Update to blfs-bootscripts-20191203.

Update to firewalld-0.8.0. Fixes #12734.
Update to nftables-0.9.3. Fixes #12850.
Update to libnftnl-1.1.5. Fixes #12851.
Add missing dependency six to python-slip.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22424 af4574ff-66df-0310-9fd7-8a98e5e911e0

general.ent

@@ -1,12 +1,12 @@
 <!-- $LastChangedBy$ $Date$ -->
 
-<!ENTITY day          "03">                   <!-- Always 2 digits -->
+<!ENTITY day          "04">                   <!-- Always 2 digits -->
 <!ENTITY month        "12">                   <!-- Always 2 digits -->
 <!ENTITY year         "2019">
 <!ENTITY copyrightdate "2001-&year;">
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "December 3rd, &year;">
+<!ENTITY releasedate  "December 4th, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- x.y|development -->
@@ -82,7 +82,7 @@
 <!ENTITY lfs-vim-version              "7.4">
 <!-- End LFS versions -->
 
-<!ENTITY blfs-bootscripts-version     "20191025">
+<!ENTITY blfs-bootscripts-version     "20191204">
 <!ENTITY systemd-units-version        "20191026">
 
 

general/prog/python-slip.xml

@@ -68,8 +68,9 @@
 
       <bridgehead renderas="sect5">Required</bridgehead>
       <para role="required">
-        <xref linkend="dbus-python"/> and
-        <xref linkend="decorator"/>
+        <xref linkend="dbus-python"/>,
+        <xref linkend="decorator"/>, and
+        <xref linkend="six"/>
       </para>
 
       <para condition="html" role="usernotes">User Notes:

introduction/welcome/changelog.xml

@@ -41,6 +41,30 @@
       </itemizedlist>
     </listitem>
        -->
+     <listitem>
+      <para>December 4th, 2019</para>
+      <itemizedlist>
+        <listitem>
+          <para>[dj] - Update to blfs-bootscripts-20191203.</para>
+        </listitem>
+        <listitem>
+          <para>[dj] - Update to firewalld-0.8.0. Fixes
+          <ulink url="&blfs-ticket-root;12734">#12734</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[dj] - Update to nftables-0.9.3. Fixes
+          <ulink url="&blfs-ticket-root;12850">#12850</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[dj] - Update to libnftnl-1.1.5. Fixes
+          <ulink url="&blfs-ticket-root;12851">#12851</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[dj] - Add missing dependency "six" to python-slip.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>December 3rd, 2019</para>
       <itemizedlist>

networking/netlibs/libnftnl.xml

@@ -6,9 +6,9 @@
 
   <!ENTITY libnftnl-download-http "https://netfilter.org/projects/libnftnl/files/libnftnl-&libnftnl-version;.tar.bz2">
   <!ENTITY libnftnl-download-ftp  " ">
-  <!ENTITY libnftnl-md5sum        "bf1a51c9cad0f0cb12b6811ce1e0dd90">
-  <!ENTITY libnftnl-size          "360 KB">
-  <!ENTITY libnftnl-buildsize     "8.6 MB">
+  <!ENTITY libnftnl-md5sum        "a72ae260f7da9c223ad5d4fa036a8f84">
+  <!ENTITY libnftnl-size          "368 KB">
+  <!ENTITY libnftnl-buildsize     "8.7 MB">
   <!ENTITY libnftnl-time          "less than 0.1 SBU">
 ]>
 

packages.ent

@@ -11,7 +11,7 @@
 <!ENTITY cryptsetup-version           "&cryptsetup-minor;.6">
 <!ENTITY cyrus-sasl-version           "2.1.27">
 <!ENTITY gnupg2-version               "2.2.18">
-<!ENTITY firewalld-version            "0.7.2">
+<!ENTITY firewalld-version            "0.8.0">
 <!ENTITY gnutls-version               "3.6.10">
 <!ENTITY gpgme-version                "1.13.1">
 <!ENTITY haveged-version              "1.9.2">
@@ -24,7 +24,7 @@
 <!ENTITY make-ca-version              "1.5">
 <!ENTITY mitkrb-major-version         "1.17">
 <!ENTITY mitkrb-version               "1.17">
-<!ENTITY nftables-version             "0.9.2">
+<!ENTITY nftables-version             "0.9.3">
 <!ENTITY nettle-version               "3.5.1">
 
