1 |
pva 07/12/24 09:43:38 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: iptables-1.3.8-r3.ebuild |
5 |
Log: |
6 |
Update for l7-filter patch to version 2.17, bug 195671, reported by <cilly AT cilly.mine.nu>. |
7 |
(Portage version: 2.1.3.19) |
8 |
|
9 |
Revision Changes Path |
10 |
1.153 net-firewall/iptables/ChangeLog |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.153&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?rev=1.153&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/ChangeLog?r1=1.152&r2=1.153 |
15 |
|
16 |
Index: ChangeLog |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v |
19 |
retrieving revision 1.152 |
20 |
retrieving revision 1.153 |
21 |
diff -u -r1.152 -r1.153 |
22 |
--- ChangeLog 17 Dec 2007 10:59:45 -0000 1.152 |
23 |
+++ ChangeLog 24 Dec 2007 09:43:38 -0000 1.153 |
24 |
@@ -1,6 +1,12 @@ |
25 |
# ChangeLog for net-firewall/iptables |
26 |
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 |
27 |
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.152 2007/12/17 10:59:45 armin76 Exp $ |
28 |
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.153 2007/12/24 09:43:38 pva Exp $ |
29 |
+ |
30 |
+*iptables-1.3.8-r3 (24 Dec 2007) |
31 |
+ |
32 |
+ 24 Dec 2007; <pva@g.o> +iptables-1.3.8-r3.ebuild: |
33 |
+ Update for l7-filter patch to version 2.17, bug 195671, reported by <cilly |
34 |
+ AT cilly.mine.nu>. |
35 |
|
36 |
17 Dec 2007; Raúl Porcel <armin76@g.o> iptables-1.3.8-r2.ebuild: |
37 |
alpha/ia64/sparc stable wrt #201909 |
38 |
|
39 |
|
40 |
|
41 |
1.1 net-firewall/iptables/iptables-1.3.8-r3.ebuild |
42 |
|
43 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r3.ebuild?rev=1.1&view=markup |
44 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r3.ebuild?rev=1.1&content-type=text/plain |
45 |
|
46 |
Index: iptables-1.3.8-r3.ebuild |
47 |
=================================================================== |
48 |
# Copyright 1999-2007 Gentoo Foundation |
49 |
# Distributed under the terms of the GNU General Public License v2 |
50 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r3.ebuild,v 1.1 2007/12/24 09:43:38 pva Exp $ |
51 |
|
52 |
inherit eutils flag-o-matic toolchain-funcs linux-info |
53 |
|
54 |
L7_PV=2.17 |
55 |
L7_P=netfilter-layer7-v${L7_PV} |
56 |
IMQ_PATCH=iptables-1.3.6-imq.diff |
57 |
|
58 |
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" |
59 |
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/" |
60 |
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2 |
61 |
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} ) |
62 |
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )" |
63 |
|
64 |
LICENSE="GPL-2" |
65 |
SLOT="0" |
66 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
67 |
IUSE="extensions imq ipv6 l7filter static" |
68 |
|
69 |
DEPEND="virtual/os-headers |
70 |
l7filter? ( virtual/linux-sources ) |
71 |
imq? ( virtual/linux-sources )" |
72 |
RDEPEND="" |
73 |
|
74 |
pkg_setup() { |
75 |
if use l7filter || use imq || use extensions ; then |
76 |
ewarn "WARNING: 3rd party extensions has been enabled." |
77 |
ewarn "This means that iptables will use your currently installed" |
78 |
ewarn "kernel in ${KERNEL_DIR} as headers for iptables." |
79 |
ewarn |
80 |
if use extensions ; then |
81 |
ewarn "You may have to patch your kernel to allow iptables to build." |
82 |
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches" |
83 |
ewarn "for your kernel." |
84 |
ewarn |
85 |
fi |
86 |
linux-info_pkg_setup |
87 |
fi |
88 |
|
89 |
if kernel_is ge 2 6 20 |
90 |
then |
91 |
L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c |
92 |
else |
93 |
L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c |
94 |
fi |
95 |
if use l7filter && \ |
96 |
[ ! -f "${L7FILE}" ]; then |
97 |
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" |
98 |
fi |
99 |
if use imq && \ |
100 |
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then |
101 |
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel" |
102 |
fi |
103 |
} |
104 |
|
105 |
src_unpack() { |
106 |
unpack ${P}.tar.bz2 |
107 |
if use l7filter |
108 |
then |
109 |
unpack ${L7_P}.tar.gz |
110 |
fi |
111 |
cd "${S}" |
112 |
|
113 |
epatch "${FILESDIR}"/${PN}-1.3.7-sparc64.patch #166201 |
114 |
epatch "${FILESDIR}"/${PN}-1.3.7-kernel-dir.patch #172209 |
115 |
|
116 |
EPATCH_OPTS="-p0" \ |
117 |
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch |
118 |
EPATCH_OPTS="-p1" \ |
119 |
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1 |
120 |
|
121 |
# this provide's grsec's stealth match |
122 |
EPATCH_OPTS="-p0" \ |
123 |
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 |
124 |
sed -i \ |
125 |
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \ |
126 |
extensions/Makefile || die "failed to enable stealth extension" |
127 |
|
128 |
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches |
129 |
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do |
130 |
EPATCH_SOURCE=${base}/${CTARGET}/${check} |
131 |
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check} |
132 |
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check} |
