gentoo resync : 14.07.2018

2 files changed, 70 insertions, 0 deletions

diff --git a/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
new file mode 100644
index 000000000000..6b19c87678b1
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
@@ -0,0 +1,26 @@
+extensions: don't bother to build libebt/libarp extensions if nft backend was disabled
+
+Bug: https://bugs.gentoo.org/660790
+Reported-by: Thomas Deutschmann <whissi@gentoo.org>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ extensions/GNUmakefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index bee666e80e45..c0d73cd28c03 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -40,8 +40,8 @@ endif
+ #	Wildcard module list
+ #
+ pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
+-pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
+-pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c)))
++@ENABLE_NFTABLES_TRUE@ pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
++@ENABLE_NFTABLES_TRUE@ pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c)))
+ pfx_symlinks  := NOTRACK state
+ @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
+ @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
+-- 
+2.17.1
diff --git a/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
new file mode 100644
index 000000000000..1053c0a338ed
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
@@ -0,0 +1,44 @@
+Backport of
+
+https://git.netfilter.org/iptables/commit/?id=565a22395c4c620bf26a002515d9016db0c35824
+
+Bug: https://bugs.gentoo.org/660886
+--- a/iptables/Makefile.am
++++ b/iptables/Makefile.am
+@@ -80,7 +80,9 @@ x_sbin_links  = iptables-nft iptables-nft-restore iptables-nft-save \
+ 		ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \
+ 		iptables-translate ip6tables-translate \
+ 		iptables-restore-translate ip6tables-restore-translate \
+-		arptables ebtables xtables-monitor
++		arptables-nft arptables \
++		ebtables-nft ebtables \
++		xtables-monitor
+ endif
+ 
+ iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/matches.man ../extensions/targets.man
+--- a/iptables/Makefile.in
++++ b/iptables/Makefile.in
+@@ -526,7 +526,9 @@ vx_bin_links = iptables-xml
+ @ENABLE_NFTABLES_TRUE@		ip6tables-nft ip6tables-nft-restore ip6tables-nft-save \
+ @ENABLE_NFTABLES_TRUE@		iptables-translate ip6tables-translate \
+ @ENABLE_NFTABLES_TRUE@		iptables-restore-translate ip6tables-restore-translate \
+-@ENABLE_NFTABLES_TRUE@		arptables ebtables xtables-monitor
++@ENABLE_NFTABLES_TRUE@		arptables-nft arptables \
++@ENABLE_NFTABLES_TRUE@		ebtables-nft ebtables \
++@ENABLE_NFTABLES_TRUE@		xtables-monitor
+ 
+ pkgconfig_DATA = xtables.pc
+ all: $(BUILT_SOURCES)
+--- a/iptables/xtables-nft-multi.c
++++ b/iptables/xtables-nft-multi.c
+@@ -31,8 +31,10 @@ static const struct subcommand multi_subcommands[] = {
+ 	{"iptables-restore-translate",	xtables_ip4_xlate_restore_main},
+ 	{"ip6tables-restore-translate",	xtables_ip6_xlate_restore_main},
+ 	{"arptables",			xtables_arp_main},
++	{"arptables-nft",		xtables_arp_main},
+ 	{"ebtables-translate",		xtables_eb_xlate_main},
+ 	{"ebtables",			xtables_eb_main},
++	{"ebtables-nft",		xtables_eb_main},
+ 	{"xtables-monitor",		xtables_monitor_main},
+ 	{NULL},
+ };