From 4bc834b03b9438dcfd45780f31a02994c24608ba Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Fri, 13 Jan 2023 05:48:01 +0000
Subject: gentoo auto-resync : 13:01:2023 - 05:48:01

---
 net-firewall/Manifest.gz                           | Bin 4533 -> 4540 bytes
 net-firewall/iptables/Manifest                     |   3 +
 .../files/iptables-1.8.9-format-security.patch     |  26 +++
 net-firewall/iptables/iptables-1.8.9.ebuild        | 180 +++++++++++++++++++++
 4 files changed, 209 insertions(+)
 create mode 100644 net-firewall/iptables/files/iptables-1.8.9-format-security.patch
 create mode 100644 net-firewall/iptables/iptables-1.8.9.ebuild

(limited to 'net-firewall')

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index aeb59f602dc2..a3bb6ac390ed 100644
Binary files a/net-firewall/Manifest.gz and b/net-firewall/Manifest.gz differ
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index b1e5ac3f39c6..f8f484b9ec94 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -5,6 +5,7 @@ AUX iptables-1.8.8-format-security.patch 639 BLAKE2B df5c843d0cd6634740b37230026
 AUX iptables-1.8.8-musl-headers.patch 2061 BLAKE2B 6876d083d179a055c60422397e67a24137ae5bb72cba02f732d4dd7313171c10717202a41f1256196d5b64bc29d22e98d8d0eb9861130fa93481b527d0117e96 SHA512 136f3c7dae7c88739ed1c2d2c14e9a8381013c8a376bee80a7f994098810bb61d76dd143dc65430f0ec7b44d542b64242dd947134936468155840a4a26e6ce79
 AUX iptables-1.8.8-out-of-tree-build.patch 1058 BLAKE2B 5a358632780b607533033dc3bf6b6e24ac1af49dbbc26afae05668187c2a4072dba1cdbf51647b6b5f7c5f68e5a3d64fa82b5b0477d3cd4e936d466b731707fb SHA512 453ed9a2b3b2dddb3ccc9a099386c28290416ea356884084fd4d9bd2b026e21732b91f020fbe55de12ba970b815993f2e3a18a52a6774ab7738383e2f144a973
 AUX iptables-1.8.8-uint-musl.patch 4607 BLAKE2B 8ca4ba2fec97e99e1f57d9d1f376dbdab53a698279534879163ad5dade629cda3ac232df54d57ae75e589c2327492953e0c30356bdc4367b9a1474afc259136c SHA512 01d3af7330334b5002ec9d50e4b469651148b911d9ab5d45d5a2cd08e72c3be5e770c047cbc337485e40cb622ee470faa9ed91b53ca59e09a1c197bf5df48a9a
+AUX iptables-1.8.9-format-security.patch 870 BLAKE2B fc33c16eae1c77a5714ecb3f7bbb859dfe64b9506ac82a6d8f91f206d24a5ebf66664e141b60e4580e59bd85314d27df5edf6bd11511ffa4dab7deaf833ccb93 SHA512 7551438de030506e4fe462a715f6a16637991f90cfaddc352a95c0341c72ae7d90728bc0a4e56da2cc108ff2c4e3f9e92451fb6dc65633d47973694550fd08b4
 AUX iptables-r1.confd 890 BLAKE2B 0aaca870e3c03f19a71cf1b210377dfda320faf118359e298bef419eaf280fd11c9726d200ae89602e863c9b48de0bb51ac05424b50c064afe948a980e300153 SHA512 10002da01ded6be0e9bca6041798ad0859fa2212fde077a048443e4f3012c95d86e4580ae426e87af5891368062af9af6f9fd35ed617d24cdd3c51702b816b13
