From 2e590a63645a5c89ad752abfe36458dc0f49c739 Mon Sep 17 00:00:00 2001 From: Curtis Deptuck Date: Wed, 2 Dec 2020 17:28:39 -0700 Subject: [PATCH] iptables: update to 1.8.6 Update iptables to 1.8.6 ChangeLog: https://netfilter.org/projects/iptables/files/changes-iptables-1.8.6.txt Refresh patch: 101-remove-check-already.patch Signed-off-by: Curtis Deptuck Signed-off-by: Hans Dedecker [refresh patches] --- package/network/utils/iptables/Makefile | 4 +-- .../010-add-set-dscpmark-support.patch | 25 +++++++------------ .../patches/101-remove-check-already.patch | 12 ++++----- .../102-iptables-disable-modprobe.patch | 4 +-- .../patches/200-configurable_builtin.patch | 2 +- .../iptables/patches/600-shared-libext.patch | 4 +-- .../700-disable-legacy-revisions.patch | 20 +++++++-------- 7 files changed, 32 insertions(+), 39 deletions(-) diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 616274ebdd..c4b87f0df6 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=iptables -PKG_VERSION:=1.8.4 +PKG_VERSION:=1.8.6 PKG_RELEASE:=1 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_HASH:=993a3a5490a544c2cbf2ef15cf7e7ed21af1845baf228318d5c36ef8827e157c +PKG_HASH:=a0f4fe0c3eb8faa5bd9c8376d132f340b9558e750c91deb2d5028aa3d0047767 PKG_FIXUP:=autoreconf PKG_FLAGS:=nonshared diff --git a/package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch b/package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch index fb6978e6f7..9a5de639aa 100644 --- a/package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch +++ b/package/network/utils/iptables/patches/010-add-set-dscpmark-support.patch @@ -15,8 +15,6 @@ Signed-off-by: Kevin Darbyshire-Bryant include/linux/netfilter/xt_connmark.h | 10 + 2 files changed, 324 insertions(+), 1 deletion(-) -diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c -index 21e10913..c777b110 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -22,6 +22,7 @@ @@ -47,7 +45,7 @@ index 21e10913..c777b110 100644 }; static const char *const xt_connmark_shift_ops[] = { -@@ -114,6 +118,8 @@ static const struct xt_option_entry connmark_tg_opts[] = { +@@ -114,6 +118,8 @@ static const struct xt_option_entry conn .excl = F_MASK, .flags = XTOPT_PUT, XTOPT_POINTER(s, nfmask)}, {.name = "mask", .id = O_MASK, .type = XTTYPE_UINT32, .excl = F_CTMASK | F_NFMASK}, @@ -56,7 +54,7 @@ index 21e10913..c777b110 100644 XTOPT_TABLEEND, }; #undef s -@@ -148,6 +154,38 @@ static const struct xt_option_entry connmark_tg_opts_v2[] = { +@@ -148,6 +154,38 @@ static const struct xt_option_entry conn }; #undef s @@ -111,7 +109,7 @@ index 21e10913..c777b110 100644 static void connmark_tg_init(struct xt_entry_target *target) { struct xt_connmark_tginfo1 *info = (void *)target->data; -@@ -199,6 +246,16 @@ static void connmark_tg_init_v2(struct xt_entry_target *target) +@@ -199,6 +246,16 @@ static void connmark_tg_init_v2(struct x info->shift_bits = 0; } @@ -128,7 +126,7 @@ index 21e10913..c777b110 100644 static void CONNMARK_parse(struct xt_option_call *cb) { struct xt_connmark_target_info *markinfo = cb->data; -@@ -253,6 +310,23 @@ static void connmark_tg_parse(struct xt_option_call *cb) +@@ -253,6 +310,23 @@ static void connmark_tg_parse(struct xt_ info->ctmark = cb->val.u32; info->ctmask = 0; break; @@ -152,7 +150,7 @@ index 21e10913..c777b110 100644 case O_SAVE_MARK: info->mode = XT_CONNMARK_SAVE; break; -@@ -320,6 +394,78 @@ static void connmark_tg_parse_v2(struct xt_option_call *cb) +@@ -320,6 +394,78 @@ static void connmark_tg_parse_v2(struct } } @@ -231,7 +229,7 @@ index 21e10913..c777b110 100644 static void connmark_tg_check(struct xt_fcheck_call *cb) { if (!