
index 11eb1748dd1d..000000000000
--- a/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
+++ /dev/null
@@ -1,45 +0,0 @@
---- a/setup.py 2019-03-21 01:32:28.500245586 +0300
-+++ b/setup.py 2019-03-21 01:39:17.166095026 +0300
-@@ -257,41 +257,7 @@
- os.unlink(os.path.join('staging', 'ufw-init'))
- os.unlink(os.path.join('staging', 'ufw-init-functions'))
-
--iptables_exe = ''
--iptables_dir = ''
--
--for e in ['iptables']:
-- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
-- '/usr/local/bin']:
-- if e == "iptables":
-- if os.path.exists(os.path.join(dir, e)):
-- iptables_dir = dir
-- iptables_exe = os.path.join(iptables_dir, "iptables")
-- print("Found '%s'" % iptables_exe)
-- else:
-- continue
--
-- if iptables_exe != "":
-- break
--
--
--if iptables_exe == '':
-- print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
-- sys.exit(1)
--
--for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
-- if not os.path.exists(os.path.join(iptables_dir, e)):
-- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
-- sys.exit(1)
--
--(rc, out) = cmd([iptables_exe, '-V'])
--if rc != 0:
-- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
-- (iptables_exe))
--version = re.sub('^v', '', re.split('\s', str(out))[1])
--print("Found '%s' version '%s'" % (iptables_exe, version))
--if version < "1.4":
-- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
-+iptables_dir = '/sbin'
-
- setup (name='ufw',
- version=ufw_version,
diff --git a/net-firewall/ufw/files/ufw-0.36-move-path.patch b/net-firewall/ufw/files/ufw-0.36-move-path.patch
deleted file mode 100644
index 1ba9d117be50..000000000000
--- a/net-firewall/ufw/files/ufw-0.36-move-path.patch
+++ /dev/null
@@ -1,174 +0,0 @@
---- a/doc/ufw-framework.8 2018-12-14 21:25:55.000000000 +0300
-+++ b/doc/ufw-framework.8 2019-03-21 00:12:37.852104313 +0300
-@@ -18,7 +18,7 @@
- parameters and configuration of IPv6. The framework consists of the following
- files:
- .TP
--#STATE_PREFIX#/ufw\-init
-+#SHARE_DIR#/ufw\-init
- initialization script
- .TP
- #CONFIG_PREFIX#/ufw/before.init
-@@ -47,7 +47,7 @@
-
- .SH "BOOT INITIALIZATION"
- .PP
--\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
-+\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
- standard SysV style initscript used by the \fBufw\fR command and should not be
- modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init
- scripts may be used to perform any additional firewall configuration that is
---- a/README 2018-07-24 16:42:38.000000000 +0300
-+++ b/README 2019-03-21 00:18:18.253205303 +0300
-@@ -60,7 +60,7 @@
- on your needs, this can be as simple as adding the following to a startup
- script (eg rc.local for systems that use it):
-
--# /lib/ufw/ufw-init start
-+# /usr/share/ufw/ufw-init start
-
- For systems that use SysV initscripts, an example script is provided in
- doc/initscript.example. See doc/upstart.example for an Upstart example and
-@@ -74,10 +74,9 @@
- /etc/defaults/ufw high level configuration
- /etc/ufw/before[6].rules rules evaluated before UI added rules
- /etc/ufw/after[6].rules rules evaluated after UI added rules
--/lib/ufw/user[6].rules UI added rules (not to be modified)
-+/etc/ufw/user/user[6].rules UI added rules (not to be modified)
- /etc/ufw/sysctl.conf kernel network tunables
--/lib/ufw/ufw-init start script
--
-+/usr/share/ufw/ufw-init start script
-
- Usage
- -----
-@@ -152,7 +151,7 @@
- that the primary chains don't move around other non-ufw rules and chains. To
- completely flush the built-in chains with this configuration, you can use:
-
--# /lib/ufw/ufw-init flush-all
-+# /usr/share/ufw/ufw-init flush-all
-
- Alternately, ufw may also take full control of the firewall by setting
- MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
-@@ -260,7 +259,7 @@
-
- Remote Management
- -----------------
--On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
-+On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
- ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
- 'enabled' it will insert rules into the existing chains, and therefore not
- flush the chains (but will when modifying a rule or changing the default
-@@ -303,7 +302,7 @@
-
- Distributions
- -------------
--While it certainly ok to use /lib/ufw/ufw-init as the initscript for
-+While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
- ufw, this script is meant to be used by ufw itself, and therefore not
- particularly user friendly. See doc/initscript.example for a simple
- implementation that can be adapted to your distribution.
