diff options
| author | Alexander Kanavin <alex.kanavin@gmail.com> | 2023-03-09 16:19:41 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-03-11 00:08:40 +0000 |
| commit | fafdbef0accf32e89095b2bc9314d56d3d383f79 (patch) | |
| tree | f52d36ac0751b277e173b602113a7ec90b437b31 /meta/recipes-extended/iptables/iptables | |
| parent | 356c9931303917e82f162bb13ad317174edb047b (diff) | |
| download | poky-fafdbef0accf32e89095b2bc9314d56d3d383f79.tar.gz | |
iptables: update 1.8.8 -> 1.8.9
Replace one format string fixing patch with another format string fixing patch.
(one problem fixed upstream, another introduced)
(From OE-Core rev: 4a7b4d41ddcfaeaf47cf75200f2346639c64b11c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/iptables/iptables')
| -rw-r--r-- | meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch | 10 | ||||
| -rw-r--r-- | meta/recipes-extended/iptables/iptables/0002-iptables-xshared.h-add-missing-sys.types.h-include.patch (renamed from meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch) | 9 | ||||
| -rw-r--r-- | meta/recipes-extended/iptables/iptables/0003-Makefile.am-do-not-install-etc-ethertypes.patch (renamed from meta/recipes-extended/iptables/iptables/0001-Makefile.am-do-not-install-etc-ethertypes.patch) | 17 | ||||
| -rw-r--r-- | meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch (renamed from meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch) | 10 | ||||
| -rw-r--r-- | meta/recipes-extended/iptables/iptables/format-security.patch | 37 |
5 files changed, 44 insertions, 39 deletions
diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch index 03c36ccbc2..0c2c97cdc8 100644 --- a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch +++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | From c46db7c2e1f63ec525835553587e70c635565310 Mon Sep 17 00:00:00 2001 | 1 | From 698ed332e2c592235d2b737c545ac25ad0970e15 Mon Sep 17 00:00:00 2001 |
| 2 | From: "Maxin B. John" <maxin.john@intel.com> | 2 | From: "Maxin B. John" <maxin.john@intel.com> |
| 3 | Date: Tue, 21 Feb 2017 11:16:31 +0200 | 3 | Date: Tue, 21 Feb 2017 11:16:31 +0200 |
| 4 | Subject: [PATCH] configure: Add option to enable/disable libnfnetlink | 4 | Subject: [PATCH 1/4] configure: Add option to enable/disable libnfnetlink |
| 5 | 5 | ||
| 6 | This changes the configure behaviour from autodetecting | 6 | This changes the configure behaviour from autodetecting |
| 7 | for libnfnetlink to having an option to disable it explicitly | 7 | for libnfnetlink to having an option to disable it explicitly |
| @@ -15,7 +15,7 @@ Signed-off-by: Maxin B. John <maxin.john@intel.com> | |||
| 15 | 1 file changed, 7 insertions(+), 3 deletions(-) | 15 | 1 file changed, 7 insertions(+), 3 deletions(-) |
| 16 | 16 | ||
| 17 | diff --git a/configure.ac b/configure.ac | 17 | diff --git a/configure.ac b/configure.ac |
| 18 | index eda7871..03ddc50 100644 | 18 | index bc2ed47b..e27745e5 100644 |
| 19 | --- a/configure.ac | 19 | --- a/configure.ac |
| 20 | +++ b/configure.ac | 20 | +++ b/configure.ac |
| 21 | @@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], | 21 | @@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], |
| @@ -28,7 +28,7 @@ index eda7871..03ddc50 100644 | |||
| 28 | AC_ARG_ENABLE([connlabel], | 28 | AC_ARG_ENABLE([connlabel], |
| 29 | AS_HELP_STRING([--disable-connlabel], | 29 | AS_HELP_STRING([--disable-connlabel], |
