[05/49] iptables: upgrade 1.8.7 -> 1.8.8

Message ID	20220518105843.3299331-5-alex@linutronix.de
State	Accepted, archived
Commit	b44d6bc7e56121d977a7bc491aec00cf3fb510fb
Headers	show Return-Path: <alex.kanavin@gmail.com> ip: 209.85.218.54, mailfrom: alex.kanavin@gmail.com) From: Alexander Kanavin <alex.kanavin@gmail.com> To: openembedded-core@lists.openembedded.org Cc: Alexander Kanavin <alex@linutronix.de> Subject: [PATCH 05/49] iptables: upgrade 1.8.7 -> 1.8.8 Date: Wed, 18 May 2022 12:57:59 +0200 Message-Id: <20220518105843.3299331-5-alex@linutronix.de> In-Reply-To: <20220518105843.3299331-1-alex@linutronix.de> References: <20220518105843.3299331-1-alex@linutronix.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[01/49] sato: work around missing icons in adwaita 42.0 \| expand [01/49] sato: work around missing icons in adwaita 42.0 [02/49] adwaita-icon-theme: upgrade 41.0 -> 42.0 [03/49] python3-setuptools: upgrade 59.5.0 -> 62.3.1 [04/49] go: upgrade 1.18.1 -> 1.18.2 [05/49] iptables: upgrade 1.8.7 -> 1.8.8 [06/49] gnu-config: update to latest version [07/49] u-boot: upgrade 2022.01 -> 2022.04 [08/49] python3-pip: update 22.0.4 -> 22.1 [09/49] libxcb: update 1.14 -> 1.15 [10/49] xcb-proto: upgrade 1.14.1 -> 1.15 [11/49] systemtap: update 4.6 -> 4.7 [12/49] vulkan-samples: update to latest revision [13/49] curl: upgrade 7.83.0 -> 7.83.1 [14/49] diffoscope: upgrade 211 -> 212 [15/49] git: upgrade 2.36.0 -> 2.36.1 [16/49] gnutls: upgrade 3.7.4 -> 3.7.5 [17/49] gst-devtools: upgrade 1.20.1 -> 1.20.2 [18/49] gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2 [19/49] gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2 [20/49] gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2 [21/49] gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2 [22/49] gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2 [23/49] gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2 [24/49] gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2 [25/49] gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2 [26/49] gstreamer1.0: upgrade 1.20.1 -> 1.20.2 [27/49] gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2 [28/49] libcgroup: upgrade 2.0.1 -> 2.0.2 [29/49] libnotify: upgrade 0.7.11 -> 0.7.12 [30/49] librepo: upgrade 1.14.2 -> 1.14.3 [31/49] librsvg: upgrade 2.54.1 -> 2.54.3 [32/49] mesa: upgrade 22.0.2 -> 22.0.3 [33/49] mobile-broadband-provider-info: upgrade 20220315 -> 20220511 [34/49] piglit: upgrade to latest revision [35/49] psmisc: upgrade 23.4 -> 23.5 [36/49] python3-bcrypt: upgrade 3.2.0 -> 3.2.2 [37/49] python3-cryptography: upgrade 37.0.1 -> 37.0.2 [38/49] python3-cryptography-vectors: upgrade 37.0.1 -> 37.0.2 [39/49] python3-hypothesis: upgrade 6.46.0 -> 6.46.4 [40/49] python3-jsonschema: upgrade 4.4.0 -> 4.5.1 [41/49] python3-markdown: upgrade 3.3.6 -> 3.3.7 [42/49] python3-more-itertools: upgrade 8.12.0 -> 8.13.0 [43/49] python3-pbr: upgrade 5.8.1 -> 5.9.0 [44/49] python3-pyparsing: upgrade 3.0.8 -> 3.0.9 [45/49] repo: upgrade 2.24.1 -> 2.25 [46/49] sqlite3: upgrade 3.38.3 -> 3.38.5 [47/49] stress-ng: upgrade 0.14.00 -> 0.14.01 [48/49] python3-setuptools-rust: update 1.1.2 -> 1.3.0 [49/49] python3: use built-in distutils for ptest, rather than setuptools' 'fork'

Message ID

20220518105843.3299331-5-alex@linutronix.de

State

Accepted, archived

Commit

b44d6bc7e56121d977a7bc491aec00cf3fb510fb

Headers

From: Alexander Kanavin <alex.kanavin@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex@linutronix.de>
Subject: [PATCH 05/49] iptables: upgrade 1.8.7 -> 1.8.8
Date: Wed, 18 May 2022 12:57:59 +0200
Message-Id: <20220518105843.3299331-5-alex@linutronix.de>
In-Reply-To: <20220518105843.3299331-1-alex@linutronix.de>
References: <20220518105843.3299331-1-alex@linutronix.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[01/49] sato: work around missing icons in adwaita 42.0 | expand

