diff options
| author | Alexander Kanavin <alex.kanavin@gmail.com> | 2022-05-18 12:57:59 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-20 22:52:22 +0100 |
| commit | a221b0566e53b66f7fba85d9a8740e2e1b5429f6 (patch) | |
| tree | 17b55838f3921dd3749788e24d0c9fb761964cf7 | |
| parent | 8d0e9d055a187ae9559ba2aceaad96ae790c8d71 (diff) | |
| download | poky-a221b0566e53b66f7fba85d9a8740e2e1b5429f6.tar.gz | |
iptables: upgrade 1.8.7 -> 1.8.8
(From OE-Core rev: b44d6bc7e56121d977a7bc491aec00cf3fb510fb)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch | 30 | ||||
| -rw-r--r-- | meta/recipes-extended/iptables/iptables/format-security.patch | 30 | ||||
| -rw-r--r-- | meta/recipes-extended/iptables/iptables_1.8.8.bb (renamed from meta/recipes-extended/iptables/iptables_1.8.7.bb) | 11 |
3 files changed, 69 insertions, 2 deletions
diff --git a/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch b/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch new file mode 100644 index 0000000000..17dd032434 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | From 796b8f6fc1e584c27c42ba302f623fd1c5aa0667 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alexander Kanavin <alex@linutronix.de> | ||
| 3 | Date: Tue, 17 May 2022 10:56:59 +0200 | ||
| 4 | Subject: [PATCH] iptables/xshared.h: add missing sys.types.h include | ||
| 5 | |||
| 6 | This resolves the build error under musl: | ||
| 7 | |||
| 8 | | ../../../../../../../workspace/sources/iptables/iptables/xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'? | ||
| 9 | | 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, | ||
| 10 | | | ^~~~~~~~~ | ||
| 11 | | | uint16_t | ||
| 12 | |||
| 13 | Upstream-Status: Submitted [via email to phil@nwl.cc] | ||
| 14 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
| 15 | --- | ||
| 16 | iptables/xshared.h | 1 + | ||
| 17 | 1 file changed, 1 insertion(+) | ||
| 18 | |||
| 19 | diff --git a/iptables/xshared.h b/iptables/xshared.h | ||
| 20 | index 14568bb..73b1017 100644 | ||
| 21 | --- a/iptables/xshared.h | ||
| 22 | +++ b/iptables/xshared.h | ||
| 23 | @@ -6,6 +6,7 @@ | ||
| 24 | #include <stdint.h> | ||
| 25 | #include <netinet/in.h> | ||
| 26 | #include <net/if.h> | ||
| 27 | +#include <sys/types.h> | ||
| 28 | #include <linux/netfilter_arp/arp_tables.h> | ||
| 29 | #include <linux/netfilter_ipv4/ip_tables.h> | ||
| 30 | #include <linux/netfilter_ipv6/ip6_tables.h> | ||
diff --git a/meta/recipes-extended/iptables/iptables/format-security.patch b/meta/recipes-extended/iptables/iptables/format-security.patch new file mode 100644 index 0000000000..be1e077b49 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/format-security.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | From b72eb12ea5a61df0655ad99d5048994e916be83a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Phil Sutter <phil@nwl.cc> | ||
| 3 | Date: Fri, 13 May 2022 16:51:58 +0200 | ||
| 4 | Subject: xshared: Fix build for -Werror=format-security | ||
| 5 | |||
| 6 | Gcc complains about the omitted format string. | ||
| 7 | |||
| 8 | Signed-off-by: Phil Sutter <phil@nwl.cc> | ||
| 9 | Upstream-Status: Backport | ||
| 10 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
| 11 | --- | ||
| 12 | iptables/xshared.c | 2 +- | ||
| 13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/iptables/xshared.c b/iptables/xshared.c | ||
| 16 | index fae5ddd5..a8512d38 100644 | ||
| 17 | --- a/iptables/xshared.c | ||
| 18 | +++ b/iptables/xshared.c | ||
| 19 | @@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg) | ||
| 20 | return; | ||
| 21 | |||
| 22 | if (args->family != NFPROTO_ARP) | ||
| 23 | - xtables_error(PARAMETER_PROBLEM, msg); | ||
| 24 | + xtables_error(PARAMETER_PROBLEM, "%s", msg); | ||
| 25 | |||
| 26 | fprintf(stderr, "%s", msg); | ||
| 27 | } | ||
| 28 | -- | ||
| 29 | cgit v1.2.3 | ||
| 30 | |||
diff --git a/meta/recipes-extended/iptables/iptables_1.8.7.bb b/meta/recipes-extended/iptables/iptables_1.8.8.bb index 3b41882841..54d027220b 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.7.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.8.bb | |||
| @@ -12,12 +12,14 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ | |||
| 12 | file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ | 12 | file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ |
| 13 | file://0001-Makefile.am-do-not-install-etc-ethertypes.patch \ | 13 | file://0001-Makefile.am-do-not-install-etc-ethertypes.patch \ |
| 14 | file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ | 14 | file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ |
| 15 | file://format-security.patch \ | ||
| 15 | file://iptables.service \ | 16 | file://iptables.service \ |
| 16 | file://iptables.rules \ | 17 | file://iptables.rules \ |
| 17 | file://ip6tables.service \ | 18 | file://ip6tables.service \ |
| 18 | file://ip6tables.rules \ | 19 | file://ip6tables.rules \ |
| 20 | file://0001-iptables-xshared.h-add-missing-sys.types.h-include.patch \ | ||
| 19 | " | 21 | " |
| 20 | SRC_URI[sha256sum] = "c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0" | 22 | SRC_URI[sha256sum] = "71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f" |
| 21 | 23 | ||
| 22 | SYSTEMD_SERVICE:${PN} = "\ | 24 | SYSTEMD_SERVICE:${PN} = "\ |
| 23 | iptables.service \ | 25 | iptables.service \ |
| @@ -28,6 +30,8 @@ inherit autotools pkgconfig systemd | |||
| 28 | 30 | ||
| 29 | EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}" | 31 | EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}" |
| 30 | 32 | ||
| 33 | CFLAGS:append:libc-musl = " -D__UAPI_DEF_ETHHDR=0" | ||
| 34 | |||
| 31 | PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" | 35 | PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" |
| 32 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | 36 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," |
| 33 | 37 | ||
| @@ -41,6 +45,9 @@ do_configure:prepend() { | |||
| 41 | # Remove some libtool m4 files | 45 | # Remove some libtool m4 files |
| 42 | # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. | 46 | # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive. |
| 43 | rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 | 47 | rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 |
| 48 | |||
| 49 | # Copy a header to fix out of tree builds | ||
| 50 | cp -f ${S}/libiptc/linux_list.h ${S}/include/libiptc/ | ||
| 44 | } | 51 | } |
| 45 | 52 | ||
| 46 | IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}" | 53 | IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}" |
| @@ -108,7 +115,7 @@ RDEPENDS:${PN}-apply = "${PN} bash" | |||
| 108 | 115 | ||
| 109 | # Include the symlinks as well in respective packages | 116 | # Include the symlinks as well in respective packages |
| 110 | FILES:${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so" | 117 | FILES:${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so" |
| 111 | FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so" | 118 | FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so ${libdir}/xtables/libxt_REDIRECT.so" |
| 112 | 119 | ||
| 113 | ALLOW_EMPTY:${PN}-modules = "1" | 120 | ALLOW_EMPTY:${PN}-modules = "1" |
| 114 | 121 | ||