diff options
| author |   Peter Volkov <pva@gentoo.org> | 2011-09-19 07:45:40 +0000 |
|---|---|---|
| committer | Peter Volkov <pva@gentoo.org> | 2011-09-19 07:45:40 +0000 |
| commit | a5c3063b1232cafccfa0d9a2473debd8b7c95542 (patch) | |
| tree | 382fa724c012fdeb5c63611f0867858e8c21b459 /net-firewall | |
| parent | Change to respect LDFLAGS (diff) | |
| download | historical-a5c3063b1232cafccfa0d9a2473debd8b7c95542.tar.gz historical-a5c3063b1232cafccfa0d9a2473debd8b7c95542.tar.bz2 historical-a5c3063b1232cafccfa0d9a2473debd8b7c95542.zip | |
Fix parsing bug in libxt_conntrack.c, bug 383331 thank Bill Kenworthy for report.
Package-Manager: portage-2.1.10.16/cvs/Linux x86_64
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/iptables/ChangeLog | 9 | ||||
| -rw-r--r-- | net-firewall/iptables/Manifest | 14 | ||||
| -rw-r--r-- | net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch | 48 | ||||
| -rw-r--r-- | net-firewall/iptables/iptables-1.4.12.1-r1.ebuild | 88 |
4 files changed, 147 insertions, 12 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog index 511f058b2a26..954525d4eb21 100644 --- a/net-firewall/iptables/ChangeLog +++ b/net-firewall/iptables/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-firewall/iptables # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.252 2011/09/18 16:57:17 maekke Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.253 2011/09/19 07:45:40 pva Exp $ + +*iptables-1.4.12.1-r1 (19 Sep 2011) + + 19 Sep 2011; Peter Volkov <pva@gentoo.org> +iptables-1.4.12.1-r1.ebuild, + +files/iptables-1.4.12.1-conntrack-v2-ranges.patch: + Fix parsing bug in libxt_conntrack.c, bug 383331 thank Bill Kenworthy for + report. 18 Sep 2011; Markus Meier <maekke@gentoo.org> iptables-1.4.12.1.ebuild: arm stable, bug #382367 diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 894cadb8cd6d..23e028b860f2 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -1,11 +1,9 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX ip6tables-1.3.2.confd 293 RMD160 2e5399355a930ab3c804c9cc46fe37763555a97e SHA1 0e82dbe8538f9168bb97939a03b73dd291e82760 SHA256 c93827ac2b8fdd83e2c36788053ee7567ceb13b3cbc5fcf40d186500e05c8104 AUX iptables-1.3.2.confd 290 RMD160 cb180068f86a608b16d850635ae909ea7b9cc059 SHA1 cb56dba4799eb3998b28e492c61265574c37d522 SHA256 351e123ba9e0ec7db2bcff42849aa627d29a3b2e77a47b82386f5e3a7e21bd30 AUX iptables-1.3.2.init 2570 RMD160 84d06807fae0455009476cfa63dfcda9fe016dc3 SHA1 da7c4fca4049c4d3f45e32d29403c8bb05047f15 SHA256 1137517483c0d312e3d396d953e9ee197b84f64ed17adfd48f25dbb60e114697 AUX iptables-1.4.11.1-man-fixes.patch 1165 RMD160 49b29d61a291af0cc7f682c7ddb2d5ac764640e7 SHA1 5e4941364a26c5d75fc43766888d54c84bf21fb3 SHA256 2b89e9ba68334bc45ac7b96ad53565a1cf41805a3659f65888ad495e84f9822e AUX iptables-1.4.11.init 2604 RMD160 dccdc3b503a3d89a360cef37d22beec1ab221995 SHA1 bdd2f04f413000eb50de72bb248e7dcd6b8a6fac SHA256 d0a27b011bc7f02d148931b9c2628288d35f521ccbc06b779fd41cef6d7b7f80 +AUX iptables-1.4.12.1-conntrack-v2-ranges.patch 2293 RMD160 4623cce896ee51bfe011cc00fc2284059ca6718b SHA1 8c2c4b39dc5f2d8016dccc9a2c4a629f61f60a15 SHA256 713e62adae8651e94296619297afe603ef3f7da68c4ff10e5a64be24c5cfe537 AUX iptables-1.4.12.1-lm.patch 2107 RMD160 8dcb6438a4bb5848af546265ec393325674bd573 SHA1 2a5304c800d7cdc1850dbe2f0ae5c03339964422 SHA256 dfc429b71c6a3d77a6447e4d7c0c13f62cf086187f491968b3361568f9aa09ef DIST iptables-1.4.10.tar.bz2 478007 RMD160 f06298fa982ffe5cb5c1885395d375d909512bf6 SHA1 8190b8c9714a3eec825317e8ac1deeb3d11c6d29 SHA256 7544e437d2222078b15e6cd063b521c6f1ec4dac49e6af9ba3bfece2a6a93445 DIST iptables-1.4.11.1.tar.bz2 486926 RMD160 43d5e267bf630d663785ee4435a89de0bfc6c5d0 SHA1 2aa0d215485133f2817973b0914a132f628d9f3a SHA256 170c294698ca573477b1b2a3815e1563bf9929d182efef6cf0331a6e955c9ade @@ -15,15 +13,9 @@ DIST iptables-1.4.6.tar.bz2 463758 RMD160 05e2e46f71f04e7675ed6f1d9f43b1142bcb14 EBUILD iptables-1.4.10-r1.ebuild 2211 RMD160 08b184f51e106040be081664af0d0571a664229b SHA1 9cd5c0bb8414baae57fa954f60833df8f1c41152 SHA256 9e252a50a818104753102a48216ed3f67c524ab2866ffb752e0fd985ca61434c EBUILD iptables-1.4.10.ebuild 1847 RMD160 e6679bf4f78d1fd02e2f804d4c9fb708068927d1 SHA1 b5d309d92fd2ab38755e749994805f599cd7edc9 SHA256 59b3e9be75d0d4c13694692d36fc8e96a2a775e5a4809c300864c63a0b184376 EBUILD iptables-1.4.11.1-r2.ebuild 2226 RMD160 1164d66cde2b975c35e5f84532a41947bf618d98 SHA1 fc798d54e6ada0e2bc1cec4926329e1faeaa6417 SHA256 7cca07bca62a6bc5f5fd0c78abc237594d6fd1e69d03664deaddad16276e12b2 +EBUILD iptables-1.4.12.1-r1.ebuild 2313 RMD160 905ffc04fb9bf2db0b8be59093e79df5a8cd3bf7 SHA1 54c3783520c50a73aad64f4491bb67d1fe9d0c3f SHA256 