diff options
| author |   Sergey Popov <pinkbyte@gentoo.org> | 2014-08-19 07:21:26 +0000 |
|---|---|---|
| committer | Sergey Popov <pinkbyte@gentoo.org> | 2014-08-19 07:21:26 +0000 |
| commit | d98e8a2bfb9adf735af17c63094e507a66c25e31 (patch) | |
| tree | 6ced4ef53187ed23475622a12e38903d0dc4cd32 /net-firewall | |
| parent | Version bump pillow to 2.5.3 for bug 520226 (diff) | |
| download | historical-d98e8a2bfb9adf735af17c63094e507a66c25e31.tar.gz historical-d98e8a2bfb9adf735af17c63094e507a66c25e31.tar.bz2 historical-d98e8a2bfb9adf735af17c63094e507a66c25e31.zip | |
Revision bump: restore compatibility with hardened setups, wrt bug #519480, add optional debugfs support. Drop old revision
Package-Manager: portage-2.2.12/cvs/Linux x86_64
Manifest-Sign-Key: 0x1F357D42
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/ipt_netflow/ChangeLog | 9 | ||||
| -rw-r--r-- | net-firewall/ipt_netflow/Manifest | 15 | ||||
| -rw-r--r-- | net-firewall/ipt_netflow/files/ipt_netflow-2.0-pax-const.patch | 69 | ||||
| -rw-r--r-- | net-firewall/ipt_netflow/ipt_netflow-2.0-r1.ebuild (renamed from net-firewall/ipt_netflow/ipt_netflow-2.0.ebuild) | 29 |
4 files changed, 109 insertions, 13 deletions
diff --git a/net-firewall/ipt_netflow/ChangeLog b/net-firewall/ipt_netflow/ChangeLog index 9281212db47d..03b9008cc699 100644 --- a/net-firewall/ipt_netflow/ChangeLog +++ b/net-firewall/ipt_netflow/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-firewall/ipt_netflow # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ChangeLog,v 1.15 2014/08/09 09:58:09 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ChangeLog,v 1.16 2014/08/19 07:21:25 pinkbyte Exp $ + +*ipt_netflow-2.0-r1 (19 Aug 2014) + + 19 Aug 2014; Sergey Popov <pinkbyte@gentoo.org> -ipt_netflow-2.0.ebuild, + +ipt_netflow-2.0-r1.ebuild, +files/ipt_netflow-2.0-pax-const.patch: + Revision bump: restore compatibility with hardened setups, wrt bug #519480, + add optional debugfs support. Drop old revision *ipt_netflow-2.0 (09 Aug 2014) diff --git a/net-firewall/ipt_netflow/Manifest b/net-firewall/ipt_netflow/Manifest index 96bf1fcd8053..8578020db903 100644 --- a/net-firewall/ipt_netflow/Manifest +++ b/net-firewall/ipt_netflow/Manifest @@ -6,16 +6,21 @@ AUX ipt_netflow-1.8-numphyspages-fix.patch 678 SHA256 1c6a7afc6fd56f9b89dea947b9 AUX ipt_netflow-1.8-pax-const.patch 1547 SHA256 c03e8dc5ff0f18b0ccf86e0c674ac2bbd04a803a8670a05ca8a19d867d7d92af SHA512 b269af88d9de3fb2d1b82c5f3cd3b2450c102476f52a8156328850d943ae99a5f1a2e52a9ec87ec354e079124ec9aebeec303091a88f9f86aec05f54c7d53df8 WHIRLPOOL 969a5c8f96e28e3a44a11cb008387e71f8b31b9a54226d6ac6bec90312cbd52b79503f1c13210b348dbfd8daf4534b7df05e00ccd992d88d23fe0a65d9123426 AUX ipt_netflow-1.8-procfs-fix.patch 1318 SHA256 bdfed9dc128df52bd9bc5a007c4dba3e1b96e83bf70ac785b32b60c7d581c530 SHA512 66e8ee572f811e008653d87324cdb9a167591af17053e5fda14827c44a5ac5ea26e035c42b3261d249a9a0a5d5e4f532d57a64bd636db80522e832fd4f5c2b0b