From: Lucas Stach <l.stach@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH] iptables: version bump 1.6.1 -> 1.8.2
Date: Fri, 8 Mar 2019 15:51:00 +0100 [thread overview]
Message-ID: <20190308145100.18749-1-l.stach@pengutronix.de> (raw)
- version bump
- pick patches from upstream to fix build with older kernel headers
- fix IPv4-only build
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
---
...macros-if-large-file-feature-is-enab.patch | 28 -----------
patches/iptables-1.6.1/autogen.sh | 1 -
patches/iptables-1.6.1/series | 4 --
| 48 +++++++++++++++++++
| 32 +++++++++++++
...-legacy-add-missing-config.h-include.patch | 18 +++++++
patches/iptables-1.8.2/series | 6 +++
rules/iptables.make | 20 ++++----
8 files changed, 114 insertions(+), 43 deletions(-)
delete mode 100644 patches/iptables-1.6.1/0001-iptables-define-macros-if-large-file-feature-is-enab.patch
delete mode 120000 patches/iptables-1.6.1/autogen.sh
delete mode 100644 patches/iptables-1.6.1/series
create mode 100644 patches/iptables-1.8.2/0001-include-fix-build-with-kernel-headers-before-4.2.patch
create mode 100644 patches/iptables-1.8.2/0002-include-extend-the-headers-conflict-workaround-to-in.patch
create mode 100644 patches/iptables-1.8.2/0003-xtables-legacy-add-missing-config.h-include.patch
create mode 100644 patches/iptables-1.8.2/series
diff --git a/patches/iptables-1.6.1/0001-iptables-define-macros-if-large-file-feature-is-enab.patch b/patches/iptables-1.6.1/0001-iptables-define-macros-if-large-file-feature-is-enab.patch
deleted file mode 100644
index 857e3e7e1169..000000000000
--- a/patches/iptables-1.6.1/0001-iptables-define-macros-if-large-file-feature-is-enab.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Juergen Borleis <jbe@pengutronix.de>
-Date: Fri, 25 Aug 2017 14:31:45 +0200
-Subject: [PATCH] iptables: define macros if large file feature is enabled
-
-Currently the feature is enabled by default, but always disabled when
-the large file parameter is defined.
-
-Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
----
- configure.ac | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index eda7871405b3..30445d7deda8 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -42,8 +42,9 @@ AC_ARG_ENABLE([ipv6],
- AC_ARG_ENABLE([largefile],
- AS_HELP_STRING([--disable-largefile], [Do not build largefile support]),
- [enable_largefile="$enableval"],
-- [enable_largefile="yes";
-- largefile_cppflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64'])
-+ [enable_largefile="yes"])
-+AS_IF([test "$enable_largefile" = "yes"], [largefile_cppflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64'])
-+
- AC_ARG_ENABLE([devel],
- AS_HELP_STRING([--enable-devel],
- [Install Xtables development headers]),
diff --git a/patches/iptables-1.6.1/autogen.sh b/patches/iptables-1.6.1/autogen.sh
deleted file mode 120000
index 9f8a4cb7ddcb..000000000000
--- a/patches/iptables-1.6.1/autogen.sh
+++ /dev/null
@@ -1 +0,0 @@
-../autogen.sh
\ No newline at end of file
diff --git a/patches/iptables-1.6.1/series b/patches/iptables-1.6.1/series
deleted file mode 100644
index fb8e9a3d3204..000000000000
--- a/patches/iptables-1.6.1/series
+++ /dev/null
@@ -1,4 +0,0 @@
-# generated by git-ptx-patches
-#tag:base --start-number 1
-0001-iptables-define-macros-if-large-file-feature-is-enab.patch
-# 181c8cbca17b2bae3bba2e32f6c163ad - git-ptx-patches magic
diff --git a/patches/iptables-1.8.2/0001-include-fix-build-with-kernel-headers-before-4.2.patch b/patches/iptables-1.8.2/0001-include-fix-build-with-kernel-headers-before-4.2.patch
new file mode 100644
index 000000000000..34bb99f277fa
--- /dev/null
+++ b/patches/iptables-1.8.2/0001-include-fix-build-with-kernel-headers-before-4.2.patch
@@ -0,0 +1,48 @@
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Fri, 16 Nov 2018 09:30:33 +0200
+Subject: [PATCH] include: fix build with kernel headers before 4.2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit 672accf1530 (include: update kernel netfilter header files)
+updated linux/netfilter.h and brought with it the update from kernel
+commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h
+from netns headers). This triggers conflict of headers that is fixed in
+kernel commit 279c6c7fa64f (api: fix compatibility of linux/in.h with
+netinet/in.h) included in kernel version 4.2. For earlier kernel headers
+we need a workaround that prevents the headers conflict.
