iptables: upgrade to 1.6.1

1.6.0 -> 1.6.1 Refreshed the following patches: a) 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b) 0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch (From OE-Core rev: 0148bb131b2ac68f168562e9eaedce8aa4e4a875) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Maxin B. John <maxin.john@intel.com> 2017-02-21 13:55:07 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-02-23 12:49:52 -0800
commit: 134db01e7b76803d11c930201cd080337c7c4f6e (patch)
tree: 23b0011e8a684451b49027714c98f238b81e7dc3 /meta/recipes-extended/iptables
parent: e60cb049d12a9884e2b8c033dcfdd8de411a9ecc (diff)
download: poky-134db01e7b76803d11c930201cd080337c7c4f6e.tar.gz
3 files changed, 56 insertions, 29 deletions
diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
index b711b7aa36..03c36ccbc2 100644
--- a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
+++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
@@ -1,4 +1,7 @@
-[PATCH] configure: Add option to enable/disable libnfnetlink
+From c46db7c2e1f63ec525835553587e70c635565310 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Tue, 21 Feb 2017 11:16:31 +0200
+Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
 This changes the configure behaviour from autodetecting
 for libnfnetlink to having an option to disable it explicitly
@@ -8,20 +11,24 @@ Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 Signed-off-by: Maxin B. John <maxin.john@intel.com>
 ---
-diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
+ configure.ac | 10 +++++++---
--- iptables-1.6.0-old/configure.ac     2015-12-28 18:40:35.255417976 +0200
+ 1 file changed, 7 insertions(+), 3 deletions(-)
-+++ iptables-1.6.0/configure.ac 2015-12-29 13:01:12.388840200 +0200
-@@ -63,6 +63,9 @@
+diff --git a/configure.ac b/configure.ac
+index eda7871..03ddc50 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
 AC_ARG_ENABLE([nftables],
        AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
        [enable_nftables="$enableval"], [enable_nftables="yes"])
 +AC_ARG_ENABLE([libnfnetlink],
 +    AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
 +    [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
- 
+ AC_ARG_ENABLE([connlabel],
- libiptc_LDFLAGS2="";
+        AS_HELP_STRING([--disable-connlabel],
- AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
+        [Do not build libnetfilter_conntrack]),
-@@ -123,9 +126,10 @@
+@@ -115,9 +118,10 @@ if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
        AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
 fi
 
@@ -35,3 +42,6 @@ diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
 
 if test "x$enable_nftables" = "xyes"; then
        PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
+-- 
+2.4.0
diff --git a/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch b/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
index 89ad8f6668..7842c6408a 100644
--- a/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
+++ b/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
@@ -1,34 +1,51 @@
+From 26090b3dbcdf6a11e60535da949b726a6e86426d Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Tue, 21 Feb 2017 11:49:07 +0200
+Subject: [PATCH] configure.ac:
+ only-check-conntrack-when-libnfnetlink-enabled.patch
 Package libnetfilter-conntrack depends on package libnfnetlink. iptables
 checks package libnetfilter-conntrack whatever its package config
 libnfnetlink is enabled or not. When libnfnetlink is disabled but
 package libnetfilter-conntrack exists, it fails randomly with:
-| In file included from .../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
+In file included from
-| .../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42: fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
+.../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
-| compilation terminated.
-| GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
+.../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42:
+fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
+compilation terminated.
+GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
 Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.
 Upstream-Status: Pending
 Signed-off-by: Kai Kang <kai.kang@windriver.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ configure.ac | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/configure.ac b/configure.ac
-index 5d7e62b..e331ee7 100644
+index 03ddc50..523caea 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -88,8 +88,12 @@ if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
+@@ -172,10 +172,12 @@ if test "$nftables" != 1; then
-        blacklist_modules="$blacklist_modules ipvs";
+ fi
- fi;
 
-PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],
+ if test "x$enable_connlabel" = "xyes"; then
-+nfconntrack=0
+-       PKG_CHECK_MODULES([libnetfilter_conntrack],
-+AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
+    nfconntrack=0
-+  PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],
+    AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
-        [nfconntrack=1], [nfconntrack=0])
+    PKG_CHECK_MODULES([libnetfilter_conntrack],
-+  ])
+                [libnetfilter_conntrack >= 1.0.6],
-+
+                [nfconntrack=1], [nfconntrack=0])
- AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1])
+-
- 
+    ])
- if test "$nfconntrack" -ne 1; then
+        if test "$nfconntrack" -ne 1; then
+                blacklist_modules="$blacklist_modules connlabel";
+                echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
+-- 
+2.4.0
diff --git a/meta/recipes-extended/iptables/iptables_1.6.0.bb b/meta/recipes-extended/iptables/iptables_1.6.1.bb
index fbbe4186b2..9b4c05095a 100644
--- a/meta/recipes-extended/iptables/iptables_1.6.0.bb
+++ b/meta/recipes-extended/iptables/iptables_1.6.1.bb
@@ -25,8 +25,8 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
          "
 SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch"
-SRC_URI[md5sum] = "27ba3451cb622467fc9267a176f19a31"
+SRC_URI[md5sum] = "ab38a33806b6182c6f53d6afb4619add"
-SRC_URI[sha256sum] = "4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60"
+SRC_URI[sha256sum] = "0fc2d7bd5d7be11311726466789d4c65fb4c8e096c9182b56ce97440864f0cf5"
 inherit autotools pkgconfig
author	Maxin B. John <maxin.john@intel.com>	2017-02-21 13:55:07 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-02-23 12:49:52 -0800
commit	134db01e7b76803d11c930201cd080337c7c4f6e (patch)
tree	23b0011e8a684451b49027714c98f238b81e7dc3 /meta/recipes-extended/iptables
parent	e60cb049d12a9884e2b8c033dcfdd8de411a9ecc (diff)
download	poky-134db01e7b76803d11c930201cd080337c7c4f6e.tar.gz

diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch index b711b7aa36..03c36ccbc2 100644 --- a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch +++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
@@ -1,4 +1,7 @@
1	[PATCH] configure: Add option to enable/disable libnfnetlink	1	From c46db7c2e1f63ec525835553587e70c635565310 Mon Sep 17 00:00:00 2001
		2	From: "Maxin B. John" <maxin.john@intel.com>
		3	Date: Tue, 21 Feb 2017 11:16:31 +0200
		4	Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
2		5
3	This changes the configure behaviour from autodetecting	6	This changes the configure behaviour from autodetecting
4	for libnfnetlink to having an option to disable it explicitly	7	for libnfnetlink to having an option to disable it explicitly
@@ -8,20 +11,24 @@ Upstream-Status: Pending
8	Signed-off-by: Khem Raj <raj.khem@gmail.com>	11	Signed-off-by: Khem Raj <raj.khem@gmail.com>
9	Signed-off-by: Maxin B. John <maxin.john@intel.com>	12	Signed-off-by: Maxin B. John <maxin.john@intel.com>
10	---	13	---
11	diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac	14	configure.ac \| 10 +++++++---
12	--- iptables-1.6.0-old/configure.ac 2015-12-28 18:40:35.255417976 +0200	15	1 file changed, 7 insertions(+), 3 deletions(-)
13	+++ iptables-1.6.0/configure.ac 2015-12-29 13:01:12.388840200 +0200	16
14	@@ -63,6 +63,9 @@	17	diff --git a/configure.ac b/configure.ac
		18	index eda7871..03ddc50 100644
		19	--- a/configure.ac
		20	+++ b/configure.ac
		21	@@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
15	AC_ARG_ENABLE([nftables],	22	AC_ARG_ENABLE([nftables],
16	AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),	23	AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
17	[enable_nftables="$enableval"], [enable_nftables="yes"])	24	[enable_nftables="$enableval"], [enable_nftables="yes"])
18	+AC_ARG_ENABLE([libnfnetlink],	25	+AC_ARG_ENABLE([libnfnetlink],
19	+ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),	26	+ AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
20	+ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])	27	+ [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
21		28	AC_ARG_ENABLE([connlabel],
22	libiptc_LDFLAGS2="";	29	AS_HELP_STRING([--disable-connlabel],
23	AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],	30	[Do not build libnetfilter_conntrack]),
24	@@ -123,9 +126,10 @@	31	@@ -115,9 +118,10 @@ if test "x$enable_bpfc" = "xyes" \|\| test "x$enable_nfsynproxy" = "xyes"; then
25	AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))	32	AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
26	fi	33	fi
27		34
@@ -35,3 +42,6 @@ diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
35		42
36	if test "x$enable_nftables" = "xyes"; then	43	if test "x$enable_nftables" = "xyes"; then
37	PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])	44	PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
		45	--
		46	2.4.0
		47