(cb->xflags & F_OP_ANY)) -@@ -463,6 +609,65 @@ connmark_tg_print_v2(const void *ip, const struct xt_entry_target *target, +@@ -463,6 +609,65 @@ connmark_tg_print_v2(const void *ip, con } } @@ -297,7 +295,7 @@ index 21e10913..c777b110 100644 static void CONNMARK_save(const void *ip, const struct xt_entry_target *target) { const struct xt_connmark_target_info *markinfo = -@@ -548,6 +753,38 @@ connmark_tg_save_v2(const void *ip, const struct xt_entry_target *target) +@@ -548,6 +753,38 @@ connmark_tg_save_v2(const void *ip, cons } } @@ -336,7 +334,7 @@ index 21e10913..c777b110 100644 static int connmark_tg_xlate(struct xt_xlate *xl, const struct xt_xlate_tg_params *params) { -@@ -639,6 +876,66 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl, +@@ -639,6 +876,66 @@ static int connmark_tg_xlate_v2(struct x return 1; } @@ -403,7 +401,7 @@ index 21e10913..c777b110 100644 static struct xtables_target connmark_tg_reg[] = { { .family = NFPROTO_UNSPEC, -@@ -687,6 +984,22 @@ static struct xtables_target connmark_tg_reg[] = { +@@ -687,6 +984,22 @@ static struct xtables_target connmark_tg .x6_options = connmark_tg_opts_v2, .xlate = connmark_tg_xlate_v2, }, @@ -426,8 +424,6 @@ index 21e10913..c777b110 100644 }; void _init(void) -diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h -index bbf2acc9..1d8e721c 100644 --- a/include/linux/netfilter/xt_connmark.h +++ b/include/linux/netfilter/xt_connmark.h @@ -18,6 +18,11 @@ enum { @@ -454,6 +450,3 @@ index bbf2acc9..1d8e721c 100644 struct xt_connmark_mtinfo1 { __u32 mark, mask; __u8 invert; --- -2.21.0 (Apple Git-122.2) - diff --git a/package/network/utils/iptables/patches/101-remove-check-already.patch b/package/network/utils/iptables/patches/101-remove-check-already.patch index 98e825f016..16afafec2d 100644 --- a/package/network/utils/iptables/patches/101-remove-check-already.patch +++ b/package/network/utils/iptables/patches/101-remove-check-already.patch @@ -1,9 +1,9 @@ --- a/libxtables/xtables.c +++ b/libxtables/xtables.c -@@ -903,12 +903,6 @@ static void xtables_check_options(const +@@ -968,12 +968,6 @@ void xtables_register_match(struct xtabl + struct xtables_match **pos; + bool seen_myself = false; - void xtables_register_match(struct xtables_match *me) - { - if (me->next) { - fprintf(stderr, "%s: match \"%s\" already registered\n", - xt_params->program_name, me->name); @@ -13,10 +13,10 @@ if (me->version == NULL) { fprintf(stderr, "%s: match %s<%u> is missing a version\n", xt_params->program_name, me->name, me->revision); -@@ -1096,12 +1090,6 @@ void xtables_register_matches(struct xta +@@ -1152,12 +1146,6 @@ void xtables_register_target(struct xtab + struct xtables_target **pos; + bool seen_myself = false; - void xtables_register_target(struct xtables_target *me) - { - if (me->next) { - fprintf(stderr, "%s: target \"%s\" already registered\n", - xt_params->program_name, me->name); diff --git a/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch b/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch index 0866118440..b8e19c781a 100644 --- a/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch +++ b/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch @@ -1,6 +1,6 @@ --- a/libxtables/xtables.c +++ b/libxtables/xtables.c -@@ -360,6 +360,7 @@ static char *get_modprobe(void) +@@ -403,6 +403,7 @@ static char *get_modprobe(void) int xtables_insmod(const char *modname, const char *modprobe, bool quiet) { @@ -8,7 +8,7 @@ char *buf = NULL; char *argv[4]; int status; -@@ -394,6 +395,7 @@ int xtables_insmod(const char *modname, +@@ -437,6 +438,7 @@ int xtables_insmod(const char *modname, free(buf); if (WIFEXITED(status) && WEXITSTATUS(status) == 0) return 0; diff --git a/package/network/utils/iptables/patches/200-configurable_builtin.patch b/package/network/utils/iptables/patches/200-configurable_builtin.patch