diff options
author | Mike Frysinger <vapier@gentoo.org> | 2015-08-14 04:55:34 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-08-14 05:28:23 -0400 |
commit | 2368abbabde1c09c2bb28404f39590a6ac9fb678 (patch) | |
tree | 0c0ce343f29cf5b7f5740414b3a6e52a2df48d0e /net-firewall/iptables/files | |
parent | 70e27369a40a3e5e261423f477ee0081b356f2fb (diff) | |
download | gentoo-2368abbabde1c09c2bb28404f39590a6ac9fb678.tar.gz gentoo-2368abbabde1c09c2bb28404f39590a6ac9fb678.tar.xz |
net-firewall/iptables: drop old
Diffstat (limited to 'net-firewall/iptables/files')
12 files changed, 0 insertions, 745 deletions
diff --git a/net-firewall/iptables/files/ip6tables-1.3.2.confd b/net-firewall/iptables/files/ip6tables-1.3.2.confd deleted file mode 100644 index 93c0bc89b38..00000000000 --- a/net-firewall/iptables/files/ip6tables-1.3.2.confd +++ /dev/null @@ -1,11 +0,0 @@ -# /etc/conf.d/ip6tables - -# Location in which iptables initscript will save set rules on -# service shutdown -IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" - -# Options to pass to iptables-save and iptables-restore -SAVE_RESTORE_OPTIONS="-c" - -# Save state on stopping iptables -SAVE_ON_STOP="yes" diff --git a/net-firewall/iptables/files/iptables-1.3.2.confd b/net-firewall/iptables/files/iptables-1.3.2.confd deleted file mode 100644 index 91287debdbc..00000000000 --- a/net-firewall/iptables/files/iptables-1.3.2.confd +++ /dev/null @@ -1,11 +0,0 @@ -# /etc/conf.d/iptables - -# Location in which iptables initscript will save set rules on -# service shutdown -IPTABLES_SAVE="/var/lib/iptables/rules-save" - -# Options to pass to iptables-save and iptables-restore -SAVE_RESTORE_OPTIONS="-c" - -# Save state on stopping iptables -SAVE_ON_STOP="yes" diff --git a/net-firewall/iptables/files/iptables-1.3.2.init b/net-firewall/iptables/files/iptables-1.3.2.init deleted file mode 100644 index 907a39e7479..00000000000 --- a/net-firewall/iptables/files/iptables-1.3.2.init +++ /dev/null @@ -1,115 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -extra_commands="save panic" -extra_started_commands="reload" - -iptables_name=${SVCNAME} -if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then - iptables_name="iptables" -fi - -iptables_bin="/sbin/${iptables_name}" -case ${iptables_name} in - iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE};; - ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE};; -esac - -depend() { - before net - use logger -} - -set_table_policy() { - local chains table=$1 policy=$2 - case ${table} in - nat) chains="PREROUTING POSTROUTING OUTPUT";; - mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; - filter) chains="INPUT FORWARD OUTPUT";; - *) chains="";; - esac - local chain - for chain in ${chains} ; do - ${iptables_bin} -t ${table} -P ${chain} ${policy} - done -} - -checkkernel() { - if [ ! -e ${iptables_proc} ] ; then - eerror "Your kernel lacks ${iptables_name} support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 -} -checkconfig() { - if [ ! -f ${iptables_save} ] ; then - eerror "Not starting ${iptables_name}. First create some rules then run:" - eerror "/etc/init.d/${iptables_name} save" - return 1 - fi - return 0 -} - -start() { - checkconfig || return 1 - ebegin "Loading ${iptables_name} state and starting firewall" - ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" - eend $? -} - -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ] ; then - save || return 1 - fi - checkkernel || return 1 - ebegin "Stopping firewall" - local a - for a in $(cat ${iptables_proc}) ; do - set_table_policy $a ACCEPT - - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - done - eend $? -} - -reload() { - checkkernel || return 1 - ebegin "Flushing firewall" - local a - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - done - eend $? - - start -} - -save() { - ebegin "Saving ${iptables_name} state" - touch "${iptables_save}" - chmod 0600 "${iptables_save}" - ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" - eend $? -} - -panic() { - checkkernel || return 1 - service_started ${iptables_name} && svc_stop - - local a - ebegin "Dropping all packets" - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - - set_table_policy $a DROP - done - eend $? -} diff --git a/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch b/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch deleted file mode 100644 index d83a7059f37..