From 326a9ae2e5cd1e13abd1ea3de2a17909086e221c Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Mon, 1 Jul 2019 15:12:55 +0300 Subject: [PATCH] package/iptables: bump to version 1.8.3 Drop upstream patches. Signed-off-by: Baruch Siach Signed-off-by: Arnout Vandecappelle (Essensium/Mind) --- ...x-userspace-kernel-headers-collision.patch | 45 ----------- ...s-monitor-fix-build-with-older-glibc.patch | 77 ------------------- ...build-with-kernel-headers-before-4.2.patch | 51 ------------ ...les-monitor-fix-build-with-musl-libc.patch | 44 ----------- ...he-headers-conflict-workaround-to-in.patch | 37 --------- package/iptables/iptables.hash | 2 +- package/iptables/iptables.mk | 2 +- 7 files changed, 2 insertions(+), 256 deletions(-) delete mode 100644 package/iptables/0001-ebtables-vlan-fix-userspace-kernel-headers-collision.patch delete mode 100644 package/iptables/0002-xtables-monitor-fix-build-with-older-glibc.patch delete mode 100644 package/iptables/0003-include-fix-build-with-kernel-headers-before-4.2.patch delete mode 100644 package/iptables/0004-xtables-monitor-fix-build-with-musl-libc.patch delete mode 100644 package/iptables/0005-include-extend-the-headers-conflict-workaround-to-in.patch diff --git a/package/iptables/0001-ebtables-vlan-fix-userspace-kernel-headers-collision.patch b/package/iptables/0001-ebtables-vlan-fix-userspace-kernel-headers-collision.patch deleted file mode 100644 index 37c6f96af4..0000000000 --- a/package/iptables/0001-ebtables-vlan-fix-userspace-kernel-headers-collision.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 51d374ba41ae4f1bb851228c06b030b83dd2092f Mon Sep 17 00:00:00 2001 -From: Baruch Siach -Date: Tue, 13 Nov 2018 19:22:08 +0200 -Subject: [PATCH] ebtables: vlan: fix userspace/kernel headers collision - -Build with musl libc fails because of conflicting struct ethhdr -definitions: - -In file included from .../sysroot/usr/include/net/ethernet.h:10:0, - from ../iptables/nft-bridge.h:8, - from libebt_vlan.c:18: -.../sysroot/usr/include/netinet/if_ether.h:107:8: error: redefinition of ‘struct ethhdr’ - struct ethhdr { - ^~~~~~ -In file included from libebt_vlan.c:16:0: -.../sysroot/usr/include/linux/if_ether.h:160:8: note: originally defined here - struct ethhdr { - ^~~~~~ - -Include the userspace header first for the definition suppression logic -to do the right thing. - -Signed-off-by: Baruch Siach -Signed-off-by: Pablo Neira Ayuso ---- -Upstream status: commit 51d374ba41ae - - extensions/libebt_vlan.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/extensions/libebt_vlan.c b/extensions/libebt_vlan.c -index 4a2eb7126895..be269c6cdb4c 100644 ---- a/extensions/libebt_vlan.c -+++ b/extensions/libebt_vlan.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - #include - #include - #include "iptables/nft.h" --- -2.19.1 - diff --git a/package/iptables/0002-xtables-monitor-fix-build-with-older-glibc.patch b/package/iptables/0002-xtables-monitor-fix-build-with-older-glibc.patch deleted file mode 100644 index 18dbc28f91..0000000000 --- a/package/iptables/0002-xtables-monitor-fix-build-with-older-glibc.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 7c8791edac3e74f6ce0bf21f98bc820db8e55e62 Mon Sep 17 00:00:00 2001 -From: Baruch Siach -Date: Fri, 16 Nov 2018 07:23:32 +0200 -Subject: [PATCH] xtables-monitor: fix build with older glibc - -glibc older than 2.19 only expose BSD style fields of struct tcphdr when -_BSD_SOURCE is define. Current glibc however, warn that _BSD_SOURCE is -deprecated. Migrate to the GNU style of tcphdr fields to make the code -compatible with any glibc version. - -Fix the following build failure: - -xtables-monitor.c: In function 'trace_print_packet': -xtables-monitor.c:406:43: error: 'const struct tcphdr' has no member named 'th_sport' - printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); - ^ -xtables-monitor.c:406:66: error: 'const struct tcphdr' has no member named 'th_dport' - printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); - ^ -... - -Signed-off-by: Baruch Siach -Signed-off-by: Florian Westphal ---- -Upstream status: commit 7c8791edac3e74 - - iptables/xtables-monitor.c | 30 ++++++++++++++---------------- - 1 file changed, 14 insertions(+), 16 deletions(-) - -diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c -index 3b1ca777a28a..5d1611122df5 100644 ---- a/iptables/xtables-monitor.c -+++ b/iptables/xtables-monitor.c -@@ -403,26 +403,24 @@ static void trace_print_packet(const struct nftnl_trace *nlt, struct cb_arg *arg - case IPPROTO_UDP: - if (len < 4) - break; -- printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); -+ printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest)); - break; - case IPPROTO_TCP: - if (len < sizeof(*tcph)) - break; -- printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport)); -- if (tcph->th_flags & (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG)) { -- if (tcph->th_flags & TH_SYN) -- printf("SYN "); -- if (tcph->th_flags & TH_ACK) -- printf("ACK "); -- if (tcph->th_flags & TH_FIN) -- printf("FIN "); -- if (tcph->th_flags & TH_RST) -- printf("RST "); -- if (tcph->th_flags & TH_PUSH) -- printf("PSH "); -- if (tcph->th_flags & TH_URG) -- printf("URG "); -- } -+ printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest)); -+ if (tcph->syn) -+ printf("SYN "); -+ if (tcph->ack) -+ printf("ACK "); -+ if (tcph->fin) -+ printf("FIN "); -+ if (tcph->rst) -+ printf("RST "); -+ if (tcph->psh) -+ printf("PSH "); -+ if (tcph->urg) -+ printf("URG "); - break; - default: - break; --- -2.19.1 - diff --git a/package/iptables/0003-include-fix-build-with-kernel-headers-before-4.2.patch b/package/iptables/0003-include-fix-build-with-kernel-headers-before-4.2.patch deleted file mode 100644 index c5cd6437f0..0000000000 --- a/package/iptables/0003-include-fix-build-with-kernel-headers-before-4.2.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 8d9d7e4b9ef4c6e6abab2cf35c747d7ca36824bd Mon Sep 17 00:00:00 2001 -From: Baruch Siach -Date: Fri, 16 Nov 2018 09:30:33 +0200 -Subject: [PATCH] include: fix build with kernel headers before 4.2 - -Commit 672accf1530 (include: update kernel netfilter header files) -updated linux/netfilter.h and brought with it the update from kernel -commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h -from netns headers). This triggers conflict of headers that is fixed in -kernel commit 279c6c7fa64f (api: fix compatibility of linux/in.h with -netinet/in.h) included in kernel version 4.2. For earlier kernel headers -we need a workaround that prevents the headers conflict. - -Fixes the following build failure: - -In file included from .../sysroot/usr/include/netinet/ip.h:25:0, - from ../include/libiptc/ipt_kernel_headers.h:8, - from ../include/libiptc/libiptc.h:6, - from libip4tc.c:29: -.../sysroot/usr/include/linux/in.h:26:3: error: redeclaration of enumerator ‘IPPROTO_IP’ - IPPROTO_IP = 0, /* Dummy protocol for TCP */ - ^ -.../sysroot/usr/include/netinet/in.h:33:5: note: previous definition of ‘IPPROTO_IP’ was here - IPPROTO_IP = 0, /* Dummy protocol for TCP. */ - ^~~~~~~~~~ - -Signed-off-by: Baruch Siach -Signed-off-by: Florian Westphal ---- -Upstream status: commit 8d9d7e4b9ef4c6 - - include/linux/netfilter.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h -index c3f087ac680c..bacf8cd92116 100644 ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -3,7 +3,9 @@ - - #include - -+#ifndef _NETINET_IN_H - #include -+#endif - #include - #include - --- -2.19.1 - diff --git a/package/iptables/0004-xtables-monitor-fix-build-with-musl-libc.patch b/package/iptables/0004-xtables-monitor-fix-build-with-musl-libc.patch deleted file mode 100644 index 0b6358b255..0000000000 --- a/package/iptables/0004-xtables-monitor-fix-build-with-musl-libc.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 90b0d3abfc0b4150b198eb17080d75acc5838a59 Mon Sep 17 00:00:00 2001 -From: Baruch Siach -Date: Sat, 17 Nov 2018 22:20:08 +0200 -Subject: [PATCH] xtables-monitor: fix build with musl libc - -Commit 7c8791edac3 ("xtables-monitor: fix build with older glibc") -changed the code to use GNU style tcphdr fields. Unfortunately, musl -libc requires _GNU_SOURCE definition to expose these fields. - -Fix the following build failure: - -xtables-monitor.c: In function ‘trace_print_packet’: -xtables-monitor.c:406:43: error: ‘const struct tcphdr’ has no member named ‘source’ - printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest)); - ^~ -xtables-monitor.c:406:64: error: ‘const struct tcphdr’ has no member named ‘dest’ - printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest)); - ^~ -... - -Cc: Florian Westphal -Signed-off-by: Baruch Siach -Signed-off-by: Florian Westphal ---- -Upstream status: commit 90b0d3abfc0b - - iptables/xtables-monitor.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c -index 5d1611122df5..f835c5e503e0 100644 ---- a/iptables/xtables-monitor.c -+++ b/iptables/xtables-monitor.c -@@ -9,6 +9,7 @@ - * This software has been sponsored by Sophos Astaro - */ - -+#define _GNU_SOURCE - #include - #include - #include --- -2.19.1 - diff --git a/package/iptables/0005-include-extend-the-headers-conflict-workaround-to-in.patch b/package/iptables/0005-include-extend-the-headers-conflict-workaround-to-in.patch deleted file mode 100644 index 6b1ffbd639..0000000000 --- a/package/iptables/0005-include-extend-the-headers-conflict-workaround-to-in.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 23dee088cd54aae94f1b71046f2ab2b206eedd42 Mon Sep 17 00:00:00 2001 -Message-Id: <23dee088cd54aae94f1b71046f2ab2b206eedd42.1543092537.git.baruch@tkos.co.il> -From: Baruch Siach -Date: Sat, 24 Nov 2018 22:33:37 +0200 -Subject: [PATCH] include: extend the headers conflict workaround to in6.h - -Commit 8d9d7e4b9ef ("include: fix build with kernel headers before 4.2") -introduced a kernel/user headers conflict workaround that allows build -of iptables with kernel headers older than 4.2. This minor extension -allows build with kernel headers older than 3.12, which is the version -that introduced explicit IP headers synchronization. - -Cc: Florian Westphal -Signed-off-by: Baruch Siach ---- -Upstream status: https://www.spinics.net/lists/netfilter-devel/msg57029.html - - include/linux/netfilter.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h -index bacf8cd92116..042d8b1478e0 100644 ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -5,8 +5,8 @@ - - #ifndef _NETINET_IN_H - #include --#endif - #include -+#endif - #include - - /* Responses from hook functions. */ --- -2.19.1 - diff --git a/package/iptables/iptables.hash b/package/iptables/iptables.hash index d84bd3af98..2e149aa11b 100644 --- a/package/iptables/iptables.hash +++ b/package/iptables/iptables.hash @@ -1,4 +1,4 @@ # From https://netfilter.org/projects/iptables/downloads.html -sha256 a3778b50ed1a3256f9ca975de82c2204e508001fc2471238c8c97f3d1c4c12af iptables-1.8.2.tar.bz2 +sha256 a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80 iptables-1.8.3.tar.bz2 # Locally calculated sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk index 54494937af..ae5cf4ddd3 100644 --- a/package/iptables/iptables.mk +++ b/package/iptables/iptables.mk @@ -4,7 +4,7 @@ # ################################################################################ -IPTABLES_VERSION = 1.8.2 +IPTABLES_VERSION = 1.8.3 IPTABLES_SOURCE = iptables-$(IPTABLES_VERSION).tar.bz2 IPTABLES_SITE = https://netfilter.org/projects/iptables/files IPTABLES_INSTALL_STAGING = YES -- 2.30.2