diff --git a/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch b/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch index 89ad8f6668..7842c6408a 100644 --- a/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch +++ b/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch
@@ -1,34 +1,51 @@
		1	From 26090b3dbcdf6a11e60535da949b726a6e86426d Mon Sep 17 00:00:00 2001
		2	From: "Maxin B. John" <maxin.john@intel.com>
		3	Date: Tue, 21 Feb 2017 11:49:07 +0200
		4	Subject: [PATCH] configure.ac:
		5	only-check-conntrack-when-libnfnetlink-enabled.patch
		6
1	Package libnetfilter-conntrack depends on package libnfnetlink. iptables	7	Package libnetfilter-conntrack depends on package libnfnetlink. iptables
2	checks package libnetfilter-conntrack whatever its package config	8	checks package libnetfilter-conntrack whatever its package config
3	libnfnetlink is enabled or not. When libnfnetlink is disabled but	9	libnfnetlink is enabled or not. When libnfnetlink is disabled but
4	package libnetfilter-conntrack exists, it fails randomly with:	10	package libnetfilter-conntrack exists, it fails randomly with:
5		11
6	\| In file included from .../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:	12	In file included from
7	\| .../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42: fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory	13	.../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
8	\| compilation terminated.	14
9	\| GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed	15	.../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42:
		16	fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
10		17
		18	compilation terminated.
		19	GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
11	Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.	20	Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.
12		21
13	Upstream-Status: Pending	22	Upstream-Status: Pending
14		23
15	Signed-off-by: Kai Kang <kai.kang@windriver.com>	24	Signed-off-by: Kai Kang <kai.kang@windriver.com>
		25	Signed-off-by: Maxin B. John <maxin.john@intel.com>
		26	---
		27	configure.ac \| 6 ++++--
		28	1 file changed, 4 insertions(+), 2 deletions(-)
16		29
17	diff --git a/configure.ac b/configure.ac	30	diff --git a/configure.ac b/configure.ac
18	index 5d7e62b..e331ee7 100644	31	index 03ddc50..523caea 100644
19	--- a/configure.ac	32	--- a/configure.ac
20	+++ b/configure.ac	33	+++ b/configure.ac
21	@@ -88,8 +88,12 @@ if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then	34	@@ -172,10 +172,12 @@ if test "$nftables" != 1; then
22	blacklist_modules="$blacklist_modules ipvs";	35	fi
23	fi;
24		36
25	-PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],	37	if test "x$enable_connlabel" = "xyes"; then
26	+nfconntrack=0	38	- PKG_CHECK_MODULES([libnetfilter_conntrack],
27	+AS_IF([test "x$enable_libnfnetlink" = "xyes"], [	39	+ nfconntrack=0
28	+ PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],	40	+ AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
29	[nfconntrack=1], [nfconntrack=0])	41	+ PKG_CHECK_MODULES([libnetfilter_conntrack],
30	+ ])	42	[libnetfilter_conntrack >= 1.0.6],
31	+	43	[nfconntrack=1], [nfconntrack=0])
32	AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1])	44	-
33		45	+ ])
34	if test "$nfconntrack" -ne 1; then	46	if test "$nfconntrack" -ne 1; then
		47	blacklist_modules="$blacklist_modules connlabel";
		48	echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
		49	--
		50	2.4.0
		51


diff --git a/meta/recipes-extended/iptables/iptables_1.6.0.bb b/meta/recipes-extended/iptables/iptables_1.6.1.bb index fbbe4186b2..9b4c05095a 100644 --- a/meta/recipes-extended/iptables/iptables_1.6.0.bb +++ b/meta/recipes-extended/iptables/iptables_1.6.1.bb
@@ -25,8 +25,8 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
25	"	25	"
26	SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch"	26	SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch"
27		27
28	SRC_URI[md5sum] = "27ba3451cb622467fc9267a176f19a31"	28	SRC_URI[md5sum] = "ab38a33806b6182c6f53d6afb4619add"
29	SRC_URI[sha256sum] = "4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60"	29	SRC_URI[sha256sum] = "0fc2d7bd5d7be11311726466789d4c65fb4c8e096c9182b56ce97440864f0cf5"
30		30
31	inherit autotools pkgconfig	31	inherit autotools pkgconfig
32		32