 AUX iptables-r3.init 3961 BLAKE2B fd25c46060f31242e1cb5e07281a79431eba2915a34fd91df86f3e6573029d46bb3cdf97d1297863def105cbbc34fadf6b19785951ca16893f1fe539bb070354 SHA512 13a5128f531f9f146e5f77985b899ec5d8b99223b3a1e90e656c1819bfa0984645de412b3938f998eb216ef98d5fd558dbc183351e707be0997499f40f706f16
 AUX systemd/ip6tables-restore.service 404 BLAKE2B 35cdf804e787aa5cc382cc638de523735ab47b878168c41d8eef85eb592e5bebd9319e75a10db28f0eba6618efae355c90f03ac0798239edeb80d01108e98a47 SHA512 34730df7464354bce11ca5bdceb5cf305e8ab7e2ded2c2689448379e74ff93252e7a83cfe05c2f3238f59a2ade69cd9c328291c28c43b6612bfb7b29fcb0feee
@@ -12,5 +13,7 @@ AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a
 AUX systemd/iptables-restore.service 400 BLAKE2B cd7f700cf717a2efb6504770308f7dcb90a1968f64cca98ea5e7437cf3cf2a2e8f575e3743ac19eec8738c665f4243f537a101c00d5d1cc94648688d4e240a59 SHA512 8c005e321ad041068f243e4baa6588b24b0ffd69991f2129dfab0a34d0ebaf702ff2be8b7328126c84abdc3bbd300e1c387a690c5f6a002b50b2e9148feeb8ef
 AUX systemd/iptables-store.service 240 BLAKE2B 7ddb4425e63cd41f421767fab25a7b055087fddde5927291b3fce6e0e978f0cb3b734bcacf02f78257eec99274056b69058436a847dcb366f5fb70032e410355 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e
 DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
+DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70
 EBUILD iptables-1.8.8-r5.ebuild 4733 BLAKE2B 46f0e77386ae051047868354c5ce774e4d88113aed56e70338c98150de672b959d2200d5da59051f1272cbad28a03153bc5503705c1b58bbb9c7fb041947fd6e SHA512 d0379b878c8c7d52b6967a9a8634ee5e48fceee70910733d1ec46f793fdf5adceb8946924619052b63c77a4715a5225a2a95f61402c29c4110aa0af4a5e88a33
+EBUILD iptables-1.8.9.ebuild 4558 BLAKE2B 5495e16fd5616051dbd1d9b8e5610b11fb647f506be28edf589699ca3d136dce8ad735a451f18b51a0e621e3f44c93bc61ca21a8b4f0430e11647168f51689d8 SHA512 8bbf97b626085aafe531eb802cffb8e7e76c64328759c651d1a47df97eb83b95cea65870e3cb7a702bbc5c7b53aed09d9e88543cd526344725a1eb7999976dfd
 MISC metadata.xml 1466 BLAKE2B 7378fedb44c6e6d19e508a764ec997911f966beccd40b1f93096ad3343b7cd72f9ca129e67a666c54ca4382348a448597bd607197ffe6b94669d84306c81d127 SHA512 f89038980e81bfceaf872ff1938c47e8ad12060bbe9ff48e0e9ca9dd5acc0196b2261d2b22a156cbfd7be89d1d67448969d39ff9b28efb0896702760afa14842
diff --git a/net-firewall/iptables/files/iptables-1.8.9-format-security.patch b/net-firewall/iptables/files/iptables-1.8.9-format-security.patch
new file mode 100644
index 000000000000..a95c43600986
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.9-format-security.patch
@@ -0,0 +1,26 @@
+https://git.netfilter.org/iptables/commit/?id=ed4082a7405a5838c205a34c1559e289949200cc
+
+From ed4082a7405a5838c205a34c1559e289949200cc Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 12 Jan 2023 14:38:44 +0100
+Subject: extensions: NAT: Fix for -Werror=format-security
+
+Have to pass either a string literal or format string to xt_xlate_add().
