diff options
author | Sam James <sam@gentoo.org> | 2024-02-20 05:04:38 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2024-02-20 05:04:38 +0000 |
commit | abe879d8c30def9dd1d576bd863bd6f4f4f1831f (patch) | |
tree | 48a7a22fdb605b349923a3b7df243ec86de2904d /net-firewall/iptables | |
parent | net-firewall/nftables: drop 1.0.7-r1, 1.0.8-r1, 1.0.8-r2 (diff) | |
download | gentoo-abe879d8c30def9dd1d576bd863bd6f4f4f1831f.tar.gz gentoo-abe879d8c30def9dd1d576bd863bd6f4f4f1831f.tar.bz2 gentoo-abe879d8c30def9dd1d576bd863bd6f4f4f1831f.zip |
net-firewall/iptables: drop 1.8.8-r5
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-firewall/iptables')
6 files changed, 0 insertions, 427 deletions
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index b3cf64b04da5..2de1a22873c0 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -1,3 +1,2 @@ DIST iptables-1.8.10.tar.xz 641168 BLAKE2B 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 SHA512 71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153 -DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70 diff --git a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch deleted file mode 100644 index fafc435379b5..000000000000 --- a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch +++ /dev/null @@ -1,21 +0,0 @@ -https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a - -From: Phil Sutter <phil@nwl.cc> -Date: Fri, 13 May 2022 16:51:58 +0200 -Subject: xshared: Fix build for -Werror=format-security - -Gcc complains about the omitted format string. - -Signed-off-by: Phil Sutter <phil@nwl.cc> ---- a/iptables/xshared.c -+++ b/iptables/xshared.c -@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg) - return; - - if (args->family != NFPROTO_ARP) -- xtables_error(PARAMETER_PROBLEM, msg); -+ xtables_error(PARAMETER_PROBLEM, "%s", msg); - - fprintf(stderr, "%s", msg); - } -cgit v1.2.3 diff --git a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch deleted file mode 100644 index 52e2c7019972..000000000000 --- a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch +++ /dev/null @@ -1,59 +0,0 @@ -https://git.netfilter.org/iptables/commit/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e -https://bugs.gentoo.org/846377 - -From: Phil Sutter <phil@nwl.cc> -Date: Wed, 18 May 2022 16:04:09 +0200 -Subject: Revert "fix build for missing ETH_ALEN definition" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke -compiling against musl libc. Might be a bug in the latter, but for the -time being try to please both by avoiding the include and instead -defining ETH_ALEN if unset. - -While being at it, move netinet/ether.h include up. - -Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing support") -Signed-off-by: Phil Sutter <phil@nwl.cc> -Reviewed-by: Maciej Żenczykowski <maze@google.com> ---- a/libxtables/xtables.c -+++ b/libxtables/xtables.c -@@ -28,6 +28,7 @@ - #include <stdlib.h> - #include <string.h> - #include <unistd.h> -+#include <netinet/ether.h> - #include <sys/socket.h> - #include <sys/stat.h> - #include <sys/statfs.h> -@@ -45,7 +46,6 @@ - - #include <xtables.h> - #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */ --#include <linux/if_ether.h> /* ETH_ALEN */ - #include <linux/netfilter_ipv4/ip_tables.h> - #include <linux/netfilter_ipv6/ip6_tables.h> - #include <libiptc/libxtc.h> -@@ -72,6 +72,10 @@ - #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" - #endif - -+#ifndef ETH_ALEN -+#define ETH_ALEN 6 -+#endif -+ - /* we need this for ip6?tables-restore. ip6?tables-restore.c sets line to the - * current line of the input file, in order to give a more precise error - * message. ip6?tables itself doesn't need this, so it is initialized to the -@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, unsigned int format) - printf(FMT("%4lluT ","%lluT "), (unsigned long long)number); - } - --#include <netinet/ether.h> -- - static const unsigned char mac_type_unicast[ETH_ALEN] = {}; - static const unsigned char msk_type_unicast[ETH_ALEN] = {1}; - static const unsigned char mac_type_multicast[ETH_ALEN] = {1}; -cgit v1.2.3 diff --git a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch deleted file mode 100644 index ee9e218b5dbd..000000000000 --- a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch +++ /dev/null @@ -1,26 +0,0 @@ -https://git.netfilter.org/iptables/commit/?id=0ebf52fc951b2a4d98a166afb34af4f364bbeece - -From: Ben Brown <ben@demerara.io> -Date: Wed, 25 May 2022 16:26:13 +0100 -Subject: build: Fix error during out of tree build - -Fixes the following error: - - ../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No such file or directory - 52 | #include <libiptc/linux_list.h> - -Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table") -Signed-off-by: Ben Brown <ben@demerara.io> -Signed-off-by: Phil Sutter <phil@nwl.cc> ---- a/libxtables/Makefile.am -+++ b/libxtables/Makefile.am -@@ -1,7 +1,7 @@ - # -*- Makefile -*- - - AM_CFLAGS = ${regular_CFLAGS} --AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS} -+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir} ${kinclude_CPPFLAGS} - - lib_LTLIBRARIES = libxtables.la - libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c -cgit v1.2.3 diff --git a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch deleted file mode 100644 index 40302f624e23..000000000000 --- a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch +++ /dev/null @@ -1,135 +0,0 @@ -https://git.netfilter.org/iptables/commit/?id=f319389525b066b7dc6d389c88f16a0df3b8f189 - -From: Nick Hainke <vincent@systemli.org> -Date: Mon, 16 May 2022 18:16:41 +0200 -Subject: treewide: use uint* instead of u_int* - -Gcc complains about missing types. Some commits introduced u_int* instead -of uint*. Use uint treewide. - -Fixes errors in the form of: -In file included from xtables-legacy-multi.c:5: -xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'? - 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, - | ^~~~~~~~~ - | uint16_t -make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1 - -Avoid libipq API breakage by adjusting libipq.h include accordingly. For -arpt_mangle.h kernel uAPI header, apply same change as in kernel commit -e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t"). - -Signed-off-by: Nick Hainke <vincent@systemli.org> -Signed-off-by: Phil Sutter <phil@nwl.cc> ---- a/extensions/libxt_conntrack.c -+++ b/extensions/libxt_conntrack.c -@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric, - - static void - conntrack_dump_ports(const char *prefix, const char *opt, -- u_int16_t port_low, u_int16_t port_high) -+ uint16_t port_low, uint16_t port_high) - { - if (port_high == 0 || port_low == port_high) - printf(" %s%s %u", prefix, opt, port_low); ---- a/include/libipq/libipq.h -+++ b/include/libipq/libipq.h -@@ -24,7 +24,7 @@ - #include <errno.h> - #include <unistd.h> - #include <fcntl.h> --#include <sys/types.h> -+#include <stdint.h> - #include <sys/socket.h> - #include <sys/uio.h> - #include <asm/types.h> -@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t; - struct ipq_handle - { - int fd; -- u_int8_t blocking; -+ uint8_t blocking; - struct sockaddr_nl local; - struct sockaddr_nl peer; - }; - --struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol); -+struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol); - - int ipq_destroy_handle(struct ipq_handle *h); - - ssize_t ipq_read(const struct ipq_handle *h, - unsigned char *buf, size_t len, int timeout); - --int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len); -+int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len); - - ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf); - ---- a/include/libiptc/libxtc.h -+++ b/include/libiptc/libxtc.h -@@ -10,7 +10,7 @@ extern "C" { - #endif - - #ifndef XT_MIN_ALIGN --/* xt_entry has pointers and u_int64_t's in it, so if you align to -+/* xt_entry has pointers and uint64_t's in it, so if you align to - it, you'll also align to any crazy matches and targets someone - might write */ - #define XT_MIN_ALIGN (__alignof__(struct xt_entry)) ---- a/include/linux/netfilter_arp/arpt_mangle.h -+++ b/include/linux/netfilter_arp/arpt_mangle.h -@@ -13,7 +13,7 @@ struct arpt_mangle - union { - struct in_addr tgt_ip; - } u_t; -- u_int8_t flags; -+ __u8 flags; - int target; - }; - ---- a/iptables/xshared.c -+++ b/iptables/xshared.c -@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] = - }; - - void --set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, -+set_option(unsigned int *options, unsigned int option, uint16_t *invflg, - bool invert) - { - if (*options & option) ---- a/iptables/xshared.h -+++ b/iptables/xshared.h -@@ -80,7 +80,7 @@ struct xtables_target; - #define IPT_INV_ARPHRD 0x0800 - - void --set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, -+set_option(unsigned int *options, unsigned int option, uint16_t *invflg, - bool invert); - - /** ---- a/libipq/ipq_create_handle.3 -+++ b/libipq/ipq_create_handle.3 -@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles. - .br - .B #include <libipq.h> - .sp --.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");" -+.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");" - .br - .BI "int ipq_destroy_handle(struct ipq_handle *" h ); - .SH DESCRIPTION ---- a/libipq/ipq_set_mode.3 -+++ b/libipq/ipq_set_mode.3 -@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode - .br - .B #include <libipq.h> - .sp --.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range ); -+.