net-firewall/ufw: bump to 0.36.1

* version bump to 0.36.1.
* bump to EAPI 8.
* python_combat drop 3.7, add 3.11, current range 8,11.
* dropped NonexistentBlockers from RDEPEND.
   !<kde-misc/kcm-ufw-0.4.2
   !<net-firewall/ufw-frontends-0.3.2"
* Removed RESTRICT="test" -->
   upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 fixed and commited.
* Change mod 0644 for all rules in /etc/ufw.
* Drop comparison operator >= for iptables 1.4.
   Current repo already meets the requirement.
* Patches synced with current version that we still need them.

[ flow: add Closes bug# 834130 git trailer ]

Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com>
Closes: https://bugs.gentoo.org/834130
Closes: https://github.com/gentoo/gentoo/pull/26110
Signed-off-by: Florian Schmaus <flow@gentoo.org>

4 files changed, 205 insertions, 0 deletions

diff --git a/net-firewall/ufw/files/ufw-0.36.1-bash-completion.patch b/net-firewall/ufw/files/ufw-0.36.1-bash-completion.patch
new file mode 100644
index 000000000000..927af244eef1
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36.1-bash-completion.patch
@@ -0,0 +1,16 @@
+--- a/shell-completion/bash	2018-12-14 21:25:55.000000000 +0300
++++ b/shell-completion/bash	2019-03-21 01:26:46.152181981 +0300
+@@ -57,7 +57,6 @@
+     echo "numbered verbose"
+ }
+ 
+-_have ufw &&
+ _ufw()
+ {
+     cur=${COMP_WORDS[COMP_CWORD]}
+@@ -91,4 +90,4 @@
+     fi
+ }
+ 
+-_have ufw && complete -F _ufw ufw
++complete -F _ufw ufw
diff --git a/net-firewall/ufw/files/ufw-0.36.1-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.36.1-dont-check-iptables.patch
new file mode 100644
index 000000000000..ae0c95525a46
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36.1-dont-check-iptables.patch
@@ -0,0 +1,50 @@
+--- a/setup.py    2022-06-27 17:33:18.043794598 +0300
++++ b/setup.py    2022-06-27 18:15:18.384463926 +0300
+@@ -256,46 +256,7 @@
+ os.unlink(os.path.join('staging', 'ufw-init'))
+ os.unlink(os.path.join('staging', 'ufw-init-functions'))
+
+-iptables_exe = ''
+-iptables_dir = ''
+-
+-for e in ['iptables']:
+-    # Historically iptables was in /sbin, then later also symlinked from
+-    # /usr/sbin/iptables to /sbin/iptables. Debian bullseye moves iptables
+-    # to /usr/sbin with no symlink in /sbin except on upgrades. To accomodate
+-    # buildds that may still have the old iptables, search /usr/sbin first
+-    for dir in ['/usr/sbin', '/sbin', '/usr/bin', '/bin', '/usr/local/sbin', \
+-                '/usr/local/bin']:
+-        if e == "iptables":
+-            if os.path.exists(os.path.join(dir, e)):
+-                iptables_dir = dir
+-                iptables_exe = os.path.join(iptables_dir, "iptables")
+-                print("Found '%s'" % iptables_exe)
+-            else:
+-                continue
+-
+-        if iptables_exe != "":
+-            break
+-
+-
+-if iptables_exe == '':
+-    print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
+-    sys.exit(1)
+-
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+-    if not os.path.exists(os.path.join(iptables_dir, e)):
+-        print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
+-        sys.exit(1)
+-
+-(rc, out) = cmd([iptables_exe, '-V'])
+-if rc != 0:
+-    raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
+-                  (iptables_exe))
+-version = re.sub('^v', '', re.split('\s', str(out))[1])
+-print("Found '%s' version '%s'" % (iptables_exe, version))
+-if version < "1.4":
+-    print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
+-
++iptables_dir = '/sbin'
+ setup (name='ufw',
+       version=ufw_version,
+       description='front-end for Linux firewalling',
diff --git a/net-firewall/ufw/files/ufw-0.36.1-move-path.patch b/net-firewall/ufw/files/ufw-0.36.1-move-path.patch
new file mode 100644
index 000000000000..8ace1edc1166
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36.1-move-path.patch
@@ -0,0 +1,124 @@
+--- a/doc/ufw-framework.8     2021-09-19 04:19:03.000000000 +0300
++++ b/doc/ufw-framework.8     2022-06-27 17:14:11.292890569 +0300
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before.init
+@@ -47,7 +47,7 @@
+
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init
+ scripts may be used to perform any additional firewall configuration that is
+--- a/setup.py    2021-09-19 04:19:01.000000000 +0300
++++ b/setup.py    2022-06-27 17:33:18.043794598 +0300
+@@ -54,7 +54,7 @@
+             return
+
+         real_confdir = os.path.join('/etc')
+-        real_statedir = os.path.join('/lib', 'ufw')
++        real_statedir = os.path.join('/etc', 'ufw', 'user')
