diff options
Diffstat (limited to 'net-firewall')
4 files changed, 258 insertions, 1 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog index 8ed3be66d382..6208fd9b50a7 100644 --- a/net-firewall/iptables/ChangeLog +++ b/net-firewall/iptables/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-firewall/iptables # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.290 2013/04/27 17:45:54 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.291 2013/04/27 21:44:41 vapier Exp $ + +*iptables-1.4.18 (27 Apr 2013) + + 27 Apr 2013; Mike Frysinger <vapier@gentoo.org> + +files/iptables-1.4.18-extensions-link.patch, + +files/iptables-1.4.18-ipv6-linkage.patch, +iptables-1.4.18.ebuild: + Version bump #460554 by Manuel Rüger. 27 Apr 2013; Mike Frysinger <vapier@gentoo.org> iptables-1.4.17.ebuild: Export AR to avoid `ar` usage #444282 by Agostino Sarubbo. diff --git a/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch new file mode 100644 index 000000000000..33d048163a18 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch @@ -0,0 +1,74 @@ +From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Sat, 16 Mar 2013 12:15:30 +0100 +Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP" + +This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6. + +The use of libtool was introduced to resolve linking problems +in NETMAP (IPv6 version), but that resulted in RPATH problems +reported from distributors and warnings spotted by libtool at +linking stage. + +Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and +get rid of libip6tc dependency) fixed the NETMAP issue, let's +roll back to our previous stage. + +A small conflicts in extensions/GNUmakefile.in has been resolved +in this revert. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + extensions/GNUmakefile.in | 18 +++++++----------- + 1 file changed, 7 insertions(+), 11 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index 3db6985..1ae7f74 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -33,7 +33,6 @@ AM_VERBOSE_CXX = @echo " CXX " $@; + AM_VERBOSE_CXXLD = @echo " CXXLD " $@; + AM_VERBOSE_AR = @echo " AR " $@; + AM_VERBOSE_GEN = @echo " GEN " $@; +-AM_VERBOSE_NULL = @ + endif + + # +@@ -76,7 +75,7 @@ install: ${targets_install} + if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi; + + clean: +- rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; ++ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; + rm -f .*.d .*.dd; + + distclean: clean +@@ -90,19 +89,16 @@ init%.o: init%.c + # + # Shared libraries + # +-lib%.so: lib%.la +- ${AM_VERBOSE_NULL} ln -fs .libs/$@ $@ ++lib%.so: lib%.oo ++ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD}; + +-lib%.la: lib%.lo +- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir} +- +-lib%.lo: ${srcdir}/lib%.c +- ${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $< ++lib%.oo: ${srcdir}/lib%.c ++ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; + + libxt_NOTRACK.so: libxt_CT.so +- ${AM_VERBOSE_GEN} ln -fs $< $@ ++ ln -fs $< $@ + libxt_state.so: libxt_conntrack.so +- ${AM_VERBOSE_GEN} ln -fs $< $@ ++ ln -fs $< $@ + + # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD + xt_RATEEST_LIBADD = -lm +-- +1.8.2.1 + diff --git a/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch new file mode 100644 index 000000000000..52829de24a5f --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch @@ -0,0 +1,88 @@ +From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Sat, 16 Mar 2013 12:11:07 +0100 +Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of + libip6tc dependency + +This patch changes the NETMAP target extension (IPv6 side) to use +the xtables_ip6mask_to_cidr available in libxtables. + +As a side effect, we get rid of the libip6tc dependency. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + extensions/GNUmakefile.in | 1 - + extensions/libip6t_NETMAP.c | 2 +- + include/libiptc/libip6tc.h | 3 --- + iptables/ip6tables.c | 2 +- + libiptc/libip6tc.c | 2 +- + 5 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index adad4d6..3db6985 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so + ${AM_VERBOSE_GEN} ln -fs $< $@ + + # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD +-ip6t_NETMAP_LIBADD = ../libiptc/libip6tc.la + xt_RATEEST_LIBADD = -lm + xt_statistic_LIBADD = -lm + +diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c +index d14dece..a4df70e 100644 +--- a/extensions/libip6t_NETMAP.c ++++ b/extensions/libip6t_NETMAP.c +@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target, + printf("%s", xtables_ip6addr_to_numeric(&a)); + for (i = 0; i < 4; i++) + a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]); +- bits = ipv6_prefix_length(&a); ++ bits = xtables_ip6mask_to_cidr(&a); + if (bits < 0) + printf("/%s", xtables_ip6addr_to_numeric(&a)); + else +diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h +index c656bc4..9aed80a 100644 +--- a/include/libiptc/libip6tc.h ++++ b/include/libiptc/libip6tc.h +@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void); + /* Translates errno numbers into more human-readable form than strerror. */ + const char *ip6tc_strerror(int err); + +-/* Return prefix length, or -1 if not contiguous */ +-int ipv6_prefix_length(const struct in6_addr *a); +- + extern void dump_entries6(struct xtc_handle *const); + + extern const struct xtc_ops ip6tc_ops; +diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c +index 4cfbea3..7d02cc1 100644 +--- a/iptables/ip6tables.c ++++ b/iptables/ip6tables.c +@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip, + const struct in6_addr *mask, int invert) + { + char buf[51]; +- int l = ipv6_prefix_length(mask); ++ int l = xtables_ip6mask_to_cidr(mask); + + if (l == 0 && !invert) + return; +diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c +index 7128e1c..ca01bcb 100644 +--- a/libiptc/libip6tc.c ++++ b/libiptc/libip6tc.c +@@ -113,7 +113,7 @@ typedef unsigned int socklen_t; + #define BIT6(a, l) \ + ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1) + +-int ++static int + ipv6_prefix_length(const struct in6_addr *a) + { + int l, i; +-- +1.8.2.1 + diff --git a/net-firewall/iptables/iptables-1.4.18.ebuild b/net-firewall/iptables/iptables-1.4.18.ebuild new file mode 100644 index 000000000000..f8b2d295a791 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.18.ebuild @@ -0,0 +1,88 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.18.ebuild,v 1.1 2013/04/27 21:44:41 vapier Exp $ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + epatch "${FILESDIR}"/${P}-extensions-link.patch + epatch "${FILESDIR}"/${P}-ipv6-linkage.patch + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} |