---- a/setup.py 2018-12-14 21:25:55.000000000 +0300
-+++ b/setup.py 2019-03-21 00:44:49.603002503 +0300
-@@ -55,7 +55,7 @@
- return
-
- real_confdir = os.path.join('/etc')
-- real_statedir = os.path.join('/lib', 'ufw')
-+ real_statedir = os.path.join('/etc', 'ufw', 'user')
- real_prefix = self.prefix
- if self.home != None:
- real_confdir = self.home + real_confdir
-@@ -132,14 +132,20 @@
- self.copy_file('doc/ufw.8', manpage)
- self.copy_file('doc/ufw-framework.8', manpage_f)
-
-- # Install state files and helper scripts
-+ # Install state files
- statedir = real_statedir
- if self.root != None:
- statedir = self.root + real_statedir
- self.mkpath(statedir)
-
-- init_helper = os.path.join(statedir, 'ufw-init')
-- init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
-+ # Install helper scripts
-+ sharedir = real_sharedir
-+ if self.root != None:
-+ sharedir = self.root + real_sharedir
-+ self.mkpath(sharedir)
-+
-+ init_helper = os.path.join(sharedir, 'ufw-init')
-+ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
- self.copy_file('src/ufw-init', init_helper)
- self.copy_file('src/ufw-init-functions', init_helper_functions)
-
-@@ -220,14 +226,19 @@
- f])
-
- subprocess.call(["sed",
-+ "-i",
-+ "s%#SHARE_DIR#%" + real_sharedir + "%g",
-+ f])
-+
-+ subprocess.call(["sed",
- "-i",
- "s%#VERSION#%" + ufw_version + "%g",
- f])
-
- # Install pristine copies of rules files
-- sharedir = real_sharedir
-- if self.root != None:
-- sharedir = self.root + real_sharedir
-+ #sharedir = real_sharedir
-+ #if self.root != None:
-+ # sharedir = self.root + real_sharedir
- rulesdir = os.path.join(sharedir, 'iptables')
- self.mkpath(rulesdir)
- for f in [ before_rules, after_rules, \
---- a/src/backend_iptables.py 2018-12-14 21:25:55.000000000 +0300
-+++ b/src/backend_iptables.py 2019-03-21 00:52:10.416829220 +0300
-@@ -38,6 +38,7 @@
- files = {}
- config_dir = _findpath(ufw.common.config_dir, datadir)
- state_dir = _findpath(ufw.common.state_dir, datadir)
-+ share_dir = _findpath(ufw.common.share_dir, datadir)
-
- files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
- files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules')
-@@ -45,7 +46,7 @@
- files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules')
- files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
- files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
-- files['init'] = os.path.join(state_dir, 'ufw-init')
-+ files['init'] = os.path.join(share_dir, 'ufw-init')
-
- ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files,
- rootdir=rootdir, datadir=datadir)
---- a/src/ufw-init 2018-03-30 22:45:52.000000000 +0300
-+++ b/src/ufw-init 2019-03-21 01:06:32.720483789 +0300
-@@ -31,10 +31,11 @@
- fi
- export DATA_DIR="$datadir"
-
--if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
-- . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
-+if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
-+ . "${rootdir}#SHARE_DIR#/ufw-init-functions"
-+
- else
-- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
-+ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
- exit 1
- fi
-
-@@ -83,7 +84,7 @@
- fi
- ;;
- *)
-- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
-+ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
- exit 1
- ;;
- esac
diff --git a/net-firewall/ufw/files/ufw-0.36-shebang.patch b/net-firewall/ufw/files/ufw-0.36-shebang.patch
deleted file mode 100644
index 8c2b8fe2392e..000000000000
