1 |
commit: 72df47c7b128fc5e8b7019dee4632ddf9b20ed35 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Sep 23 02:12:39 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Sep 23 02:13:36 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72df47c7 |
7 |
|
8 |
net-firewall/iptables: drop 1.8.7-r2 |
9 |
|
10 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
11 |
|
12 |
net-firewall/iptables/Manifest | 1 - |
13 |
.../files/iptables-1.8.7-cache-double-free.patch | 61 ------- |
14 |
net-firewall/iptables/iptables-1.8.7-r2.ebuild | 176 --------------------- |
15 |
3 files changed, 238 deletions(-) |
16 |
|
17 |
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest |
18 |
index 76320a6fa208..44c1d5abb450 100644 |
19 |
--- a/net-firewall/iptables/Manifest |
20 |
+++ b/net-firewall/iptables/Manifest |
21 |
@@ -1,2 +1 @@ |
22 |
-DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 |
23 |
DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 |
24 |
|
25 |
diff --git a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch |
26 |
deleted file mode 100644 |
27 |
index fc88636d2944..000000000000 |
28 |
--- a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch |
29 |
+++ /dev/null |
30 |
@@ -1,61 +0,0 @@ |
31 |
-commit 4318961230bce82958df82b57f1796143bf2f421 |
32 |
-Author: Phil Sutter <phil@×××.cc> |
33 |
-Date: Tue Sep 21 11:39:45 2021 +0200 |
34 |
- |
35 |
- nft: cache: Avoid double free of unrecognized base-chains |
36 |
- |
37 |
- On error, nft_cache_add_chain() frees the allocated nft_chain object |
38 |
- along with the nftnl_chain it points at. Fix nftnl_chain_list_cb() to |
39 |
- not free the nftnl_chain again in that case. |
40 |
- |
41 |
- Fixes: 176c92c26bfc9 ("nft: Introduce a dedicated base chain array") |
42 |
- Signed-off-by: Phil Sutter <phil@×××.cc> |
43 |
- |
44 |
-diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c |
45 |
-index 2c88301c..9a03bbfb 100644 |
46 |
---- a/iptables/nft-cache.c |
47 |
-+++ b/iptables/nft-cache.c |
48 |
-@@ -314,9 +314,7 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data) |
49 |
- goto out; |
50 |
- } |
51 |
- |
52 |
-- if (nft_cache_add_chain(h, t, c)) |
53 |
-- goto out; |
54 |
-- |
55 |
-+ nft_cache_add_chain(h, t, c); |
56 |
- return MNL_CB_OK; |
57 |
- out: |
58 |
- nftnl_chain_free(c); |
59 |
-diff --git a/iptables/tests/shell/testcases/chain/0004extra-base_0 b/iptables/tests/shell/testcases/chain/0004extra-base_0 |
60 |
-new file mode 100755 |
61 |
-index 00000000..1b85b060 |
62 |
---- /dev/null |
63 |
-+++ b/iptables/tests/shell/testcases/chain/0004extra-base_0 |
64 |
-@@ -0,0 +1,27 @@ |
65 |
-+#!/bin/bash |
66 |
-+ |
67 |
-+case $XT_MULTI in |
68 |
-+*xtables-nft-multi) |
69 |
-+ ;; |
70 |
-+*) |
71 |
-+ echo skip $XT_MULTI |
72 |
-+ exit 0 |
73 |
-+ ;; |
74 |
-+esac |
75 |
-+ |
76 |
-+set -e |
77 |
-+ |
78 |
-+nft -f - <<EOF |
79 |
-+table ip filter { |
80 |
-+ chain INPUT { |
81 |
-+ type filter hook input priority filter |
82 |
-+ counter packets 218 bytes 91375 accept |
83 |
-+ } |
84 |
-+ |
85 |
-+ chain x { |
86 |
-+ type filter hook input priority filter |
87 |
-+ } |
88 |
-+} |
89 |
-+EOF |
90 |
-+ |
91 |