+
+Fixes the following build failure:
+
+In file included from .../sysroot/usr/include/netinet/ip.h:25:0,
+ from ../include/libiptc/ipt_kernel_headers.h:8,
+ from ../include/libiptc/libiptc.h:6,
+ from libip4tc.c:29:
+.../sysroot/usr/include/linux/in.h:26:3: error: redeclaration of enumerator ‘IPPROTO_IP’
+ IPPROTO_IP = 0, /* Dummy protocol for TCP */
+ ^
+.../sysroot/usr/include/netinet/in.h:33:5: note: previous definition of ‘IPPROTO_IP’ was here
+ IPPROTO_IP = 0, /* Dummy protocol for TCP. */
+ ^~~~~~~~~~
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ include/linux/netfilter.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
+index c3f087ac680c..bacf8cd92116 100644
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -3,7 +3,9 @@
+
+ #include <linux/types.h>
+
++#ifndef _NETINET_IN_H
+ #include <linux/in.h>
++#endif
+ #include <linux/in6.h>
+ #include <limits.h>
+
diff --git a/patches/iptables-1.8.2/0002-include-extend-the-headers-conflict-workaround-to-in.patch b/patches/iptables-1.8.2/0002-include-extend-the-headers-conflict-workaround-to-in.patch
new file mode 100644
index 000000000000..c7ac48c176fb
--- /dev/null
+++ b/patches/iptables-1.8.2/0002-include-extend-the-headers-conflict-workaround-to-in.patch
@@ -0,0 +1,32 @@
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Sun, 2 Dec 2018 18:56:34 +0200
+Subject: [PATCH] include: extend the headers conflict workaround to in6.h
+
+Commit 8d9d7e4b9ef ("include: fix build with kernel headers before 4.2")
+introduced a kernel/user headers conflict workaround that allows build
+of iptables with kernel headers older than 4.2. This minor extension
+allows build with kernel headers older than 3.12, which is the version
+that introduced explicit IP headers synchronization.
+
+Fixes: 8d9d7e4b9ef4 ("include: fix build with kernel headers before 4.2")
+Cc: Florian Westphal <fw@strlen.de>
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/linux/netfilter.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
+index bacf8cd92116..042d8b1478e0 100644
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -5,8 +5,8 @@
+
+ #ifndef _NETINET_IN_H
+ #include <linux/in.h>
+-#endif
+ #include <linux/in6.h>
++#endif
+ #include <limits.h>
+
+ /* Responses from hook functions. */
diff --git a/patches/iptables-1.8.2/0003-xtables-legacy-add-missing-config.h-include.patch b/patches/iptables-1.8.2/0003-xtables-legacy-add-missing-config.h-include.patch
new file mode 100644
index 000000000000..25adb586cfc7
--- /dev/null
+++ b/patches/iptables-1.8.2/0003-xtables-legacy-add-missing-config.h-include.patch
@@ -0,0 +1,18 @@
+From: Lucas Stach <l.stach@pengutronix.de>
+Date: Fri, 8 Mar 2019 15:19:12 +0100
+Subject: [PATCH] xtables-legacy: add missing config.h include
+
+Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
+---
+ iptables/xtables-legacy-multi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/iptables/xtables-legacy-multi.c b/iptables/xtables-legacy-multi.c
+index e68814dd082e..3b7905ff76b1 100644
+--- a/iptables/xtables-legacy-multi.c