--- a/net-firewall/ufw/files/ufw-0.36-shebang.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/setup.py 2019-03-21 01:51:55.751971770 +0300
-+++ b/setup.py 2019-03-21 01:54:40.142513567 +0300
-@@ -122,12 +122,6 @@
- for f in [ script, manpage, manpage_f ]:
- self.mkpath(os.path.dirname(f))
-
-- # update the interpreter to that of the one the user specified for setup
-- print("Updating staging/ufw to use %s" % (sys.executable))
-- subprocess.call(["sed",
-- "-i",
-- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
-- 'staging/ufw'])
- self.copy_file('staging/ufw', script)
- self.copy_file('doc/ufw.8', manpage)
- self.copy_file('doc/ufw-framework.8', manpage_f)
diff --git a/net-firewall/ufw/ufw-0.36-r1.ebuild b/net-firewall/ufw/ufw-0.36-r1.ebuild
deleted file mode 100644
index 5458db7c5f99..000000000000
--- a/net-firewall/ufw/ufw-0.36-r1.ebuild
+++ /dev/null
@@ -1,219 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..10} )
-DISTUTILS_IN_SOURCE_BUILD=1
-DISTUTILS_USE_SETUPTOOLS=no
-
-inherit bash-completion-r1 distutils-r1 linux-info systemd
-
-DESCRIPTION="A program used to manage a netfilter firewall"
-HOMEPAGE="https://launchpad.net/ufw"
-SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="amd64 ~arm arm64 ~ia64 ~loong ppc ppc64 ~riscv sparc x86"
-IUSE="examples ipv6"
-
-RDEPEND=">=net-firewall/iptables-1.4[ipv6(+)?]
- !<kde-misc/kcm-ufw-0.4.2
- !<net-firewall/ufw-frontends-0.3.2"
-
-BDEPEND="sys-devel/gettext"
-
-# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
-RESTRICT="test"
-
-PATCHES=(
- # Move files away from /lib/ufw.
- "${FILESDIR}/${P}-move-path.patch"
- # Remove unnecessary build time dependency on net-firewall/iptables.
- "${FILESDIR}/${P}-dont-check-iptables.patch"
- # Remove shebang modification.
- "${FILESDIR}/${P}-shebang.patch"
- # Fix bash completions, bug #526300
- "${FILESDIR}/${P}-bash-completion.patch"
-)
-
-pkg_pretend() {
- local CONFIG_CHECK="~PROC_FS
- ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
- ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
- ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
-
- if kernel_is -ge 2 6 39; then
- CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
- else
- CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
- fi
-
- # https://bugs.launchpad.net/ufw/+bug/1076050
- if kernel_is -ge 3 4; then
- CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
- else
- CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
- use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
- fi
-
- CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
- use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
-
- check_extra_config
-
- # Check for default, useful optional features.
- if ! linux_config_exists; then
- ewarn "Cannot determine configuration of your kernel."
- return
- fi
-
- local nf_nat_ftp_ok="yes"
- local nf_conntrack_ftp_ok="yes"
- local nf_conntrack_netbios_ns_ok="yes"
-
- linux_chkconfig_present \
- NF_NAT_FTP || nf_nat_ftp_ok="no"
- linux_chkconfig_present \
- NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
- linux_chkconfig_present \
- NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
-
- # This is better than an essay for each unset option...
- if [[ "${nf_nat_ftp_ok}" == "no" ]] || \
- [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \
- [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
- echo
- local mod_msg="Kernel options listed below are not set. They are not"
- mod_msg+=" mandatory, but they are often useful."
