From 70b82ae359a5538711e103b0e8dfb92654296644 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 27 Oct 2018 12:48:57 +0100 Subject: gentoo resync : 27.10.2018 --- net-firewall/iptables/Manifest | 3 + ...es-1.8.1-build_limit_without_libnftnl_fix.patch | 44 +++++++ net-firewall/iptables/iptables-1.8.1.ebuild | 128 +++++++++++++++++++++ 3 files changed, 175 insertions(+) create mode 100644 net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch create mode 100644 net-firewall/iptables/iptables-1.8.1.ebuild (limited to 'net-firewall/iptables') diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 4303bdf63169..a7c2a0307385 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -5,6 +5,7 @@ AUX iptables-1.4.21-configure.patch 1066 BLAKE2B 59bf725aeaae131b57e04b556957dd3 AUX iptables-1.4.21-static-connlabel-config.patch 2195 BLAKE2B 237c59c2fd3312efa26181f363c2ad4dfe19b0cb494f90048e50ff464ed8abbb8ec46d406df51b9f3ba75f717a045ebb4fa38cc0ca5741f5efbfc3322171e04f SHA512 d838773bf2db9f97548d2f7eaab0ce3205265a7ec8b274df479fcecb474ba09ed061abae50534c0379a1290479c2e94927595eca0f4570b27744ec165348b6b1 AUX iptables-1.8.0-fix-building-without-nft-backend.patch 1324 BLAKE2B 3393141e30d41250b7dc89c8e7c353bade835ce718156873f78d05036bae573a881d0a3c883a2437302498716613bc278c608f3ce9dfa57236467ab91b9a8203 SHA512 77382aedac7829654fa6af0537cb1e7fdffe5cc0609b8255b42de5eb077ac915b48db9e99e99b834ab3c2a3e96f38b36fd862fa27af522a82f719c8eca1bd839 AUX iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch 1792 BLAKE2B ab5e961f279e1fadcd5f892f869ec1a0f5499c54cc79c21b85e01ad6617753dc51ba001df36e5cb1d5074b062af664c80e751d0010d8dc5951e11d2c11542bdf SHA512 1722b4a49ec8c397df9de5a3748fd5b90053dcee2121b4fd40e0f9f2efe5b27dc09e0321ca6855cf6158bbe400372d119ed825bde7a0b4e6c597f7630ac83c93 +AUX iptables-1.8.1-build_limit_without_libnftnl_fix.patch 1499 BLAKE2B 01b8f257577b37749da8c7449e5a830373fc7556885be0e1fd8233b2105cde52e95e6393eaee3f2c7b0e335286b89d0b7b638a23921998375b333d8ccf8223df SHA512 a900d1544098f58326537684bd5de20df114402abacf1971c625431a0c03e988382a9b9f4860c761923c9bd54600424ae1a3769e16518a6c6e7ba1f61caf5ddd AUX iptables.init 2787 BLAKE2B 79c17ba2970d63791dd4d137536b3ccf0f9b6a637d0445049a6fac338ca4e2d1fad927038dfa7ad42a1eb321feac1dc834af09ce0baec554fc9767f199e10b6b SHA512 317c71bee98f5b1bbfd17ea961e5e268532c2320fc865b7876f7cc4e02a66b6a012fc336f8880045a83e101f161197c0a1d106220af6240407cebafbf38022db AUX systemd/ip6tables-restore.service 404 BLAKE2B 35cdf804e787aa5cc382cc638de523735ab47b878168c41d8eef85eb592e5bebd9319e75a10db28f0eba6618efae355c90f03ac0798239edeb80d01108e98a47 SHA512 34730df7464354bce11ca5bdceb5cf305e8ab7e2ded2c2689448379e74ff93252e7a83cfe05c2f3238f59a2ade69cd9c328291c28c43b6612bfb7b29fcb0feee AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a1a48c681b77b6e3e1b2fa6f2ada7204f23df0f0894218599e95c2ccea71024e86cda7c82b6ff5a55d016d04d71cb1487 SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 @@ -16,9 +17,11 @@ DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B e30f25581a118b91781dcc02761d4c8c420f DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8 DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0 DIST iptables-1.8.0.tar.bz2 