-+$XT_MULTI iptables -L |
92 |
|
93 |
diff --git a/net-firewall/iptables/iptables-1.8.7-r2.ebuild b/net-firewall/iptables/iptables-1.8.7-r2.ebuild |
94 |
deleted file mode 100644 |
95 |
index 42fd108f2606..000000000000 |
96 |
--- a/net-firewall/iptables/iptables-1.8.7-r2.ebuild |
97 |
+++ /dev/null |
98 |
@@ -1,176 +0,0 @@ |
99 |
-# Copyright 1999-2022 Gentoo Authors |
100 |
-# Distributed under the terms of the GNU General Public License v2 |
101 |
- |
102 |
-EAPI=7 |
103 |
- |
104 |
-inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript |
105 |
- |
106 |
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" |
107 |
-HOMEPAGE="https://www.netfilter.org/projects/iptables/" |
108 |
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" |
109 |
- |
110 |
-LICENSE="GPL-2" |
111 |
-# Subslot reflects PV when libxtables and/or libip*tc was changed |
112 |
-# the last time. |
113 |
-SLOT="0/1.8.3" |
114 |
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" |
115 |
-IUSE="conntrack netlink nftables pcap static-libs" |
116 |
- |
117 |
-BUILD_DEPEND=" |
118 |
- >=app-eselect/eselect-iptables-20220320 |
119 |
-" |
120 |
-COMMON_DEPEND=" |
121 |
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) |
122 |
- netlink? ( net-libs/libnfnetlink ) |
123 |
- nftables? ( |
124 |
- >=net-libs/libmnl-1.0:0= |
125 |
- >=net-libs/libnftnl-1.1.6:0= |
126 |
- ) |
127 |
- pcap? ( net-libs/libpcap ) |
128 |
-" |
129 |
-DEPEND="${COMMON_DEPEND} |
130 |
- virtual/os-headers |
131 |
- >=sys-kernel/linux-headers-4.4:0 |
132 |
-" |
133 |
-BDEPEND="${BUILD_DEPEND} |
134 |
- virtual/pkgconfig |
135 |
- nftables? ( |
136 |
- sys-devel/flex |
137 |
- virtual/yacc |
138 |
- ) |
139 |
-" |
140 |
-RDEPEND="${COMMON_DEPEND} |
141 |
- ${BUILD_DEPEND} |
142 |
- nftables? ( net-misc/ethertypes ) |
143 |
- !<net-firewall/ebtables-2.0.11-r1 |
144 |
- !<net-firewall/arptables-0.0.5-r1 |
145 |
-" |
146 |
- |
147 |
-PATCHES=( |
148 |
- "${FILESDIR}/iptables-1.8.4-no-symlinks.patch" |
149 |
- "${FILESDIR}/iptables-1.8.2-link.patch" |
150 |
- # https://bugs.gentoo.org/831626 |
151 |
- "${FILESDIR}/iptables-1.8.7-cache-double-free.patch" |
152 |
-) |
153 |
- |
154 |
-src_prepare() { |
155 |
- # use the saner headers from the kernel |
156 |
- rm include/linux/{kernel,types}.h || die |
157 |
- |
158 |
- default |
159 |
- eautoreconf |
160 |
-} |
161 |
- |
162 |
-src_configure() { |
163 |
- # Some libs use $(AR) rather than libtool to build #444282 |
164 |
- tc-export AR |
165 |
- |
166 |
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388 |
167 |
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct |
168 |
- |
169 |
- sed -i \ |
170 |
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ |
171 |
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ |
172 |
- configure || die |
173 |
- |
174 |
- local myeconfargs=( |
175 |
- --sbindir="${EPREFIX}/sbin" |
176 |
- --libexecdir="${EPREFIX}/$(get_libdir)" |
177 |
- --enable-devel |
178 |
- --enable-ipv6 |
179 |
- --enable-shared |
180 |
- $(use_enable nftables) |
181 |
- $(use_enable pcap bpf-compiler) |
182 |
- $(use_enable pcap nfsynproxy) |
183 |
- $(use_enable static-libs static) |
184 |
