diff options
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/Manifest.gz | bin | 4227 -> 4232 bytes | |||
| -rw-r--r-- | net-firewall/ferm/Manifest | 2 | ||||
| -rw-r--r-- | net-firewall/ferm/ferm-2.7.ebuild | 4 | ||||
| -rw-r--r-- | net-firewall/ipset/Manifest | 7 | ||||
| -rw-r--r-- | net-firewall/ipset/files/ipset-7.22-argv-bounds.patch | 36 | ||||
| -rw-r--r-- | net-firewall/ipset/files/ipset-7.22-asan-buffer-overflow.patch | 52 | ||||
| -rw-r--r-- | net-firewall/ipset/files/ipset-7.22-fix-building-on-musl.patch | 10 | ||||
| -rw-r--r-- | net-firewall/ipset/ipset-7.22-r2.ebuild | 121 | ||||
| -rw-r--r-- | net-firewall/ipset/ipset-7.23.ebuild | 4 | ||||
| -rw-r--r-- | net-firewall/iptables/Manifest | 2 | ||||
| -rw-r--r-- | net-firewall/iptables/iptables-1.8.11-r1.ebuild | 2 | ||||
| -rw-r--r-- | net-firewall/nftlb/Manifest | 5 | ||||
| -rw-r--r-- | net-firewall/nftlb/files/nftlb-1.1.0-musl.patch | 73 | ||||
| -rw-r--r-- | net-firewall/nftlb/metadata.xml | 2 | ||||
| -rw-r--r-- | net-firewall/nftlb/nftlb-1.1.0.ebuild | 69 |
15 files changed, 155 insertions, 234 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz Binary files differindex 50b9278cc356..d63d390c766f 100644 --- a/net-firewall/Manifest.gz +++ b/net-firewall/Manifest.gz diff --git a/net-firewall/ferm/Manifest b/net-firewall/ferm/Manifest index f4b3835e08b7..9aa94321c6a4 100644 --- a/net-firewall/ferm/Manifest +++ b/net-firewall/ferm/Manifest @@ -1,5 +1,5 @@ DIST ferm-2.6.tar.xz 76748 BLAKE2B 17c15e9d95c4562d1635715c599ab07fc98d8e9ebfcc332a42953fe279298799f26f7b3679f97e5dc9a82b745f70f54756fe2a9ed5763e91db15f7c0255c179e SHA512 af2bb852630304a86629c2ce3af8f557d17f59c704589ea130d8578f300a606e4fedbd39c88f89646df974947fc27982e3ea21de1187257afc74a6056fdf666c DIST ferm-2.7.tar.xz 77320 BLAKE2B 1c7b9e111b86cebc5c0f503e96422d3411b14eb18621268653262926be3e2493b6e66869d607feddbcdb945dada8960f40f166202e3b61a6e93007683fa3a38b SHA512 bbc0e025514c8bf826dd0c13c24cba64b2729380bce5ab8f0e1a72c4f22471edc4fcd2c343cf9af97a2e9bd204ba27feefcfe21d4b0ce53837be042f863c9c24 EBUILD ferm-2.6.ebuild 799 BLAKE2B 17600d81f97081dc6a7d583a4eee9c9aa409a916ef88f7288b06f5e0aba14c17c878b23fb5f9cab41ab1cddc8fe1d8a0ffc72f9f62dfaed1950c213dadf296cc SHA512 472648307460bbff445e85a56582524242f45809bda082e03a71f6f349fc52c085e017f5cdfb53d3c9e6ab6d55c1c93265bb4138cf99b9a5af6eddc0055b6a70 -EBUILD ferm-2.7.ebuild 799 BLAKE2B d1a2953c0c73bdcb03b6d3b384189c2d211577384695576ea3d47bb2bc705e61d85694faeef8b9165a2ae09604590170a1fea7d590d9e49d6fca5f8a6197072d SHA512 6cd22272d0c06ae902ec847117129c0eba6e7d07e4737b64c553fdcda02f6ae81702bdb488108ff91f9d2cc80052097b47e1b0bf0e68ecbe39238999c40ae9ed +EBUILD ferm-2.7.ebuild 806 BLAKE2B 2feac631910e06fa58364c113e24dfe2bf312fb155d9d3664faab21b0e815c6425cd23e9c4c20a0aa5e1a5d68247c9c51f51727a35a21af7d82f083be90cb467 SHA512 322d577acbeaea1746ab4e503bc660c832487079e879c763ef9618eead6763ef0986d3ef0d331f44772573dd0551d46f0f6f4ebb790dd8d3321303e67be56295 MISC metadata.xml 481 BLAKE2B 49c9fe8c9acd561831b5445aaf0722937fbe22d68c61575346b4e517a1b6a1611c0b316d9b5d47199f4de5a41960e5810a2d024efa976da6aaf16fc7287c726f SHA512 aa494cfbba9188df9e41d5cd2af614cd2321703a516ea2978b969b87ebde022ea9f2064721e611d7cff21bc27906db6447bd58e75d28e10ab718656570aa1ade diff --git a/net-firewall/ferm/ferm-2.7.ebuild b/net-firewall/ferm/ferm-2.7.ebuild index 5e7d668967ba..6293e4dd4bb5 100644 --- a/net-firewall/ferm/ferm-2.7.ebuild +++ b/net-firewall/ferm/ferm-2.7.