diff options
Diffstat (limited to 'net-firewall/iptables/files')
3 files changed, 0 insertions, 155 deletions
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch b/net-firewall/iptables/files/iptables-1.4.21-configure.patch deleted file mode 100644 index e827885f1688..000000000000 --- a/net-firewall/iptables/files/iptables-1.4.21-configure.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://bugs.gentoo.org/557586 - -From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sat, 15 Aug 2015 14:12:39 -0400 -Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE - -The 3rd arg is used when --{enable,disable}-foo are passed in, not when -the feature is enabled. Use the existing $enableval instead. - -Signed-off-by: Mike Frysinger <vapier@gentoo.org> ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/configure -+++ b/configure -@@ -11898,14 +11898,14 @@ fi - - # Check whether --enable-bpf-compiler was given. - if test "${enable_bpf_compiler+set}" = set; then : -- enableval=$enable_bpf_compiler; enable_bpfc="yes" -+ enableval=$enable_bpf_compiler; enable_bpfc="$enableval" - else - enable_bpfc="no" - fi - - # Check whether --enable-nfsynproxy was given. - if test "${enable_nfsynproxy+set}" = set; then : -- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes" -+ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval" - else - enable_nfsynproxy="no" - fi diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch deleted file mode 100644 index a4183d6d4025..000000000000 --- a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch +++ /dev/null @@ -1,77 +0,0 @@ -https://bugs.gentoo.org/558234 -http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e - -From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Fri, 5 Sep 2014 20:45:56 +0200 -Subject: [PATCH] extensions: libxt_connlabel: do not open config file from - _init hook - -else, static builds will print this for every iptables invocation, -even 'iptables -L'. Delay open until we need to translate a mapping. - -Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com> -Signed-off-by: Florian Westphal <fw@strlen.de> ---- - extensions/libxt_connlabel.c | 27 ++++++++++++++++++++------- - 1 file changed, 20 insertions(+), 7 deletions(-) - -diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c -index c84a167..1f83095 100644 ---- a/extensions/libxt_connlabel.c -+++ b/extensions/libxt_connlabel.c -@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = { - XTOPT_TABLEEND, - }; - -+/* cannot do this via _init, else static builds might spew error message -+ * for every iptables invocation. -+ */ -+static void connlabel_open(void) -+{ -+ if (map) -+ return; -+ -+ map = nfct_labelmap_new(NULL); -+ if (!map && errno) -+ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n", -+ strerror(errno)); -+} -+ - static void connlabel_mt_parse(struct xt_option_call *cb) - { - struct xt_connlabel_mtinfo *info = cb->data; - int tmp; - -+ connlabel_open(); - xtables_option_parse(cb); - - switch (cb->entry->id) { -@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb) - - static const char *connlabel_get_name(int b) - { -- const char *name = nfct_labelmap_get_name(map, b); -+ const char *name; -+ -+ connlabel_open(); -+ -+ name = nfct_labelmap_get_name(map, b); - if (name && strcmp(name, "")) - return name; - return NULL; -@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = { - - void _init(void) - { -- map = nfct_labelmap_new(NULL); -- if (!map) { -- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n", -- connlabel_mt_reg.name, strerror(errno)); -- return; -- } - xtables_register_match(&connlabel_mt_reg); - } --- -2.4.4 - diff --git a/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch deleted file mode 100644 index a0fca7efa93a..000000000000 --- a/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch +++ /dev/null @@ -1,44 +0,0 @@ -From b2fc2a368562d55fadad94d995247bb8cd7e68a3 Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Wed, 24 Oct 2018 12:00:11 +0200 -Subject: extensions: limit: unbreak build without libnftnl - -Lars Wendler reported 1.8.1 build failure when trying to build without nft backend: - - In file included from ../iptables/nft.h:5, from libxt_limit.c:18: libnftnl/rule.h: No such file or directory - -Reported-by: Lars Wendler <polynomial-c@gentoo.org> -Fixes: 02b80972c43 ("ebtables: Merge libebt_limit.c into libxt_limit.c") -Signed-off-by: Florian Westphal <fw@strlen.de> ---- - extensions/libxt_limit.c | 1 - - iptables/nft-bridge.h | 1 + - 2 files changed, 1 insertion(+), 1 deletion(-) - -diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c -index c7b66295..1b324657 100644 ---- a/extensions/libxt_limit.c -+++ b/extensions/libxt_limit.c -@@ -15,7 +15,6 @@ - #include <xtables.h> - #include <linux/netfilter/x_tables.h> - #include <linux/netfilter/xt_limit.h> --#include "iptables/nft.h" - #include "iptables/nft-bridge.h" - - #define XT_LIMIT_AVG "3/hour" -diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h -index 9d49ccbe..de52cd71 100644 ---- a/iptables/nft-bridge.h -+++ b/iptables/nft-bridge.h -@@ -68,6 +68,7 @@ int ebt_get_mac_and_mask(const char *from, unsigned char *to, unsigned char *mas - #define EBT_VERDICT_BITS 0x0000000F - - struct nftnl_rule; -+struct iptables_command_state; - - static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = { - "ACCEPT", --- -cgit v1.2.1 - |