133 |
if [[ -d ${EPATCH_SOURCE} ]] ; then |
134 |
EPATCH_SUFFIX="patch" |
135 |
EPATCH_FORCE="yes" \ |
136 |
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \ |
137 |
epatch |
138 |
break |
139 |
fi |
140 |
done |
141 |
|
142 |
if use imq ; then |
143 |
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH} |
144 |
for OA in extensions/.IMQ-test extensions/.IMQ-test6 ; do |
145 |
mv ${OA} ${OA}.orig |
146 |
tr '\015' '\012' < ${OA}.orig > ${OA} |
147 |
rm ${OA}.orig |
148 |
done |
149 |
chmod +x extensions/.IMQ-test* |
150 |
fi |
151 |
if use l7filter ; then |
152 |
#yes choosing 2.6.20 was deliberate - upstream mistake possibly |
153 |
if kernel_is ge 2 6 20 |
154 |
then |
155 |
L7_PATCH=iptables-1.3-for-kernel-2.6.20forward-layer7-${L7_PV}.patch |
156 |
else |
157 |
L7_PATCH=iptables-1.3-for-kernel-pre2.6.20-layer7-${L7_PV}.patch |
158 |
fi |
159 |
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH} |
160 |
chmod +x extensions/.layer7-test* |
161 |
fi |
162 |
|
163 |
# the net directory is moving around so account for new/old locations |
164 |
cd "${S}"/extensions |
165 |
local x |
166 |
for x in .*-test* ; do |
167 |
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x} |
168 |
if cmp ${x} .new-${x} > /dev/null ; then |
169 |
rm -f .new-${x} |
170 |
else |
171 |
chmod a+rx .new-${x} |
172 |
fi |
173 |
done |
174 |
} |
175 |
|
176 |
src_defs() { |
177 |
# these are used in both of src_compile and src_install |
178 |
myconf="" |
179 |
myconf="${myconf} PREFIX=" |
180 |
myconf="${myconf} LIBDIR=/$(get_libdir)" |
181 |
myconf="${myconf} BINDIR=/sbin" |
182 |
myconf="${myconf} MANDIR=/usr/share/man" |
183 |
myconf="${myconf} INCDIR=/usr/include" |
184 |
# iptables and libraries are now installed to /sbin and /lib, so that |
185 |
# systems with remote network-mounted /usr filesystems can get their |
186 |
# network interfaces up and running correctly without /usr. |
187 |
use ipv6 || myconf="${myconf} DO_IPV6=0" |
188 |
use static && myconf="${myconf} NO_SHARED_LIBS=0" |
189 |
export myconf |
190 |
if ! use l7filter && ! use imq && ! use extensions ; then |
191 |
export KERNEL_DIR=$( |
192 |
# ugh -- iptables has scripts which check for the existence of |
193 |
# files so we need to give it the right path to our toolchains |
194 |
# include dir where the linux headers are. |
195 |
# FYI IPTABLES: YOU FAIL |
196 |
echo '#include <linux/limits.h>' | $(tc-getCPP) - | grep -o '/[^"]*linux/limits.h' | sed s:/include/linux/limits.h:: |
197 |
) |
198 |
diemsg="failure" |
199 |
else |
200 |
diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added" |
201 |
fi |
202 |
export diemsg |
203 |
} |
204 |
|
205 |
src_compile() { |
206 |
src_defs |
207 |
|
208 |
# iptables will NOT work correctly unless -O[123] are present! |
209 |
replace-flags -O0 -O2 |
210 |
get-flag -O || append-flags -O2 |
211 |
# cannot work with the following according to Makefile near check: |
212 |
# -g -pg -DIPTC_DEBUG |
213 |
|
214 |
emake -j1 \ |
215 |
COPT_FLAGS="${CFLAGS}" ${myconf} \ |
216 |
KERNEL_DIR="${KERNEL_DIR}" \ |
217 |
CC="$(tc-getCC)" \ |
218 |
|| die "${diemsg}" |
219 |
} |
220 |
|
221 |
src_install() { |
222 |
src_defs |
223 |
make ${myconf} \ |
224 |
DESTDIR="${D}" \ |
225 |
KERNEL_DIR="${KERNEL_DIR}" \ |
226 |
install install-devel || die "${diemsg}" |
227 |
|
228 |
dodir /usr/$(get_libdir) |
229 |
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir) |
230 |
|
231 |
keepdir /var/lib/iptables |
232 |
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables |
233 |
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables |
234 |
|
235 |
if use ipv6 ; then |
236 |
keepdir /var/lib/ip6tables |
237 |
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables |
238 |
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables |
239 |
fi |
240 |
} |
241 |
|
242 |
pkg_postinst() { |
243 |
elog "This package now includes an initscript which loads and saves" |
244 |
elog "rules stored in /var/lib/iptables/rules-save" |
245 |
use ipv6 && elog "and /var/lib/ip6tables/rules-save" |
246 |
elog "This location can be changed in /etc/conf.d/iptables" |
247 |
elog |
248 |
elog "If you are using the iptables initsscript you should save your" |
249 |
elog "rules using the new iptables version before rebooting." |
250 |
elog |
251 |
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild" |
252 |
elog "iptables." |
253 |
elog |
254 |
ewarn "!!! ipforwarding is not a part of the iptables initscripts." |
255 |
ewarn |
256 |
ewarn "To enable ipforwarding at bootup:" |
257 |
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1" |
258 |
if use ipv6 ; then |
259 |
ewarn "and/or" |
260 |
ewarn " net.ipv6.ip_forward = 1" |
261 |
ewarn "for ipv6." |
262 |
fi |
263 |
if has_version '=net-firewall/iptables-1.2*' ; then |
264 |
ewarn |
265 |
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove" |
266 |
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:" |
267 |
ewarn "http://bugs.gentoo.org/92535" |
268 |
fi |
269 |
} |
270 |
|
271 |
|
272 |
|
273 |
-- |
274 |
gentoo-commits@g.o mailing list |