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -11,7 +11,7 @@ SRC_URI="http://ferm.foo-projects.org/download/${PV}/${P}.tar.xz" LICENSE="GPL-2+" SLOT="0" -KEYWORDS="amd64 ppc x86" +KEYWORDS="amd64 ~arm64 ppc x86" # Uses Internet connection while testing. RESTRICT="test" diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest index 47329c949a56..30c7ee1a8c42 100644 --- a/net-firewall/ipset/Manifest +++ b/net-firewall/ipset/Manifest @@ -1,12 +1,7 @@ -AUX ipset-7.22-argv-bounds.patch 1132 BLAKE2B 44edaaf8858c386eaa8d98a67ab41a8bc2f8842926ac73e197f07e6ba5971a26f2f1b8a7c19b620be3e834086f7db3e90cb56b4906fffbc94ef311bc66a74636 SHA512 3e1da81668320cf1742dee973a11f060ee0924ae504eba31c625620062ac3cab4f60d96a9af183cd8b365755838723ef3a6dad49b0068f9e69585951f9c81299 -AUX ipset-7.22-asan-buffer-overflow.patch 2589 BLAKE2B 09714f315561ae0cb11a268364254b334e6f776dd66ca2cdffac1335e70c9839c765e85f1947f6d58156179f033e3e2e3421f62ffea65fc0816f13bd3db377c3 SHA512 05f99044eb6285683945e2ba4b0fa973c01239bb97e63f0c492ca8f36927054e21040e42192188391fcb9342ee615ab28f4346b894afa2e7958e0bcd74143288 -AUX ipset-7.22-fix-building-on-musl.patch 313 BLAKE2B 8f2c354b7b1ae4061498f810c1d350591cfa61ebcf527e51eee4c44545e2cd40f52db67af0df649dceabfa69bf0cec7d05dab34158a70369a71f21e74ff44a2a SHA512 43e8321e90d66b43f4cc8ec188264fb82b0efdc92b5bb40e16218e83b688e847616f4fe505a53f3079fb3881d5cbf39a021e391c2465efe2aa78bb512cd8a4b1 AUX ipset-bash-completion.patch 502 BLAKE2B 31d3ebfe59506f24e74c45912aabd87d853643d0eebf7e88a260964cbed5ff44cae870d9ba47879f81bd9f4bc784e7f28fb80e144f72acfcf2caff02abcea83f SHA512 682d2dfcc7e115824a9883ba58118a27c0075bea08444f74c9a12678ac3dc10592f9f7cafa55dfa96969f89b64300d58507630210050fb2f8237b917118f2418 AUX ipset.confd-r1 666 BLAKE2B 852963fd27d11f58305f33cc9be84d5eabde73f5af4924d97ad188505fa64b2c75f31ece180e2992d275738305b7a731afc8b911314a9f202320c0c61053fc9b SHA512 6020665ba30fc9efa7c16714c1ff7a0961153175b70ca5817f72c4123537e0ff9a977b8ca71914ef8b49d431601b73275b2ab6f848d521b53680b0cd7bcaca82 AUX ipset.initd-r7 4175 BLAKE2B 8a9936ffc57ffcf25ed45769d6cb76cecc0de66919597a90e440156d7cf938ed5ffc6b71aed634cbc473c866ad542d9eb388e3d91ebd697949ceaa763ce24e80 SHA512 d208ee673119182ee515c25263704e0e5bbae1aefbf5ec469ca71f3e70e14900c5a2d8f0171b3a5754afbcc464d30a760d0e413b1b66ccb0d3805327fdd66b65 AUX ipset.systemd-r1 492 BLAKE2B 78fd7b122e0fe08b36d36e736d18b7a5f0bf1aa78802f1bdc7abf69ad2ef9c0bcfb22ae84f8f6489aee6c147ee3c0be7ebfa600712bf6169940802466daf68ba SHA512 6574e48ce6b3c4f45122a8b387746793ceda62f68ec8b0f3f6f949f5650ab557f3f7eb75699e36d5bf04efbf39dc17e030cc44ea9d97891578d4c909669e6eb7 -DIST ipset-7.22.tar.bz2 694069 BLAKE2B 9daaff54adb6f9daf69cd7dabbd9134d8fcf8cd7f8ef0c52296961579ad3c8202087158a01664228eff70356ba97f77ec61abbab7c7ce323112fbdc32abd661b SHA512 e375a9110eb7974480147c57eb2cff4bdd03c7704cdae006a3d254cc80fada587aa8aee25a86f7cab29db83f5e283c5f9a47a314297317660ebba5097f623d79 DIST ipset-7.23.tar.bz2 695655 BLAKE2B a596630d12a8bcc1383475627e5e62b7be4c17570ae9d3650b9dbcac0ec46324e1ac7c0e7e11f674fb5354871538f6f15e57476ac752b1ac1415023d837904e6 SHA512 5a43c790abf157a55db5a9a22cb5f28a225f5c7969beda81566a2259aa82c9d852979eb805b11b4347f47c6a0c2cc4de6f14e4733bee5b562844422a45fb9dab -EBUILD ipset-7.22-r2.ebuild 3567 BLAKE2B e3775ef8927c1bd96d30064e04c9302d4e3025cbd6b9c73af9b2f65956a198b2164b9c9903eb9f0bc49122c98df0c89de12e970610f3de88118da93fccc9cabf SHA512 11d975b834bf0b376396a88265b8f65c3fbbb442c02826292926a6e31e045eb7ff2bec4447e11deae76e55b75cf3424b227999bf6505465f89977f673ebda897 -EBUILD ipset-7.23.ebuild 3439 BLAKE2B 16b29300ee71dbd9971cd4b471f5dea73e8c8a9bec5213a9b98f728cfc0f134875b59d8da5512f27459c524ea3d84bd774220288c1a4e39070ffd3b5095c7ad1 SHA512 cc41fee6e8f08ba3160b19374eb166958b9e7ac785ac5761198397c7af97be7aedd82472b07752d2d711ba6fd485c56abf38d96f83b7822cd06144c23808142e +EBUILD ipset-7.23.ebuild 3433 BLAKE2B 75331e5aef92ecb3dcb2492ebd44c188f020d6f2740e76b9b50ae6513c1088a307452b5bd3505857c6ad6a8154cb9424890b0df6ade01d28a92b6fd05240357c SHA512 757f1363cae266639269e5861e54c4cb27fdfb62ceab9c165fb1bc5a187e0b722647aa5da44941755bac2a4ccb7cb158619cc358af2307f1f7c6c46b6ab58be6 MISC metadata.xml 475 BLAKE2B e1e06003a410249ed76d39b74ccbcd64b8572ff05f1c818729d787cecfb19cfa9c7e3463473688abc7a398efb908b0c7145bad88bbb7259e69f1b7d985584bcc SHA512 d0a3dca6593e8a62cbf5c325eb59b620137af8d8f5a463702c4d6ec102fd03b8adbbdcd9358777d0461f57a98d892d359d80b8f722d3f322f3d4766d762f6585 diff --git a/net-firewall/ipset/files/ipset-7.22-argv-bounds.patch b/net-firewall/ipset/files/ipset-7.22-argv-bounds.patch deleted file mode 100644 index 07d18303642e..000000000000 --- a/net-firewall/ipset/files/ipset-7.22-argv-bounds.patch +++ /dev/null @@ -1,36 +0,0 @@ -https://git.netfilter.org/ipset/commit/?id=851cb04ffee5040f1e0063f77c3fe9bc6245e0fb - -From 851cb04ffee5040f1e0063f77c3fe9bc6245e0fb Mon Sep 17 00:00:00 2001 -From: Phil Sutter <phil@nwl.cc> -Date: Thu, 27 Jun 2024 10:18:17 +0200 -Subject: lib: ipset: Avoid 'argv' array overstepping - -The maximum accepted value for 'argc' is MAX_ARGS which matches 'argv' -array size. The maximum allowed array index is therefore argc-1. - -This fix will leave items in argv non-NULL-terminated, so explicitly -NULL the formerly last entry after shifting. - -Looks like a day-1 bug. Interestingly, this neither triggered ASAN nor -valgrind. Yet adding debug output printing argv entries being copied -did. - -Fixes: 1e6e8bd9a62aa ("Third stage to ipset-5") -Signed-off-by: Phil Sutter <phil@nwl.cc> -Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> ---- a/lib/ipset.c -+++ b/lib/ipset.c -@@ -343,9 +343,9 @@ ipset_shift_argv(int *argc, char *argv[], int from) - - assert(*argc >= from + 1); - -- for (i = from + 1; i <= *argc; i++) -+ for (i = from + 1; i < *argc; i++) - argv[i-1] = argv[i]; -- (*argc)--; -+ argv[--(*argc)] = NULL; - return; - } - --- -cgit v1.2.3 diff --git a/net-firewall/ipset/files/ipset-7.22-asan-buffer-overflow.patch b/net-firewall/ipset/files/ipset-7.22-asan-buffer-overflow.patch deleted file mode 100644 index 56d126db5efa..000000000000 --- a/net-firewall/ipset/files/ipset-7.22-asan-buffer-overflow.patch +++ /dev/null @@ -1,52 +0,0 @@ -https://git.netfilter.org/ipset/commit/?id=f1bcacf5eeb8620ea684524e1ce9c3951a77f1f9 - -From f1bcacf5eeb8620ea684524e1ce9c3951a77f1f9 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <phil@nwl.cc> -Date: Thu, 27 Jun 2024 10:18:16 +0200 -Subject: lib: data: Fix for global-buffer-overflow warning by ASAN - -After compiling with CFLAGS="-fsanitize=address -g", running the -testsuite triggers the following warning: - -| ipmap: Range: Check syntax error: missing range/from-to: FAILED -| Failed test: ../src/ipset 2>.foo.err -N test ipmap -| ================================================================= -| ==4204==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55a21e77172a at pc 0x7f1ef246f2a6 bp 0x7fffed8f4f40 sp 0x7fffed8f46e8 -| READ of size 32 at 0x55a21e77172a thread T0 -| #0 0x7f1ef246f2a5 in __interceptor_memcpy /var/tmp/portage/sys-devel/gcc-13.2.1_p20231014/work/gcc-13-20231014/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:899 -| #1 0x55a21e758bf6 in ipset_strlcpy /home/n0-1/git/ipset/lib/data.c:119 -| #2 0x55a21e758bf6 in ipset_data_set /home/n0-1/git/ipset/lib/data.c:349 -| #3 0x55a21e75ee2f in ipset_parse_typename /home/n0-1/git/ipset/lib/parse.c:1819 -| #4 0x55a21e754119 in ipset_parser /home/n0-1/git/ipset/lib/ipset.c:1205 -| #5 0x55a21e752cef in ipset_parse_argv /home/n0-1/git/ipset/lib/ipset.c:1344 -| #6 0x55a21e74ea45 in main /home/n0-1/git/ipset/src/ipset.c:38 -| #7 0x7f1ef224cf09 (/lib64/libc.so.6+0x23f09) -| #8 0x7f1ef224cfc4 in __libc_start_main (/lib64/libc.so.6+0x23fc4) -| #9 0x55a21e74f040 in _start (/home/n0-1/git/ipset/src/ipset+0x1d040) -| -| 0x55a21e77172a is located 54 bytes before global variable '*.LC1' defined in 'ipset_bitmap_ip.c' (0x55a21e771760) of size 19 -| '*.LC1' is ascii string 'IP|IP/CIDR|FROM-TO' -| 0x55a21e77172a is located 0 bytes after global variable '*.LC0' defined in 'ipset_bitmap_ip.c' (0x55a21e771720) of size 10 -| '*.LC0' is ascii string 'bitmap:ip' - -Fix this by avoiding 'src' array overstep in ipset_strlcpy(): In -contrast to strncpy(), memcpy() does not respect NUL-chars in input but -stubbornly reads as many bytes as specified. - -Fixes: a7432ba786ca4 ("Workaround misleading -Wstringop-truncation warning") -Signed-off-by: Phil Sutter <phil@nwl.cc> -Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> ---- a/lib/data.c -+++ b/lib/data.c -@@ -111,6 +111,9 @@ ipset_strlcpy(char *dst, const char *src, size_t len) - assert(dst); - assert(src); - -+ if (strlen(src) < len) -+ len = strlen(src) + 1; -+ - memcpy(dst, src, len); - dst[len - 1] = '\0'; - } --- -cgit v1.2.3 diff --git a/net-firewall/ipset/files/ipset-7.22-fix-building-on-musl.patch b/net-firewall/ipset/files/ipset-7.22-fix-building-on-musl.patch deleted file mode 100644 index 7a77aa952869..000000000000 --- a/net-firewall/ipset/files/ipset-7.22-fix-building-on-musl.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/src/ipset.c 2024-08-30 14:21:19.201863069 +0000 -+++ b/src/ipset.c 2024-08-30 14:21:52.525571560 +0000 -@@ -15,6 +15,7 @@ - #include <config.h> - #include <libipset/ipset.h> /* ipset library */ - #include <libipset/xlate.h> /* translate to nftables */ -+#include <libgen.h> - - int - main(int argc, char *argv[]) diff --git a/net-firewall/ipset/ipset-7.22-r2.ebuild b/net-firewall/ipset/ipset-7.22-r2.ebuild deleted file mode 100644 index affe9147840d..000000000000 --- a/net-firewall/ipset/ipset-7.22-r2.ebuild +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -MODULES_OPTIONAL_IUSE=modules -inherit autotools bash-completion-r1 linux-mod-r1 systemd - -DESCRIPTION="IPset tool for iptables, successor to ippool" -HOMEPAGE="https://ipset.netfilter.org/ https://git.netfilter.org/ipset/" -SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv x86" - -RDEPEND=" - net-firewall/iptables - net-libs/libmnl:= -" -DEPEND="${RDEPEND}" -BDEPEND="virtual/pkgconfig" - -DOCS=( ChangeLog INSTALL README UPGRADE ) - -# configurable from outside, e.g. /etc/portage/make.conf -IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} - -PATCHES=( - "${FILESDIR}/${PN}-bash-completion.patch" - "${FILESDIR}/${P}-asan-buffer-overflow.patch" - "${FILESDIR}/${P}-argv-bounds.patch" - "${FILESDIR}/${P}-fix-building-on-musl.patch" -) - -src_prepare() { - default - eautoreconf -} - -pkg_setup() { - get_version - CONFIG_CHECK="NETFILTER" - ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." - CONFIG_CHECK+=" NETFILTER_NETLINK" - ERROR_NETFILTER_NETLINK="ipset requires NETFILTER_NETLINK support in your kernel." - # It does still build without NET_NS, but it may be needed in future. - #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" - #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." - CONFIG_CHECK+=" !PAX_CONSTIFY_PLUGIN" - ERROR_PAX_CONSTIFY_PLUGIN="ipset contains constified variables (#614896)" - - build_modules=0 - if use modules; then - if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then - if linux_chkconfig_present "IP_NF_SET" || \ - linux_chkconfig_present "IP_SET"; then #274577 - eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." - eerror "Please either build ipset with modules USE flag disabled" - eerror "or rebuild kernel without IP_SET support and make sure" - eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." - die "USE=modules and in-kernel ipset support detected." - else - einfo "Modular kernel detected. Gonna build kernel modules..." - build_modules=1 - fi - else - eerror "Nonmodular kernel detected, but USE=modules. Either build" - eerror "modular kernel (without IP_SET) or disable USE=modules" - die "Nonmodular kernel detected, will not build kernel modules" - fi - fi - - [[ ${build_modules} -eq 1 ]] && linux-mod-r1_pkg_setup -} - -src_configure() { - export bashcompdir="$(get_bashcompdir)" - - econf \ - --enable-bashcompl \ - $(use_with modules kmod) \ - --with-maxsets=${IP_NF_SET_MAX} \ - --with-ksource="${KV_DIR}" \ - --with-kbuild="${KV_OUT_DIR}" -} - -src_compile() { - einfo "Building userspace" - - local modlist=( xt_set=kernel/net/netfilter/ipset/:"${S}":kernel/net/netfilter/: - em_ipset=kernel/net/sched:"${S}":kernel/net/sched/:modules ) - - for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,mac,mark,port{,ip,net}},mac,net{,port{,net},iface,net}},_list_set}; do - modlist+=( ${i}=kernel/net/netfilter/ipset/:"${S}":kernel/net/netfilter/ipset ) - done - - emake - - if [[ ${build_modules} -eq 1 ]]; then - einfo "Building kernel modules" - linux-mod-r1_src_compile - fi -} - -src_install() { - einfo "Installing userspace" - default - - find "${ED}" -name '*.la' -delete || die - - newinitd "${FILESDIR}"/ipset.initd-r7 ${PN} - newconfd "${FILESDIR}"/ipset.confd-r1 ${PN} - systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service - keepdir /var/lib/ipset - - if [[ ${build_modules} -eq 1 ]]; then - einfo "Installing kernel modules" - linux-mod-r1_src_install - fi -} diff --git a/net-firewall/ipset/ipset-7.23.ebuild b/net-firewall/ipset/ipset-7.23.ebuild index 00688b5a1675..431969f5d7cd 100644 --- a/net-firewall/ipset/ipset-7.23.ebuild +++ b/net-firewall/ipset/ipset-7.23.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -12,7 +12,7 @@ SRC_URI="https://ipset.netfilter.org/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86" +KEYWORDS="amd64 arm arm64 ~loong ppc ppc64 ~riscv x86" RDEPEND=" net-firewall/iptables diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 785d0cfc926e..08c594dc6603 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -14,7 +14,7 @@ DIST iptables-1.8.11.tar.xz 649284 BLAKE2B 82daca3940e253f6fda7cf5b3332488c31391 DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70 EBUILD iptables-1.8.10-r1.ebuild 4561 BLAKE2B 14417d62fcd1e9102f543c664c81a834fae8392799e0a3cec107baa77f234228a0853fd48f6b06b5b79f5183eb4002c6e9445b7aa809cbb17ed618f5a9eb4f75 SHA512 