From 0be2487f5737347cf4b38a88d4f07dff48c00d07e971c7d2f93121ad70d62024 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 22 May 2019 16:20:16 +0000 Subject: [PATCH] - Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, 0001-include-extend-the-headers-conflict-workaround-to-in.patch to fix build with older linux-glibc-devel. [boo#1132821] OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=129 --- ...he-headers-conflict-workaround-to-in.patch | 36 +++++++++++++ ...build-with-kernel-headers-before-4.2.patch | 52 +++++++++++++++++++ iptables.changes | 7 +++ iptables.spec | 2 + 4 files changed, 97 insertions(+) create mode 100644 0001-include-extend-the-headers-conflict-workaround-to-in.patch create mode 100644 0001-include-fix-build-with-kernel-headers-before-4.2.patch diff --git a/0001-include-extend-the-headers-conflict-workaround-to-in.patch b/0001-include-extend-the-headers-conflict-workaround-to-in.patch new file mode 100644 index 0000000..ba80d79 --- /dev/null +++ b/0001-include-extend-the-headers-conflict-workaround-to-in.patch @@ -0,0 +1,36 @@ +From 2908eda10bf9fc81119d4f3ad672c67918ab5955 Mon Sep 17 00:00:00 2001 +From: Baruch Siach +Date: Sun, 2 Dec 2018 18:56:34 +0200 +Subject: [PATCH] include: extend the headers conflict workaround to in6.h + +Commit 8d9d7e4b9ef ("include: fix build with kernel headers before 4.2") +introduced a kernel/user headers conflict workaround that allows build +of iptables with kernel headers older than 4.2. This minor extension +allows build with kernel headers older than 3.12, which is the version +that introduced explicit IP headers synchronization. + +Fixes: 8d9d7e4b9ef4 ("include: fix build with kernel headers before 4.2") +Cc: Florian Westphal +Signed-off-by: Baruch Siach +Signed-off-by: Pablo Neira Ayuso +--- + include/linux/netfilter.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h +index bacf8cd9..042d8b14 100644 +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -5,8 +5,8 @@ + + #ifndef _NETINET_IN_H + #include +-#endif + #include ++#endif + #include + + /* Responses from hook functions. */ +-- +2.21.0 + diff --git a/0001-include-fix-build-with-kernel-headers-before-4.2.patch b/0001-include-fix-build-with-kernel-headers-before-4.2.patch new file mode 100644 index 0000000..13bc73d --- /dev/null +++ b/0001-include-fix-build-with-kernel-headers-before-4.2.patch @@ -0,0 +1,52 @@ +From 8d9d7e4b9ef4c6e6abab2cf35c747d7ca36824bd Mon Sep 17 00:00:00 2001 +From: Baruch Siach +Date: Fri, 16 Nov 2018 09:30:33 +0200 +Subject: [PATCH] include: fix build with kernel headers before 4.2 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit 672accf1530 (include: update kernel netfilter header files) +updated linux/netfilter.h and brought with it the update from kernel +commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h +from netns headers). This triggers conflict of headers that is fixed in +kernel commit 279c6c7fa64f (api: fix compatibility of linux/in.h with +netinet/in.h) included in kernel version 4.2. For earlier kernel headers +we need a workaround that prevents the headers conflict. + +Fixes the following build failure: + +In file included from .../sysroot/usr/include/netinet/ip.h:25:0, + from ../include/libiptc/ipt_kernel_headers.h:8, + from ../include/libiptc/libiptc.h:6, + from libip4tc.c:29: +.../sysroot/usr/include/linux/in.h:26:3: error: redeclaration of enumerator ‘IPPROTO_IP’ + IPPROTO_IP = 0, /* Dummy protocol for TCP */ + ^ +.../sysroot/usr/include/netinet/in.h:33:5: note: previous definition of ‘IPPROTO_IP’ was here + IPPROTO_IP = 0, /* Dummy protocol for TCP. */ + ^~~~~~~~~~ + +Signed-off-by: Baruch Siach +Signed-off-by: Florian Westphal +--- + include/linux/netfilter.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h +index c3f087ac..bacf8cd9 100644 +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -3,7 +3,9 @@ + + #include + ++#ifndef _NETINET_IN_H + #include ++#endif + #include + #include + +-- +2.21.0 + diff --git a/iptables.changes b/iptables.changes index 4a8d428..20d223d 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed May 22 16:15:28 UTC 2019 - Jan Engelhardt + +- Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, + 0001-include-extend-the-headers-conflict-workaround-to-in.patch + to fix build with older linux-glibc-devel. [boo#1132821] + ------------------------------------------------------------------- Thu Apr 4 11:44:31 UTC 2019 - Kristýna Streitová diff --git a/iptables.spec b/iptables.spec index 5f4bed1..9170767 100644 --- a/iptables.spec +++ b/iptables.spec @@ -27,6 +27,8 @@ URL: https://netfilter.org/projects/iptables/ Source: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 Source2: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig Source3: %name.keyring +Patch1: 0001-include-fix-build-with-kernel-headers-before-4.2.patch +Patch2: 0001-include-extend-the-headers-conflict-workaround-to-in.patch Patch3: iptables-batch.patch Patch4: iptables-apply-mktemp-fix.patch Patch5: iptables-batch-lock.patch