From 4122804c4bd6e518b4c88b826296c514e1f0cf9fea1cf0e1db4b770dcbc8f647 Mon Sep 17 00:00:00 2001 From: Kristyna Streitova Date: Mon, 22 Jun 2015 10:46:36 +0000 Subject: [PATCH] Accepting request 312261 from home:kstreitova:branches:security:netfilter - add ebtables-v2.0.10-4-audit.patch needed for CC certification [bnc#934680] OBS-URL: https://build.opensuse.org/request/show/312261 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ebtables?expand=0&rev=35 --- ebtables-v2.0.10-4-audit.patch | 157 +++++++++++++++++++++++++++++++++ ebtables.changes | 6 ++ ebtables.spec | 5 +- 3 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 ebtables-v2.0.10-4-audit.patch diff --git a/ebtables-v2.0.10-4-audit.patch b/ebtables-v2.0.10-4-audit.patch new file mode 100644 index 0000000..5527faf --- /dev/null +++ b/ebtables-v2.0.10-4-audit.patch @@ -0,0 +1,157 @@ +--- ebtables2.orig/extensions/ebt_AUDIT.c 1970-01-01 01:00:00.000000000 +0100 ++++ ebtables2.orig/extensions/ebt_AUDIT.c 2011-01-07 10:53:46.680329228 +0100 +@@ -0,0 +1,110 @@ ++ ++#include ++#include ++#include ++#include ++#include "../include/ebtables_u.h" ++#include ++ ++#define AUDIT_TYPE '1' ++static struct option opts[] = ++{ ++ { "audit-type" , required_argument, 0, AUDIT_TYPE }, ++ { 0 } ++}; ++ ++static void print_help() ++{ ++ printf( ++ "AUDIT target options:\n" ++ " --audit-type TYPE : Set action type to record.\n"); ++} ++ ++static void init(struct ebt_entry_target *target) ++{ ++ struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) target->data; ++ ++ info->type = 0; ++} ++ ++static int parse(int c, char **argv, int argc, ++ const struct ebt_u_entry *entry, unsigned int *flags, ++ struct ebt_entry_target **target) ++{ ++ struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) (*target)->data; ++ ++ switch (c) { ++ case AUDIT_TYPE: ++ ebt_check_option2(flags, AUDIT_TYPE); ++ ++ if (!strcasecmp(optarg, "accept")) ++ info->type = XT_AUDIT_TYPE_ACCEPT; ++ else if (!strcasecmp(optarg, "drop")) ++ info->type = XT_AUDIT_TYPE_DROP; ++ else if (!strcasecmp(optarg, "reject")) ++ info->type = XT_AUDIT_TYPE_REJECT; ++ else ++ ebt_print_error2("Bad action type value `%s'", optarg); ++ ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++static void final_check(const struct ebt_u_entry *entry, ++ const struct ebt_entry_match *match, const char *name, ++ unsigned int hookmask, unsigned int time) ++{ ++} ++ ++static void print(const struct ebt_u_entry *entry, ++ const struct ebt_entry_target *target) ++{ ++ const struct xt_AUDIT_info *info = ++ (const struct xt_AUDIT_info *) target->data; ++ ++ printf("--audit-type "); ++ ++ switch(info->type) { ++ case XT_AUDIT_TYPE_ACCEPT: ++ printf("accept"); ++ break; ++ case XT_AUDIT_TYPE_DROP: ++ printf("drop"); ++ break; ++ case XT_AUDIT_TYPE_REJECT: ++ printf("reject"); ++ break; ++ } ++} ++ ++static int compare(const struct ebt_entry_target *t1, ++ const struct ebt_entry_target *t2) ++{ ++ const struct xt_AUDIT_info *info1 = ++ (const struct xt_AUDIT_info *) t1->data; ++ const struct xt_AUDIT_info *info2 = ++ (const struct xt_AUDIT_info *) t2->data; ++ ++ return info1->type == info2->type; ++} ++ ++static struct ebt_u_target AUDIT_target = ++{ ++ .name = "AUDIT", ++ .size = sizeof(struct xt_AUDIT_info), ++ .help = print_help, ++ .init = init, ++ .parse = parse, ++ .final_check = final_check, ++ .print = print, ++ .compare = compare, ++ .extra_ops = opts, ++}; ++ ++void _init(void) ++{ ++ ebt_register_target(&AUDIT_target); ++} +--- ebtables2.orig/extensions/Makefile 2011-01-07 10:55:28.077246240 +0100 ++++ ebtables2.orig/extensions/Makefile 2011-01-07 10:53:46.686329230 +0100 +@@ -1,7 +1,7 @@ + #! /usr/bin/make + + EXT_FUNC+=802_3 nat arp arpreply ip ip6 standard log redirect vlan mark_m mark \ +- pkttype stp among limit ulog nflog ++ pkttype stp among limit ulog nflog AUDIT + EXT_TABLES+=filter nat broute + EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o) + EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o) +--- a/include/linux/netfilter/xt_AUDIT.h ++++ a/include/linux/netfilter/xt_AUDIT.h +@@ -0,0 +1,30 @@ ++/* ++ * Header file for iptables xt_AUDIT target ++ * ++ * (C) 2010-2011 Thomas Graf ++ * (C) 2010-2011 Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++#ifndef _XT_AUDIT_TARGET_H ++#define _XT_AUDIT_TARGET_H ++ ++#include ++ ++enum { ++ XT_AUDIT_TYPE_ACCEPT = 0, ++ XT_AUDIT_TYPE_DROP, ++ XT_AUDIT_TYPE_REJECT, ++ __XT_AUDIT_TYPE_MAX, ++}; ++ ++#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1) ++ ++struct xt_AUDIT_info { ++ __u8 type; /* XT_AUDIT_TYPE_* */ ++}; ++ ++#endif /* _XT_AUDIT_TARGET_H */ diff --git a/ebtables.changes b/ebtables.changes index c144db8..762e57b 100644 --- a/ebtables.changes +++ b/ebtables.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jun 16 11:19:33 UTC 2015 - kstreitova@suse.com + +- add ebtables-v2.0.10-4-audit.patch needed for CC certification + [bnc#934680] + ------------------------------------------------------------------- Thu Nov 13 18:52:25 UTC 2014 - dimstar@opensuse.org diff --git a/ebtables.spec b/ebtables.spec index 37a6b3d..e0f0d04 100644 --- a/ebtables.spec +++ b/ebtables.spec @@ -1,7 +1,7 @@ # # spec file for package ebtables # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,6 +28,8 @@ Url: http://ebtables.sf.net/ Source: %name-v2.0.10-4.tar.xz Patch0: %name-v2.0.8-makefile.diff Patch1: %name-v2.0.8-initscript.diff +# PATCH-FIX-UPSTREAM bnc#934680 kstreitova@suse.comĀ -- audit patch for CC certification +Patch2: ebtables-v2.0.10-4-audit.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: linux-glibc-devel >= 2.6.20 BuildRequires: sed @@ -43,6 +45,7 @@ iptables. There are no incompatibility issues. %prep %setup -q -n %name-v2.0.10-4 %patch -P 0 -P 1 -p0 +%patch2 -p1 %build # The way ebtables is built requires ASNEEDED=0 forever [bnc#567267]