From c345b6a82b1216994b0eac0c226d3f5d67f7ff1bd94cae3d030b3bbdd2dc2aee Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 19 Mar 2021 10:11:38 +0000 Subject: [PATCH 1/2] - Add sle-kernels.patch [boo#1183753] OBS-URL: https://build.opensuse.org/package/show/security:netfilter/xtables-addons?expand=0&rev=154 --- sle-kernels.patch | 32 ++++++++++++++++++++++++++++++++ xtables-addons.changes | 5 +++++ xtables-addons.spec | 10 +++++++++- 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 sle-kernels.patch diff --git a/sle-kernels.patch b/sle-kernels.patch new file mode 100644 index 0000000..0daf530 --- /dev/null +++ b/sle-kernels.patch @@ -0,0 +1,32 @@ +From: Jan Engelhardt +Date: 2021-03-19 10:38:28.244573625 +0100 +References: https://bugzilla.suse.com/show_bug.cgi?id=1183753 + +Workaround the SLE kernels misrepresenting themselves. + +--- + extensions/xt_TARPIT.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: xtables-addons-3.18/extensions/xt_TARPIT.c +=================================================================== +--- xtables-addons-3.18.orig/extensions/xt_TARPIT.c ++++ xtables-addons-3.18/extensions/xt_TARPIT.c +@@ -206,7 +206,7 @@ static void tarpit_tcp4(const struct xt_ + return; + + /* This packet will not be the same as the other: clear nf fields */ +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0) || defined(SLE_15_3) + nf_reset_ct(nskb); + #else + nf_reset(nskb); +@@ -352,7 +352,7 @@ static void tarpit_tcp6(const struct xt_ + } + + /* This packet will not be the same as the other: clear nf fields */ +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0) || defined(SLE_15_3) + nf_reset_ct(nskb); + #else + nf_reset(nskb); diff --git a/xtables-addons.changes b/xtables-addons.changes index 0684502..92767e0 100644 --- a/xtables-addons.changes +++ b/xtables-addons.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Mar 19 09:37:36 UTC 2021 - Jan Engelhardt + +- Add sle-kernels.patch [boo#1183753] + ------------------------------------------------------------------- Thu Mar 11 16:14:44 UTC 2021 - Jan Engelhardt diff --git a/xtables-addons.spec b/xtables-addons.spec index 1476813..b6ef570 100644 --- a/xtables-addons.spec +++ b/xtables-addons.spec @@ -29,6 +29,7 @@ Source: https://inai.de/files/%name/%name-%version.tar.xz Source2: https://inai.de/files/%name/%name-%version.tar.asc Source3: %name-preamble Source4: %name.keyring +Patch1: sle-kernels.patch BuildRequires: %kernel_module_package_buildreqs BuildRequires: kernel-syms >= 4.15 BuildRequires: pkg-config >= 0.21 @@ -69,8 +70,13 @@ main kernel/iptables packages. %prep %autosetup -p1 +autoreconf -fiv %build +%if 0%{?sle_version} == 150300 +export KCFLAGS="-DSLE_15_3" +echo "$KCFLAGS" >kcflags +%endif pushd ../ for flavor in %flavors_to_build; do cp -a "%name-%version" "%name-$flavor-%version" @@ -82,10 +88,12 @@ done %install b="%buildroot" +# kernel's make install is picky about flags changing between %%build and %%install +export KCFLAGS="$(cat kcflags)" pushd ../ for flavor in %flavors_to_build; do pushd "%name-$flavor-%version/" - make %{?linux_make_arch} install DESTDIR="$b" + make %{?linux_make_arch} install DESTDIR="$b" V=1 popd done # There is no -devel package. So no need for these files. From cf4b4f7441edc6a950bb4770c343d58720cd070141c71c3a686d7a548b53b89f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 19 Mar 2021 11:29:49 +0000 Subject: [PATCH 2/2] OBS-URL: https://build.opensuse.org/package/show/security:netfilter/xtables-addons?expand=0&rev=155 --- xtables-addons.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xtables-addons.spec b/xtables-addons.spec index b6ef570..020d04c 100644 --- a/xtables-addons.spec +++ b/xtables-addons.spec @@ -31,7 +31,9 @@ Source3: %name-preamble Source4: %name.keyring Patch1: sle-kernels.patch BuildRequires: %kernel_module_package_buildreqs +BuildRequires: automake BuildRequires: kernel-syms >= 4.15 +BuildRequires: libtool BuildRequires: pkg-config >= 0.21 BuildRequires: xz BuildRequires: pkgconfig(xtables) >= 1.6.0