ff4f3490fa76cc1a2fee091de250a9674e5b3347cdb8d56ee1adf97e05d5fd1a EBUILD iptables-1.4.12.1.ebuild 2243 RMD160 d73af34ee2d726a6fc0f13971ab044c240a6bd0c SHA1 52b35700b427805fc161efa3131e791f91a059b1 SHA256 4007fcaf924663f8f45366d77b7cd1af22c4d49befd1e8bdbefda2fd590c80ff EBUILD iptables-1.4.12.ebuild 2181 RMD160 ac5dca50c3fc903d0a9466503f0dea3f65af7635 SHA1 8e7aa3bc786b5c805ac32015d2cd59ecb59feaf1 SHA256 28ddb17b1b0cfaddd290ee8f850075368082df0029f3a6949b5b87505779316b EBUILD iptables-1.4.6.ebuild 1433 RMD160 9dbfa44e5cd29a505a7095f122154061cef1d969 SHA1 788fc9f2ad8aa814821b43aa89933a8e281401c3 SHA256 c3808c683e4f286e40989133c80ad898aaa8e00eac635ec115652acb974e302f -MISC ChangeLog 44404 RMD160 09f946df8faeef16230bceab78a1bd1d6ff3ba24 SHA1 7f52ef1f2d39f13ad1811578f904644751db0323 SHA256 5e0ed81779a7f09322a64b83a3dbf30145042c93e465f14d2bc442b180a7cb6a +MISC ChangeLog 44654 RMD160 8368b3b672d449db5fdbf6e960c94e95591e4a4f SHA1 d59c57613ff3a0a57cdc55cea15b2b836411db51 SHA256 8723159d40a80e5c1860e9aa157761f18c2720f7a1cfad7795e0ba08b0fbaf0a MISC metadata.xml 1033 RMD160 e99b7b4ea8b981347a7fcadb549d122e23af4fd7 SHA1 4feab39d5a63d9ead6d389eae639bcbfd7fff197 SHA256 6972ae7bad5c0025564a15429579f046ab4c365929aa175b1e84c1586872bdc9 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.18 (GNU/Linux) - -iEYEARECAAYFAk52I20ACgkQkKaRLQcq0GIGewCdERiGI4ZF4izNeu7utFRDvw38 -56IAmwS8VZ3vUwxE+J8zu3HSiDXJ6hIE -=a/WT ------END PGP SIGNATURE----- diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch b/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch new file mode 100644 index 000000000000..9bbcc67cb6a5 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch @@ -0,0 +1,48 @@ +commit 3412bd0bfb8b8bac9834cbfd3392b3d5487133bf +Author: Tom Eastep <teastep@shorewall.net> +Date: Thu Aug 18 15:11:16 2011 -0700 + + libxt_conntrack: improve error message on parsing violation + + Tom Eastep noted: + + $ iptables -A foo -m conntrack --ctorigdstport 22 + iptables v1.4.12: conntrack rev 2 does not support port ranges + Try `iptables -h' or 'iptables --help' for more information. + + Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug, + but let's include Tom's patch nevertheless for the better error + message in case one actually does specify a range with rev 2. + + References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2 + Signed-off-by: Jan Engelhardt <jengelh@medozas.de> + +diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c +index 060b947..fff69f8 100644 +--- a/extensions/libxt_conntrack.c ++++ b/extensions/libxt_conntrack.c +@@ -129,13 +129,20 @@ static const struct xt_option_entry conntrack2_mt_opts[] = { + .flags = XTOPT_INVERT}, + {.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC, + .flags = XTOPT_INVERT}, +- {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORT, ++ /* ++ * Rev 1 and 2 only store one port, and we would normally use ++ * %XTTYPE_PORT (rather than %XTTYPE_PORTRC) for that. The resulting ++ * error message - in case a user passed a range nevertheless - ++ * "port 22:23 resolved to nothing" is not quite as useful as using ++ * %XTTYPE_PORTC and libxt_conntrack's own range test. ++ */ ++ {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_NBO}, +- {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORT, ++ {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_NBO}, +- {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORT, ++ {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_NBO}, +- {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORT, ++ {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_NBO}, + {.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, diff --git a/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild b/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild new file mode 100644 index 000000000000..3dca4d624dd9 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild @@ -0,0 +1,88 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild,v 1.1 2011/09/19 07:45:40 pva Exp $ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink" + +COMMON_DEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + sys-devel/automake +" +RDEPEND=" + ${COMMON_DEPEND} +" + +src_prepare() { + epatch "${FILESDIR}/iptables-1.4.12.1-lm.patch" + epatch "${FILESDIR}/iptables-1.4.12.1-conntrack-v2-ranges.patch" + eautomake + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \ + configure || die + econf \ + --sbindir=/sbin \ + --libexecdir=/$(get_libdir) \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + --enable-static \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + emake install DESTDIR="${D}" + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} |