diff options
Diffstat (limited to 'net-firewall')
4 files changed, 217 insertions, 0 deletions
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.7-r1.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.7-r1.ebuild new file mode 100644 index 000000000000..07701cad4d77 --- /dev/null +++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.7-r1.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc +inherit autotools linux-info systemd verify-sig + +DESCRIPTION="Connection tracking userspace tools" +HOMEPAGE="https://conntrack-tools.netfilter.org" +SRC_URI="https://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2 + verify-sig? ( https://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2.sig )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ppc ~ppc64 ~riscv ~x86" +IUSE="doc +cthelper +cttimeout systemd" + +RDEPEND=" + >=net-libs/libmnl-1.0.3 + >=net-libs/libnetfilter_conntrack-1.0.9 + >=net-libs/libnetfilter_queue-1.0.2 + >=net-libs/libnfnetlink-1.0.1 + net-libs/libtirpc + cthelper? ( + >=net-libs/libnetfilter_cthelper-1.0.0 + ) + cttimeout? ( + >=net-libs/libnetfilter_cttimeout-1.0.0 + ) + systemd? ( + >=sys-apps/systemd-227 + ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + doc? ( + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + ) + verify-sig? ( sec-keys/openpgp-keys-netfilter ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch + "${FILESDIR}"/${PN}-1.4.5-0002-Fix-Wstrict-prototypes.patch + "${FILESDIR}"/${PN}-1.4.5-0003-Fix-Wimplicit-function-declaration.patch +) + +pkg_setup() { + linux-info_pkg_setup + + if kernel_is lt 2 6 18 ; then + die "${PN} requires at least 2.6.18 kernel version" + fi + + # netfilter core team has changed some option names with kernel 2.6.20 + if kernel_is lt 2 6 20 ; then + CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK" + else + CONFIG_CHECK="~NF_CT_NETLINK" + fi + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK + ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS" + + check_extra_config + + linux_config_exists || \ + linux_chkconfig_present "NF_CONNTRACK_IPV4" || \ + linux_chkconfig_present "NF_CONNTRACK_IPV6" || \ + ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \ + "are not set when one at least should be." +} + +src_prepare() { + default + + # bug #474858 + sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die + + # Drop once Clang 16 patches merged (implicit func decl, etc) + eautoreconf +} + +src_configure() { + econf \ + $(use_enable cthelper) \ + $(use_enable cttimeout) \ + $(use_enable systemd) +} + +src_compile() { + default + + use doc && emake -C doc/manual +} + +src_install() { + default + + newinitd "${FILESDIR}"/conntrackd.initd-r3 conntrackd + newconfd "${FILESDIR}"/conntrackd.confd-r2 conntrackd + + insinto /etc/conntrackd + doins doc/stats/conntrackd.conf + + systemd_dounit "${FILESDIR}"/conntrackd.service + + dodoc -r doc/sync doc/stats AUTHORS TODO + use doc && dodoc doc/manual/${PN}.html +} diff --git a/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch new file mode 100644 index 000000000000..bc9bd8d3a13d --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0001-Makefile.am-don-t-suppress-various-warnings.patch @@ -0,0 +1,28 @@ +https://bugzilla.netfilter.org/show_bug.cgi?id=1637 + +From a450f6374dc1b0296578599adf77f9ac025fab85 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Thu, 24 Nov 2022 07:51:23 +0000 +Subject: [PATCH 1/3] Makefile.am: don't suppress various warnings + +These will become fatal with Clang 16 and GCC 14 anyway, but let's +address the real problem (followup commit). + +We do have to keep one wrt yyerror() & const char* though, but +the issue is contained to the code Bison generates. + +Bug: https://bugzilla.netfilter.org/show_bug.cgi?id=1637 +Signed-off-by: Sam James <sam@gentoo.org> +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -60,8 +60,8 @@ if HAVE_SYSTEMD + conntrackd_SOURCES += systemd.c + endif + +-# yacc and lex generate dirty code +-read_config_yy.o read_config_lex.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls -Wno-sign-compare ++# yacc and lex generate dirty code (issue is in yyerror() wrt const char* vs. char*) ++read_config_yy.o read_config_lex.o: AM_CFLAGS += -Wno-incompatible-pointer-types -Wno-discarded-qualifiers + + conntrackd_LDADD = ${LIBMNL_LIBS} ${LIBNETFILTER_CONNTRACK_LIBS} \ + ${libdl_LIBS} ${LIBNFNETLINK_LIBS} diff --git a/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0002-Fix-Wstrict-prototypes.patch b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0002-Fix-Wstrict-prototypes.patch new file mode 100644 index 000000000000..e170ec07ba0a --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0002-Fix-Wstrict-prototypes.patch @@ -0,0 +1,19 @@ +https://bugzilla.netfilter.org/show_bug.cgi?id=1637 + +From 11965f7020fbadcc9784daf598687841e96ef3fe Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Thu, 24 Nov 2022 07:52:01 +0000 +Subject: [PATCH 2/3] Fix -Wstrict-prototypes + +Signed-off-by: Sam James <sam@gentoo.org> +--- a/src/network.c ++++ b/src/network.c +@@ -113,7 +113,7 @@ void nethdr_track_update_seq(uint32_t seq) + STATE_SYNC(last_seq_recv) = seq; + } + +-int nethdr_track_is_seq_set() ++int nethdr_track_is_seq_set(void) + { + return local_seq_set; + } diff --git a/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0003-Fix-Wimplicit-function-declaration.patch b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0003-Fix-Wimplicit-function-declaration.patch new file mode 100644 index 000000000000..eb34f4ffd4e4 --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrack-tools-1.4.5-0003-Fix-Wimplicit-function-declaration.patch @@ -0,0 +1,56 @@ +https://bugzilla.netfilter.org/show_bug.cgi?id=1637 + +From a6df37777fc47c2473a13501c17eb3cbbf922ec1 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Thu, 24 Nov 2022 07:57:37 +0000 +Subject: [PATCH 3/3] Fix -Wimplicit-function-declaration + +Bug: https://bugzilla.netfilter.org/show_bug.cgi?id=1637 +Signed-off-by: Sam James <sam@gentoo.org> +--- a/src/read_config_lex.l ++++ b/src/read_config_lex.l +@@ -21,6 +21,7 @@ + + #include <string.h> + ++#include "log.h" + #include "conntrackd.h" + #include "read_config_yy.h" + %} +@@ -174,7 +175,7 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k] + %% + + int +-yywrap() ++yywrap(void) + { + return 1; + } +--- a/src/read_config_yy.y ++++ b/src/read_config_yy.y +@@ -31,14 +31,25 @@ + #include "cidr.h" + #include "helper.h" + #include "stack.h" ++#include "log.h" ++ ++#include <sys/socket.h> ++#include <netinet/in.h> ++#include <arpa/inet.h> ++ + #include <sched.h> + #include <dlfcn.h> ++ + #include <libnetfilter_conntrack/libnetfilter_conntrack.h> + #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> + + extern char *yytext; + extern int yylineno; + ++int yylex (void); ++int yyerror (char *msg); ++void yyrestart (FILE *input_file); ++ + struct ct_conf conf; + + static void __kernel_filter_start(void); |