 <!ENTITY nss-minor-version            "47">
@@ -584,7 +584,7 @@ to avoid building libxml2 twice, which is slow with all deps -->
 <!ENTITY ldns-version                 "1.7.1">
 <!ENTITY libevent-version             "2.1.11">
 <!ENTITY libmnl-version               "1.0.4">
-<!ENTITY libnftnl-version             "1.1.4">
+<!ENTITY libnftnl-version             "1.1.5">
 <!ENTITY libnl-version                "3.5.0">
 <!ENTITY libnl-dl-version             "3_5_0">
 <!ENTITY libnsl-version               "1.2.0">

postlfs/security/firewalld.xml

@@ -6,10 +6,10 @@
 
   <!ENTITY firewalld-download-http "https://github.com/firewalld/firewalld/releases/download/v&firewalld-version;/firewalld-&firewalld-version;.tar.gz">
   <!ENTITY firewalld-download-ftp  " ">
-  <!ENTITY firewalld-md5sum        "2549c2006def07a19b4c77ec960e5aab">
+  <!ENTITY firewalld-md5sum        "f3cabced64e543cb1e99f0dfa4b963e0">
   <!ENTITY firewalld-size          "1.6 MB">
-  <!ENTITY firewalld-buildsize     "26 MB">
-  <!ENTITY firewalld-time          "0.2 SBU">
+  <!ENTITY firewalld-buildsize     "25 MB (additionall 2 MB for tests)">
+  <!ENTITY firewalld-time          "0.2 SBU (additional 6.2 SBU for tests)">
 ]>
 
 <sect1 id="firewalld" xreflabel="firewalld-&firewalld-version;">
@@ -75,38 +75,29 @@
       </listitem>
     </itemizedlist>
 
-    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
-    <itemizedlist spacing="compact">
-      <listitem>
-        <para>
-          Required patch:
-          <ulink url="&patch-root;/firewalld-&firewalld-version;-builtin-1.patch"/>
-       </para>
-      </listitem>
-    </itemizedlist>
-
     <bridgehead renderas="sect3">firewalld Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Required</bridgehead>
     <para role="required">
-      <xref linkend="nftables"/> or <xref linkend="iptables" role="nodump"/>,
+      <xref linkend="nftables"/>,
       and <xref linkend="python-slip"/>
     </para>
 
     <bridgehead renderas="sect4">Recommended</bridgehead>
     <para role="recommended">
-      <xref linkend="DocBook"/> and <xref linkend="libxslt"/> (for building
-      the manual pages), and
-      <ulink url="https://netfilter.org/projects/ipset/index.html">ipset</ulink>
-      for ipset support (only when used with iptables)
+      <xref linkend="DocBook"/>,
+      <xref linkend="iptables"/>, and
+      <xref linkend="libxslt"/> (for building the manual pages)
     </para>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
     <para role="optional">
-      <xref linkend="qt5" role="runtime"/> (runtime only, required for 
-      <application>fireall-applet</application>) and
       <xref linkend="gtk3" role="runtime"/> (runtime only, required for
-      <application>fireall-config</application>)
+      <application>fireall-config</application>),
+      <xref linkend="qt5" role="runtime"/> (runtime only, required for 
+      <application>fireall-applet</application>), and
+      <ulink url="https://netfilter.org/projects/ipset/index.html">ipset</ulink>
+      for ipset support (only when used with iptables)
     </para>
 
     <para condition="html" role="usernotes">User Notes:
@@ -117,12 +108,6 @@
   <sect2 role="installation">
     <title>Installation of firewalld</title>
 
-    <para>
-      Fix an issue with use of built-in kernel modules:
-    </para>
-
-<screen><userinput>patch -Np1 -i ../firewalld-&firewalld-version;-builtin-1.patch</userinput></screen>
-
     <para>
       Install <application>firewalld</application> by
       running the following commands:
@@ -140,9 +125,20 @@ make</userinput></screen>
 make</userinput></screen>
 
     <para>
-      To run the testsuite, isssue the command <command>make test</command>.
+      The testsuite for <application>firewalld</application> is very dependent
+      on the running kernel and system configuration. It requires
+      <application>ipset</application> as well as both backends, and all
+      supported kernel options available.
     </para>
 