Commit Message

Alexander Kanavin May 18, 2022, 10:57 a.m. UTC

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 ...ed.h-add-missing-sys.types.h-include.patch | 30 +++++++++++++++++++
 .../iptables/iptables/format-security.patch   | 30 +++++++++++++++++++
 .../{iptables_1.8.7.bb => iptables_1.8.8.bb}  | 11 +++++--
 3 files changed, 69 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch
 create mode 100644 meta/recipes-extended/iptables/iptables/format-security.patch
 rename meta/recipes-extended/iptables/{iptables_1.8.7.bb => iptables_1.8.8.bb} (90%)

diff --git a/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch b/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch
new file mode 100644
index 0000000000..17dd032434
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/0001-iptables-xshared.h-add-missing-sys.types.h-include.patch
@@ -0,0 +1,30 @@ 
+From 796b8f6fc1e584c27c42ba302f623fd1c5aa0667 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Tue, 17 May 2022 10:56:59 +0200
+Subject: [PATCH] iptables/xshared.h: add missing sys.types.h include
+
+This resolves the build error under musl:
+
+| ../../../../../../../workspace/sources/iptables/iptables/xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
+|    83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
+|       |                                                        ^~~~~~~~~
+|       |                                                        uint16_t
+
+Upstream-Status: Submitted [via email to phil@nwl.cc]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ iptables/xshared.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/iptables/xshared.h b/iptables/xshared.h
+index 14568bb..73b1017 100644
+--- a/iptables/xshared.h
++++ b/iptables/xshared.h
+@@ -6,6 +6,7 @@
+ #include <stdint.h>
+ #include <netinet/in.h>
+ #include <net/if.h>
++#include <sys/types.h>
+ #include <linux/netfilter_arp/arp_tables.h>
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter_ipv6/ip6_tables.h>
diff --git a/meta/recipes-extended/iptables/iptables/format-security.patch b/meta/recipes-extended/iptables/iptables/format-security.patch
new file mode 100644
index 0000000000..be1e077b49
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/format-security.patch
@@ -0,0 +1,30 @@ 
+From b72eb12ea5a61df0655ad99d5048994e916be83a Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 13 May 2022 16:51:58 +0200
+Subject: xshared: Fix build for -Werror=format-security
+
+Gcc complains about the omitted format string.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ iptables/xshared.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/iptables/xshared.c b/iptables/xshared.c
+index fae5ddd5..a8512d38 100644
+--- a/iptables/xshared.c
++++ b/iptables/xshared.c
+@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg)
+ 		return;
+ 
+ 	if (args->family != NFPROTO_ARP)
+-		xtables_error(PARAMETER_PROBLEM, msg);
++		xtables_error(PARAMETER_PROBLEM, "%s", msg);
+ 
+ 	fprintf(stderr, "%s", msg);
+ }
+-- 
+cgit v1.2.3
+
diff --git a/meta/recipes-extended/iptables/iptables_1.8.7.bb b/meta/recipes-extended/iptables/iptables_1.8.8.bb
similarity index 90%
rename from meta/recipes-extended/iptables/iptables_1.8.7.bb
rename to meta/recipes-extended/iptables/iptables_1.8.8.bb
index 3b41882841..54d027220b 100644
--- a/meta/recipes-extended/iptables/iptables_1.8.7.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.8.bb
@@ -12,12 +12,14 @@  SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
            file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
            file://0001-Makefile.am-do-not-install-etc-ethertypes.patch \
            file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
+           file://format-security.patch \
            file://iptables.service \
            file://iptables.rules \
            file://ip6tables.service \
            file://ip6tables.rules \
+           file://0001-iptables-xshared.h-add-missing-sys.types.h-include.patch \
            "
-SRC_URI[sha256sum] = "c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0"
+SRC_URI[sha256sum] = "71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f"
 
 SYSTEMD_SERVICE:${PN} = "\
     iptables.service \
@@ -28,6 +30,8 @@  inherit autotools pkgconfig systemd
 
 EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}"
 
+CFLAGS:append:libc-musl = " -D__UAPI_DEF_ETHHDR=0"
+
 PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 
@@ -41,6 +45,9 @@  do_configure:prepend() {
     # Remove some libtool m4 files
     # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
     rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
+
+    # Copy a header to fix out of tree builds
+    cp -f ${S}/libiptc/linux_list.h ${S}/include/libiptc/
 }
 
 IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}"
@@ -108,7 +115,7 @@  RDEPENDS:${PN}-apply = "${PN} bash"
 
 # Include the symlinks as well in respective packages
 FILES:${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so"
-FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so"
+FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so ${libdir}/xtables/libxt_REDIRECT.so"
 
 ALLOW_EMPTY:${PN}-modules = "1"

[05/49] iptables: upgrade 1.8.7 -> 1.8.8

Commit Message

Patch