WHIRLPOOL 6077e3addc781e0b61f5f0a9ff7bce67c1a92db67b13388844397b8c3748ab5b78566c1d1fb6087ff13ff19c380d847a2b23a8e83b93529ee09e58474b3702b0 AUX ipt_netflow-2.0-configure.patch 276 SHA256 cf24753f0075b8015b8832799d993fcc1671ab001033f40f7d0ee12ba469de50 SHA512 cb7b1a690a69eb68ce57d1b216324de3114c01a6bc2ca7e29fece702be62a0f903e6946426c49a8fcd08295466524eb464127655a8742507f999a318319cd3d0 WHIRLPOOL ca45617b098c4e57756b5aeacef9c638444c12cbbd3dea38de457fca9be89592e854c3b9bd70d36250dce4becee28fee94ecd321c857786dc93e92ff5316ab16 +AUX ipt_netflow-2.0-pax-const.patch 1903 SHA256 c9e92a197d5c5b2f1a5c68e583a264220cd957029e852e699641a81e7c4d9b95 SHA512 89685b95c1cff097a43b54c94d386ef0c68f23ecb64863dee63e59f833b6c2652dbee7cfcd8c681e42a64a99a03e9882ecb2efff2e57b101c5d9399207a2c74f WHIRLPOOL 9e6fc70fc28e04b56d8bce1bd0a9e8a1266d771c82f0082df4072bfafea98e1e44204b950c197b991f4258e33c0e26ef54260e08ac0a0cb40ea8b5d438f4f872 DIST ipt_netflow-1.8.tgz 20921 SHA256 e705646698c1b0275eea0f34038fa7e00bf660d2bc591d3ac04afa0fe3f1ddd0 SHA512 2b0195bd56ecd04c52a11e3347b5e4fb09dc784a3394fee3e0a7e5749e39f4b6af48cd6748dd96ce33d13dd13ae05d096f2a9e0bade33d57a028d568d5b7da20 WHIRLPOOL cfd16cc4be9cab5157b2784c20f6792fd1208c0f5d58dcd8f8a3ee3870d12afe317897c7bf2b265c459ba3f0567cf331a2056ef0e95f6f2f28092318167ad5c4 DIST ipt_netflow-2.0.tgz 46456 SHA256 547ca6c2e8d82fc7d3d113d2ab3f602106d1efa7739167f8c7850a43e5bbe46e SHA512 7bf330ac665180218ea4cc42fe6ac6d365b45632039ff9601559f7a4675738c409853433b15dd431dba68cfe36269d6992754154411e2761041fec021e19bf8d WHIRLPOOL 1d54d2b1386f50e98cfaa082356559ec044f9b2088c70c024bc030482cc57ae5fac6de3e691f155f80fd6647b97c0f50f3292625511fe3c9ced404cfd4cff63c EBUILD ipt_netflow-1.8-r4.ebuild 1942 SHA256 6d4a5350a2412eb77cb065eb020eea1071bb8e4f9ff8c93f68dd640d241643df SHA512 ce0a8a9acd579150c85b9b35b46284a64fcc7209bbbcb596faf027c6770c8a6e1fdfd56304d076ca02a0f7ad88d030ca825a3543a513b338acc82cf041369779 WHIRLPOOL 3f550bb39453034fa8e42dc805e60a8f885ef9cad8fa1f9d8ab4a033c878f2199f836445d47e4e6d288c2fbda40e43dc54b7de1147e91256e08fc249dad665e0 -EBUILD ipt_netflow-2.0.ebuild 1632 SHA256 6682a5c2100caa34c89d86a469d064a81d9856e9c98fcd794f39baf990738d4e SHA512 ae7af702f896d24049875cced6ec3ca5cc9fe6024db243f915984a0ede3f25132bbde2642f2397398b3ed88dc3dc5e8894bbe4e5beb338d038e5b3e7519d530d WHIRLPOOL 82caf1a6d8c6c1ab39244a24472b28a898a354a1bb504bdc65a091f65bf578ddbcb266f861615dbdd70b38663e0066afa9848a94705dfd7af47fe640505beeca -MISC ChangeLog 3082 SHA256 2306c51a08b31f87f5b937d5629441cc8d75f98178ddac89b46664d86c7dc966 SHA512 ad3fefb69226a9d902f6e71142f525635a820f742d98347f5ff96074b645a6bb480b469ad13e7fd0890be1402beb82f6100045c903498abed9d7ddd00260589a WHIRLPOOL 23831dfb9057eb3f440c05c236e8d56a1e1c353545fc5a0437eba66feecd5a23ace2532e2f6abffc7f56ccf7304bc3ce59ad15cf58bc6761d03734566906059c +EBUILD ipt_netflow-2.0-r1.ebuild 