summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/iptables/ChangeLog9
-rw-r--r--net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch74
-rw-r--r--net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch88
-rw-r--r--net-firewall/iptables/iptables-1.4.18.ebuild88
4 files changed, 258 insertions, 1 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog
index 8ed3be66d382..6208fd9b50a7 100644
--- a/net-firewall/iptables/ChangeLog
+++ b/net-firewall/iptables/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for net-firewall/iptables
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.290 2013/04/27 17:45:54 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.291 2013/04/27 21:44:41 vapier Exp $
+
+*iptables-1.4.18 (27 Apr 2013)
+
+ 27 Apr 2013; Mike Frysinger <vapier@gentoo.org>
+ +files/iptables-1.4.18-extensions-link.patch,
+ +files/iptables-1.4.18-ipv6-linkage.patch, +iptables-1.4.18.ebuild:
+ Version bump #460554 by Manuel Rüger.
27 Apr 2013; Mike Frysinger <vapier@gentoo.org> iptables-1.4.17.ebuild:
Export AR to avoid `ar` usage #444282 by Agostino Sarubbo.
diff --git a/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch
new file mode 100644
index 000000000000..33d048163a18
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch
@@ -0,0 +1,74 @@
+From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sat, 16 Mar 2013 12:15:30 +0100
+Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP"
+
+This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6.
+
+The use of libtool was introduced to resolve linking problems
+in NETMAP (IPv6 version), but that resulted in RPATH problems
+reported from distributors and warnings spotted by libtool at
+linking stage.
+
+Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and
+get rid of libip6tc dependency) fixed the NETMAP issue, let's
+roll back to our previous stage.
+
+A small conflicts in extensions/GNUmakefile.in has been resolved
+in this revert.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ extensions/GNUmakefile.in | 18 +++++++-----------
+ 1 file changed, 7 insertions(+), 11 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index 3db6985..1ae7f74 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -33,7 +33,6 @@ AM_VERBOSE_CXX = @echo " CXX " $@;
+ AM_VERBOSE_CXXLD = @echo " CXXLD " $@;
+ AM_VERBOSE_AR = @echo " AR " $@;
+ AM_VERBOSE_GEN = @echo " GEN " $@;
+-AM_VERBOSE_NULL = @
+ endif
+
+ #
+@@ -76,7 +75,7 @@ install: ${targets_install}
+ if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
+
+ clean:
+- rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
++ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
+ rm -f .*.d .*.dd;
+
+ distclean: clean
+@@ -90,19 +89,16 @@ init%.o: init%.c
+ #
+ # Shared libraries
+ #
+-lib%.so: lib%.la
+- ${AM_VERBOSE_NULL} ln -fs .libs/$@ $@
++lib%.so: lib%.oo
++ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD};
+
+-lib%.la: lib%.lo
+- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
+-
+-lib%.lo: ${srcdir}/lib%.c
+- ${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<
++lib%.oo: ${srcdir}/lib%.c
++ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
+
+ libxt_NOTRACK.so: libxt_CT.so
+- ${AM_VERBOSE_GEN} ln -fs $< $@
++ ln -fs $< $@
+ libxt_state.so: libxt_conntrack.so
+- ${AM_VERBOSE_GEN} ln -fs $< $@
++ ln -fs $< $@
+
+ # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
+ xt_RATEEST_LIBADD = -lm
+--
+1.8.2.1
+
diff --git a/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch
new file mode 100644
index 000000000000..52829de24a5f
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch
@@ -0,0 +1,88 @@
+From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sat, 16 Mar 2013 12:11:07 +0100
+Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of
+ libip6tc dependency
+
+This patch changes the NETMAP target extension (IPv6 side) to use
+the xtables_ip6mask_to_cidr available in libxtables.
+
+As a side effect, we get rid of the libip6tc dependency.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ extensions/GNUmakefile.in | 1 -
+ extensions/libip6t_NETMAP.c | 2 +-
+ include/libiptc/libip6tc.h | 3 ---
+ iptables/ip6tables.c | 2 +-
+ libiptc/libip6tc.c | 2 +-
+ 5 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index adad4d6..3db6985 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so
+ ${AM_VERBOSE_GEN} ln -fs $< $@
+
+ # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
+-ip6t_NETMAP_LIBADD = ../libiptc/libip6tc.la
+ xt_RATEEST_LIBADD = -lm
+ xt_statistic_LIBADD = -lm
+
+diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c
+index d14dece..a4df70e 100644
+--- a/extensions/libip6t_NETMAP.c
++++ b/extensions/libip6t_NETMAP.c
+@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
+ printf("%s", xtables_ip6addr_to_numeric(&a));
+ for (i = 0; i < 4; i++)
+ a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]);
+- bits = ipv6_prefix_length(&a);
++ bits = xtables_ip6mask_to_cidr(&a);
+ if (bits < 0)
+ printf("/%s", xtables_ip6addr_to_numeric(&a));
+ else
+diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
+index c656bc4..9aed80a 100644
+--- a/include/libiptc/libip6tc.h
++++ b/include/libiptc/libip6tc.h
+@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void);
+ /* Translates errno numbers into more human-readable form than strerror. */
+ const char *ip6tc_strerror(int err);
+
+-/* Return prefix length, or -1 if not contiguous */
+-int ipv6_prefix_length(const struct in6_addr *a);
+-
+ extern void dump_entries6(struct xtc_handle *const);
+
+ extern const struct xtc_ops ip6tc_ops;
+diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
+index 4cfbea3..7d02cc1 100644
+--- a/iptables/ip6tables.c
++++ b/iptables/ip6tables.c
+@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
+ const struct in6_addr *mask, int invert)
+ {
+ char buf[51];
+- int l = ipv6_prefix_length(mask);
++ int l = xtables_ip6mask_to_cidr(mask);
+
+ if (l == 0 && !invert)
+ return;
+diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
+index 7128e1c..ca01bcb 100644
+--- a/libiptc/libip6tc.c
++++ b/libiptc/libip6tc.c
+@@ -113,7 +113,7 @@ typedef unsigned int socklen_t;
+ #define BIT6(a, l) \
+ ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1)
+
+-int
++static int
+ ipv6_prefix_length(const struct in6_addr *a)
+ {
+ int l, i;
+--
+1.8.2.1
+
diff --git a/net-firewall/iptables/iptables-1.4.18.ebuild b/net-firewall/iptables/iptables-1.4.18.ebuild
new file mode 100644
index 000000000000..f8b2d295a791
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.18.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.18.ebuild,v 1.1 2013/04/27 21:44:41 vapier Exp $
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+ netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+ epatch "${FILESDIR}"/${P}-extensions-link.patch
+ epatch "${FILESDIR}"/${P}-ipv6-linkage.patch
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ # Move important libs to /lib
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+ find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}