437e1c541f0e959a80dd9e8938c82f2ccf23872cfefc84451a70ef75d74b7603a33a23be1a5c7ff31c0336bd613504c7249743d0d15e53022b2709e72cd1e545 EBUILD iptables-1.8.10.ebuild 4658 BLAKE2B 878e6bc44f8bf6b2352217e225e1809f20e99ac62a872088b3ff6270610833ef24d6e7bb2a5d342899a33104071744b3895855c02b3fe0a7a24f0f041631c42f SHA512 bfc698898996b1154179d8f972c652b535e4454542923eb25a2c4503f4fc10bdfb2cc5bf702d5662c28881070474a8b61be0e899f3eef3d312cc1a2a7fca2970 -EBUILD iptables-1.8.11-r1.ebuild 4492 BLAKE2B 9963ca0950bca1e972e270d12f8a8a888acfc2fd3d1409b0dd904c0429c467eb6ab642158913bd0f8cfda22db878fda6abc956abac8e3f7b2854f37d0eb665b0 SHA512 72ad38a932dbaeff4a0a775402c67d0657043b0a985cef7418a3a41177340787b66fec4804017227b1fb0949ab4119e19cad6f5bebd45a43990cc8ab49d811a3 +EBUILD iptables-1.8.11-r1.ebuild 4491 BLAKE2B 29d0d2ac7b59b5d79a8e4fbd01a15fa9f98979a54d29c50949454e0446de0c264ebb88c004d19e3a07c3c80827e90a65c810927484044c11d3a353daef79faba SHA512 7e3b9e0f9b8253f4c35f1d15641a2e17f4f8c2f4174a3f1ee5bbe03f5366f38fc6f20c32de7b28a096513d7c6ab4e2cde70891f395e52d555b15e880f319b2dc EBUILD iptables-1.8.11.ebuild 4490 BLAKE2B 311bc47e930fe6900c9b49d76d3ff055dddba5930f17767552e486b6ec172e2237c8f1082503c2b0cc1f551852ddbe265442fdc3b73c2f1d834bad67e52202fd SHA512 eb1749643e7b19d6e02781814a396e124d8fe8c5f6fa18f2b0fc4bb916c0d48c93b40793e99159547e6b44583b70208301958bd8e1489d8334e26be21932500b EBUILD iptables-1.8.9-r2.ebuild 4675 BLAKE2B eabc6ee05e768d69c1957d00e83b57032332f6444b1be70e54b3ccfaa7a0c3aaac2ebdd4413ee1012838bee256994e29b9ca5ea384b736bd9501f4ccb6fc6542 SHA512 1da93698bd9d7bc057a763686e32c85cf3525bdbf23d1bb94f5aa0846501d571fa2e5571a3db0bd3667e1167930a088ba5d474be4ff8c85b10a937ecc07a6768 EBUILD iptables-1.8.9.ebuild 4550 BLAKE2B cf8ab3600795d1c327ac593a6152111bc17a6914eb29ea76ae27fa03b8555c90f1c15e5acdfab56290e636ff7b6080430a2054d1c4a5e6e25669c234c7a54149 SHA512 1a15dd7c07704ed2c5b3b3a30633e8c97ff1618f1f6a3e2b962d7b41c2d2930cc9477075ea4254a6dc12208fb87f8663f3dae994176a858882df6635a201dbea diff --git a/net-firewall/iptables/iptables-1.8.11-r1.ebuild b/net-firewall/iptables/iptables-1.8.11-r1.ebuild index 1f4a4a45676c..eeb7878289e6 100644 --- a/net-firewall/iptables/iptables-1.8.11-r1.ebuild +++ b/net-firewall/iptables/iptables-1.8.11-r1.ebuild @@ -13,7 +13,7 @@ LICENSE="GPL-2" # Subslot reflects PV when libxtables and/or libip*tc was changed # the last time. SLOT="0/1.8.3" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="conntrack netlink nftables pcap static-libs test" RESTRICT="!test? ( test )" # TODO: skip tests needing nftables if no xtables-nft-multi (bug #890628) diff --git a/net-firewall/nftlb/Manifest b/net-firewall/nftlb/Manifest index 6aebad935678..ab261e9d5a31 100644 --- a/net-firewall/nftlb/Manifest +++ b/net-firewall/nftlb/Manifest @@ -2,8 +2,11 @@ AUX nftlb-1.0-musl.patch 1899 BLAKE2B 6c2c51ba355473754ac1aa59e423b367c9eba8c0ae AUX nftlb-1.0-tests.patch 1025 BLAKE2B 1c1a3b363d5896799dbc9c789684bcb407cafeee6b7d7d061f28142a718a77b9a7fc11a59ff40f178047d37a8452c66cab904661d36874efc343677ec4a043a4 SHA512 a013fd84528620e61b93b11218edb5fbf4096d0367d802f697048f544751a0a4c9d64ecfa5198b28d8dc732b195db7d7ed5028423aa26c855f116d11665f096b AUX nftlb-1.0.8-musl.patch 1924 BLAKE2B a5a46af3f5f000afa09b3e2d8413385a792b35aea2a8017c8c5b8abfb8cb02dbbccd8ec4da330a5f197dec108b0451a65f81b319fb24d77d9cd3fc1408d60902 SHA512 cbd78b062d2ffa69b0e6d63af11ef5159a01fa7e67caf00f2ca597beb0064767748448ca1e45626e9f326c34eb7e1c34f59bc08a035866a1f0be603decf5d3cc AUX nftlb-1.0.8-tests.patch 1073 BLAKE2B