| 30 | [Do not build libnetfilter_conntrack]), | 30 | [Do not build libnetfilter_conntrack]), |
| 31 | @@ -115,9 +118,10 @@ if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then | 31 | @@ -117,9 +120,10 @@ if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then |
| 32 | AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool)) | 32 | AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool)) |
| 33 | fi | 33 | fi |
| 34 | 34 | ||
| @@ -43,5 +43,5 @@ index eda7871..03ddc50 100644 | |||
| 43 | if test "x$enable_nftables" = "xyes"; then | 43 | if test "x$enable_nftables" = "xyes"; then |
| 44 | PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0]) | 44 | PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0]) |
| 45 | -- | 45 | -- |
| 46 | 2.4.0 | 46 | 2.30.2 |
| 47 | 47 | ||
diff --git a/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch b/meta/recipes-extended/iptables/iptables/0002-iptables-xshared.h-add-missing-sys.types.h-include.patch index 17dd032434..9621d46c09 100644 --- a/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch +++ b/meta/recipes-extended/iptables/iptables/0002-iptables-xshared.h-add-missing-sys.types.h-include.patch | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | From 796b8f6fc1e584c27c42ba302f623fd1c5aa0667 Mon Sep 17 00:00:00 2001 | 1 | From d4699d2169fe2d91d0f1f4369d40d2e5f42b8877 Mon Sep 17 00:00:00 2001 |
| 2 | From: Alexander Kanavin <alex@linutronix.de> | 2 | From: Alexander Kanavin <alex@linutronix.de> |
| 3 | Date: Tue, 17 May 2022 10:56:59 +0200 | 3 | Date: Tue, 17 May 2022 10:56:59 +0200 |
| 4 | Subject: [PATCH] iptables/xshared.h: add missing sys.types.h include | 4 | Subject: [PATCH 2/4] iptables/xshared.h: add missing sys.types.h include |
| 5 | 5 | ||
| 6 | This resolves the build error under musl: | 6 | This resolves the build error under musl: |
| 7 | 7 | ||
| @@ -17,7 +17,7 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de> | |||
| 17 | 1 file changed, 1 insertion(+) | 17 | 1 file changed, 1 insertion(+) |
| 18 | 18 | ||
| 19 | diff --git a/iptables/xshared.h b/iptables/xshared.h | 19 | diff --git a/iptables/xshared.h b/iptables/xshared.h |
| 20 | index 14568bb..73b1017 100644 | 20 | index 0ed9f3c2..b1413834 100644 |
| 21 | --- a/iptables/xshared.h | 21 | --- a/iptables/xshared.h |
| 22 | +++ b/iptables/xshared.h | 22 | +++ b/iptables/xshared.h |
| 23 | @@ -6,6 +6,7 @@ | 23 | @@ -6,6 +6,7 @@ |
| @@ -28,3 +28,6 @@ index 14568bb..73b1017 100644 | |||
| 28 | #include <linux/netfilter_arp/arp_tables.h> | 28 | #include <linux/netfilter_arp/arp_tables.h> |
| 29 | #include <linux/netfilter_ipv4/ip_tables.h> | 29 | #include <linux/netfilter_ipv4/ip_tables.h> |
| 30 | #include <linux/netfilter_ipv6/ip6_tables.h> | 30 | #include <linux/netfilter_ipv6/ip6_tables.h> |
| 31 | -- | ||
| 32 | 2.30.2 | ||
| 33 | |||
diff --git a/meta/recipes-extended/iptables/iptables/0001-Makefile.am-do-not-install-etc-ethertypes.patch b/meta/recipes-extended/iptables/iptables/0003-Makefile.am-do-not-install-etc-ethertypes.patch index aa51265822..cbc97572ec 100644 --- a/meta/recipes-extended/iptables/iptables/0001-Makefile.am-do-not-install-etc-ethertypes.patch +++ b/meta/recipes-extended/iptables/iptables/0003-Makefile.am-do-not-install-etc-ethertypes.patch | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | From a4ed9fc8da720585f853d2ca6ffd30e2fa4d1247 Mon Sep 17 00:00:00 2001 | 1 | From 28291b41bc3717f51e8d9d465f0100f1ca99dc26 Mon Sep 17 00:00:00 2001 |
