summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/conntrack-tools/conntrack-tools-1.4.7-r1.ebuild114
-rw-r--r--net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch28
-rw-r--r--net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0002-Fix-Wstrict-prototypes.patch19
-rw-r--r--net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0003-Fix-Wimplicit-function-declaration.patch56
4 files changed, 217 insertions, 0 deletions
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.7-r1.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.7-r1.ebuild
new file mode 100644
index 000000000000..07701cad4d77
--- /dev/null
+++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.7-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
+inherit autotools linux-info systemd verify-sig
+
+DESCRIPTION="Connection tracking userspace tools"
+HOMEPAGE="https://conntrack-tools.netfilter.org"
+SRC_URI="https://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2
+ verify-sig? ( https://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2.sig )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ppc ~ppc64 ~riscv ~x86"
+IUSE="doc +cthelper +cttimeout systemd"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.3
+ >=net-libs/libnetfilter_conntrack-1.0.9
+ >=net-libs/libnetfilter_queue-1.0.2
+ >=net-libs/libnfnetlink-1.0.1
+ net-libs/libtirpc
+ cthelper? (
+ >=net-libs/libnetfilter_cthelper-1.0.0
+ )
+ cttimeout? (
+ >=net-libs/libnetfilter_cttimeout-1.0.0
+ )
+ systemd? (
+ >=sys-apps/systemd-227
+ )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig
+ doc? (
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ )
+ verify-sig? ( sec-keys/openpgp-keys-netfilter )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch
+ "${FILESDIR}"/${PN}-1.4.5-0002-Fix-Wstrict-prototypes.patch
+ "${FILESDIR}"/${PN}-1.4.5-0003-Fix-Wimplicit-function-declaration.patch
+)
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ if kernel_is lt 2 6 18 ; then
+ die "${PN} requires at least 2.6.18 kernel version"
+ fi
+
+ # netfilter core team has changed some option names with kernel 2.6.20
+ if kernel_is lt 2 6 20 ; then
+ CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
+ else
+ CONFIG_CHECK="~NF_CT_NETLINK"
+ fi
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
+ ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
+
+ check_extra_config
+
+ linux_config_exists || \
+ linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
+ linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
+ ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
+ "are not set when one at least should be."
+}
+
+src_prepare() {
+ default
+
+ # bug #474858
+ sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die
+
+ # Drop once Clang 16 patches merged (implicit func decl, etc)
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_enable cthelper) \
+ $(use_enable cttimeout) \
+ $(use_enable systemd)
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc/manual
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}"/conntrackd.initd-r3 conntrackd
+ newconfd "${FILESDIR}"/conntrackd.confd-r2 conntrackd
+
+ insinto /etc/conntrackd
+ doins doc/stats/conntrackd.conf
+
+ systemd_dounit "${FILESDIR}"/conntrackd.service
+
+ dodoc -r doc/sync doc/stats AUTHORS TODO
+ use doc && dodoc doc/manual/${PN}.html
+}
diff --git a/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch
new file mode 100644
index 000000000000..bc9bd8d3a13d
--- /dev/null
+++ b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch
@@ -0,0 +1,28 @@
+https://bugzilla.netfilter.org/show_bug.cgi?id=1637
+
+From a450f6374dc1b0296578599adf77f9ac025fab85 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Nov 2022 07:51:23 +0000
+Subject: [PATCH 1/3] Makefile.am: don't suppress various warnings
+
+These will become fatal with Clang 16 and GCC 14 anyway, but let's
+address the real problem (followup commit).
+
+We do have to keep one wrt yyerror() & const char* though, but
+the issue is contained to the code Bison generates.
+
+Bug: https://bugzilla.netfilter.org/show_bug.cgi?id=1637
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -60,8 +60,8 @@ if HAVE_SYSTEMD
+ conntrackd_SOURCES += systemd.c
+ endif
+
+-# yacc and lex generate dirty code
+-read_config_yy.o read_config_lex.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls -Wno-sign-compare
++# yacc and lex generate dirty code (issue is in yyerror() wrt const char* vs. char*)
++read_config_yy.o read_config_lex.o: AM_CFLAGS += -Wno-incompatible-pointer-types -Wno-discarded-qualifiers
+
+ conntrackd_LDADD = ${LIBMNL_LIBS} ${LIBNETFILTER_CONNTRACK_LIBS} \
+ ${libdl_LIBS} ${LIBNFNETLINK_LIBS}
diff --git a/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0002-Fix-Wstrict-prototypes.patch b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0002-Fix-Wstrict-prototypes.patch
new file mode 100644
index 000000000000..e170ec07ba0a
--- /dev/null
+++ b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0002-Fix-Wstrict-prototypes.patch
@@ -0,0 +1,19 @@
+https://bugzilla.netfilter.org/show_bug.cgi?id=1637
+
+From 11965f7020fbadcc9784daf598687841e96ef3fe Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Nov 2022 07:52:01 +0000
+Subject: [PATCH 2/3] Fix -Wstrict-prototypes
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/src/network.c
++++ b/src/network.c
+@@ -113,7 +113,7 @@ void nethdr_track_update_seq(uint32_t seq)
+ STATE_SYNC(last_seq_recv) = seq;
+ }
+
+-int nethdr_track_is_seq_set()
++int nethdr_track_is_seq_set(void)
+ {
+ return local_seq_set;
+ }
diff --git a/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0003-Fix-Wimplicit-function-declaration.patch b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0003-Fix-Wimplicit-function-declaration.patch
new file mode 100644
index 000000000000..eb34f4ffd4e4
--- /dev/null
+++ b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0003-Fix-Wimplicit-function-declaration.patch
@@ -0,0 +1,56 @@
+https://bugzilla.netfilter.org/show_bug.cgi?id=1637
+
+From a6df37777fc47c2473a13501c17eb3cbbf922ec1 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 24 Nov 2022 07:57:37 +0000
+Subject: [PATCH 3/3] Fix -Wimplicit-function-declaration
+
+Bug: https://bugzilla.netfilter.org/show_bug.cgi?id=1637
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/src/read_config_lex.l
++++ b/src/read_config_lex.l
+@@ -21,6 +21,7 @@
+
+ #include <string.h>
+
++#include "log.h"
+ #include "conntrackd.h"
+ #include "read_config_yy.h"
+ %}
+@@ -174,7 +175,7 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
+ %%
+
+ int
+-yywrap()
++yywrap(void)
+ {
+ return 1;
+ }
+--- a/src/read_config_yy.y
++++ b/src/read_config_yy.y
+@@ -31,14 +31,25 @@
+ #include "cidr.h"
+ #include "helper.h"
+ #include "stack.h"
++#include "log.h"
++
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++
+ #include <sched.h>
+ #include <dlfcn.h>
++
+ #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+ #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
+
+ extern char *yytext;
+ extern int yylineno;
+
++int yylex (void);
++int yyerror (char *msg);
++void yyrestart (FILE *input_file);
++
+ struct ct_conf conf;
+
+ static void __kernel_filter_start(void);