summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2024-02-20 05:04:38 +0000
committerSam James <sam@gentoo.org>2024-02-20 05:04:38 +0000
commitabe879d8c30def9dd1d576bd863bd6f4f4f1831f (patch)
tree48a7a22fdb605b349923a3b7df243ec86de2904d /net-firewall/iptables
parentnet-firewall/nftables: drop 1.0.7-r1, 1.0.8-r1, 1.0.8-r2 (diff)
downloadgentoo-abe879d8c30def9dd1d576bd863bd6f4f4f1831f.tar.gz
gentoo-abe879d8c30def9dd1d576bd863bd6f4f4f1831f.tar.bz2
gentoo-abe879d8c30def9dd1d576bd863bd6f4f4f1831f.zip
net-firewall/iptables: drop 1.8.8-r5
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-firewall/iptables')
-rw-r--r--net-firewall/iptables/Manifest1
-rw-r--r--net-firewall/iptables/files/iptables-1.8.8-format-security.patch21
-rw-r--r--net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch59
-rw-r--r--net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch26
-rw-r--r--net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch135
-rw-r--r--net-firewall/iptables/iptables-1.8.8-r5.ebuild185
6 files changed, 0 insertions, 427 deletions
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index b3cf64b04da5..2de1a22873c0 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,3 +1,2 @@
DIST iptables-1.8.10.tar.xz 641168 BLAKE2B 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 SHA512 71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153
-DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70
diff --git a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
deleted file mode 100644
index fafc435379b5..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a
-
-From: Phil Sutter <phil@nwl.cc>
-Date: Fri, 13 May 2022 16:51:58 +0200
-Subject: xshared: Fix build for -Werror=format-security
-
-Gcc complains about the omitted format string.
-
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg)
- return;
-
- if (args->family != NFPROTO_ARP)
-- xtables_error(PARAMETER_PROBLEM, msg);
-+ xtables_error(PARAMETER_PROBLEM, "%s", msg);
-
- fprintf(stderr, "%s", msg);
- }
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
deleted file mode 100644
index 52e2c7019972..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e
-https://bugs.gentoo.org/846377
-
-From: Phil Sutter <phil@nwl.cc>
-Date: Wed, 18 May 2022 16:04:09 +0200
-Subject: Revert "fix build for missing ETH_ALEN definition"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke
-compiling against musl libc. Might be a bug in the latter, but for the
-time being try to please both by avoiding the include and instead
-defining ETH_ALEN if unset.
-
-While being at it, move netinet/ether.h include up.
-
-Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing support")
-Signed-off-by: Phil Sutter <phil@nwl.cc>
-Reviewed-by: Maciej Żenczykowski <maze@google.com>
---- a/libxtables/xtables.c
-+++ b/libxtables/xtables.c
-@@ -28,6 +28,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <netinet/ether.h>
- #include <sys/socket.h>
- #include <sys/stat.h>
- #include <sys/statfs.h>
-@@ -45,7 +46,6 @@
-
- #include <xtables.h>
- #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
--#include <linux/if_ether.h> /* ETH_ALEN */
- #include <linux/netfilter_ipv4/ip_tables.h>
- #include <linux/netfilter_ipv6/ip6_tables.h>
- #include <libiptc/libxtc.h>
-@@ -72,6 +72,10 @@
- #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
- #endif
-
-+#ifndef ETH_ALEN
-+#define ETH_ALEN 6
-+#endif
-+
- /* we need this for ip6?tables-restore. ip6?tables-restore.c sets line to the
- * current line of the input file, in order to give a more precise error
- * message. ip6?tables itself doesn't need this, so it is initialized to the
-@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, unsigned int format)
- printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
- }
-
--#include <netinet/ether.h>
--
- static const unsigned char mac_type_unicast[ETH_ALEN] = {};
- static const unsigned char msk_type_unicast[ETH_ALEN] = {1};
- static const unsigned char mac_type_multicast[ETH_ALEN] = {1};
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
deleted file mode 100644
index ee9e218b5dbd..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=0ebf52fc951b2a4d98a166afb34af4f364bbeece
-
-From: Ben Brown <ben@demerara.io>
-Date: Wed, 25 May 2022 16:26:13 +0100
-Subject: build: Fix error during out of tree build
-
-Fixes the following error:
-
- ../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No such file or directory
- 52 | #include <libiptc/linux_list.h>
-
-Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table")
-Signed-off-by: Ben Brown <ben@demerara.io>
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/libxtables/Makefile.am
-+++ b/libxtables/Makefile.am
-@@ -1,7 +1,7 @@
- # -*- Makefile -*-
-
- AM_CFLAGS = ${regular_CFLAGS}
--AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS}
-+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir} ${kinclude_CPPFLAGS}
-
- lib_LTLIBRARIES = libxtables.la
- libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
deleted file mode 100644
index 40302f624e23..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=f319389525b066b7dc6d389c88f16a0df3b8f189
-
-From: Nick Hainke <vincent@systemli.org>
-Date: Mon, 16 May 2022 18:16:41 +0200
-Subject: treewide: use uint* instead of u_int*
-
-Gcc complains about missing types. Some commits introduced u_int* instead
-of uint*. Use uint treewide.