+
+Fixes: f30c5edce0413 ("extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+--- a/extensions/libxt_NAT.c
++++ b/extensions/libxt_NAT.c
+@@ -424,7 +424,7 @@ __NAT_xlate(struct xt_xlate *xl, const struct nf_nat_range2 *r,
+ 	if (r->flags & NF_NAT_RANGE_PROTO_OFFSET)
+ 		return 0;
+ 
+-	xt_xlate_add(xl, tgt);
++	xt_xlate_add(xl, "%s", tgt);
+ 	if (strlen(range_str))
+ 		xt_xlate_add(xl, " to %s", range_str);
+ 	if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) {
+-- 
+cgit v1.2.3
+
+
diff --git a/net-firewall/iptables/iptables-1.8.9.ebuild b/net-firewall/iptables/iptables-1.8.9.ebuild
new file mode 100644
index 000000000000..09aace20ecdd
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.9.ebuild
@@ -0,0 +1,180 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+	netlink? ( net-libs/libnfnetlink )
+	nftables? (
+		>=net-libs/libmnl-1.0:=
+		>=net-libs/libnftnl-1.1.6:=
+	)
+	pcap? ( net-libs/libpcap )
+"
+DEPEND="
+	${COMMON_DEPEND}
+	virtual/os-headers
+	>=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="
+	virtual/pkgconfig
+	nftables? (
+		sys-devel/flex
+		app-alternatives/yacc
+	)
+"
+RDEPEND="
+	${COMMON_DEPEND}
+	nftables? ( net-misc/ethertypes )
+	!<net-firewall/ebtables-2.0.11-r1
+	!<net-firewall/arptables-0.0.5-r1
+"
+IDEPEND=">=app-eselect/eselect-iptables-20220320"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.8.4-no-symlinks.patch
+	"${FILESDIR}"/${P}-format-security.patch
+)
+
+src_prepare() {
+	# Use the saner headers from the kernel
+	rm include/linux/{kernel,types}.h || die
+
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build, bug #444282
+	tc-export AR
+
+	# Hack around struct mismatches between userland & kernel for some ABIs
+	# bug #472388
+	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+		configure || die
+
+	local myeconfargs=(
+		--sbindir="${EPREFIX}/sbin"
+		--libexecdir="${EPREFIX}/$(get_libdir)"
+		--enable-devel
+		--enable-ipv6
+		--enable-shared
+		$(use_enable nftables)
+		$(use_enable pcap bpf-compiler)
+		$(use_enable pcap nfsynproxy)
+		$(use_enable static-libs static)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+
+	# Managed by eselect-iptables
+	# https://bugs.gentoo.org/881295
+	rm "${ED}/usr/bin/iptables-xml" || die
+
+	dodoc iptables/iptables.xslt
+
+	# All the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/ip{,6}tables.h
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/ip{,6}tables
+	newinitd "${FILESDIR}"/${PN}-r3.init iptables
+	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+	dosym iptables /etc/init.d/ip6tables
+	newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+
+	if use nftables; then
+		# Bug #647458
+		rm "${ED}"/etc/ethertypes || die
+
+		# Bugs #660886 and #669894
+		rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+	fi
+
+	systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
+
+	# Move important libs to /lib, bug #332175
+	gen_usr_ldscript -a ip{4,6}tc xtables
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local default_iptables="xtables-legacy-multi"
+	if ! eselect iptables show &>/dev/null; then
+		elog "Current iptables implementation is unset, setting to ${default_iptables}"
+		eselect iptables set "${default_iptables}"
+	fi
+
+	if use nftables; then
+		local tables
+		for tables in {arp,eb}tables; do
+			if ! eselect ${tables} show &>/dev/null; then
+				elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+				eselect ${tables} set xtables-nft-multi
+			fi
+		done
+	fi
+
+	eselect iptables show
+}
+
+pkg_prerm() {
+	if [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Unsetting iptables symlinks before removal"
+		eselect iptables unset
+	fi
+
+	if ! has_version 'net-firewall/ebtables'; then
+		elog "Unsetting ebtables symlinks before removal"
+		eselect ebtables unset
+	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Resetting ebtables symlinks to ebtables-legacy"
+		eselect ebtables set ebtables-legacy
+	fi
+
+	if ! has_version 'net-firewall/arptables'; then
+		elog "Unsetting arptables symlinks before removal"
+		eselect arptables unset
+	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Resetting arptables symlinks to arptables-legacy"
+		eselect arptables set arptables-legacy
+	fi
+
+	# The eselect module failing should not be fatal
+	return 0
+}
-- 
cgit v1.2.3