From 43c988c13be72ad3b4444b9fcd96b4377743ced9 Mon Sep 17 00:00:00 2001 From: Nicholas Vinson Date: Sun, 10 Jul 2016 15:07:00 -0700 Subject: net-firewall/nftables: backport null payload desc fix nftables-0.6 handling of payload context descriptions was changed from version 0.5. This change causes the code to segfault when the desc variable in payload_expr_pctx_update() is set to null. The issue appears to be fixed with upstream commit 3503738f77cdbe521da1054a37f59ac2e442b4cf. Therefore, backporting that commit to 0.6 to fix this issue. Gentoo-bug: 588192 Package-Manager: portage-2.3.0 Closes: https://github.com/gentoo/gentoo/pull/1865 --- .../files/nftables-0.6-null-payload-desc-fix.patch | 14 ++++ net-firewall/nftables/nftables-0.6-r1.ebuild | 84 --------------------- net-firewall/nftables/nftables-0.6-r2.ebuild | 87 ++++++++++++++++++++++ 3 files changed, 101 insertions(+), 84 deletions(-) create mode 100644 net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch delete mode 100644 net-firewall/nftables/nftables-0.6-r1.ebuild create mode 100644 net-firewall/nftables/nftables-0.6-r2.ebuild (limited to 'net-firewall') diff --git a/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch new file mode 100644 index 000000000000..3ea59e7aa490 --- /dev/null +++ b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch @@ -0,0 +1,14 @@ +diff --git a/src/payload.c b/src/payload.c +index ac0e917..9ba980a 100644 +--- a/src/payload.c ++++ b/src/payload.c +@@ -85,6 +85,9 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx, + base = ctx->protocol[left->payload.base].desc; + desc = proto_find_upper(base, proto); + ++ if (!desc) ++ return; ++ + assert(desc->base <= PROTO_BASE_MAX); + if (desc->base == base->base) { + assert(base->length > 0); diff --git a/net-firewall/nftables/nftables-0.6-r1.ebuild b/net-firewall/nftables/nftables-0.6-r1.ebuild deleted file mode 100644 index 550c6da95816..000000000000 --- a/net-firewall/nftables/nftables-0.6-r1.ebuild +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=6 - -inherit autotools linux-info systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="http://netfilter.org/projects/nftables/" -SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~arm ~x86" -IUSE="debug doc gmp +readline" - -RDEPEND=">=net-libs/libmnl-1.0.3 - >=net-libs/libnftnl-1.0.6 - gmp? ( dev-libs/gmp:0= ) - readline? ( sys-libs/readline:0= )" -DEPEND="${RDEPEND} - >=app-text/docbook2X-0.8.8-r4 - doc? ( >=app-text/dblatex-0.3.7 ) - sys-devel/bison - sys-devel/flex - virtual/pkgconfig" - -S="${WORKDIR}/v${PV}" - -PATCHES=( "${FILESDIR}/${PN}-0.5-pdf-doc.patch" ) - -pkg_setup() { - if kernel_is ge 3 13; then - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - eautoreconf -} - -src_configure() { - econf \ - --sbindir="${EPREFIX}"/sbin \ - $(use_enable doc pdf-doc) \ - $(use_enable debug) \ - $(use_with readline cli) \ - $(use_with !gmp mini_gmp) -} - -src_install() { - default - - dodir /usr/libexec/${PN} - exeinto /usr/libexec/${PN} - doexe "${FILESDIR}"/libexec/${PN}.sh - - newconfd "${FILESDIR}"/${PN}.confd ${PN} - newinitd "${FILESDIR}"/${PN}.init ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - systemd_enable_service basic.target ${PN}-restore.service -} - -pkg_postinst() { - local save_file - save_file="${EROOT}var/lib/nftables/rules-save" - - elog "In order for the nftables-restore systemd service to start, " - elog "the file, ${save_file}, must exist. To create this " - elog "file run the following command: " - elog "" - elog " touch '${save_file}'" - elog "" - elog "Afterwards, the nftables-restore service should be manually started " - elog "to ensure firewall changes are stored on system shutdown. The " - elog "systemd service will function normally thereafter." -} diff --git a/net-firewall/nftables/nftables-0.6-r2.ebuild b/net-firewall/nftables/nftables-0.6-r2.ebuild new file mode 100644 index 000000000000..7874baf0062b --- /dev/null +++ b/net-firewall/nftables/nftables-0.6-r2.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit autotools linux-info systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://netfilter.org/projects/nftables/" +SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="debug doc gmp +readline" + +RDEPEND=">=net-libs/libmnl-1.0.3 + >=net-libs/libnftnl-1.0.6 + gmp? ( dev-libs/gmp:0= ) + readline? ( sys-libs/readline:0= )" +DEPEND="${RDEPEND} + >=app-text/docbook2X-0.8.8-r4 + doc? ( >=app-text/dblatex-0.3.7 ) + sys-devel/bison + sys-devel/flex + virtual/pkgconfig" + +S="${WORKDIR}/v${PV}" + +PATCHES=( + "${FILESDIR}/${PN}-0.5-pdf-doc.patch" + "${FILESDIR}/${P}-null-payload-desc-fix.patch" +) + +pkg_setup() { + if kernel_is ge 3 13; then + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + econf \ + --sbindir="${EPREFIX}"/sbin \ + $(use_enable doc pdf-doc) \ + $(use_enable debug) \ + $(use_with readline cli) \ + $(use_with !gmp mini_gmp) +} + +src_install() { + default + + dodir /usr/libexec/${PN} + exeinto /usr/libexec/${PN} + doexe "${FILESDIR}"/libexec/${PN}.sh + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.init ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + systemd_enable_service basic.target ${PN}-restore.service +} + +pkg_postinst() { + local save_file + save_file="${EROOT}var/lib/nftables/rules-save" + + elog "In order for the nftables-restore systemd service to start, " + elog "the file, ${save_file}, must exist. To create this " + elog "file run the following command: " + elog "" + elog " touch '${save_file}'" + elog "" + elog "Afterwards, the nftables-restore service should be manually started " + elog "to ensure firewall changes are stored on system shutdown. The " + elog "systemd service will function normally thereafter." +} -- cgit v1.2.3-65-gdbad