3 files changed, 69 insertions, 2 deletions
diff --git a/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch b/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch
new file mode 100644
index 0000000000..17dd032434
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch
@@ -0,0 +1,30 @@
+From 796b8f6fc1e584c27c42ba302f623fd1c5aa0667 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Tue, 17 May 2022 10:56:59 +0200
+Subject: [PATCH] iptables/xshared.h: add missing sys.types.h include
+This resolves the build error under musl:
+| ../../../../../../../workspace/sources/iptables/iptables/xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
+|    83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
+|       |                                                        ^~~~~~~~~
+|       |                                                        uint16_t
+Upstream-Status: Submitted [via email to phil@nwl.cc]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ iptables/xshared.h | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/iptables/xshared.h b/iptables/xshared.h
+index 14568bb..73b1017 100644
+--- a/iptables/xshared.h
+++ b/iptables/xshared.h
+@@ -6,6 +6,7 @@
+ #include <stdint.h>
+ #include <netinet/in.h>
+ #include <net/if.h>
+#include <sys/types.h>
+ #include <linux/netfilter_arp/arp_tables.h>
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter_ipv6/ip6_tables.h>
diff --git a/meta/recipes-extended/iptables/iptables/format-security.patch b/meta/recipes-extended/iptables/iptables/format-security.patch
new file mode 100644
index 0000000000..be1e077b49
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/format-security.patch
@@ -0,0 +1,30 @@
+From b72eb12ea5a61df0655ad99d5048994e916be83a Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 13 May 2022 16:51:58 +0200
+Subject: xshared: Fix build for -Werror=format-security
+Gcc complains about the omitted format string.
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ iptables/xshared.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/iptables/xshared.c b/iptables/xshared.c
+index fae5ddd5..a8512d38 100644
+--- a/iptables/xshared.c
+++ b/iptables/xshared.c
+@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg)
+                return;
+ 
+        if (args->family != NFPROTO_ARP)
+-               xtables_error(PARAMETER_PROBLEM, msg);
+               xtables_error(PARAMETER_PROBLEM, "%s", msg);
+ 
+        fprintf(stderr, "%s", msg);
+ }
+-- 
+cgit v1.2.3
diff --git a/meta/recipes-extended/iptables/iptables_1.8.7.bb b/meta/recipes-extended/iptables/iptables_1.8.8.bb
index 3b41882841..54d027220b 100644
--- a/meta/recipes-extended/iptables/iptables_1.8.7.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.8.bb
@@ -12,12 +12,14 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
           file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
           file://0001-Makefile.am-do-not-install-etc-ethertypes.patch \
           file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
+           file://format-security.patch \
           file://iptables.service \
           file://iptables.rules \
           file://ip6tables.service \
           file://ip6tables.rules \
+           file://0001-iptables-xshared.h-add-missing-sys.types.h-include.patch \
           "
-SRC_URI[sha256sum] = "c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0"
+SRC_URI[sha256sum] = "71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f"
 SYSTEMD_SERVICE:${PN} = "\
    iptables.service \
@@ -28,6 +30,8 @@ inherit autotools pkgconfig systemd
 EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}"
+CFLAGS:append:libc-musl = " -D__UAPI_DEF_ETHHDR=0"
 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
@@ -41,6 +45,9 @@ do_configure:prepend() {
    # Remove some libtool m4 files
    # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
    rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
+    # Copy a header to fix out of tree builds
+    cp -f ${S}/libiptc/linux_list.h ${S}/include/libiptc/
 }
 IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}"
@@ -108,7 +115,7 @@ RDEPENDS:${PN}-apply = "${PN} bash"
 # Include the symlinks as well in respective packages
 FILES:${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so"
-FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so"
+FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so ${libdir}/xtables/libxt_REDIRECT.so"
 ALLOW_EMPTY:${PN}-modules = "1"

diff --git a/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch b/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch new file mode 100644 index 0000000000..17dd032434 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch
@@ -0,0 +1,30 @@
		1	From 796b8f6fc1e584c27c42ba302f623fd1c5aa0667 Mon Sep 17 00:00:00 2001
		2	From: Alexander Kanavin <alex@linutronix.de>
		3	Date: Tue, 17 May 2022 10:56:59 +0200
		4	Subject: [PATCH] iptables/xshared.h: add missing sys.types.h include
		5
		6	This resolves the build error under musl:
		7
		8	\| ../../../../../../../workspace/sources/iptables/iptables/xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
		9	\| 83 \| set_option(unsigned int options, unsigned int option, u_int16_t invflg,
		10	\| \| ^~~~~~~~~
		11	\| \| uint16_t
		12
		13	Upstream-Status: Submitted [via email to phil@nwl.cc]
		14	Signed-off-by: Alexander Kanavin <alex@linutronix.de>
		15	---
		16	iptables/xshared.h \| 1 +
		17	1 file changed, 1 insertion(+)
		18
		19	diff --git a/iptables/xshared.h b/iptables/xshared.h
		20	index 14568bb..73b1017 100644
		21	--- a/iptables/xshared.h
		22	+++ b/iptables/xshared.h
		23	@@ -6,6 +6,7 @@
		24	#include <stdint.h>
		25	#include <netinet/in.h>
		26	#include <net/if.h>
		27	+#include <sys/types.h>
		28	#include <linux/netfilter_arp/arp_tables.h>
		29	#include <linux/netfilter_ipv4/ip_tables.h>
		30	#include <linux/netfilter_ipv6/ip6_tables.h>


