Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sam James <sam@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
Date: Fri, 23 Sep 2022 02:15:01
Message-Id: 1663899216.72df47c7b128fc5e8b7019dee4632ddf9b20ed35.sam@gentoo
1 commit: 72df47c7b128fc5e8b7019dee4632ddf9b20ed35
2 Author: Sam James <sam <AT> gentoo <DOT> org>
3 AuthorDate: Fri Sep 23 02:12:39 2022 +0000
4 Commit: Sam James <sam <AT> gentoo <DOT> org>
5 CommitDate: Fri Sep 23 02:13:36 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72df47c7
7
8 net-firewall/iptables: drop 1.8.7-r2
9
10 Signed-off-by: Sam James <sam <AT> gentoo.org>
11
12 net-firewall/iptables/Manifest | 1 -
13 .../files/iptables-1.8.7-cache-double-free.patch | 61 -------
14 net-firewall/iptables/iptables-1.8.7-r2.ebuild | 176 ---------------------
15 3 files changed, 238 deletions(-)
16
17 diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
18 index 76320a6fa208..44c1d5abb450 100644
19 --- a/net-firewall/iptables/Manifest
20 +++ b/net-firewall/iptables/Manifest
21 @@ -1,2 +1 @@
22 -DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
23 DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
24
25 diff --git a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
26 deleted file mode 100644
27 index fc88636d2944..000000000000
28 --- a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
29 +++ /dev/null
30 @@ -1,61 +0,0 @@
31 -commit 4318961230bce82958df82b57f1796143bf2f421
32 -Author: Phil Sutter <phil@×××.cc>
33 -Date: Tue Sep 21 11:39:45 2021 +0200
34 -
35 - nft: cache: Avoid double free of unrecognized base-chains
36 -
37 - On error, nft_cache_add_chain() frees the allocated nft_chain object
38 - along with the nftnl_chain it points at. Fix nftnl_chain_list_cb() to
39 - not free the nftnl_chain again in that case.
40 -
41 - Fixes: 176c92c26bfc9 ("nft: Introduce a dedicated base chain array")
42 - Signed-off-by: Phil Sutter <phil@×××.cc>
43 -
44 -diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
45 -index 2c88301c..9a03bbfb 100644
46 ---- a/iptables/nft-cache.c
47 -+++ b/iptables/nft-cache.c
48 -@@ -314,9 +314,7 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
49 - goto out;
50 - }
51 -
52 -- if (nft_cache_add_chain(h, t, c))
53 -- goto out;
54 --
55 -+ nft_cache_add_chain(h, t, c);
56 - return MNL_CB_OK;
57 - out:
58 - nftnl_chain_free(c);
59 -diff --git a/iptables/tests/shell/testcases/chain/0004extra-base_0 b/iptables/tests/shell/testcases/chain/0004extra-base_0
60 -new file mode 100755
61 -index 00000000..1b85b060
62 ---- /dev/null
63 -+++ b/iptables/tests/shell/testcases/chain/0004extra-base_0
64 -@@ -0,0 +1,27 @@
65 -+#!/bin/bash
66 -+
67 -+case $XT_MULTI in
68 -+*xtables-nft-multi)
69 -+ ;;
70 -+*)
71 -+ echo skip $XT_MULTI
72 -+ exit 0
73 -+ ;;
74 -+esac
75 -+
76 -+set -e
77 -+
78 -+nft -f - <<EOF
79 -+table ip filter {
80 -+ chain INPUT {
81 -+ type filter hook input priority filter
82 -+ counter packets 218 bytes 91375 accept
83 -+ }
84 -+
85 -+ chain x {
86 -+ type filter hook input priority filter
87 -+ }
88 -+}
89 -+EOF
90 -+
91 -+$XT_MULTI iptables -L
92
93 diff --git a/net-firewall/iptables/iptables-1.8.7-r2.ebuild b/net-firewall/iptables/iptables-1.8.7-r2.ebuild
94 deleted file mode 100644
95 index 42fd108f2606..000000000000
96 --- a/net-firewall/iptables/iptables-1.8.7-r2.ebuild
97 +++ /dev/null
98 @@ -1,176 +0,0 @@
99 -# Copyright 1999-2022 Gentoo Authors
100 -# Distributed under the terms of the GNU General Public License v2
101 -
102 -EAPI=7
103 -
104 -inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
105 -
106 -DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
107 -HOMEPAGE="https://www.netfilter.org/projects/iptables/"
108 -SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
109 -
110 -LICENSE="GPL-2"
111 -# Subslot reflects PV when libxtables and/or libip*tc was changed
112 -# the last time.