- mod_msg+=" If you don't need some of them, please remove relevant"
- mod_msg+=" module name(s) from IPT_MODULES in"
- mod_msg+=" '${EROOT}/etc/default/ufw' before (re)starting ufw."
- mod_msg+=" Otherwise ufw may fail to start!"
- ewarn "${mod_msg}"
- if [[ "${nf_nat_ftp_ok}" == "no" ]]; then
- ewarn "NF_NAT_FTP: for better support for active mode FTP."
- fi
- if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then
- ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
- fi
- if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
- ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
- fi
- fi
-}
-
-python_prepare_all() {
- # Set as enabled by default. User can enable or disable
- # the service by adding or removing it to/from a runlevel.
- sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
- || die "sed failed (ufw.conf)"
-
- sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
-
- # If LINGUAS is set install selected translations only.
- if [[ -n ${LINGUAS+set} ]]; then
- _EMPTY_LOCALE_LIST="yes"
- pushd locales/po > /dev/null || die
-
- local lang
- for lang in *.po; do
- if ! has "${lang%.po}" ${LINGUAS}; then
- rm "${lang}" || die
- else
- _EMPTY_LOCALE_LIST="no"
- fi
- done
-
- popd > /dev/null || die
- else
- _EMPTY_LOCALE_LIST="no"
- fi
-
- distutils-r1_python_prepare_all
-}
-
-python_install_all() {
- newconfd "${FILESDIR}"/ufw.confd ufw
- newinitd "${FILESDIR}"/ufw-2.initd ufw
- systemd_dounit "${FILESDIR}/ufw.service"
-
- exeinto /usr/share/${PN}
- doexe tests/check-requirements
-
- # users normally would want it
- insinto "/usr/share/doc/${PF}/logging/syslog-ng"
- doins -r "${FILESDIR}"/syslog-ng/*
-
- insinto "/usr/share/doc/${PF}/logging/rsyslog"
- doins -r "${FILESDIR}"/rsyslog/*
- doins doc/rsyslog.example
-
- if use examples; then
- insinto "/usr/share/doc/${PF}/examples"
- doins -r examples/*
- fi
- newbashcomp shell-completion/bash "${PN}"
-
- [[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo
-
- distutils-r1_python_install_all
- python_replicate_script "${D}/usr/sbin/ufw"
-}
-
-pkg_postinst() {
- local print_check_req_warn
- print_check_req_warn=false
-
- local found=()
- local apps=( "net-firewall/arno-iptables-firewall"
- "net-firewall/ferm"
- "net-firewall/firehol"
- "net-firewall/firewalld"
- "net-firewall/ipkungfu" )
-
- for exe in "${apps[@]}"
- do
- if has_version "${exe}"; then
- found+=( "${exe}" )
- fi
- done
-
- if [[ -n ${found} ]]; then
- echo ""
- ewarn "WARNING: Detected other firewall applications:"
- ewarn "${found[@]}"
- ewarn "If enabled, these applications may interfere with ufw!"
- fi
-
- if [[ -z "${REPLACING_VERSIONS}" ]]; then
- echo ""
- elog "To enable ufw, add it to boot sequence and activate it:"
- elog "-- # rc-update add ufw boot"
- elog "-- # /etc/init.d/ufw start"
- echo
- elog "If you want to keep ufw logs in a separate file, take a look at"
- elog "/usr/share/doc/${PF}/logging."
- print_check_req_warn=true
- else
- local rv
- for rv in ${REPLACING_VERSIONS}; do
- local major=${rv%%.*}
- local minor=${rv#${major}.}
- if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then
- print_check_req_warn=true
- fi
- done
- fi
- if [[ "${print_check_req_warn}" == "true" ]]; then
- echo
- elog "/usr/share/ufw/check-requirements script is installed."
- elog "It is useful for debugging problems with ufw. However one"
- elog "should keep in mind that the script assumes IPv6 is enabled"
- elog "on kernel and net-firewall/iptables, and fails when it's not."
- fi
- echo
- ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
- ewarn "default. See README, Remote Management section for more information."
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 01:19:27 +0000