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/iptables/Makefile.am b/iptables/Makefile.am -index 13cca9c..a068278 100644 ---- a/iptables/Makefile.am -+++ b/iptables/Makefile.am -@@ -51,10 +51,10 @@ v6_sbin_links = ip6tables ip6tables-restore ip6tables-save - endif - - iptables.8: ${srcdir}/iptables.8.in ../extensions/matches4.man ../extensions/targets4.man -- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@; -+ ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r ../extensions/matches4.man' -e '/@TARGET@/ r ../extensions/targets4.man' $< >$@; - - ip6tables.8: ${srcdir}/ip6tables.8.in ../extensions/matches6.man ../extensions/targets6.man -- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches6.man' -e '/@TARGET@/ r extensions/targets6.man' $< >$@; -+ ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r ../extensions/matches6.man' -e '/@TARGET@/ r ../extensions/targets6.man' $< >$@; - - pkgconfig_DATA = xtables.pc - diff --git a/net-firewall/iptables/files/iptables-1.4.11.init b/net-firewall/iptables/files/iptables-1.4.11.init deleted file mode 100644 index 6b2b88c5dbe..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.11.init +++ /dev/null @@ -1,117 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -extra_commands="save panic" -extra_started_commands="reload" - -iptables_name=${SVCNAME} -if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then - iptables_name="iptables" -fi - -iptables_bin="/sbin/${iptables_name}" -case ${iptables_name} in - iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE};; - ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE};; -esac - -depend() { - before net - use logger -} - -set_table_policy() { - local chains table=$1 policy=$2 - case ${table} in - nat) chains="PREROUTING POSTROUTING OUTPUT";; - mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; - filter) chains="INPUT FORWARD OUTPUT";; - *) chains="";; - esac - local chain - for chain in ${chains} ; do - ${iptables_bin} -t ${table} -P ${chain} ${policy} - done -} - -checkkernel() { - if [ ! -e ${iptables_proc} ] ; then - eerror "Your kernel lacks ${iptables_name} support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 -} -checkconfig() { - if [ ! -f ${iptables_save} ] ; then - eerror "Not starting ${iptables_name}. First create some rules then run:" - eerror "/etc/init.d/${iptables_name} save" - return 1 - fi - return 0 -} - -start() { - checkconfig || return 1 - ebegin "Loading ${iptables_name} state and starting firewall" - ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" - eend $? -} - -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ] ; then - save || return 1 - fi - checkkernel || return 1 - ebegin "Stopping firewall" - local a - for a in $(cat ${iptables_proc}) ; do - set_table_policy $a ACCEPT - - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - done - eend $? -} - -reload() { - checkkernel || return 1 - ebegin "Flushing firewall" - local a - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - done - eend $? - - start -} - -save() { - ebegin "Saving ${iptables_name} state" - touch "${iptables_save}" - chmod 0600 "${iptables_save}" - ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" - eend $? -} - -panic() { - checkkernel || return 1 - if service_started ${iptables_name}; then - rc-service ${iptables_name} stop - fi - - local a - ebegin "Dropping all packets" - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - - set_table_policy $a DROP - done - eend $? -} diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch b/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch deleted file mode 100644 index 9bbcc67cb6a..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch +++ /dev/null @@ -1,48 +0,0 @@ -commit 3412bd0bfb8b8bac9834cbfd3392b3d5487133bf -Author: Tom Eastep <teastep@shorewall.net> -Date: Thu Aug 18 15:11:16 2011 -0700 - - libxt_conntrack: improve error message on parsing violation - - Tom Eastep noted: - - $ iptables -A foo -m conntrack --ctorigdstport 22 - iptables v1.4.12: conntrack rev 2 does not support port ranges - Try `iptables -h' or 'iptables --help' for more information. - - Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug, - but let's include Tom's patch nevertheless for the better error - message in case one actually does specify a range with rev 2. - - References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2 - Signed-off-by: Jan Engelhardt <jengelh@medozas.de> - -diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c -index 060b947..fff69f8 100644 ---- a/extensions/libxt_conntrack.c -+++ b/extensions/libxt_conntrack.c -@@ -129,13 +129,20 @@ static const struct xt_option_entry conntrack2_mt_opts[] = { - .flags = XTOPT_INVERT}, - {.