diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2018-11-20 15:21:32 +0100 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2018-11-20 15:22:55 +0100 |
| commit | 7ed84d5b5c472c3251c4acb752d9fed6880bf973 (patch) | |
| tree | 2c3bbd3ab74876b20c5a53e288e57c042f0726e2 /net-firewall/iptables/files | |
| parent | media-plugins/kodi-inputstream-adaptive: 2.3.11 version bump (diff) | |
| download | gentoo-7ed84d5b5c472c3251c4acb752d9fed6880bf973.tar.gz gentoo-7ed84d5b5c472c3251c4acb752d9fed6880bf973.tar.bz2 gentoo-7ed84d5b5c472c3251c4acb752d9fed6880bf973.zip | |
Revert "net-firewall/iptables: Removed old."
This reverts commit 070fae35cc6d85cdb9c35b92b476394e17c8c144.
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-firewall/iptables/files')
| -rw-r--r-- | net-firewall/iptables/files/iptables-1.4.21-configure.patch | 34 | ||||
| -rw-r--r-- | net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch | 77 |
2 files changed, 111 insertions, 0 deletions
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch b/net-firewall/iptables/files/iptables-1.4.21-configure.patch new file mode 100644 index 000000000000..e827885f1688 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.21-configure.patch @@ -0,0 +1,34 @@ +https://bugs.gentoo.org/557586 + +From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sat, 15 Aug 2015 14:12:39 -0400 +Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE + +The 3rd arg is used when --{enable,disable}-foo are passed in, not when +the feature is enabled. Use the existing $enableval instead. + +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/configure ++++ b/configure +@@ -11898,14 +11898,14 @@ fi + + # Check whether --enable-bpf-compiler was given. + if test "${enable_bpf_compiler+set}" = set; then : +- enableval=$enable_bpf_compiler; enable_bpfc="yes" ++ enableval=$enable_bpf_compiler; enable_bpfc="$enableval" + else + enable_bpfc="no" + fi + + # Check whether --enable-nfsynproxy was given. + if test "${enable_nfsynproxy+set}" = set; then : +- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes" ++ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval" + else + enable_nfsynproxy="no" + fi diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch new file mode 100644 index 000000000000..a4183d6d4025 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch @@ -0,0 +1,77 @@ +https://bugs.gentoo.org/558234 +http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e + +From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001 +From: Florian Westphal <fw@strlen.de> +Date: Fri, 5 Sep 2014 20:45:56 +0200 +Subject: [PATCH] extensions: libxt_connlabel: do not open config file from + _init hook + +else, static builds will print this for every iptables invocation, +even 'iptables -L'. Delay open until we need to translate a mapping. + +Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com> +Signed-off-by: Florian Westphal <fw@strlen.de> +--- + extensions/libxt_connlabel.c | 27 ++++++++++++++++++++------- + 1 file changed, 20 insertions(+), 7 deletions(-) + +diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c +index c84a167..1f83095 100644 +--- a/extensions/libxt_connlabel.c ++++ b/extensions/libxt_connlabel.c +@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = { + XTOPT_TABLEEND, + }; + ++/* cannot do this via _init, else static builds might spew error message ++ * for every iptables invocation. ++ */ ++static void connlabel_open(void) ++{ ++ if (map) ++ return; ++ ++ map = nfct_labelmap_new(NULL); ++ if (!map && errno) ++ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n", ++ strerror(errno)); ++} ++ + static void connlabel_mt_parse(struct xt_option_call *cb) + { + struct xt_connlabel_mtinfo *info = cb->data; + int tmp; + ++ connlabel_open(); + xtables_option_parse(cb); + + switch (cb->entry->id) { +@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb) + + static const char *connlabel_get_name(int b) + { +- const char *name = nfct_labelmap_get_name(map, b); ++ const char *name; ++ ++ connlabel_open(); ++ ++ name = nfct_labelmap_get_name(map, b); + if (name && strcmp(name, "")) + return name; + return NULL; +@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = { + + void _init(void) + { +- map = nfct_labelmap_new(NULL); +- if (!map) { +- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n", +- connlabel_mt_reg.name, strerror(errno)); +- return; +- } + xtables_register_match(&connlabel_mt_reg); + } +-- +2.4.4 + |