e15195c9e67dde666f6450d38c45dee9fcbb499ef66ec5ba7e08a1b4c92a3fd10f5332ccc8f1cf5f9ff48589108ada1fd1b8e9a7a766e7e41eb3acc230b7708e SHA512 cc2b6caa0fb300a524e28d0602fcb287a18244ef98832115dcd6cecab623240ec86f5e95c6f8e74d56b064553723d85bc4cfb97defdbbc4d76e001809dbd5483 +AUX nftlb-1.1.0-musl.patch 1922 BLAKE2B a3cb51e58360b3f782c264ff60a91004c98d403873fc03269802453d0da340c0163246b267f5ea2861c7a01869c886f06ece054cb0d6b24b2d135564de23a1c6 SHA512 04bf78096c7676710cae245df441dd74b4d35a67c22ee56ead44a0c5a64d8c55da4dd67946cb01d61b46c2bd7a1435ddda1b9be9c53f859a616408d07035b721 DIST nftlb-1.0.7.tar.gz 201988 BLAKE2B 794778523b3a60a351fd071e6ff129197203ddfb1b80823dd6b05c30cb530040da465a10d2ffbf11cad063c2a453bb9baebd6e689b9166d4fcb0fe9fd17760e8 SHA512 eb1e9847f340e57b75a5b8680774d8208b282faccdef48e316b2bd52b10349eeda70643386e0e899d0f6a2f506964cf1b7a7ec2d86279f83ca87a9afa8f047bc DIST nftlb-1.0.8.gh.tar.gz 256936 BLAKE2B 1ab9fb508c8613304ebde7185a8ad8ddabb483d17c8b872cfb7da8a0b0e5a8d40f74a74361d1d5b8304d45c00357eea1f88f2cc39e5afe537791278277462407 SHA512 f612b7065fb5011f1af34cabe0945b7b0c1479241b4673d86e2e97d06bffdfefcc5ca4ec3ad3752faa92862306ed8ad28754838236476fe9db88099bc389cf7c +DIST nftlb-1.1.0.gh.tar.gz 250421 BLAKE2B 4034032bec80fe43c67af54550fe24f6133ce9b79c769caa678ef351d001ad01b758740df73e149726f00c258a84e3f4cbd6394a86efec0cdb5221a2f374f774 SHA512 e4fd41f5d7251913be457ae9b4e1ca1a1cc25751d1ffbb7fac3e009332ff963fcd5ab141e8cdbd26eee57183bc7663bf153feb5cd2ba8e2b6cc36083c8c12e46 EBUILD nftlb-1.0.7-r1.ebuild 1040 BLAKE2B 8dce56fc972cad17d50ad35103b17cb70bb475dec111d9918d225524190e7c846d694339f61d38cde6b14937d947251ff8881ac2ed5733316e661de368ce04e7 SHA512 72ab199e1b80059bc4a3f4a048c85fa7101a719c3e28dfa288250612bd6d8d06d0080660aac921132069c00aaef4c646b60a07e9180fd18e4178ed390cfffd6e EBUILD nftlb-1.0.8-r1.ebuild 1140 BLAKE2B 1d54bf74d1a418db40c5b59722a60fba074c090ebe1aa7262afbe6d96feafed62d6ed6e0e97a0c3322fd371503bbf44135c11c5e6f49ddc7fe90b4ac3e51cec2 SHA512 36a7ce60a0c016c78faa314c4cf0b8cc9a04577960ec326f86a0cb1e70d885599aba8cf53b57b65afcb302c8e8c7aecd39feccdc7528ae1c2f210d78d19bdbef -MISC metadata.xml 338 BLAKE2B 7ac9c5781a06889e69bbde8ed9ccdc15f5a587eb71c0d8835d365c5856fd9d96b492a8ce1090b5b9a3bf282719ac8f5b7001b7c712daeef656f0b09d0019c903 SHA512 87dea1537335a8012ae31a59f9346039896c407b35ec818bcb245d899a75fa60f2e72713c612f8eb94010fba8869ff7814096d63280cc0e642f5f41d59241c8c +EBUILD nftlb-1.1.0.ebuild 1183 BLAKE2B 649e4d737275d8fea5c72588c05a610a7d72bb96a0089f311d33ec2729dfdb0a72de6b98ad8b66764762689a5d65a574559cdfce7ac4f956e0505c73117c083f SHA512 ccfd47e458f8449f2c743d83de0f519ef3117172fe1184ec88ac49f96088e20d6e1546e6761f73c4d472b33e8bf3f9a1145f125629482223c59a2a153b1c94dd +MISC metadata.xml 340 BLAKE2B 1fee7d2bf2bd65cab370ce666cfd3b42b36bf132e7c8ebb137422526dd439b1495d0282800fc4f8c4ad5185d8351a4c5613a904a18d1c099acf5071f36491590 SHA512 53491f0e80af23bc8f5b02f61c55d0b59fce7256bafd877736e677d6e3fe99a523eecf55611ef40e7b2fb3bb1a5239ba9a9bd7e6b99378d2bd35e310f52efba9 diff --git a/net-firewall/nftlb/files/nftlb-1.1.0-musl.patch b/net-firewall/nftlb/files/nftlb-1.1.0-musl.patch new file mode 100644 index 000000000000..b9cfb315c7e2 --- /dev/null +++ b/net-firewall/nftlb/files/nftlb-1.1.0-musl.patch @@ -0,0 +1,73 @@ +diff --git a/configure.ac b/configure.ac +index ace78db..55f5f68 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2,6 +2,7 @@ AC_INIT([nftlb], [1.1.0], [netfilter-devel@vger.kernel.org]) + + AC_CONFIG_AUX_DIR([build-aux]) + AC_CONFIG_MACRO_DIR([m4]) ++AC_CONFIG_HEADERS([config.h]) + AM_INIT_AUTOMAKE([-Wall