113 -SLOT="0/1.8.3"
114 -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
115 -IUSE="conntrack netlink nftables pcap static-libs"
116 -
117 -BUILD_DEPEND="
118 - >=app-eselect/eselect-iptables-20220320
119 -"
120 -COMMON_DEPEND="
121 - conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
122 - netlink? ( net-libs/libnfnetlink )
123 - nftables? (
124 - >=net-libs/libmnl-1.0:0=
125 - >=net-libs/libnftnl-1.1.6:0=
126 - )
127 - pcap? ( net-libs/libpcap )
128 -"
129 -DEPEND="${COMMON_DEPEND}
130 - virtual/os-headers
131 - >=sys-kernel/linux-headers-4.4:0
132 -"
133 -BDEPEND="${BUILD_DEPEND}
134 - virtual/pkgconfig
135 - nftables? (
136 - sys-devel/flex
137 - virtual/yacc
138 - )
139 -"
140 -RDEPEND="${COMMON_DEPEND}
141 - ${BUILD_DEPEND}
142 - nftables? ( net-misc/ethertypes )
143 - !<net-firewall/ebtables-2.0.11-r1
144 - !<net-firewall/arptables-0.0.5-r1
145 -"
146 -
147 -PATCHES=(
148 - "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
149 - "${FILESDIR}/iptables-1.8.2-link.patch"
150 - # https://bugs.gentoo.org/831626
151 - "${FILESDIR}/iptables-1.8.7-cache-double-free.patch"
152 -)
153 -
154 -src_prepare() {
155 - # use the saner headers from the kernel
156 - rm include/linux/{kernel,types}.h || die
157 -
158 - default
159 - eautoreconf
160 -}
161 -
162 -src_configure() {
163 - # Some libs use $(AR) rather than libtool to build #444282
164 - tc-export AR
165 -
166 - # Hack around struct mismatches between userland & kernel for some ABIs. #472388
167 - use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
168 -
169 - sed -i \
170 - -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
171 - -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
172 - configure || die
173 -
174 - local myeconfargs=(
175 - --sbindir="${EPREFIX}/sbin"
176 - --libexecdir="${EPREFIX}/$(get_libdir)"
177 - --enable-devel
178 - --enable-ipv6
179 - --enable-shared
180 - $(use_enable nftables)
181 - $(use_enable pcap bpf-compiler)
182 - $(use_enable pcap nfsynproxy)
183 - $(use_enable static-libs static)
184 - )
185 - econf "${myeconfargs[@]}"
186 -}
187 -
188 -src_compile() {
189 - emake V=1
190 -}
191 -
192 -src_install() {
193 - default
194 - dodoc INCOMPATIBILITIES iptables/iptables.xslt
195 -
196 - # all the iptables binaries are in /sbin, so might as well
197 - # put these small files in with them
198 - into /
199 - dosbin iptables/iptables-apply
200 - dosym iptables-apply /sbin/ip6tables-apply
201 - doman iptables/iptables-apply.8
202 -
203 - insinto /usr/include
204 - doins include/ip{,6}tables.h
205 - insinto /usr/include/iptables
206 - doins include/iptables/internal.h
207 -
208 - keepdir /var/lib/ip{,6}tables
209 - newinitd "${FILESDIR}"/${PN}-r2.init iptables
210 - newconfd "${FILESDIR}"/${PN}-r1.confd iptables
211 - dosym iptables /etc/init.d/ip6tables
212 - newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
213 -
214 - if use nftables; then
215 - # Bug 647458
216 - rm "${ED}"/etc/ethertypes || die
217 -
218 - # Bugs 660886 and 669894
219 - rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
220 - fi
221 -
222 - systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
223 -
224 - # Move important libs to /lib #332175
225 - gen_usr_ldscript -a ip{4,6}tc xtables
226 -
227 - find "${ED}" -type f -name "*.la" -delete || die
228 -}
229 -
230 -pkg_postinst() {
231 - local default_iptables="xtables-legacy-multi"
232 - if ! eselect iptables show &>/dev/null; then
233 - elog "Current iptables implementation is unset, setting to ${default_iptables}"
234 - eselect iptables set "${default_iptables}"
235 - fi
236 -
237 - if use nftables; then
238 - local tables
239 - for tables in {arp,eb}tables; do
240 - if ! eselect ${tables} show &>/dev/null; then
241 - elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
242 - eselect ${tables} set xtables-nft-multi
243 - fi
244 - done
245 - fi
246 -
247 - eselect iptables show
248 -}
249 -
250 -pkg_prerm() {
251 - if [[ -z ${REPLACED_BY_VERSION} ]]; then
252 - elog "Unsetting iptables symlinks before removal"
253 - eselect iptables unset
254 - fi
255 -
256 - if ! has_version 'net-firewall/ebtables'; then
257 - elog "Unsetting ebtables symlinks before removal"
258 - eselect ebtables unset
259 - elif [[ -z ${REPLACED_BY_VERSION} ]]; then
260 - elog "Resetting ebtables symlinks to ebtables-legacy"
261 - eselect ebtables set ebtables-legacy
262 - fi
263 -
264 - if ! has_version 'net-firewall/arptables'; then
265 - elog "Unsetting arptables symlinks before removal"
266 - eselect arptables unset
267 - elif [[ -z ${REPLACED_BY_VERSION} ]]; then
268 - elog "Resetting arptables symlinks to arptables-legacy"
269 - eselect arptables set arptables-legacy
270 - fi
271 -
272 - # the eselect module failing should not be fatal
273 - return 0
274 -}
Report Message
Find on MARC Find on Google Groups