+    <para>
+      If the above conditions are met, run the testsuite as the
+      <systemitem class="username">root</systemitem> user with the command
+      <command>make -C src check</command>. Any test failures are likely the
+      result of an incomplete configuration. Failed tests will give a detailed
+      failure status at
+      <filename>src/test/testsuite.dir/&lt;###&gt;/testsuite.log</filename>.
+    </para>
 
     <para revision="sysv">
       Prevent installation of the distributed firewalld init script with the
@@ -172,6 +168,12 @@ make</userinput></screen>
       installation of <application>systemd</application> services.
     </para>
 
+    <para>
+      <option>--without-{ip{,6},eb}tables{,-restore}</option>: These switches
+      disable <application>iptables</application> support and are required if
+      you wish to build without iptables support.
+    </para>
+
   </sect2>
 
   <sect2 role="configuration">

postlfs/security/iptables.xml

@@ -74,7 +74,14 @@
 
     <bridgehead renderas="sect4">Optional</bridgehead>
     <para role="optional">
-      <xref linkend="nftables"/>
+      <xref linkend="nftables"/>,
+      <xref linkend="libpcap"/> (required for nfsypproxy support),
+      <ulink url="https://github.com/tadamdam/bpf-utils">bpf-utils</ulink>
+      (required for Berkely Packet Filter support),
+      <ulink url="https://netfilter.org/projects/libnfnetlink/">libnfnetlink</ulink>
+      (required for connlable support), and 
+      <ulink url="https://netfilter.org/projects/libnetfilter_conntrack/">libnetfilter_conntrack"</ulink>
+      (required for connlabel support)
     </para>
 
 

postlfs/security/nftables.xml

@@ -6,9 +6,9 @@
 
   <!ENTITY nftables-download-http "https://netfilter.org/projects/nftables/files/nftables-&nftables-version;.tar.bz2">
   <!ENTITY nftables-download-ftp  " ">
-  <!ENTITY nftables-md5sum        "dfe130724d7c998eb26b56447e932899">
-  <!ENTITY nftables-size          "764 KB">
-  <!ENTITY nftables-buildsize     "31 MB">
+  <!ENTITY nftables-md5sum        "9913b2b46864394d41916b74638e0875">
+  <!ENTITY nftables-size          "772 KB">
+  <!ENTITY nftables-buildsize     "34 MB">
   <!ENTITY nftables-time          "0.2 SBU">
 ]>
 
@@ -79,10 +79,14 @@
       <xref linkend="libnftnl"/>
     </para>
 
+    <bridgehead renderas="sect4">Recommended</bridgehead>
+    <para role="recommended">
+        <xref linkend="jansson"/> (for JSON rules table support)
+    </para>
+
     <bridgehead renderas="sect4">Optional</bridgehead>
     <para role="optional">
-      <xref linkend="iptables"/>,
-      <xref linkend="jansson"/>, and
+      <xref linkend="iptables"/> and
       <xref linkend="docbook-utils"/>
     </para>
 
@@ -140,6 +144,7 @@
 <screen><userinput>./configure --prefix=/usr     \
             --sbindir=/sbin   \
             --sysconfdir=/etc \
+            --with-json       \
             --with-python-bin=/usr/bin/python3 &amp;&amp;
 make</userinput></screen>
 
@@ -163,6 +168,11 @@ ln -sfv ../../lib/$(readlink /usr/lib/libnftables.so) /usr/lib/libnftables.so</u
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
       href="../../xincludes/static-libraries.xml"/>
 
+    <para>
+      <parameter>--with-json</parameter>: build with support for JSON rules.
+      Omit if <xref linkend="jansson"/> is not available.
+    </para>
+
     <para>
       <parameter>--with-python-bin=/usr/bin/python3</parameter>: force use of
       <application>Python3</application>.
@@ -175,12 +185,7 @@ ln -sfv ../../lib/$(readlink /usr/lib/libnftables.so) /usr/lib/libnftables.so</u
     </para>
 
     <para>
-      <parameter>--with-json</parameter>: build with support for JSON output if
-      <xref linkend="jansson"/> is available.
-    </para>
-
-    <para>
-      <parameter>--with-xtables</parameter>: build with
+      <option>--with-xtables</option>: build with
       <xref linkend="iptables"/> libxtables support.
     </para>