summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-firewall/ipt_netflow/ChangeLog10
-rw-r--r--net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch57
-rw-r--r--net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild71
-rw-r--r--net-firewall/ipt_netflow/metadata.xml3
4 files changed, 140 insertions, 1 deletions
diff --git a/net-firewall/ipt_netflow/ChangeLog b/net-firewall/ipt_netflow/ChangeLog
index 21e403b7c694..c83b231bac85 100644
--- a/net-firewall/ipt_netflow/ChangeLog
+++ b/net-firewall/ipt_netflow/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-firewall/ipt_netflow
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ChangeLog,v 1.7 2013/04/16 16:53:57 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ChangeLog,v 1.8 2013/06/27 03:52:41 pinkbyte Exp $
+
+*ipt_netflow-1.8-r2 (27 Jun 2013)
+
+ 27 Jun 2013; Sergey Popov <pinkbyte@gentoo.org> +ipt_netflow-1.8-r2.ebuild,
+ +files/ipt_netflow-1.8-pax-const.patch, metadata.xml:
+ Revision bump: add support for user patches, add compatibility with hardened
+ kernels, wrt bug #466430. Thanks to Jeremy Drake <gentoo-bugzilla AT
+ jdrake.com> for suggested patch
16 Apr 2013; Agostino Sarubbo <ago@gentoo.org> ipt_netflow-1.8-r1.ebuild:
Stable for x86, wrt bug #466068
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch b/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch
new file mode 100644
index 000000000000..792b68279d0f
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-1.8-pax-const.patch
@@ -0,0 +1,57 @@
+Patch by Jeremy Drake, https://bugs.gentoo.org/show_bug.cgi?id=466430
+
+Adds support for building with PaX hardened kernel
+
+--- ipt_NETFLOW.c.orig 2013-06-26 23:02:17.000000000 +0400
++++ ipt_NETFLOW.c 2013-06-26 23:04:52.000000000 +0400
+@@ -371,14 +371,13 @@
+ static int hsize_procctl(ctl_table *ctl, int write, BEFORE2632(struct file *filp,)
+ void __user *buffer, size_t *lenp, loff_t *fpos)
+ {
+- void *orig = ctl->data;
++ ctl_table_no_const lctl = *ctl;
+ int ret, hsize;
+
+ if (write)
+- ctl->data = &hsize;
+- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
++ lctl.data = &hsize;
++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+ if (write) {
+- ctl->data = orig;
+ if (hsize < 1)
+ return -EPERM;
+ return set_hashsize(hsize)?:ret;
+@@ -391,6 +390,7 @@
+ {
+ int ret;
+ struct ipt_netflow_sock *usock;
++ ctl_table_no_const lctl = *ctl;
+
+ read_lock(&sock_lock);
+ if (list_empty(&usock_list)) {
+@@ -401,8 +401,8 @@
+ sndbuf = usock->sock->sk->sk_sndbuf;
+ read_unlock(&sock_lock);
+
+- ctl->data = &sndbuf;
+- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
++ lctl.data = &sndbuf;
++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+ if (!write)
+ return ret;
+ if (sndbuf < SOCK_MIN_SNDBUF)
+@@ -451,10 +451,11 @@
+ {
+ int ret;
+ int val;
++ ctl_table_no_const lctl = *ctl;
+
+ val = 0;
+- ctl->data = &val;
+- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
++ lctl.data = &val;
++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+
+ if (!write)
+ return ret;
diff --git a/net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild b/net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild
new file mode 100644
index 000000000000..ec68ef03317d
--- /dev/null
+++ b/net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ipt_netflow-1.8-r2.ebuild,v 1.1 2013/06/27 03:52:41 pinkbyte Exp $
+
+EAPI="5"
+
+inherit eutils linux-info linux-mod multilib toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="http://sourceforge.net/projects/ipt-netflow"
+SRC_URI="mirror://sourceforge/ipt-netflow/${P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+IUSE="pax_kernel"
+
+RDEPEND="net-firewall/iptables"
+DEPEND="${RDEPEND}
+ virtual/linux-sources
+ virtual/pkgconfig"
+
+BUILD_TARGETS="all"
+CONFIG_CHECK="~IP_NF_IPTABLES"
+MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+
+IPT_LIB="/usr/$(get_libdir)/xtables"
+
+src_prepare() {
+ sed -i -e 's:-I$(KDIR)/include::' \
+ -e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \
+ -e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' Makefile.in || die 'sed on Makefile.in failed'
+ sed -i -e '/IPT_NETFLOW_VERSION/s/1.7.2/1.8/' ipt_NETFLOW.c || die 'sed on ipt_NETFLOW.c failed'
+
+ # bug #455984
+ epatch "${FILESDIR}"/${PN}-1.8-configure.patch
+
+ # bug #466430
+ if use pax_kernel; then
+ epatch "${FILESDIR}"/${PN}-1.8-pax-const.patch
+ fi
+
+ epatch_user
+}
+
+src_configure() {
+ local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+ # econf can not be used, cause configure script fails when see unknown parameter
+ # ipt-src need to be defined, see bug #455984
+ ./configure \
+ --ipt-lib="${IPT_LIB}" \
+ --ipt-src="/usr/" \
+ --ipt-ver="${IPT_VERSION}" \
+ --kdir="${KV_DIR}" \
+ --kver="${KV_FULL}" \
+ || die 'configure failed'
+}
+
+src_compile() {
+ local ARCH="$(tc-arch-kernel)"
+ emake CC="$(tc-getCC)" all
+}
+
+src_install() {
+ linux-mod_src_install
+ exeinto "${IPT_LIB}"
+ doexe libipt_NETFLOW.so
+ doheader ipt_NETFLOW.h
+ dodoc README*
+}
diff --git a/net-firewall/ipt_netflow/metadata.xml b/net-firewall/ipt_netflow/metadata.xml
index 7b47a3a9c4a9..a15e0edcfcfd 100644
--- a/net-firewall/ipt_netflow/metadata.xml
+++ b/net-firewall/ipt_netflow/metadata.xml
@@ -6,4 +6,7 @@
<email>pinkbyte@gentoo.org</email>
<name>Sergey Popov</name>
</maintainer>
+ <use>
+ <flag name="pax_kernel">Apply patch needed for pax enabled kernels</flag>
+ </use>
</pkgmetadata>