foreign subdir-objects + tar-pax no-dist-gzip dist-bzip2 1.6]) + +@@ -25,5 +26,7 @@ AC_CHECK_HEADER([ev.h], [EVENTINC="-include ev.h"], + [EVENTINC="-include libev/ev.h"], + [AC_MSG_ERROR([ev.h not found])])]) + ++AC_CHECK_HEADERS([execinfo.h]) ++ + AC_CONFIG_FILES([Makefile src/Makefile]) + AC_OUTPUT +diff --git a/src/main.c b/src/main.c +index bca652e..5d7e918 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -18,6 +18,7 @@ + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ ++#include "config.h" + + #include <stdio.h> + #include <stdlib.h> +@@ -25,6 +26,10 @@ + #include <errno.h> + #include <unistd.h> + ++#ifdef HAVE_EXECINFO_H ++ #include <execinfo.h> ++#endif /* HAVE_EXECINFO_H */ ++ + #include "config.h" + #include "objects.h" + #include "server.h" +@@ -88,6 +93,7 @@ static void nftlb_sighandler(int signo) + exit(EXIT_SUCCESS); + } + ++#ifdef HAVE_EXECINFO_H + static void nftlb_trace() { + int level; + +@@ -100,6 +106,7 @@ static void nftlb_trace() { + if (!obj_recovery()) + exit(EXIT_FAILURE); + } ++#endif /* HAVE_EXECINFO_H */ + + static int main_process(const char *config, int mode) + { +@@ -189,9 +196,13 @@ int main(int argc, char *argv[]) + + if (signal(SIGINT, nftlb_sighandler) == SIG_ERR || + signal(SIGTERM, nftlb_sighandler) == SIG_ERR || ++#ifdef HAVE_EXECINFO_H + signal(SIGPIPE, SIG_IGN) == SIG_ERR || + signal(SIGABRT, nftlb_trace) == SIG_ERR || + signal(SIGSEGV, nftlb_trace) == SIG_ERR) { ++#else ++ signal(sigpipe, sig_ign) == sig_err) { ++#endif /* have_execinfo_h */ + u_log_print(LOG_ERR, "Error assigning signals"); + return EXIT_FAILURE; + } diff --git a/net-firewall/nftlb/metadata.xml b/net-firewall/nftlb/metadata.xml index ab906c04250e..6cf207784952 100644 --- a/net-firewall/nftlb/metadata.xml +++ b/net-firewall/nftlb/metadata.xml @@ -6,6 +6,6 @@ <name>Patrick McLean</name> </maintainer> <upstream> - <remote-id type="github">zevenet/nftlb</remote-id> + <remote-id type="github">relianoid/nftlb</remote-id> </upstream> </pkgmetadata> diff --git a/net-firewall/nftlb/nftlb-1.1.0.ebuild b/net-firewall/nftlb/nftlb-1.1.0.ebuild new file mode 100644 index 000000000000..7e90a613b33b --- /dev/null +++ b/net-firewall/nftlb/nftlb-1.1.0.ebuild @@ -0,0 +1,69 @@ +# Copyright 2020-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit linux-info autotools + +DESCRIPTION="nftables load balancer" +HOMEPAGE=" + https://www.relianoid.com/nftlb + https://github.com/relianoid/nftlb +" +SRC_URI="https://github.com/relianoid/${PN}/archive/v${PV}.tar.gz -> ${P}.gh.tar.gz" + +LICENSE="AGPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND=" + net-firewall/nftables:=[modern-kernel(+)] + dev-libs/jansson:= + dev-libs/libev:= +" +RDEPEND=" + ${DEPEND} +" + +# tests need root access +RESTRICT="test" + +PATCHES=( + "${FILESDIR}/nftlb-1.0.8-tests.patch" + "${FILESDIR}/nftlb-1.1.0-musl.patch" +) + +pkg_setup() { + local CONFIG_CHECK=" + ~NF_TABLES + ~NFT_NUMGEN + ~NFT_HASH + ~NF_NAT + ~IP_NF_NAT + " + + linux-info_pkg_setup + + if kernel_is lt 4 19; then + eerror "${PN} requires kernel version 4.19 or newer" + fi +} + +src_prepare() { + # there are some compiler artifacts in the tarball + find "${S}" -name '*.o' -delete || die + + default + eautoreconf +} + +src_test() { + pushd tests >/dev/null || die + + sed -e "s:/var/log/syslog:\"${T}/tests.log\":" \ + -i exec_tests.sh || die + + ./exec_tests.sh || die "tests failed" + + popd >/dev/null || die +} |