++++ b/iptables/xtables-legacy-multi.c
+@@ -1,3 +1,4 @@
++#include <config.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
diff --git a/patches/iptables-1.8.2/series b/patches/iptables-1.8.2/series
new file mode 100644
index 000000000000..583cba667ae6
--- /dev/null
+++ b/patches/iptables-1.8.2/series
@@ -0,0 +1,6 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-include-fix-build-with-kernel-headers-before-4.2.patch
+0002-include-extend-the-headers-conflict-workaround-to-in.patch
+0003-xtables-legacy-add-missing-config.h-include.patch
+# 5a69695cdc63f2cfe087f5d730554f57 - git-ptx-patches magic
diff --git a/rules/iptables.make b/rules/iptables.make
index 7d6620635dc6..609055b6502d 100644
--- a/rules/iptables.make
+++ b/rules/iptables.make
@@ -21,8 +21,8 @@ PACKAGES-$(PTXCONF_IPTABLES) += iptables
#
# Paths and names
#
-IPTABLES_VERSION := 1.6.1
-IPTABLES_MD5 := ab38a33806b6182c6f53d6afb4619add
+IPTABLES_VERSION := 1.8.2
+IPTABLES_MD5 := 944558e88ddcc3b9b0d9550070fa3599
IPTABLES := iptables-$(IPTABLES_VERSION)
IPTABLES_SUFFIX := tar.bz2
IPTABLES_URL := http://ftp.netfilter.org/pub/iptables/$(IPTABLES).$(IPTABLES_SUFFIX)
@@ -109,23 +109,23 @@ ifdef PTXCONF_IPTABLES_IPV4
endif
ifdef PTXCONF_IPTABLES_INSTALL_TOOLS
- @$(call install_copy, iptables, 0, 0, 0755, -, /usr/sbin/xtables-multi)
- @$(call install_link, iptables, ../sbin/xtables-multi, /usr/bin/iptables-xml)
+ @$(call install_copy, iptables, 0, 0, 0755, -, /usr/sbin/xtables-legacy-multi)
+ @$(call install_link, iptables, ../sbin/xtables-legacy-multi, /usr/bin/iptables-xml)
ifdef PTXCONF_IPTABLES_LIBNFNETLINK
@$(call install_copy, iptables, 0, 0, 0755, -, /usr/sbin/nfnl_osf)
endif
ifdef PTXCONF_IPTABLES_IPV6
# # IPv6 part
- @$(call install_link, iptables, xtables-multi, /usr/sbin/ip6tables)
- @$(call install_link, iptables, xtables-multi, /usr/sbin/ip6tables-restore)
- @$(call install_link, iptables, xtables-multi, /usr/sbin/ip6tables-save)
+ @$(call install_link, iptables, xtables-legacy-multi, /usr/sbin/ip6tables)
+ @$(call install_link, iptables, xtables-legacy-multi, /usr/sbin/ip6tables-restore)
+ @$(call install_link, iptables, xtables-legacy-multi, /usr/sbin/ip6tables-save)
endif
ifdef PTXCONF_IPTABLES_IPV4
# # IPv4 part
- @$(call install_link, iptables, xtables-multi, /usr/sbin/iptables)
- @$(call install_link, iptables, xtables-multi, /usr/sbin/iptables-restore)
- @$(call install_link, iptables, xtables-multi, /usr/sbin/iptables-save)
+ @$(call install_link, iptables, xtables-legacy-multi, /usr/sbin/iptables)
+ @$(call install_link, iptables, xtables-legacy-multi, /usr/sbin/iptables-restore)
+ @$(call install_link, iptables, xtables-legacy-multi, /usr/sbin/iptables-save)
endif
ifdef PTXCONF_IPTABLES_IPV6_SYSTEMD_UNIT
--
2.20.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
reply other threads:[~2019-03-08 14:51 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190308145100.18749-1-l.stach@pengutronix.de \
--to=l.stach@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox