diff options
-rw-r--r-- | net-firewall/ipt_netflow/ChangeLog | 10 | ||||
-rw-r--r-- | net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch | 57 | ||||
-rw-r--r-- | net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild | 71 | ||||
-rw-r--r-- | net-firewall/ipt_netflow/metadata.xml | 3 |
4 files changed, 140 insertions, 1 deletions
diff --git a/net-firewall/ipt_netflow/ChangeLog b/net-firewall/ipt_netflow/ChangeLog index 21e403b7c694..c83b231bac85 100644 --- a/net-firewall/ipt_netflow/ChangeLog +++ b/net-firewall/ipt_netflow/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-firewall/ipt_netflow # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ChangeLog,v 1.7 2013/04/16 16:53:57 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ChangeLog,v 1.8 2013/06/27 03:52:41 pinkbyte Exp $ + +*ipt_netflow-1.8-r2 (27 Jun 2013) + + 27 Jun 2013; Sergey Popov <pinkbyte@gentoo.org> +ipt_netflow-1.8-r2.ebuild, + +files/ipt_netflow-1.8-pax-const.patch, metadata.xml: + Revision bump: add support for user patches, add compatibility with hardened + kernels, wrt bug #466430. Thanks to Jeremy Drake <gentoo-bugzilla AT + jdrake.com> for suggested patch 16 Apr 2013; Agostino Sarubbo <ago@gentoo.org> ipt_netflow-1.8-r1.ebuild: Stable for x86, wrt bug #466068 diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch b/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch new file mode 100644 index 000000000000..792b68279d0f --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch @@ -0,0 +1,57 @@ +Patch by Jeremy Drake, https://bugs.gentoo.org/show_bug.cgi?id=466430 + +Adds support for building with PaX hardened kernel + +--- ipt_NETFLOW.c.orig 2013-06-26 23:02:17.000000000 +0400 ++++ ipt_NETFLOW.c 2013-06-26 23:04:52.000000000 +0400 +@@ -371,14 +371,13 @@ + static int hsize_procctl(ctl_table *ctl, int write, BEFORE2632(struct file *filp,) + void __user *buffer, size_t *lenp, loff_t *fpos) + { +- void *orig = ctl->data; ++ ctl_table_no_const lctl = *ctl; + int ret, hsize; + + if (write) +- ctl->data = &hsize; +- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos); ++ lctl.data = &hsize; ++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos); + if (write) { +- ctl->data = orig; + if (hsize < 1) + return -EPERM; + return set_hashsize(hsize)?:ret; +@@ -391,6 +390,7 @@ + { + int ret; + struct ipt_netflow_sock *usock; ++ ctl_table_no_const lctl = *ctl; + + read_lock(&sock_lock); + if (list_empty(&usock_list)) { +@@ -401,8 +401,8 @@ + sndbuf = usock->sock->sk->sk_sndbuf; + read_unlock(&sock_lock); + +- ctl->data = &sndbuf; +- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos); ++ lctl.data = &sndbuf; ++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos); + if (!write) + return ret; + if (sndbuf < SOCK_MIN_SNDBUF) +@@ -451,10 +451,11 @@ + { + int ret; + int val; ++ ctl_table_no_const lctl = *ctl; + + val = 0; +- ctl->data = &val; +- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos); ++ lctl.data = &val; ++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos); + + if (!write) + return ret; diff --git a/net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild b/net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild new file mode 100644 index 000000000000..ec68ef03317d --- /dev/null +++ b/net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild,v 1.1 2013/06/27 03:52:41 pinkbyte Exp $ + +EAPI="5" + +inherit eutils linux-info linux-mod multilib toolchain-funcs + +DESCRIPTION="Netflow iptables module" +HOMEPAGE="http://sourceforge.net/projects/ipt-netflow" +SRC_URI="mirror://sourceforge/ipt-netflow/${P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +IUSE="pax_kernel" + +RDEPEND="net-firewall/iptables" +DEPEND="${RDEPEND} + virtual/linux-sources + virtual/pkgconfig" + +BUILD_TARGETS="all" +CONFIG_CHECK="~IP_NF_IPTABLES" +MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})" + +IPT_LIB="/usr/$(get_libdir)/xtables" + +src_prepare() { + sed -i -e 's:-I$(KDIR)/include::' \ + -e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \ + -e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' Makefile.in || die 'sed on Makefile.in failed' + sed -i -e '/IPT_NETFLOW_VERSION/s/1.7.2/1.8/' ipt_NETFLOW.c || die 'sed on ipt_NETFLOW.c failed' + + # bug #455984 + epatch "${FILESDIR}"/${PN}-1.8-configure.patch + + # bug #466430 + if use pax_kernel; then + epatch "${FILESDIR}"/${PN}-1.8-pax-const.patch + fi + + epatch_user +} + +src_configure() { + local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)" + # econf can not be used, cause configure script fails when see unknown parameter + # ipt-src need to be defined, see bug #455984 + ./configure \ + --ipt-lib="${IPT_LIB}" \ + --ipt-src="/usr/" \ + --ipt-ver="${IPT_VERSION}" \ + --kdir="${KV_DIR}" \ + --kver="${KV_FULL}" \ + || die 'configure failed' +} + +src_compile() { + local ARCH="$(tc-arch-kernel)" + emake CC="$(tc-getCC)" all +} + +src_install() { + linux-mod_src_install + exeinto "${IPT_LIB}" + doexe libipt_NETFLOW.so + doheader ipt_NETFLOW.h + dodoc README* +} diff --git a/net-firewall/ipt_netflow/metadata.xml b/net-firewall/ipt_netflow/metadata.xml index 7b47a3a9c4a9..a15e0edcfcfd 100644 --- a/net-firewall/ipt_netflow/metadata.xml +++ b/net-firewall/ipt_netflow/metadata.xml @@ -6,4 +6,7 @@ <email>pinkbyte@gentoo.org</email> <name>Sergey Popov</name> </maintainer> + <use> + <flag name="pax_kernel">Apply patch needed for pax enabled kernels</flag> + </use> </pkgmetadata> |