From 0336f9cbc06add7cbdfdb3abb716d6c3f50ff97dc6dce5f1c15e1e2e27327d39 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 18 Apr 2014 16:04:38 +0000 Subject: [PATCH] libnftnl-1.0.1 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/libnftnl?expand=0&rev=9 --- ...ild-failure-involving-linux-netlink..patch | 43 ---- ...mpile-error-involving-XT_EXTENSION_M.patch | 209 ------------------ libnftnl-1.0.0+git1.tar.xz | 3 - libnftnl-1.0.1.tar.bz2 | 3 + libnftnl-1.0.1.tar.bz2.sig | Bin 0 -> 543 bytes libnftnl.changes | 11 + libnftnl.spec | 13 +- 7 files changed, 19 insertions(+), 263 deletions(-) delete mode 100644 0001-build-resolve-build-failure-involving-linux-netlink..patch delete mode 100644 0002-build-resolve-compile-error-involving-XT_EXTENSION_M.patch delete mode 100644 libnftnl-1.0.0+git1.tar.xz create mode 100644 libnftnl-1.0.1.tar.bz2 create mode 100644 libnftnl-1.0.1.tar.bz2.sig diff --git a/0001-build-resolve-build-failure-involving-linux-netlink..patch b/0001-build-resolve-build-failure-involving-linux-netlink..patch deleted file mode 100644 index d2d2b25..0000000 --- a/0001-build-resolve-build-failure-involving-linux-netlink..patch +++ /dev/null @@ -1,43 +0,0 @@ -From 59f557d1155233ece4841d07cc1e4635fb0f5bb2 Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Tue, 21 Jan 2014 00:48:27 +0100 -Subject: [PATCH 1/2] build: resolve build failure involving linux/netlink.h - -This was seen with a sufficiently-old /usr/include/linux -(from Linux 2.6.32). - - In file included from common.c:10: - /usr/include/linux/netlink.h:34: error: expected - specifier-qualifier-list before 'sa_family_t' - -The solution is to include last of all system headers. - -Signed-off-by: Jan Engelhardt ---- - src/common.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/common.c b/src/common.c -index b9598bf..336d2b4 100644 ---- a/src/common.c -+++ b/src/common.c -@@ -7,6 +7,8 @@ - * (at your option) any later version. - */ - -+#include -+#include - #include - #include - -@@ -14,7 +16,6 @@ - #include - - #include "internal.h" --#include - - struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, - uint16_t type, uint32_t seq) --- -1.8.4 - diff --git a/0002-build-resolve-compile-error-involving-XT_EXTENSION_M.patch b/0002-build-resolve-compile-error-involving-XT_EXTENSION_M.patch deleted file mode 100644 index 7bee434..0000000 --- a/0002-build-resolve-compile-error-involving-XT_EXTENSION_M.patch +++ /dev/null @@ -1,209 +0,0 @@ -From b5d35ad41234e92e17168ce44dafb8d653a6bfc7 Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Tue, 21 Jan 2014 00:49:56 +0100 -Subject: [PATCH 2/2] build: resolve compile error involving - XT_EXTENSION_MAXNAMELEN - -2.6.32 headers in /usr/include/linux again. -Ship a copy of x_tables.h from Linux 3.11. - -Signed-off-by: Jan Engelhardt ---- - include/linux/netfilter/x_tables.h | 185 +++++++++++++++++++++++++++++++++++++ - 1 file changed, 185 insertions(+) - create mode 100644 include/linux/netfilter/x_tables.h - -diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h -new file mode 100644 -index 0000000..4120970 ---- /dev/null -+++ b/include/linux/netfilter/x_tables.h -@@ -0,0 +1,185 @@ -+#ifndef _X_TABLES_H -+#define _X_TABLES_H -+#include -+#include -+ -+#define XT_FUNCTION_MAXNAMELEN 30 -+#define XT_EXTENSION_MAXNAMELEN 29 -+#define XT_TABLE_MAXNAMELEN 32 -+ -+struct xt_entry_match { -+ union { -+ struct { -+ __u16 match_size; -+ -+ /* Used by userspace */ -+ char name[XT_EXTENSION_MAXNAMELEN]; -+ __u8 revision; -+ } user; -+ struct { -+ __u16 match_size; -+ -+ /* Used