| 2 | From: Trevor Gamblin <trevor.gamblin@windriver.com> | 2 | From: Trevor Gamblin <trevor.gamblin@windriver.com> |
| 3 | Date: Wed, 9 Mar 2022 12:50:39 -0500 | 3 | Date: Wed, 9 Mar 2022 12:50:39 -0500 |
| 4 | Subject: [PATCH] Makefile.am: do not install /etc/ethertypes | 4 | Subject: [PATCH 3/4] Makefile.am: do not install /etc/ethertypes |
| 5 | 5 | ||
| 6 | The /etc/ethertypes is provided by netbase since 6.0[1]. | 6 | The /etc/ethertypes is provided by netbase since 6.0[1]. |
| 7 | Do not instal the file in ebtables, otherwise there would be a conflict: | 7 | Do not instal the file in ebtables, otherwise there would be a conflict: |
| @@ -20,21 +20,22 @@ Upstream-Status: Inappropriate [embedded specific] | |||
| 20 | 20 | ||
| 21 | Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> | 21 | Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> |
| 22 | --- | 22 | --- |
| 23 | Makefile.am | 1 - | 23 | Makefile.am | 2 +- |
| 24 | 1 file changed, 1 deletion(-) | 24 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 25 | 25 | ||
| 26 | diff --git a/Makefile.am b/Makefile.am | 26 | diff --git a/Makefile.am b/Makefile.am |
| 27 | index 799bf8b8..2eb1843f 100644 | 27 | index 451c3cb2..5125238c 100644 |
| 28 | --- a/Makefile.am | 28 | --- a/Makefile.am |
| 29 | +++ b/Makefile.am | 29 | +++ b/Makefile.am |
| 30 | @@ -18,7 +18,6 @@ SUBDIRS += iptables | 30 | @@ -20,7 +20,7 @@ EXTRA_DIST = autogen.sh iptables-test.py xlate-test.py |
| 31 | 31 | ||
| 32 | if ENABLE_NFTABLES | 32 | if ENABLE_NFTABLES |
| 33 | confdir = $(sysconfdir) | 33 | confdir = $(sysconfdir) |
| 34 | -dist_conf_DATA = etc/ethertypes | 34 | -dist_conf_DATA = etc/ethertypes etc/xtables.conf |
| 35 | +dist_conf_DATA = etc/xtables.conf | ||
| 35 | endif | 36 | endif |
| 36 | 37 | ||
| 37 | .PHONY: tarball | 38 | .PHONY: tarball |
| 38 | -- | 39 | -- |
| 39 | 2.35.1 | 40 | 2.30.2 |
| 40 | 41 | ||
diff --git a/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch b/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch index 7842c6408a..20c40c4039 100644 --- a/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch +++ b/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | From 26090b3dbcdf6a11e60535da949b726a6e86426d Mon Sep 17 00:00:00 2001 | 1 | From e7aa1dd2831f9bb5d0603c5e5027387ad7721b00 Mon Sep 17 00:00:00 2001 |
| 2 | From: "Maxin B. John" <maxin.john@intel.com> | 2 | From: "Maxin B. John" <maxin.john@intel.com> |
| 3 | Date: Tue, 21 Feb 2017 11:49:07 +0200 | 3 | Date: Tue, 21 Feb 2017 11:49:07 +0200 |
| 4 | Subject: [PATCH] configure.ac: | 4 | Subject: [PATCH 4/4] configure.ac: |
| 5 | only-check-conntrack-when-libnfnetlink-enabled.patch | 5 | only-check-conntrack-when-libnfnetlink-enabled.patch |
| 6 | 6 | ||
| 7 | Package libnetfilter-conntrack depends on package libnfnetlink. iptables | 7 | Package libnetfilter-conntrack depends on package libnfnetlink. iptables |
| @@ -28,10 +28,10 @@ Signed-off-by: Maxin B. John <maxin.john@intel.com> | |||
| 28 | 1 file changed, 4 insertions(+), 2 deletions(-) | 28 | 1 file changed, 4 insertions(+), 2 deletions(-) |
| 29 | 29 | ||
| 30 | diff --git a/configure.ac b/configure.ac | 30 | diff --git a/configure.ac b/configure.ac |
| 31 | index 03ddc50..523caea 100644 | 31 | index e27745e5..528f1bb5 100644 |
| 32 | --- a/configure.ac | 32 | --- a/configure.ac |
| 33 | +++ b/configure.ac | 33 | +++ b/configure.ac |