-
-Fixes errors in the form of:
-In file included from xtables-legacy-multi.c:5:
-xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
- 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
- | ^~~~~~~~~
- | uint16_t
-make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1
-
-Avoid libipq API breakage by adjusting libipq.h include accordingly. For
-arpt_mangle.h kernel uAPI header, apply same change as in kernel commit
-e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t").
-
-Signed-off-by: Nick Hainke <vincent@systemli.org>
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/extensions/libxt_conntrack.c
-+++ b/extensions/libxt_conntrack.c
-@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
-
- static void
- conntrack_dump_ports(const char *prefix, const char *opt,
-- u_int16_t port_low, u_int16_t port_high)
-+ uint16_t port_low, uint16_t port_high)
- {
- if (port_high == 0 || port_low == port_high)
- printf(" %s%s %u", prefix, opt, port_low);
---- a/include/libipq/libipq.h
-+++ b/include/libipq/libipq.h
-@@ -24,7 +24,7 @@
- #include <errno.h>
- #include <unistd.h>
- #include <fcntl.h>
--#include <sys/types.h>
-+#include <stdint.h>
- #include <sys/socket.h>
- #include <sys/uio.h>
- #include <asm/types.h>
-@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t;
- struct ipq_handle
- {
- int fd;
-- u_int8_t blocking;
-+ uint8_t blocking;
- struct sockaddr_nl local;
- struct sockaddr_nl peer;
- };
-
--struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
-+struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol);
-
- int ipq_destroy_handle(struct ipq_handle *h);
-
- ssize_t ipq_read(const struct ipq_handle *h,
- unsigned char *buf, size_t len, int timeout);
-
--int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
-+int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len);
-
- ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
-
---- a/include/libiptc/libxtc.h
-+++ b/include/libiptc/libxtc.h
-@@ -10,7 +10,7 @@ extern "C" {
- #endif
-
- #ifndef XT_MIN_ALIGN
--/* xt_entry has pointers and u_int64_t's in it, so if you align to
-+/* xt_entry has pointers and uint64_t's in it, so if you align to
- it, you'll also align to any crazy matches and targets someone
- might write */
- #define XT_MIN_ALIGN (__alignof__(struct xt_entry))
---- a/include/linux/netfilter_arp/arpt_mangle.h
-+++ b/include/linux/netfilter_arp/arpt_mangle.h
-@@ -13,7 +13,7 @@ struct arpt_mangle
- union {
- struct in_addr tgt_ip;
- } u_t;
-- u_int8_t flags;
-+ __u8 flags;
- int target;
- };
-
---- a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
- };
-
- void
--set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-+set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
- bool invert)
- {
- if (*options & option)
---- a/iptables/xshared.h
-+++ b/iptables/xshared.h
-@@ -80,7 +80,7 @@ struct xtables_target;
- #define IPT_INV_ARPHRD 0x0800
-
- void
--set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-+set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
- bool invert);
-
- /**
---- a/libipq/ipq_create_handle.3
-+++ b/libipq/ipq_create_handle.3
-@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles.
