| 1 |
commit: 9b5cb98661907b8e44b7c5b61fc9f7d7c4fc7703 |
| 2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat May 14 03:46:57 2022 +0000 |
| 4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat May 14 21:22:22 2022 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b5cb986 |
| 7 |
|
| 8 |
net-firewall/iptables: add 1.8.8 |
| 9 |
|
| 10 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
| 11 |
|
| 12 |
net-firewall/iptables/Manifest | 1 + |
| 13 |
.../files/iptables-1.8.8-format-security.patch | 21 +++ |
| 14 |
net-firewall/iptables/iptables-1.8.8.ebuild | 176 +++++++++++++++++++++ |
| 15 |
3 files changed, 198 insertions(+) |
| 16 |
|
| 17 |
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest |
| 18 |
index 20be9ec24c2d..76320a6fa208 100644 |
| 19 |
--- a/net-firewall/iptables/Manifest |
| 20 |
+++ b/net-firewall/iptables/Manifest |
| 21 |
@@ -1 +1,2 @@ |
| 22 |
DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 |
| 23 |
+DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 |
| 24 |
|
| 25 |
diff --git a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch |
| 26 |
new file mode 100644 |
| 27 |
index 000000000000..fafc435379b5 |
| 28 |
--- /dev/null |
| 29 |
+++ b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch |
| 30 |
@@ -0,0 +1,21 @@ |
| 31 |
+https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a |
| 32 |
+ |
| 33 |
+From: Phil Sutter <phil@×××.cc> |
| 34 |
+Date: Fri, 13 May 2022 16:51:58 +0200 |
| 35 |
+Subject: xshared: Fix build for -Werror=format-security |
| 36 |
+ |
| 37 |
+Gcc complains about the omitted format string. |
| 38 |
+ |
| 39 |
+Signed-off-by: Phil Sutter <phil@×××.cc> |
| 40 |
+--- a/iptables/xshared.c |
| 41 |
++++ b/iptables/xshared.c |
| 42 |
+@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg) |
| 43 |
+ return; |
| 44 |
+ |
| 45 |
+ if (args->family != NFPROTO_ARP) |
| 46 |
+- xtables_error(PARAMETER_PROBLEM, msg); |
| 47 |
++ xtables_error(PARAMETER_PROBLEM, "%s", msg); |
| 48 |
+ |
| 49 |
+ fprintf(stderr, "%s", msg); |
| 50 |
+ } |
| 51 |
+cgit v1.2.3 |
| 52 |
|
| 53 |
diff --git a/net-firewall/iptables/iptables-1.8.8.ebuild b/net-firewall/iptables/iptables-1.8.8.ebuild |
| 54 |
new file mode 100644 |
| 55 |
index 000000000000..e65230759e5f |
| 56 |
--- /dev/null |
| 57 |
+++ b/net-firewall/iptables/iptables-1.8.8.ebuild |
| 58 |
@@ -0,0 +1,176 @@ |
| 59 |
+# Copyright 1999-2022 Gentoo Authors |
| 60 |
+# Distributed under the terms of the GNU General Public License v2 |
| 61 |
+ |
| 62 |
+EAPI=7 |
| 63 |
+ |
| 64 |
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript |
| 65 |
+ |
| 66 |
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" |
| 67 |
+HOMEPAGE="https://www.netfilter.org/projects/iptables/" |
| 68 |
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" |
| 69 |
+ |
| 70 |
+LICENSE="GPL-2" |
| 71 |
+# Subslot reflects PV when libxtables and/or libip*tc was changed |
| 72 |
+# the last time. |
| 73 |
+SLOT="0/1.8.3" |
| 74 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" |
| 75 |
+IUSE="conntrack netlink nftables pcap static-libs" |
| 76 |
+ |
| 77 |
+BUILD_DEPEND=" |
| 78 |
+ >=app-eselect/eselect-iptables-20220320 |
| 79 |
+" |
| 80 |
+COMMON_DEPEND=" |
| 81 |
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) |
| 82 |
+ netlink? ( net-libs/libnfnetlink ) |
| 83 |
+ nftables? ( |
| 84 |
+ >=net-libs/libmnl-1.0:0= |
| 85 |
+ >=net-libs/libnftnl-1.1.6:0= |
| 86 |
+ ) |
| 87 |
+ pcap? ( net-libs/libpcap ) |
| 88 |
+" |
| 89 |
+DEPEND="${COMMON_DEPEND} |
| 90 |
+ virtual/os-headers |
| 91 |
+ >=sys-kernel/linux-headers-4.4:0 |
| 92 |
+" |
| 93 |
+BDEPEND="${BUILD_DEPEND} |
| 94 |
+ virtual/pkgconfig |
| 95 |
+ nftables? ( |
| 96 |
+ sys-devel/flex |
| 97 |
+ virtual/yacc |
| 98 |
+ ) |
| 99 |
+" |
| 100 |
+RDEPEND="${COMMON_DEPEND} |
| 101 |
+ ${BUILD_DEPEND} |
| 102 |
+ nftables? ( net-misc/ethertypes ) |
| 103 |
+ !<net-firewall/ebtables-2.0.11-r1 |
| 104 |
+ !<net-firewall/arptables-0.0.5-r1 |
| 105 |
+" |
| 106 |
+ |
| 107 |
+PATCHES=( |
| 108 |
+ "${FILESDIR}/iptables-1.8.4-no-symlinks.patch" |
| 109 |
+ "${FILESDIR}/iptables-1.8.2-link.patch" |
| 110 |
+ |
| 111 |
+ "${FILESDIR}/${P}-format-security.patch" |
| 112 |
+) |
| 113 |
+ |
| 114 |
+src_prepare() { |
| 115 |
+ # use the saner headers from the kernel |
| 116 |