677980 BLAKE2B ce874572d736087f46ea5a6e393cf9b32bf7328efda0fd9faee94dfa11428fc0e124d5ed81329484032ac4ebe89b2604b26dbb135e152c0e0f4c74d88db52d00 SHA512 5f3fe4c15f02e29a2e6ee2905a242f450f8a3b51553618e0cdc59301c35b8bb663e8f2ea70dfcaed8d4e53192c01519906b60ff649385c693e0602622742890f +DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B 671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd SHA512 96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11 EBUILD iptables-1.4.21-r1.ebuild 2442 BLAKE2B caa1b23d35ccb9a8e5631f932fe4a6816358782ea620d71ad1d64498df64b18015b3610f48b345a13caafaca51bb504d364ed4167804383c03d70439ca4154c2 SHA512 b0d5b1de2c24dbe4aa3eec29e3adefac12f72529fa850fbe5b956d1835fc5ea25ceed8172d8b5bc2d5c1bff63a609cae04c3da923c783ccdfeed126ef2bde831 EBUILD iptables-1.4.21-r5.ebuild 2975 BLAKE2B f9fdeaf8c242b1553b59586346e81735dae31100a435a9cf2d0817c69a8fb6a0652b76944f5261eca8b5c5be60f38db50fb22a3940573e493c3326ec068396e0 SHA512 dab27d6601b69dae4c0be6b48f0cbc7daf7b93066ad398d962f81ec625628d6d2ce9e0188810941364e1cbc7d9c6b4511f3ab832ee736d69d8b977f80d52657d EBUILD iptables-1.6.1-r3.ebuild 3252 BLAKE2B f563c16417790e7f44eae5f0492e39b76cbcf88173e29d4e7321aa9cedce927d8c0fd96a342e6c654ba99cae50a92373b935e68c8b057a3f3d01bf4a1f59dda4 SHA512 5d338acc6ac76f184086d244d23a7634af7b7001c4e9520125a284329636275aca456cb3a36f6801e94ef840d4625d5d4eb27aed57172bf2f49dd948e8801861 EBUILD iptables-1.6.2-r2.ebuild 3327 BLAKE2B c4d683d81f4d3be5efb9d043d63b8ee7b20f4b735cce0d7e31c85e159d2693568b83b28fe1e517ba658ee240dfd063b7810590cbf94029975992b0e5aeab479e SHA512 dc12b299d205f5404bd6486b36a933b611d567be45e00f8f02dd010036c701510824184a3d3d0d52798c89e5b57bfbe402e79bbfbeb50e4f0d26de1627b387d3 EBUILD iptables-1.8.0-r1.ebuild 3657 BLAKE2B 4ba94eef2bf4cf41b4d102932cec1e913f1b0296115e665feedc8f1f719b4185e3c79bc4482e201a8ef419227b56722f8c40737182ad82fb9265ffb0b9d7a7dc SHA512 0701b7c7400b189a14f74e9c56b446bb52e75f7a9b8d7522354254371af8fb1f24eadad0655d6d68b103287f6d6ccc1a1c38e8945a28092d3034363fba9b87b0 +EBUILD iptables-1.8.1.ebuild 3476 BLAKE2B 71c1fa76f2d33ff9b4286420c7d244c12361bf0f3d5c021622b076b2e2189af05505b2f5b41b79f689e4e496c30dc3f314a21e147c10c9eebf50aa286af18e52 SHA512 145b3ff05e4cb83920eee5c54459c82955f8eca60542d2434f97d8477a44a3c46efc92cec25987b865d2c9940220bc77799a2068f873f16a61533d672da71881 MISC metadata.xml 1465 BLAKE2B c60f98672fb6153499b700a436b26b63c0f271c8f8519a3391e486b761ba673c362a7dc5e23b86e3af887270596a1682ea993e643a08215f670f7e3804f095bd SHA512 26bf7e3008dfd705995b15eccaaaa8c79fd488be191570a874b76571a2f9d4648a7c19eb576399ca7bbe849336d7d193f5b6b58a3ff83f87f3c157c53333e987 diff --git a/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch new file mode 100644 index 000000000000..a0fca7efa93a --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch @@ -0,0 +1,44 @@ +From b2fc2a368562d55fadad94d995247bb8cd7e68a3 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Wed, 24 Oct 2018 12:00:11 +0200 +Subject: extensions: limit: unbreak build without libnftnl + +Lars Wendler reported 1.8.1 build failure when trying to build without nft backend: + + In file included from ../iptables/nft.h:5, from libxt_limit.c:18: libnftnl/rule.h: No such