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range ); - .SH DESCRIPTION - The - .B ipq_set_mode -cgit v1.2.3 diff --git a/net-firewall/iptables/iptables-1.8.8-r5.ebuild b/net-firewall/iptables/iptables-1.8.8-r5.ebuild deleted file mode 100644 index cf0ad131a044..000000000000 --- a/net-firewall/iptables/iptables-1.8.8-r5.ebuild +++ /dev/null @@ -1,185 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript - -DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://www.netfilter.org/projects/iptables/" -SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" - -LICENSE="GPL-2" -# Subslot reflects PV when libxtables and/or libip*tc was changed -# the last time. -SLOT="0/1.8.3" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="conntrack netlink nftables pcap static-libs" - -COMMON_DEPEND=" - conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) - netlink? ( net-libs/libnfnetlink ) - nftables? ( - >=net-libs/libmnl-1.0:= - >=net-libs/libnftnl-1.1.6:= - ) - pcap? ( net-libs/libpcap ) -" -DEPEND=" - ${COMMON_DEPEND} - virtual/os-headers - >=sys-kernel/linux-headers-4.4:0 -" -BDEPEND=" - virtual/pkgconfig - nftables? ( - app-alternatives/lex - app-alternatives/yacc - ) -" -RDEPEND=" - ${COMMON_DEPEND} - nftables? ( net-misc/ethertypes ) - !<net-firewall/ebtables-2.0.11-r1 - !<net-firewall/arptables-0.0.5-r1 -" -IDEPEND=">=app-eselect/eselect-iptables-20220320" - -PATCHES=( - "${FILESDIR}/iptables-1.8.4-no-symlinks.patch" - "${FILESDIR}/iptables-1.8.2-link.patch" - - "${FILESDIR}/${P}-format-security.patch" - "${FILESDIR}/${P}-uint-musl.patch" - "${FILESDIR}/${P}-musl-headers.patch" - "${FILESDIR}/${P}-out-of-tree-build.patch" -) - -src_prepare() { - # Use the saner headers from the kernel - rm include/linux/{kernel,types}.h || die - - default - eautoreconf -} - -src_configure() { - # Some libs use $(AR) rather than libtool to build, bug #444282 - tc-export AR - - # Hack around struct mismatches between userland & kernel for some ABIs - # bug #472388 - use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct - - sed -i \ - -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ - -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ - configure || die - - local myeconfargs=( - --sbindir="${EPREFIX}/sbin" - --libexecdir="${EPREFIX}/$(get_libdir)" - --enable-devel - --enable-ipv6 - --enable-shared - $(use_enable nftables) - $(use_enable pcap bpf-compiler) - $(use_enable pcap nfsynproxy) - $(use_enable static-libs static) - ) - - econf "${myeconfargs[@]}" -} - -src_compile() { - emake V=1 -} - -src_install() { - default - - # Managed by eselect-iptables - # https://bugs.gentoo.org/881295 - rm "${ED}/usr/bin/iptables-xml" || die - - dodoc INCOMPATIBILITIES iptables/iptables.xslt - - # All the iptables binaries are in /sbin, so might as well - # put these small files in with them - into / - dosbin iptables/iptables-apply - dosym iptables-apply /sbin/ip6tables-apply - doman iptables/iptables-apply.8 - - insinto /usr/include - doins include/ip{,6}tables.h - insinto /usr/include/iptables - doins include/iptables/internal.h - - keepdir /var/lib/ip{,6}tables - newinitd "${FILESDIR}"/${PN}-r3.init iptables - newconfd "${FILESDIR}"/${PN}-r1.confd iptables - dosym iptables /etc/init.d/ip6tables - newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables - - if use nftables; then - # Bug #647458 - rm "${ED}"/etc/ethertypes || die - - # Bugs #660886 and #669894 - rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die - fi - - systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service - - # Move important libs to /lib, bug #332175 - gen_usr_ldscript -a ip{4,6}tc xtables - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local default_iptables="xtables-legacy-multi" - if ! eselect iptables show &>/dev/null; then - elog "Current iptables implementation is unset, setting to ${default_iptables}" - eselect iptables set "${default_iptables}" - fi - - if use nftables; then - local tables - for tables in {arp,eb}tables; do - if ! eselect ${tables} show &>/dev/null; then - elog "Current ${tables} implementation is unset, setting to ${default_iptables}" - eselect ${tables} set xtables-nft-multi - fi - done - fi - - eselect iptables show -} - -pkg_prerm() { - if [[ -z ${REPLACED_BY_VERSION} ]]; then - elog "Unsetting iptables symlinks before removal" - eselect iptables unset - fi - - if ! has_version 'net-firewall/ebtables'; then - elog "Unsetting ebtables symlinks before removal" - eselect ebtables unset - elif [[ -z ${REPLACED_BY_VERSION} ]]; then - elog "Resetting ebtables symlinks to ebtables-legacy" - eselect ebtables set ebtables-legacy - fi - - if ! has_version 'net-firewall/arptables'; then - elog "Unsetting arptables symlinks before removal" - eselect arptables unset - elif [[ -z ${REPLACED_BY_VERSION} ]]; then - elog "Resetting arptables symlinks to arptables-legacy" - eselect arptables set arptables-legacy - fi - - # The eselect module failing should not be fatal - return 0 -} |