1930 SHA256 1686410870afd76f7d5876179503d7c76901b7c9d46e242cf75f84215960302c SHA512 ebff90e9ef79b9daa103f774dab5f2fab30a8875d59097e7f93e9a2d00913e0266865e9442998431a974cc97924c6659206a90fc0ac5cf163e5c9de149de6db6 WHIRLPOOL 3ec978904e8befbf9c99c1f1ee77e8ccbd9393d57079211ff40807c85d9b8121674078c4bfef732b2e11eefdf5702427c47416c8a3a4dabace78629a58022462 +MISC ChangeLog 3396 SHA256 1946267b72cdeb621c71cf08ad85c6317176f3c15c327a6e4c5fb92391613062 SHA512 b3b48fd12b8abce4af74906baa05423b480121c14116b0800be33add6cfe2f206f7532a81d2e2ef43103e10234590af24a702b31a08ff991aab32c92d0cb631f WHIRLPOOL aca6f471f50ebbbf0b6b41202675c5a8aebcd86e1c889f8c1b8c4ba199d8f2245a8b20a5d1495ad05308eaa95b1268a7909a7fd4e6c9bd401dc0c79b475a0cee MISC metadata.xml 345 SHA256 dda378025b31263970cd5e6814fa081a36e4e2ba08e84013a9fc0a16f3625d26 SHA512 d599e44bca77388c107e18b966796ae77ecae297d771096096e5a5ee4626e01ddf1b91e3d585de4e3d7ec0c3f1d56286910e1e2c9b5f93920ecbd097f8638797 WHIRLPOOL 1b5c8c9b2832b502c45a1f0573d89ccd2477e1cb127639ef545bab9a004ac848d3640dfde7712aef5704fc5746c04f1d9c850aa772b1a425480b51d056e95001 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iEYEAREIAAYFAlPl8LMACgkQVWmRsqeSphNOrQCfaiKPJaSHPdntx7cAqRVbEVNQ -KNgAni6FN/y0nJjZOIHQ+MKSVWcllUUA -=kv9u +iQEcBAEBCAAGBQJT8vr2AAoJECo/aRed9267AN0H/2mI82P4pzHSFUBRQve4MJZD +jXkmkrS6stSkCLp4uV/iM8FP7IeYJ8O2aJKRWPqh8CNObSvB8/GCmyp6fzUT3v/2 +9SJnmG6Sr0kng/oi74QM2DJCeidXaKePNnm3XefkhfMk8WVizJ036YEI1RtosU60 +NjRCBrV00fgkyrtUwNSwBGm/tQhWyFwYEQjqLu69Pc2V+mifn8s0SXEcyurTxaMc +rXRfqYxF5Cg2wyPdE4O96iVs3yB/ctf79xKU0pRy0bBbeHpnnrDExspQouAqqcjA +mUnupckSk8Yr38wEJZ878Xkl1BZSZZcbAqsbVNm5OcCgTi6rZYQhlXu2CZ2NK4Q= +=sJ43 -----END PGP SIGNATURE----- diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.0-pax-const.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-pax-const.patch new file mode 100644 index 000000000000..8a1270109652 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-pax-const.patch @@ -0,0 +1,69 @@ +Patch by Jeremy Drake, https://bugs.gentoo.org/show_bug.cgi?id=466430 + +Adds support for building with PaX hardened kernel + +Adapted to version 2.0 by Sergey Popov <pinkbyte@gentoo.org> + +--- ipt_NETFLOW.c.orig 2014-08-07 08:05:08.000000000 +0400 ++++ ipt_NETFLOW.c 2014-08-18 11:10:08.000000000 +0400 +@@ -845,13 +845,13 @@ + void __user *buffer, size_t *lenp, loff_t *fpos) + { + void *orig = ctl->data; ++ ctl_table_no_const lctl = *ctl; + int ret, hsize; + + if (write) +- ctl->data = &hsize; +- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos); ++ lctl.data = &hsize; ++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos); + if (write) { +- ctl->data = orig; + if (hsize < LOCK_COUNT) + return -EPERM; + return set_hashsize(hsize)?:ret; +@@ -864,6 +864,7 @@ + { + int ret; + struct ipt_netflow_sock *usock; ++ ctl_table_no_const lctl = *ctl; + + mutex_lock(&sock_lock); + if (list_empty(&usock_list)) { +@@ -875,8 +876,8 @@ + sndbuf = usock->sock->sk->sk_sndbuf; + mutex_unlock(&sock_lock); + +- ctl->data = &sndbuf; +- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos); ++ lctl.data = &sndbuf; ++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos); + if (!write) + return ret; + if (sndbuf < SOCK_MIN_SNDBUF) +@@ -943,9 +944,10 @@ + { + int ret; + int val = 0; ++ ctl_table_no_const lctl = *ctl; + +- ctl->data = &val; +- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos); ++ lctl.data = &val; ++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos); + + if (!write) + return ret; +@@ -966,8 +968,9 @@ + int ret; + int ver = protocol; + +- ctl->data = &ver; +- ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos); ++ ctl_table_no_const lctl = *ctl; ++ lctl.data = &ver; ++ ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos); + + if (!write) + return ret; diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.0.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.0-r1.ebuild index 0612b60c6c3c..d2ade4923940 100644 --- a/net-firewall/ipt_netflow/ipt_netflow-2.0.ebuild +++ b/net-firewall/ipt_netflow/ipt_netflow-2.0-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ipt_netflow-2.0.ebuild,v 1.1 2014/08/09 09:58:09 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipt_netflow/ipt_netflow-2.0-r1.ebuild,v 1.1 2014/08/19 07:21:25 pinkbyte Exp $ EAPI=5 inherit eutils linux-info linux-mod multilib toolchain-funcs @@ -13,7 +13,7 @@ LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="pax_kernel" +IUSE="debug pax_kernel" RDEPEND="net-firewall/iptables" DEPEND="${RDEPEND} @@ -22,14 +22,19 @@ DEPEND="${RDEPEND} " # set S before MODULE_NAMES -S=${WORKDIR}/${PN/_/-}-${PV} +S="${WORKDIR}/${PN/_/-}-${PV}" BUILD_TARGETS="all" -CONFIG_CHECK="~IP_NF_IPTABLES" MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})" IPT_LIB="/usr/$(get_libdir)/xtables" +pkg_setup() { + local CONFIG_CHECK="~IP_NF_IPTABLES" + use debug && CONFIG_CHECK+=" ~DEBUG_FS" + linux-mod_pkg_setup +} + src_prepare() { sed -i \ -e 's:make -C:$(MAKE) -C:g' \ @@ -38,22 +43,32 @@ src_prepare() { Makefile.in || die # bug #455984 - epatch "${FILESDIR}"/${PN}-2.0-configure.patch + epatch "${FILESDIR}/${PN}-2.0-configure.patch" + + # bugs #466430 and #519480 + if use pax_kernel; then + epatch "${FILESDIR}/${PN}-2.0-pax-const.patch" + fi epatch_user } +do_conf() { + echo ./configure $* + ./configure $* || die 'configure failed' +} + src_configure() { local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)" # econf can not be used, cause configure script fails when see unknown parameter # ipt-src need to be defined, see bug #455984 - ./configure \ + do_conf \ --ipt-lib="${IPT_LIB}" \ --ipt-src="/usr/" \ --ipt-ver="${IPT_VERSION}" \ --kdir="${KV_DIR}" \ --kver="${KV_FULL}" \ - || die 'configure failed' + $(use debug && echo '--enable-debugfs') } src_compile() { |