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC, - .flags = XTOPT_INVERT}, -- {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORT, -+ /* -+ * Rev 1 and 2 only store one port, and we would normally use -+ * %XTTYPE_PORT (rather than %XTTYPE_PORTRC) for that. The resulting -+ * error message - in case a user passed a range nevertheless - -+ * "port 22:23 resolved to nothing" is not quite as useful as using -+ * %XTTYPE_PORTC and libxt_conntrack's own range test. -+ */ -+ {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC, - .flags = XTOPT_INVERT | XTOPT_NBO}, -- {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORT, -+ {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC, - .flags = XTOPT_INVERT | XTOPT_NBO}, -- {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORT, -+ {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC, - .flags = XTOPT_INVERT | XTOPT_NBO}, -- {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORT, -+ {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC, - .flags = XTOPT_INVERT | XTOPT_NBO}, - {.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING}, - XTOPT_TABLEEND, diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch b/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch deleted file mode 100644 index 4d9e1d8ed4d..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch +++ /dev/null @@ -1,61 +0,0 @@ -parent 2ca6273c73b42e8c74afd5f8b1fe10c5c93ce363 (v1.4.12-43-g2ca6273) -commit d4e72dc1c684c2f8361d87e6bde2902cd2ee8efb -Author: Jan Engelhardt <jengelh@medozas.de> -Date: Sat Sep 3 13:34:40 2011 +0200 - -libxt_statistic: link with -lm - -$ ldd -r libxt_statistic.so -undefined symbol: lround (./libxt_statistic.so) - -References: https://bugs.archlinux.org/task/25358 -Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ---- - extensions/GNUmakefile.in | 5 ++++- - iptables/Makefile.am | 9 +++++++-- - 2 files changed, 11 insertions(+), 3 deletions(-) - -diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in -index 2b48d84..dbf210c 100644 ---- a/extensions/GNUmakefile.in -+++ b/extensions/GNUmakefile.in -@@ -90,11 +90,14 @@ init%.o: init%.c - # Shared libraries - # - lib%.so: lib%.oo -- ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $<; -+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< ${$*_LIBADD}; - - lib%.oo: ${srcdir}/lib%.c - ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; - -+# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD -+xt_statistic_LIBADD = -lm -+ - - # - # Static bits -diff --git a/iptables/Makefile.am b/iptables/Makefile.am -index addb159..f6db32d 100644 ---- a/iptables/Makefile.am -+++ b/iptables/Makefile.am -@@ -6,12 +6,17 @@ AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir} - lib_LTLIBRARIES = libxtables.la - libxtables_la_SOURCES = xtables.c xtoptions.c - libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage} -+libxtables_la_LIBADD = -+if ENABLE_STATIC -+# With --enable-static, shipped extensions are linked into the main executable, -+# so we need all the LIBADDs here too -+libxtables_la_LIBADD += -lm -+endif - if ENABLE_SHARED - libxtables_la_CFLAGS = ${AM_CFLAGS} --libxtables_la_LIBADD = -ldl -+libxtables_la_LIBADD += -ldl - else - libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1 --libxtables_la_LIBADD = - endif - - xtables_multi_SOURCES = xtables-multi.c iptables-xml.c diff --git a/net-firewall/iptables/files/iptables-1.4.13.init b/net-firewall/iptables/files/iptables-1.4.13.init deleted file mode 100644 index a45c6d1a991..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.13.init +++ /dev/null @@ -1,116 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -extra_commands="save panic" -extra_started_commands="reload" - -iptables_name=${SVCNAME} -if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then - iptables_name="iptables" -fi - -iptables_bin="/sbin/${iptables_name}" -case ${iptables_name} in - iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE};; - ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE};; -esac - -depend() { - before net -} - -set_table_policy() { - local chains table=$1 policy=$2 - case ${table} in - nat) chains="PREROUTING POSTROUTING OUTPUT";; - mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; - filter) chains="INPUT FORWARD OUTPUT";; - *) chains="";; - esac - local chain - for chain in ${chains} ; do - ${iptables_bin} -t ${table} -P ${chain} ${policy} - done -} - -checkkernel() { - if [ ! -e ${iptables_proc} ] ; then - eerror "Your kernel lacks ${iptables_name} support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 -} -checkconfig() { - if [ ! -f ${iptables_save} ] ; then - eerror "Not starting ${iptables_name}. First create some rules then run:" - eerror "/etc/init.d/${iptables_name} save" - return 1 - fi - return 0 -} - -start() { - checkconfig || return 1 - ebegin "Loading ${iptables_name} state and starting firewall" - ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" - eend $? -} - -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ] ; then - save || return 1 - fi - checkkernel || return 1 - ebegin "Stopping firewall" - local a - for a in $(cat ${iptables_proc}) ; do - set_table_policy $a