- ) |
185 |
- econf "${myeconfargs[@]}" |
186 |
-} |
187 |
- |
188 |
-src_compile() { |
189 |
- emake V=1 |
190 |
-} |
191 |
- |
192 |
-src_install() { |
193 |
- default |
194 |
- dodoc INCOMPATIBILITIES iptables/iptables.xslt |
195 |
- |
196 |
- # all the iptables binaries are in /sbin, so might as well |
197 |
- # put these small files in with them |
198 |
- into / |
199 |
- dosbin iptables/iptables-apply |
200 |
- dosym iptables-apply /sbin/ip6tables-apply |
201 |
- doman iptables/iptables-apply.8 |
202 |
- |
203 |
- insinto /usr/include |
204 |
- doins include/ip{,6}tables.h |
205 |
- insinto /usr/include/iptables |
206 |
- doins include/iptables/internal.h |
207 |
- |
208 |
- keepdir /var/lib/ip{,6}tables |
209 |
- newinitd "${FILESDIR}"/${PN}-r2.init iptables |
210 |
- newconfd "${FILESDIR}"/${PN}-r1.confd iptables |
211 |
- dosym iptables /etc/init.d/ip6tables |
212 |
- newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables |
213 |
- |
214 |
- if use nftables; then |
215 |
- # Bug 647458 |
216 |
- rm "${ED}"/etc/ethertypes || die |
217 |
- |
218 |
- # Bugs 660886 and 669894 |
219 |
- rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die |
220 |
- fi |
221 |
- |
222 |
- systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service |
223 |
- |
224 |
- # Move important libs to /lib #332175 |
225 |
- gen_usr_ldscript -a ip{4,6}tc xtables |
226 |
- |
227 |
- find "${ED}" -type f -name "*.la" -delete || die |
228 |
-} |
229 |
- |
230 |
-pkg_postinst() { |
231 |
- local default_iptables="xtables-legacy-multi" |
232 |
- if ! eselect iptables show &>/dev/null; then |
233 |
- elog "Current iptables implementation is unset, setting to ${default_iptables}" |
234 |
- eselect iptables set "${default_iptables}" |
235 |
- fi |
236 |
- |
237 |
- if use nftables; then |
238 |
- local tables |
239 |
- for tables in {arp,eb}tables; do |
240 |
- if ! eselect ${tables} show &>/dev/null; then |
241 |
- elog "Current ${tables} implementation is unset, setting to ${default_iptables}" |
242 |
- eselect ${tables} set xtables-nft-multi |
243 |
- fi |
244 |
- done |
245 |
- fi |
246 |
- |
247 |
- eselect iptables show |
248 |
-} |
249 |
- |
250 |
-pkg_prerm() { |
251 |
- if [[ -z ${REPLACED_BY_VERSION} ]]; then |
252 |
- elog "Unsetting iptables symlinks before removal" |
253 |
- eselect iptables unset |
254 |
- fi |
255 |
- |
256 |
- if ! has_version 'net-firewall/ebtables'; then |
257 |
- elog "Unsetting ebtables symlinks before removal" |
258 |
- eselect ebtables unset |
259 |
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then |
260 |
- elog "Resetting ebtables symlinks to ebtables-legacy" |
261 |
- eselect ebtables set ebtables-legacy |
262 |
- fi |
263 |
- |
264 |
- if ! has_version 'net-firewall/arptables'; then |
265 |
- elog "Unsetting arptables symlinks before removal" |
266 |
- eselect arptables unset |
267 |
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then |
268 |
- elog "Resetting arptables symlinks to arptables-legacy" |
269 |
- eselect arptables set arptables-legacy |
270 |
- fi |
271 |
- |
272 |
- # the eselect module failing should not be fatal |
273 |
- return 0 |
274 |
-} |