- Edit iptables-batch-lock.patch, cure use of implicit function,

fix it to make gcc14 happy.

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=162
This commit is contained in:
Jan Engelhardt 2024-05-24 15:33:17 +00:00 committed by Git OBS Bridge
parent 713be2a051
commit 53a3768651
3 changed files with 27 additions and 14 deletions

View File

@ -10,11 +10,19 @@ Date: 2017-06-26T10:53:24+0000
iptables/xshared.c | 8 +++++++-
2 files changed, 28 insertions(+), 1 deletion(-)
Index: iptables-1.8.8/iptables/iptables-batch.c
Index: iptables-1.8.10/iptables/iptables-batch.c
===================================================================
--- iptables-1.8.8.orig/iptables/iptables-batch.c
+++ iptables-1.8.8/iptables/iptables-batch.c
@@ -403,6 +403,27 @@ main(int argc, char *argv[])
--- iptables-1.8.10.orig/iptables/iptables-batch.c
+++ iptables-1.8.10/iptables/iptables-batch.c
@@ -44,6 +44,7 @@
#include <iptables.h>
#endif
#include <xtables.h>
+#include "xshared.h"
#ifdef IP6T
#define prog_name ip6tables_globals.program_name
@@ -403,6 +404,26 @@ main(int argc, char *argv[])
tables[3].name = "raw";
tables[3].handle = NULL;
current_table = &tables[0];
@ -34,19 +42,18 @@ Index: iptables-1.8.8/iptables/iptables-batch.c
+ * To prevent this, part of this patch adds logic to avoid taking the
+ * lock a second time in the same process in xtables_lock()
+ */
+ const struct timeval wait_interval = {.tv_sec = 1};
+ if (!xtables_lock_or_exit(-1, &wait_interval)) {
+ if (!xtables_lock_or_exit(-1)) {
+ fprintf(stderr, "failed to acquire the xtables lock\n");
+ exit(1);
+ }
while((r = getline(&iline, &llen, fp)) != -1)
{
Index: iptables-1.8.8/iptables/xshared.c
Index: iptables-1.8.10/iptables/xshared.c
===================================================================
--- iptables-1.8.8.orig/iptables/xshared.c
+++ iptables-1.8.8/iptables/xshared.c
@@ -262,10 +262,14 @@ static void alarm_ignore(int i) {
--- iptables-1.8.10.orig/iptables/xshared.c
+++ iptables-1.8.10/iptables/xshared.c
@@ -255,10 +255,14 @@ static void alarm_ignore(int i) {
static int xtables_lock(int wait)
{
@ -61,7 +68,7 @@ Index: iptables-1.8.8/iptables/xshared.c
lock_file = getenv("XTABLES_LOCKFILE");
if (lock_file == NULL || lock_file[0] == '\0')
lock_file = XT_LOCK_NAME;
@@ -285,8 +289,10 @@ static int xtables_lock(int wait)
@@ -278,8 +282,10 @@ static int xtables_lock(int wait)
alarm(wait);
}

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri May 24 15:07:24 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Edit iptables-batch-lock.patch, cure use of implicit function,
fix it to make gcc14 happy.
-------------------------------------------------------------------
Sat Oct 21 06:03:26 UTC 2023 - Jan Engelhardt <jengelh@inai.de>

View File

@ -1,7 +1,7 @@
#
# spec file for package iptables
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -55,7 +55,7 @@ Requires: alts
BuildRequires: alts
%else
Requires(post): update-alternatives
Requires(postun):update-alternatives
Requires(postun): update-alternatives
%endif
# During the update to iptables 1.8, ip6tables-restore-translate, ip6tables-translate,
# iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage
@ -76,7 +76,7 @@ Requires: alts
BuildRequires: alts
%else
Requires(post): update-alternatives
Requires(postun):update-alternatives
Requires(postun): update-alternatives
%endif
Provides: iptables-nft = %version-%release
Obsoletes: iptables-nft < %version-%release