file or directory + +Reported-by: Lars Wendler +Fixes: 02b80972c43 ("ebtables: Merge libebt_limit.c into libxt_limit.c") +Signed-off-by: Florian Westphal +--- + extensions/libxt_limit.c | 1 - + iptables/nft-bridge.h | 1 + + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c +index c7b66295..1b324657 100644 +--- a/extensions/libxt_limit.c ++++ b/extensions/libxt_limit.c +@@ -15,7 +15,6 @@ + #include + #include + #include +-#include "iptables/nft.h" + #include "iptables/nft-bridge.h" + + #define XT_LIMIT_AVG "3/hour" +diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h +index 9d49ccbe..de52cd71 100644 +--- a/iptables/nft-bridge.h ++++ b/iptables/nft-bridge.h +@@ -68,6 +68,7 @@ int ebt_get_mac_and_mask(const char *from, unsigned char *to, unsigned char *mas + #define EBT_VERDICT_BITS 0x0000000F + + struct nftnl_rule; ++struct iptables_command_state; + + static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = { + "ACCEPT", +-- +cgit v1.2.1 + diff --git a/net-firewall/iptables/iptables-1.8.1.ebuild b/net-firewall/iptables/iptables-1.8.1.ebuild new file mode 100644 index 000000000000..3db0cde59048 --- /dev/null +++ b/net-firewall/iptables/iptables-1.8.1.ebuild @@ -0,0 +1,128 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit multilib systemd toolchain-funcs autotools flag-o-matic + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="https://www.netfilter.org/projects/iptables/" +SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +# Subslot tracks libxtables as that's the one other packages generally link +# against and iptables changes. Will have to revisit if other sonames change. +SLOT="0/12" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="conntrack ipv6 netlink nftables pcap static-libs" + +COMMON_DEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0:0= + >=net-libs/libnftnl-1.1.1:0= + ) + pcap? ( net-libs/libpcap ) +" +DEPEND="${COMMON_DEPEND} + virtual/os-headers + >=sys-kernel/linux-headers-4.4:0 + virtual/pkgconfig + nftables? ( + sys-devel/flex + virtual/yacc + ) +" +RDEPEND="${COMMON_DEPEND} + nftables? ( net-misc/ethertypes ) +" + +src_prepare() { + eapply "${FILESDIR}/${P}-build_limit_without_libnftnl_fix.patch" #669486 + + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + eapply_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ + configure || die + + local myeconfargs=( + --sbindir="${EPREFIX}/sbin" + --libexecdir="${EPREFIX}/$(get_libdir)" + --enable-devel + --enable-shared + $(use_enable nftables) + $(use_enable pcap bpf-compiler) + $(use_enable pcap nfsynproxy) + $(use_enable static-libs static) + $(use_enable ipv6) + ) + econf "${myeconfargs[@]}" +} + +src_compile() { + # Deal with parallel build errors. + use nftables && emake -C iptables xtables-config-parser.h + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + if use nftables; then + # Bug 647458 + rm "${ED%/}"/etc/ethertypes || die + + # Bug 660886 + rm "${ED%/}"/sbin/{arptables,ebtables} || die + fi + + systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service + fi + + # Move important libs to /lib #332175 + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + find "${ED}" -name "*.la" -delete || die +} -- cgit v1.2.3