ACCEPT - - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - done - eend $? -} - -reload() { - checkkernel || return 1 - ebegin "Flushing firewall" - local a - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - done - eend $? - - start -} - -save() { - ebegin "Saving ${iptables_name} state" - touch "${iptables_save}" - chmod 0600 "${iptables_save}" - ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" - eend $? -} - -panic() { - checkkernel || return 1 - if service_started ${iptables_name}; then - rc-service ${iptables_name} stop - fi - - local a - ebegin "Dropping all packets" - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a - - set_table_policy $a DROP - done - eend $? -} diff --git a/net-firewall/iptables/files/iptables-1.4.16.2-static.patch b/net-firewall/iptables/files/iptables-1.4.16.2-static.patch deleted file mode 100644 index a5d6fe71f67..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.16.2-static.patch +++ /dev/null @@ -1,55 +0,0 @@ -https://bugs.gentoo.org/437712 - -From 269655d54e22f3a36250bb2c4639dddd102258c6 Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt <jengelh@inai.de> -Date: Mon, 8 Oct 2012 12:04:56 +0000 -Subject: [PATCH] build: remove symlink-only extensions from static object - list - -$ ./configure --enable-static --disable-shared --enable-ipv4 - --enable-ipv6 && make -[...] -make[3]: *** No rule to make target "libxt_NOTRACK.o", needed by -"libext.a". Stop. - -Signed-off-by: Jan Engelhardt <jengelh@inai.de> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - extensions/GNUmakefile.in | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in -index 8b38df9..1cef239 100644 ---- a/extensions/GNUmakefile.in -+++ b/extensions/GNUmakefile.in -@@ -39,7 +39,7 @@ endif - # Wildcard module list - # - pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c))) --pfx_build_mod += NOTRACK state -+pfx_symlinks := NOTRACK state - @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c))) - @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c))) - pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) -@@ -48,7 +48,7 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) - pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod}) - pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod}) - pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod}) --pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod}) -+pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks}) - pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod}) - pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) - -@@ -220,7 +220,7 @@ man_run = \ - done >$@; - - matches.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man) -- $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod})) -+ $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks})) - - targets.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man) -- $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod})) -+ $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks})) --- -1.7.12 - diff --git a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch deleted file mode 100644 index 5212dd253aa..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d42bc7c100de69396a527e90736198f8e4e3000b Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sun, 30 Dec 2012 18:06:15 -0500 -Subject: [PATCH] extensions: fix linking against -lip6tc - -The current build forgets to specify a path to find libip6tc which means -it either fails (if there is no libip6tc in the system), or links against -an old version (if there is one in the system). - -References: https://bugs.gentoo.org/449262 -Reported-by: Mike Gilbert <floppym@gentoo.org> -Signed-off-by: Mike Frysinger <vapier@gentoo.org> ---- - extensions/GNUmakefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in -index e71e3ff..a605474 100644 ---- a/extensions/GNUmakefile.in -+++ b/extensions/GNUmakefile.in -@@ -101,7 +101,7 @@ libxt_state.so: libxt_conntrack.so - ln -fs $< $@ - - # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD --ip6t_NETMAP_LIBADD = -lip6tc -+ip6t_NETMAP_LIBADD = -L../libiptc/.libs -lip6tc - xt_RATEEST_LIBADD = -lm - xt_statistic_LIBADD = -lm - --- -1.8.0 - diff --git a/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch deleted file mode 100644 index 33d048163a1..