| 34 | @@ -172,10 +172,12 @@ if test "$nftables" != 1; then | 34 | @@ -158,10 +158,12 @@ if test "$nftables" != 1; then |
| 35 | fi | 35 | fi |
| 36 | 36 | ||
| 37 | if test "x$enable_connlabel" = "xyes"; then | 37 | if test "x$enable_connlabel" = "xyes"; then |
| @@ -47,5 +47,5 @@ index 03ddc50..523caea 100644 | |||
| 47 | blacklist_modules="$blacklist_modules connlabel"; | 47 | blacklist_modules="$blacklist_modules connlabel"; |
| 48 | echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built"; | 48 | echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built"; |
| 49 | -- | 49 | -- |
| 50 | 2.4.0 | 50 | 2.30.2 |
| 51 | 51 | ||
diff --git a/meta/recipes-extended/iptables/iptables/format-security.patch b/meta/recipes-extended/iptables/iptables/format-security.patch index be1e077b49..fae920f0a8 100644 --- a/meta/recipes-extended/iptables/iptables/format-security.patch +++ b/meta/recipes-extended/iptables/iptables/format-security.patch | |||
| @@ -1,30 +1,31 @@ | |||
| 1 | From b72eb12ea5a61df0655ad99d5048994e916be83a Mon Sep 17 00:00:00 2001 | 1 | From ed4082a7405a5838c205a34c1559e289949200cc Mon Sep 17 00:00:00 2001 |
| 2 | From: Phil Sutter <phil@nwl.cc> | 2 | From: Phil Sutter <phil@nwl.cc> |
| 3 | Date: Fri, 13 May 2022 16:51:58 +0200 | 3 | Date: Thu, 12 Jan 2023 14:38:44 +0100 |
| 4 | Subject: xshared: Fix build for -Werror=format-security | 4 | Subject: extensions: NAT: Fix for -Werror=format-security |
| 5 | 5 | ||
| 6 | Gcc complains about the omitted format string. | 6 | Have to pass either a string literal or format string to xt_xlate_add(). |
| 7 | 7 | ||
| 8 | Fixes: f30c5edce0413 ("extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE") | ||
| 8 | Signed-off-by: Phil Sutter <phil@nwl.cc> | 9 | Signed-off-by: Phil Sutter <phil@nwl.cc> |
| 9 | Upstream-Status: Backport | 10 | Upstream-Status: Backport [https://git.netfilter.org/iptables/commit/?id=ed4082a7405a5838c205a34c1559e289949200cc] |
| 10 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | 11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> |
| 11 | --- | 12 | --- |
| 12 | iptables/xshared.c | 2 +- | 13 | extensions/libxt_NAT.c | 2 +- |
| 13 | 1 file changed, 1 insertion(+), 1 deletion(-) | 14 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 14 | 15 | ||
| 15 | diff --git a/iptables/xshared.c b/iptables/xshared.c | 16 | diff --git a/extensions/libxt_NAT.c b/extensions/libxt_NAT.c |
| 16 | index fae5ddd5..a8512d38 100644 | 17 | index da9f2201..2a634398 100644 |
| 17 | --- a/iptables/xshared.c | 18 | --- a/extensions/libxt_NAT.c |
| 18 | +++ b/iptables/xshared.c | 19 | +++ b/extensions/libxt_NAT.c |
| 19 | @@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg) | 20 | @@ -424,7 +424,7 @@ __NAT_xlate(struct xt_xlate *xl, const struct nf_nat_range2 *r, |
| 20 | return; | 21 | if (r->flags & NF_NAT_RANGE_PROTO_OFFSET) |
| 22 | return 0; | ||
| 21 | 23 | ||
| 22 | if (args->family != NFPROTO_ARP) | 24 | - xt_xlate_add(xl, tgt); |
| 23 | - xtables_error(PARAMETER_PROBLEM, msg); | 25 | + xt_xlate_add(xl, "%s", tgt); |
| 24 | + xtables_error(PARAMETER_PROBLEM, "%s", msg); | 26 | if (strlen(range_str)) |
| 25 | 27 | xt_xlate_add(xl, " to %s", range_str); | |
| 26 | fprintf(stderr, "%s", msg); | 28 | if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) { |
| 27 | } | ||
| 28 | -- | 29 | -- |
| 29 | cgit v1.2.3 | 30 | cgit v1.2.3 |
| 30 | 31 | ||