+         real_prefix = self.prefix
+         if self.home != None:
+             real_confdir = self.home + real_confdir
+@@ -131,14 +131,20 @@
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
+
+-        # Install state files and helper scripts
++        # Install state files
+         statedir = real_statedir
+         if self.root != None:
+             statedir = self.root + real_statedir
+         self.mkpath(statedir)
+
+-        init_helper = os.path.join(statedir, 'ufw-init')
+-        init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++        # Install helper scripts
++        sharedir = real_sharedir
++        if self.root != None:
++            sharedir = self.root + real_sharedir
++        self.mkpath(sharedir)
++
++        init_helper = os.path.join(sharedir, 'ufw-init')
++        init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+         self.copy_file('src/ufw-init', init_helper)
+         self.copy_file('src/ufw-init-functions', init_helper_functions)
+
+@@ -219,14 +225,19 @@
+                              f])
+
+             subprocess.call(["sed",
++                              "-i",
++                             "s%#SHARE_DIR#%" + real_sharedir + "%g",
++                             f])
++
++            subprocess.call(["sed",
+                              "-i",
+                              "s%#VERSION#%" + ufw_version + "%g",
+                              f])
+
+         # Install pristine copies of rules files
+-        sharedir = real_sharedir
+-        if self.root != None:
+-            sharedir = self.root + real_sharedir
++        #sharedir = real_sharedir
++        #if self.root != None:
++        #    sharedir = self.root + real_sharedir
+         rulesdir = os.path.join(sharedir, 'iptables')
+         self.mkpath(rulesdir)
+         for f in [ before_rules, after_rules, \
+--- a/src/backend_iptables.py    2021-09-19 04:19:01.000000000 +0300
++++ b/src/backend_iptables.py    2022-06-27 17:44:24.880445896 +0300
+@@ -37,6 +37,8 @@
+
+         files = {}
+         config_dir = _findpath(ufw.common.config_dir, datadir)
++        state_dir = _findpath(ufw.common.state_dir, datadir)
++        share_dir = _findpath(ufw.common.share_dir, datadir)
+
+         files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
+         files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules')
+@@ -48,8 +50,7 @@
+         # the lock files (ufw.common.state_dir, aka /lib/ufw), but when set,
+         # ufw-init is in rootdir/lib/ufw (ro) and the lockfiles in
+         # datadir/lib/ufw (rw)
+-        files['init'] = os.path.join(_findpath(ufw.common.state_dir, rootdir),
+-                                     'ufw-init')
++        files['init'] = os.path.join(share_dir, 'ufw-init')
+
+         ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files,
+                                         rootdir=rootdir, datadir=datadir)
+--- a/src/ufw-init    2021-09-19 03:50:19.000000000 +0300
++++ b/src/ufw-init    2022-06-27 17:48:34.352545026 +0300
+@@ -31,10 +31,10 @@
+ fi
+ export DATA_DIR="$datadir"
+
+-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
+-    . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
++    . "${rootdir}#SHARE_DIR#/ufw-init-functions"
+ else
+-    echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
++    echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
+     exit 1
+ fi
+
+@@ -83,7 +83,7 @@
+     fi
+     ;;
+ *)
+-    echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++    echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+     exit 1
+     ;;
+ esac
diff --git a/net-firewall/ufw/files/ufw-0.36.1-shebang.patch b/net-firewall/ufw/files/ufw-0.36.1-shebang.patch
new file mode 100644
index 000000000000..aaafaac12ae9
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36.1-shebang.patch
@@ -0,0 +1,15 @@
+--- a/setup.py	2019-03-21 01:51:55.751971770 +0300
++++ b/setup.py	2019-03-21 01:54:40.142513567 +0300
+@@ -121,12 +121,6 @@
+         for f in [ script, manpage, manpage_f ]:
+             self.mkpath(os.path.dirname(f))
+
+-        # update the interpreter to that of the one the user specified for setup
+-        print("Updating staging/ufw to use %s" % (sys.executable))
+-        subprocess.call(["sed",
+-                         "-i",
+-                         "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
+-                         'staging/ufw'])
+         self.copy_file('staging/ufw', script)
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)