index 5788a829b0..6d7b5b5822 100644 --- a/package/network/utils/iptables/patches/200-configurable_builtin.patch +++ b/package/network/utils/iptables/patches/200-configurable_builtin.patch @@ -60,7 +60,7 @@ .SECONDARY: -@@ -148,11 +168,11 @@ libext4.a: initext4.o ${libext4_objs} +@@ -161,11 +181,11 @@ libext4.a: initext4.o ${libext4_objs} libext6.a: initext6.o ${libext6_objs} ${AM_VERBOSE_AR} ${AR} crs $@ $^; diff --git a/package/network/utils/iptables/patches/600-shared-libext.patch b/package/network/utils/iptables/patches/600-shared-libext.patch index 7b798b7fda..819f628f9e 100644 --- a/package/network/utils/iptables/patches/600-shared-libext.patch +++ b/package/network/utils/iptables/patches/600-shared-libext.patch @@ -9,7 +9,7 @@ targets_install := libext_objs := ${pfx_objs} libext_ebt_objs := ${pfb_objs} -@@ -119,7 +119,7 @@ clean: +@@ -132,7 +132,7 @@ clean: distclean: clean init%.o: init%.c @@ -18,7 +18,7 @@ -include .*.d -@@ -151,22 +151,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn +@@ -164,22 +164,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn # handling code in the Makefiles. # lib%.o: ${srcdir}/lib%.c diff --git a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch index 86715fc8e7..cc451ef959 100644 --- a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch +++ b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch @@ -1,6 +1,6 @@ --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c -@@ -1387,6 +1387,7 @@ static int conntrack3_mt6_xlate(struct x +@@ -1395,6 +1395,7 @@ static int conntrack3_mt6_xlate(struct x } static struct xtables_match conntrack_mt_reg[] = { @@ -8,7 +8,7 @@ { .version = XTABLES_VERSION, .name = "conntrack", -@@ -1462,6 +1463,7 @@ static struct xtables_match conntrack_mt +@@ -1470,6 +1471,7 @@ static struct xtables_match conntrack_mt .alias = conntrack_print_name_alias, .x6_options = conntrack2_mt_opts, }, @@ -16,7 +16,7 @@ { .version = XTABLES_VERSION, .name = "conntrack", -@@ -1494,6 +1496,7 @@ static struct xtables_match conntrack_mt +@@ -1502,6 +1504,7 @@ static struct xtables_match conntrack_mt .x6_options = conntrack3_mt_opts, .xlate = conntrack3_mt6_xlate, }, @@ -24,7 +24,7 @@ { .family = NFPROTO_UNSPEC, .name = "state", -@@ -1524,6 +1527,8 @@ static struct xtables_match conntrack_mt +@@ -1532,6 +1535,8 @@ static struct xtables_match conntrack_mt .x6_parse = state_ct23_parse, .x6_options = state_opts, }, @@ -33,7 +33,7 @@ { .family = NFPROTO_UNSPEC, .name = "state", -@@ -1553,6 +1558,7 @@ static struct xtables_match conntrack_mt +@@ -1561,6 +1566,7 @@ static struct xtables_match conntrack_mt .x6_parse = state_parse, .x6_options = state_opts, }, @@ -43,7 +43,7 @@ void _init(void) --- a/extensions/libxt_CT.c +++ b/extensions/libxt_CT.c -@@ -349,6 +349,7 @@ static void notrack_ct2_tg_init(struct x +@@ -363,6 +363,7 @@ static int xlate_ct1_tg(struct xt_xlate } static struct xtables_target ct_target_reg[] = { @@ -51,7 +51,7 @@ { .family = NFPROTO_UNSPEC, .name = "CT", -@@ -374,6 +375,7 @@ static struct xtables_target ct_target_r +@@ -388,6 +389,7 @@ static struct xtables_target ct_target_r .x6_parse = ct_parse_v1, .x6_options = ct_opts_v1, }, @@ -59,15 +59,15 @@ { .family = NFPROTO_UNSPEC, .name = "CT", -@@ -388,6 +390,7 @@ static struct xtables_target ct_target_r - .x6_parse = ct_parse_v1, +@@ -403,6 +405,7 @@ static struct xtables_target ct_target_r .x6_options = ct_opts_v1, + .xlate = xlate_ct1_tg, }, +#ifndef NO_LEGACY { .family = NFPROTO_UNSPEC, .name = "NOTRACK", -@@ -425,6 +428,7 @@ static struct xtables_target ct_target_r +@@ -441,6 +444,7 @@ static struct xtables_target ct_target_r .revision = 0, .version = XTABLES_VERSION, }, -- 2.30.2