[packages/iptables] - removed outdated grsecurity patch

Sat Apr 9 15:46:00 CEST 2016

commit e408f5f5c77890cf59b21b0f6ce1bc66a94e11c6
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Sat Apr 9 22:44:55 2016 +0900

    - removed outdated grsecurity patch

 iptables-stealth.patch | 66 --------------------------------------------------
 iptables.spec          |  7 ------
 2 files changed, 73 deletions(-)
---

diff --git a/iptables.spec b/iptables.spec
index b886a4b..e6f30bc 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -3,7 +3,6 @@
 # - update BR to real required llh version
 # - check if kernel-headers are still required to properly build iptabels for dist kernel
 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
-# - owner needs rewrite to xt
 #
 # Conditional build:
 %bcond_without	doc		# without documentation (HOWTOS) which needed TeX
@@ -70,8 +69,6 @@ Patch13:	%{name}-imq.patch
 Patch14:	%{name}-owner-xid.patch
 # adjusts xt_owner for vserver-enabled kernel
 Patch15:	%{name}-owner-struct-size-vs.patch
-# ipt_stealth; currently disabled (broken, see below)
-Patch16:	%{name}-stealth.patch
 URL:		http://www.netfilter.org/
 BuildRequires:	autoconf >= 2.50
 BuildRequires:	automake
@@ -212,8 +209,6 @@ iptables(8).
 %patch14 -p1
 %patch15 -p1
 %endif
-# builds but init() api is broken, see warnings
-#patch16 -p1
 
 %build
 %{__libtoolize}
@@ -368,8 +363,6 @@ fi
 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
-# disabled, see above
-#%attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
 %attr(755,root,root) %{_libdir}/xtables/libip6t_DNAT.so
 %attr(755,root,root) %{_libdir}/xtables/libip6t_DNPT.so
diff --git a/iptables-stealth.patch b/iptables-stealth.patch
deleted file mode 100644
index 7f1f144..0000000
--- a/iptables-stealth.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-diff -urN iptables-1.2.11/extensions/libipt_stealth.c iptables-1.2.11/extensions/libipt_stealth.c
---- iptables-1.2.11/extensions/libipt_stealth.c	1969-12-31 19:00:00 -0500
-+++ iptables-1.2.11/extensions/libipt_stealth.c	2004-07-13 21:14:15 -0400
-@@ -0,0 +1,62 @@
-+/* Shared library add-on to iptables to add stealth support.
-+ * Copyright (C) 2002 Brad Spengler  <spender at grsecurity.net>
-+ * This netfilter module is licensed under the GNU GPL.
-+ */
-+
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <iptables.h>
-+
-+/* Function which prints out usage message. */
-+static void
-+help(void)
-+{
-+	printf("stealth v%s takes no options\n\n", XTABLES_VERSION);
-+}
-+
-+static struct option opts[] = {
-+	{0}
-+};
-+
-+/* Initialize the match. */
-+static void
-+init(struct ipt_entry_match *m, unsigned int *nfcache)
-+{
-+	*nfcache |= NFC_UNKNOWN;
-+}
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+	const void *entry, struct xt_entry_match **match)
-+{
-+	return 0;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+	return;
-+}
-+
-+static
-+struct xtables_match stealth = {
-+	.next		= NULL,
-+	.name		= "stealth",
-+	.version	= XTABLES_VERSION,
-+	.size		= XT_ALIGN(0),
-+	.userspacesize	= XT_ALIGN(0),
-+	.help		= &help,
-+	.init		= &init, 
-+	.parse		= &parse,
-+	.final_check	= &final_check,
-+	.print		= NULL,
-+	.save		= NULL,
-+	.extra_opts	= opts
-+};
-+
-+void _init(void)
-+{
-+	xtables_register_match(&stealth);
-+}
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/iptables.git/commitdiff/72bb90f622b756025958bda31f9bc33719436545