+ rm include/linux/{kernel,types}.h || die |
| 117 |
+ |
| 118 |
+ default |
| 119 |
+ eautoreconf |
| 120 |
+} |
| 121 |
+ |
| 122 |
+src_configure() { |
| 123 |
+ # Some libs use $(AR) rather than libtool to build #444282 |
| 124 |
+ tc-export AR |
| 125 |
+ |
| 126 |
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388 |
| 127 |
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct |
| 128 |
+ |
| 129 |
+ sed -i \ |
| 130 |
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ |
| 131 |
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ |
| 132 |
+ configure || die |
| 133 |
+ |
| 134 |
+ local myeconfargs=( |
| 135 |
+ --sbindir="${EPREFIX}/sbin" |
| 136 |
+ --libexecdir="${EPREFIX}/$(get_libdir)" |
| 137 |
+ --enable-devel |
| 138 |
+ --enable-ipv6 |
| 139 |
+ --enable-shared |
| 140 |
+ $(use_enable nftables) |
| 141 |
+ $(use_enable pcap bpf-compiler) |
| 142 |
+ $(use_enable pcap nfsynproxy) |
| 143 |
+ $(use_enable static-libs static) |
| 144 |
+ ) |
| 145 |
+ econf "${myeconfargs[@]}" |
| 146 |
+} |
| 147 |
+ |
| 148 |
+src_compile() { |
| 149 |
+ emake V=1 |
| 150 |
+} |
| 151 |
+ |
| 152 |
+src_install() { |
| 153 |
+ default |
| 154 |
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt |
| 155 |
+ |
| 156 |
+ # all the iptables binaries are in /sbin, so might as well |
| 157 |
+ # put these small files in with them |
| 158 |
+ into / |
| 159 |
+ dosbin iptables/iptables-apply |
| 160 |
+ dosym iptables-apply /sbin/ip6tables-apply |
| 161 |
+ doman iptables/iptables-apply.8 |
| 162 |
+ |
| 163 |
+ insinto /usr/include |
| 164 |
+ doins include/ip{,6}tables.h |
| 165 |
+ insinto /usr/include/iptables |
| 166 |
+ doins include/iptables/internal.h |
| 167 |
+ |
| 168 |
+ keepdir /var/lib/ip{,6}tables |
| 169 |
+ newinitd "${FILESDIR}"/${PN}-r2.init iptables |
| 170 |
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables |
| 171 |
+ dosym iptables /etc/init.d/ip6tables |
| 172 |
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables |
| 173 |
+ |
| 174 |
+ if use nftables; then |
| 175 |
+ # Bug 647458 |
| 176 |
+ rm "${ED}"/etc/ethertypes || die |
| 177 |
+ |
| 178 |
+ # Bugs 660886 and 669894 |
| 179 |
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die |
| 180 |
+ fi |
| 181 |
+ |
| 182 |
+ systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service |
| 183 |
+ |
| 184 |
+ # Move important libs to /lib #332175 |
| 185 |
+ gen_usr_ldscript -a ip{4,6}tc xtables |
| 186 |
+ |
| 187 |
+ find "${ED}" -type f -name "*.la" -delete || die |
| 188 |
+} |
| 189 |
+ |
| 190 |
+pkg_postinst() { |
| 191 |
+ local default_iptables="xtables-legacy-multi" |
| 192 |
+ if ! eselect iptables show &>/dev/null; then |
| 193 |
+ elog "Current iptables implementation is unset, setting to ${default_iptables}" |
| 194 |
+ eselect iptables set "${default_iptables}" |
| 195 |
+ fi |
| 196 |
+ |
| 197 |
+ if use nftables; then |
| 198 |
+ local tables |
| 199 |
+ for tables in {arp,eb}tables; do |
| 200 |
+ if ! eselect ${tables} show &>/dev/null; then |
| 201 |
+ elog "Current ${tables} implementation is unset, setting to ${default_iptables}" |
| 202 |
+ eselect ${tables} set xtables-nft-multi |
| 203 |
+ fi |
| 204 |
+ done |
| 205 |
+ fi |
| 206 |
+ |
| 207 |
+ eselect iptables show |
| 208 |
+} |
| 209 |
+ |
| 210 |
+pkg_prerm() { |
| 211 |
+ if [[ -z ${REPLACED_BY_VERSION} ]]; then |
| 212 |
+ elog "Unsetting iptables symlinks before removal" |
| 213 |
+ eselect iptables unset |
| 214 |
+ fi |
| 215 |
+ |
| 216 |
+ if ! has_version 'net-firewall/ebtables'; then |
| 217 |
+ elog "Unsetting ebtables symlinks before removal" |
| 218 |
+ eselect ebtables unset |
| 219 |
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then |
| 220 |
+ elog "Resetting ebtables symlinks to ebtables-legacy" |
| 221 |
+ eselect ebtables set ebtables-legacy |
| 222 |
+ fi |
| 223 |
+ |
| 224 |
+ if ! has_version 'net-firewall/arptables'; then |
| 225 |
+ elog "Unsetting arptables symlinks before removal" |
| 226 |
+ eselect arptables unset |
| 227 |
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then |
| 228 |
+ elog "Resetting arptables symlinks to arptables-legacy" |
| 229 |
+ eselect arptables set arptables-legacy |
| 230 |
+ fi |
| 231 |
+ |
| 232 |
+ # the eselect module failing should not be fatal |
| 233 |
+ return 0 |
| 234 |
+} |
Archives