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Sat, 16 Mar 2013 12:15:30 +0100 -Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP" - -This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6. - -The use of libtool was introduced to resolve linking problems -in NETMAP (IPv6 version), but that resulted in RPATH problems -reported from distributors and warnings spotted by libtool at -linking stage. - -Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and -get rid of libip6tc dependency) fixed the NETMAP issue, let's -roll back to our previous stage. - -A small conflicts in extensions/GNUmakefile.in has been resolved -in this revert. - -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - extensions/GNUmakefile.in | 18 +++++++----------- - 1 file changed, 7 insertions(+), 11 deletions(-) - -diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in -index 3db6985..1ae7f74 100644 ---- a/extensions/GNUmakefile.in -+++ b/extensions/GNUmakefile.in -@@ -33,7 +33,6 @@ AM_VERBOSE_CXX = @echo " CXX " $@; - AM_VERBOSE_CXXLD = @echo " CXXLD " $@; - AM_VERBOSE_AR = @echo " AR " $@; - AM_VERBOSE_GEN = @echo " GEN " $@; --AM_VERBOSE_NULL = @ - endif - - # -@@ -76,7 +75,7 @@ install: ${targets_install} - if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi; - - clean: -- rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; -+ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; - rm -f .*.d .*.dd; - - distclean: clean -@@ -90,19 +89,16 @@ init%.o: init%.c - # - # Shared libraries - # --lib%.so: lib%.la -- ${AM_VERBOSE_NULL} ln -fs .libs/$@ $@ -+lib%.so: lib%.oo -+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD}; - --lib%.la: lib%.lo -- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir} -- --lib%.lo: ${srcdir}/lib%.c -- ${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $< -+lib%.oo: ${srcdir}/lib%.c -+ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; - - libxt_NOTRACK.so: libxt_CT.so -- ${AM_VERBOSE_GEN} ln -fs $< $@ -+ ln -fs $< $@ - libxt_state.so: libxt_conntrack.so -- ${AM_VERBOSE_GEN} ln -fs $< $@ -+ ln -fs $< $@ - - # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD - xt_RATEEST_LIBADD = -lm --- -1.8.2.1 - diff --git a/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch deleted file mode 100644 index 52829de24a5..00000000000 --- a/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch +++ /dev/null @@ -1,88 +0,0 @@ -From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Sat, 16 Mar 2013 12:11:07 +0100 -Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of - libip6tc dependency - -This patch changes the NETMAP target extension (IPv6 side) to use -the xtables_ip6mask_to_cidr available in libxtables. - -As a side effect, we get rid of the libip6tc dependency. - -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - extensions/GNUmakefile.in | 1 - - extensions/libip6t_NETMAP.c | 2 +- - include/libiptc/libip6tc.h | 3 --- - iptables/ip6tables.c | 2 +- - libiptc/libip6tc.c | 2 +- - 5 files changed, 3 insertions(+), 7 deletions(-) - -diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in -index adad4d6..3db6985 100644 ---- a/extensions/GNUmakefile.in -+++ b/extensions/GNUmakefile.in -@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so - ${AM_VERBOSE_GEN} ln -fs $< $@ - - # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD --ip6t_NETMAP_LIBADD = ../libiptc/libip6tc.la - xt_RATEEST_LIBADD = -lm - xt_statistic_LIBADD = -lm - -diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c -index d14dece..a4df70e 100644 ---- a/extensions/libip6t_NETMAP.c -+++ b/extensions/libip6t_NETMAP.c -@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target, - printf("%s", xtables_ip6addr_to_numeric(&a)); - for (i = 0; i < 4; i++) - a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]); -- bits = ipv6_prefix_length(&a); -+ bits = xtables_ip6mask_to_cidr(&a); - if (bits < 0) - printf("/%s", xtables_ip6addr_to_numeric(&a)); - else -diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h -index c656bc4..9aed80a 100644 ---- a/include/libiptc/libip6tc.h -+++ b/include/libiptc/libip6tc.h -@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void); - /* Translates errno numbers into more human-readable form than strerror. */ - const char *ip6tc_strerror(int err); - --/* Return prefix length, or -1 if not contiguous */ --int ipv6_prefix_length(const struct in6_addr *a); -- - extern void dump_entries6(struct xtc_handle *const); - - extern const struct xtc_ops ip6tc_ops; -diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c -index 4cfbea3..7d02cc1 100644 ---- a/iptables/ip6tables.c -+++ b/iptables/ip6tables.c -@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip, - const struct in6_addr *mask, int invert) - { - char buf[51]; -- int l = ipv6_prefix_length(mask); -+ int l = xtables_ip6mask_to_cidr(mask); - - if (l == 0 && !invert) - return; -diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c -index 7128e1c..ca01bcb 100644 ---- a/libiptc/libip6tc.c -+++ b/libiptc/libip6tc.c -@@ -113,7 +113,7 @@ typedef unsigned int socklen_t; - #define BIT6(a, l) \ - ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1) - --int -+static int - ipv6_prefix_length(const struct in6_addr *a) - { - int l, i; --- -1.8.2.1 - |