inside the kernel */ -+ struct xt_match *match; -+ } kernel; -+ -+ /* Total length */ -+ __u16 match_size; -+ } u; -+ -+ unsigned char data[0]; -+}; -+ -+struct xt_entry_target { -+ union { -+ struct { -+ __u16 target_size; -+ -+ /* Used by userspace */ -+ char name[XT_EXTENSION_MAXNAMELEN]; -+ __u8 revision; -+ } user; -+ struct { -+ __u16 target_size; -+ -+ /* Used inside the kernel */ -+ struct xt_target *target; -+ } kernel; -+ -+ /* Total length */ -+ __u16 target_size; -+ } u; -+ -+ unsigned char data[0]; -+}; -+ -+#define XT_TARGET_INIT(__name, __size) \ -+{ \ -+ .target.u.user = { \ -+ .target_size = XT_ALIGN(__size), \ -+ .name = __name, \ -+ }, \ -+} -+ -+struct xt_standard_target { -+ struct xt_entry_target target; -+ int verdict; -+}; -+ -+struct xt_error_target { -+ struct xt_entry_target target; -+ char errorname[XT_FUNCTION_MAXNAMELEN]; -+}; -+ -+/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision -+ * kernel supports, if >= revision. */ -+struct xt_get_revision { -+ char name[XT_EXTENSION_MAXNAMELEN]; -+ __u8 revision; -+}; -+ -+/* CONTINUE verdict for targets */ -+#define XT_CONTINUE 0xFFFFFFFF -+ -+/* For standard target */ -+#define XT_RETURN (-NF_REPEAT - 1) -+ -+/* this is a dummy structure to find out the alignment requirement for a struct -+ * containing all the fundamental data types that are used in ipt_entry, -+ * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my -+ * personal pleasure to remove it -HW -+ */ -+struct _xt_align { -+ __u8 u8; -+ __u16 u16; -+ __u32 u32; -+ __u64 u64; -+}; -+ -+#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) -+ -+/* Standard return verdict, or do jump. */ -+#define XT_STANDARD_TARGET "" -+/* Error verdict. */ -+#define XT_ERROR_TARGET "ERROR" -+ -+#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) -+#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) -+ -+struct xt_counters { -+ __u64 pcnt, bcnt; /* Packet and byte counters */ -+}; -+ -+/* The argument to IPT_SO_ADD_COUNTERS. */ -+struct xt_counters_info { -+ /* Which table. */ -+ char name[XT_TABLE_MAXNAMELEN]; -+ -+ unsigned int num_counters; -+ -+ /* The counters (actually `number' of these). */ -+ struct xt_counters counters[0]; -+}; -+ -+#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ -+ -+/* fn returns 0 to continue iteration */ -+#define XT_MATCH_ITERATE(type, e, fn, args...) \ -+({ \ -+ unsigned int __i; \ -+ int __ret = 0; \ -+ struct xt_entry_match *__m; \ -+ \ -+ for (__i = sizeof(type); \ -+ __i < (e)->target_offset; \ -+ __i += __m->u.match_size) { \ -+ __m = (void *)e + __i; \ -+ \ -+ __ret = fn(__m , ## args); \ -+ if (__ret != 0) \ -+ break; \ -+ } \ -+ __ret; \ -+}) -+ -+/* fn returns 0 to continue iteration */ -+#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \ -+({ \ -+ unsigned int __i, __n; \ -+ int __ret = 0; \ -+ type *__entry; \ -+ \ -+ for (__i = 0, __n = 0; __i < (size); \ -+ __i += __entry->next_offset, __n++) { \ -+ __entry = (void *)(entries) + __i; \ -+ if (__n < n) \ -+ continue; \ -+ \ -+ __ret = fn(__entry , ## args); \ -+ if (__ret != 0) \ -+ break; \ -+ } \ -+ __ret; \ -+}) -+ -+/* fn returns 0 to continue iteration */ -+#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \ -+ XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args) -+ -+ -+/* pos is normally a struct ipt_entry/ip6t_entry/etc. */ -+#define xt_entry_foreach(pos, ehead, esize) \ -+ for ((pos) = (typeof(pos))(ehead); \ -+ (pos) < (typeof(pos))((char *)(ehead) + (esize)); \ -+ (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset)) -+ -+/* can only be xt_entry_match, so no use of typeof here */ -+#define xt_ematch_foreach(pos, entry) \ -+ for ((pos) = (struct xt_entry_match *)entry->elems; \ -+ (pos) < (struct xt_entry_match *)((char *)(entry) + \ -+ (entry)->target_offset); \ -+ (pos) = (struct xt_entry_match *)((char *)(pos) + \ -+ (pos)->u.match_size)) -+ -+ -+#endif /* _X_TABLES_H */ --- -1.8.4 - diff --git a/libnftnl-1.0.0+git1.tar.xz b/libnftnl-1.0.0+git1.tar.xz deleted file mode 100644 index 95a898c..0000000 --- a/libnftnl-1.0.0+git1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b886a2a4feafb7d15e46d9ce9ece146207cc6388aac302c715f447e341473471 -size 283576 diff --git a/libnftnl-1.0.1.tar.bz2 b/libnftnl-1.0.1.tar.bz2 new file mode 100644 index 0000000..60b63d4 --- /dev/null +++ b/libnftnl-1.0.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:81becd8d54dee9874f0a7f4a1e84a6d9f51cdb5b97008b92f0b0dd9b9d0185fb +size 337543 diff --git a/libnftnl-1.0.1.tar.bz2.sig b/libnftnl-1.0.1.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..13c4ce220b89e267471bbc455162454a0bca4133f6eff729a85d89f36b5d7ea9 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p-q~v!4J82@s?aABnqPSj>A95B(b0UxIUWA%^K-WGY`U zptdU)oRRT#lyQ6BMd4^^*!wGkjHDr3jW!p`8nPNLP>R##D5_Qq6gWD2bPAzZU;BZd zBgnR|qW-uxcl(raXcal_pXjtrrB11xSkOUY2M%jyRg%MD!;#|DsIL5>8G64h-)y55SpUiAa< zk8^w*0tUg5jv`bJt^!BC)%`Dw=_WecDQf8ec-X^4A|8!7+CwPga3}tz zW)MEkyqMDX=%;mYNns#LVk3_5MjJdVRH+t&fIUGCKn>RnV8L9jR1v>u%poLASu`SA za^IpLXXcmBEA4LP;H6i{;4Cf0rAKPs;IZ!RVH7j~%!HI`NE_V`Cq-<^`LF55_n0TB zOO;5QM!x$C=lZpdV1Flj@5QLTDfn#ZJPlamD1xO};F}7nRV;V0FGGzOR97Z?mpxH~ z-%qnxyo|inzQ6~E>Voa2cZigzn@|Q)a6IPU5+=ocn#Cy8A`G%^(Kupjki6xo7kV|Y hGX;j2g@PW#fM0S^OQy!IyVNCgi$RUmMZ9h}U`)4k16cq7 literal 0 HcmV?d00001 diff --git a/libnftnl.changes b/libnftnl.changes index 0aac049..50f9fcf 100644 --- a/libnftnl.changes +++ b/libnftnl.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Apr 18 12:31:22 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 1.0.1 +* Memory leak and invalid read fixes +* Add conntrack label match support +* meta: Let user specify any combination of sreg/dreg +* expr: ct: Add support for setting the mark +- Remove 0001-build-resolve-build-failure-involving-linux-netlink..patch, + 0002-build-resolve-compile-error-involving-XT_EXTENSION_M.patch + ------------------------------------------------------------------- Mon Dec 17 00:03:37 UTC 2012 - jengelh@inai.de diff --git a/libnftnl.spec b/libnftnl.spec index 13a969d..0ebd6c4 100644 --- a/libnftnl.spec +++ b/libnftnl.spec @@ -18,19 +18,17 @@ Name: libnftnl %define lname libnftnl0 -Version: 1.0.0+git1 +Version: 1.0.1 Release: 0 Summary: Userspace library to access the nftables Netlink interface License: GPL-2.0+ Group: Productivity/Networking/Security URL: http://netfilter.org/projects/libnftnl/ -#Git-Snapshot: libnftnl-1.0.0-1-g91264d8 #Git-Clone: git://git.netfilter.org/libnftnl -Source: %name-%version.tar.xz -Source2: baselibs.conf -Patch1: 0001-build-resolve-build-failure-involving-linux-netlink..patch -Patch2: 0002-build-resolve-compile-error-involving-XT_EXTENSION_M.patch +Source: ftp://ftp.netfilter.org/pub/libnftnl/%name-%version.tar.bz2 +Source2: ftp://ftp.netfilter.org/pub/libnftnl/%name-%version.tar.bz2.sig +Source3: baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkgconfig >= 0.21 BuildRequires: libmnl-devel >= 1.0.3 @@ -74,8 +72,7 @@ This subpackage contains libraries and header files for developing applications that want to make use of libnftnl. %prep -%setup -qn %name -%patch -P 1 -P 2 -p1 +%setup -q %build %configure \