diff --git a/meta/recipes-extended/iptables/iptables/format-security.patch b/meta/recipes-extended/iptables/iptables/format-security.patch new file mode 100644 index 0000000000..be1e077b49 --- /dev/null +++ b/meta/recipes-extended/iptables/iptables/format-security.patch
@@ -0,0 +1,30 @@
		1	From b72eb12ea5a61df0655ad99d5048994e916be83a Mon Sep 17 00:00:00 2001
		2	From: Phil Sutter <phil@nwl.cc>
		3	Date: Fri, 13 May 2022 16:51:58 +0200
		4	Subject: xshared: Fix build for -Werror=format-security
		5
		6	Gcc complains about the omitted format string.
		7
		8	Signed-off-by: Phil Sutter <phil@nwl.cc>
		9	Upstream-Status: Backport
		10	Signed-off-by: Alexander Kanavin <alex@linutronix.de>
		11	---
		12	iptables/xshared.c \| 2 +-
		13	1 file changed, 1 insertion(+), 1 deletion(-)
		14
		15	diff --git a/iptables/xshared.c b/iptables/xshared.c
		16	index fae5ddd5..a8512d38 100644
		17	--- a/iptables/xshared.c
		18	+++ b/iptables/xshared.c
		19	@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args args, const char arg)
		20	return;
		21
		22	if (args->family != NFPROTO_ARP)
		23	- xtables_error(PARAMETER_PROBLEM, msg);
		24	+ xtables_error(PARAMETER_PROBLEM, "%s", msg);
		25
		26	fprintf(stderr, "%s", msg);
		27	}
		28	--
		29	cgit v1.2.3
		30


diff --git a/meta/recipes-extended/iptables/iptables_1.8.7.bb b/meta/recipes-extended/iptables/iptables_1.8.8.bb index 3b41882841..54d027220b 100644 --- a/meta/recipes-extended/iptables/iptables_1.8.7.bb +++ b/meta/recipes-extended/iptables/iptables_1.8.8.bb
@@ -12,12 +12,14 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
12	file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \	12	file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
13	file://0001-Makefile.am-do-not-install-etc-ethertypes.patch \	13	file://0001-Makefile.am-do-not-install-etc-ethertypes.patch \
14	file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \	14	file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
		15	file://format-security.patch \
15	file://iptables.service \	16	file://iptables.service \
16	file://iptables.rules \	17	file://iptables.rules \
17	file://ip6tables.service \	18	file://ip6tables.service \
18	file://ip6tables.rules \	19	file://ip6tables.rules \
		20	file://0001-iptables-xshared.h-add-missing-sys.types.h-include.patch \
19	"	21	"
20	SRC_URI[sha256sum] = "c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0"	22	SRC_URI[sha256sum] = "71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f"
21		23
22	SYSTEMD_SERVICE:${PN} = "\	24	SYSTEMD_SERVICE:${PN} = "\
23	iptables.service \	25	iptables.service \
@@ -28,6 +30,8 @@ inherit autotools pkgconfig systemd
28		30
29	EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}"	31	EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}"
30		32
		33	CFLAGS:append:libc-musl = " -D__UAPI_DEF_ETHHDR=0"
		34
31	PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"	35	PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
32	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"	36	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
33		37
@@ -41,6 +45,9 @@ do_configure:prepend() {
41	# Remove some libtool m4 files	45	# Remove some libtool m4 files
42	# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.	46	# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
43	rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4	47	rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
		48
		49	# Copy a header to fix out of tree builds
		50	cp -f ${S}/libiptc/linux_list.h ${S}/include/libiptc/
44	}	51	}
45		52
46	IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}"	53	IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}"
@@ -108,7 +115,7 @@ RDEPENDS:${PN}-apply = "${PN} bash"
108		115
109	# Include the symlinks as well in respective packages	116	# Include the symlinks as well in respective packages
110	FILES:${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so"	117	FILES:${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so"
111	FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so"	118	FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so ${libdir}/xtables/libxt_REDIRECT.so"
112		119
113	ALLOW_EMPTY:${PN}-modules = "1"	120	ALLOW_EMPTY:${PN}-modules = "1"
114		121