- .br
- .B #include <libipq.h>
- .sp
--.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");"
-+.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");"
- .br
- .BI "int ipq_destroy_handle(struct ipq_handle *" h );
- .SH DESCRIPTION
---- a/libipq/ipq_set_mode.3
-+++ b/libipq/ipq_set_mode.3
-@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode
- .br
- .B #include <libipq.h>
- .sp
--.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range );
-+.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range );
- .SH DESCRIPTION
- The
- .B ipq_set_mode
-cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8-r5.ebuild b/net-firewall/iptables/iptables-1.8.8-r5.ebuild
deleted file mode 100644
index cf0ad131a044..000000000000
--- a/net-firewall/iptables/iptables-1.8.8-r5.ebuild
+++ /dev/null
@@ -1,185 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="conntrack netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:=
- >=net-libs/libnftnl-1.1.6:=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="
- ${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="
- virtual/pkgconfig
- nftables? (
- app-alternatives/lex
- app-alternatives/yacc
- )
-"
-RDEPEND="
- ${COMMON_DEPEND}
- nftables? ( net-misc/ethertypes )
- !<net-firewall/ebtables-2.0.11-r1
- !<net-firewall/arptables-0.0.5-r1
-"
-IDEPEND=">=app-eselect/eselect-iptables-20220320"
-
-PATCHES=(
- "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
- "${FILESDIR}/iptables-1.8.2-link.patch"
-
- "${FILESDIR}/${P}-format-security.patch"
- "${FILESDIR}/${P}-uint-musl.patch"
- "${FILESDIR}/${P}-musl-headers.patch"
- "${FILESDIR}/${P}-out-of-tree-build.patch"
-)
-
-src_prepare() {
- # Use the saner headers from the kernel
- rm include/linux/{kernel,types}.h || die
-
- default
- eautoreconf
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build, bug #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs
- # bug #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-ipv6
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- )
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- emake V=1
-}
-
-src_install() {
- default
-
- # Managed by eselect-iptables
- # https://bugs.gentoo.org/881295
- rm "${ED}/usr/bin/iptables-xml" || die
-
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # All the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/ip{,6}tables.h
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/ip{,6}tables
- newinitd "${FILESDIR}"/${PN}-r3.init iptables
- newconfd "${FILESDIR}"/${PN}-r1.confd iptables
- dosym iptables /etc/init.d/ip6tables
- newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
-
- if use nftables; then
- # Bug #647458
- rm "${ED}"/etc/ethertypes || die
-
- # Bugs #660886 and #669894
- rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
-
- # Move important libs to /lib, bug #332175
- gen_usr_ldscript -a ip{4,6}tc xtables
-
- find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
- local default_iptables="xtables-legacy-multi"
- if ! eselect iptables show &>/dev/null; then
- elog "Current iptables implementation is unset, setting to ${default_iptables}"
- eselect iptables set "${default_iptables}"
- fi
-
- if use nftables; then
- local tables
- for tables in {arp,eb}tables; do
- if ! eselect ${tables} show &>/dev/null; then
- elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
- eselect ${tables} set xtables-nft-multi
- fi
- done
- fi
-
- eselect iptables show
-}
-
-pkg_prerm() {
- if [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Unsetting iptables symlinks before removal"
- eselect iptables unset
- fi
-
- if ! has_version 'net-firewall/ebtables'; then
- elog "Unsetting ebtables symlinks before removal"
- eselect ebtables unset
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Resetting ebtables symlinks to ebtables-legacy"
- eselect ebtables set ebtables-legacy
- fi
-
- if ! has_version 'net-firewall/arptables'; then
- elog "Unsetting arptables symlinks before removal"
- eselect arptables unset
- elif [[ -z ${REPLACED_BY_VERSION} ]]; then
- elog "Resetting arptables symlinks to arptables-legacy"
- eselect arptables set arptables-legacy
- fi
-
- # The eselect module failing should not be fatal
- return 0
-}