diff options
Diffstat (limited to 'aports/iptables')
-rw-r--r-- | aports/iptables/APKBUILD | 12 | ||||
-rw-r--r-- | aports/iptables/fix-u_int16_t.patch | 163 | ||||
-rw-r--r-- | aports/iptables/fix-xtables.patch | 10 | ||||
-rw-r--r-- | aports/iptables/use-sh-iptables-apply.patch | 39 |
4 files changed, 221 insertions, 3 deletions
diff --git a/aports/iptables/APKBUILD b/aports/iptables/APKBUILD index 720bd19..4dc6dc6 100644 --- a/aports/iptables/APKBUILD +++ b/aports/iptables/APKBUILD @@ -1,14 +1,17 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=iptables -pkgver=1.8.7 -pkgrel=2 +pkgver=1.8.8 +pkgrel=0 # base: 1 pkgdesc="Linux kernel firewall, NAT and packet mangling tools" url="https://www.netfilter.org/projects/iptables/index.html" arch="all" license="GPL-2.0-or-later" makedepends="libnftnl-dev bison flex autoconf automake" source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.bz2 + use-sh-iptables-apply.patch + fix-xtables.patch + fix-u_int16_t.patch iptables.initd iptables.confd ip6tables.confd @@ -56,7 +59,10 @@ package() { } sha512sums=" -c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 iptables-1.8.7.tar.bz2 +f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 iptables-1.8.8.tar.bz2 +ac78898c2acbe66ed8d32a06f41ff08cde7c22c3df6dfec6bc89a912d2cef2bde730de19d25a5407886d567cb0972a0b7bde7e6b18a34c4511495b4dad3b90ad use-sh-iptables-apply.patch +ce8c4ff001be49b77bb82efc3cb8b9f3c8f8684abcb07d079c6a00fab5c7a22e0d7f66f8ccdf3aab63d8fdb2b01b249679a89561e2f723111c8ce4075681b134 fix-xtables.patch +015ca550cf27802446d74521b7618095a342663d4fd73700975f3186428ecdc9eec27016f4d40862d3837cbbe0bb43509c1022b19ef8692ab28cc24e18831d57 fix-u_int16_t.patch a37c17a5382c756fcfb183af73af2283f0d09932c5a767241cbab5d784738f6f587f287a0cdf13b4fa74724ecd3a2063a9689ccee84c1bda02e730f63480f74d iptables.initd 85bb1660c2452fdede5ae0a483489a3648a8b327ea658839a1ad8c6405f6526bdf842a62d4df3f6e3cbbb9ad59137d37b39266cee21e252814191964d4c50f44 iptables.confd 0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd diff --git a/aports/iptables/fix-u_int16_t.patch b/aports/iptables/fix-u_int16_t.patch new file mode 100644 index 0000000..37b3950 --- /dev/null +++ b/aports/iptables/fix-u_int16_t.patch @@ -0,0 +1,163 @@ +From f319389525b066b7dc6d389c88f16a0df3b8f189 Mon Sep 17 00:00:00 2001 +From: Nick Hainke <vincent@systemli.org> +Date: Mon, 16 May 2022 18:16:41 +0200 +Subject: treewide: use uint* instead of u_int* + +Gcc complains about missing types. Some commits introduced u_int* instead +of uint*. Use uint treewide. + +Fixes errors in the form of: +In file included from xtables-legacy-multi.c:5: +xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'? + 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, + | ^~~~~~~~~ + | uint16_t +make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1 + +Avoid libipq API breakage by adjusting libipq.h include accordingly. For +arpt_mangle.h kernel uAPI header, apply same change as in kernel commit +e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t"). + +Signed-off-by: Nick Hainke <vincent@systemli.org> +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + extensions/libxt_conntrack.c | 2 +- + include/libipq/libipq.h | 8 ++++---- + include/libiptc/libxtc.h | 2 +- + include/linux/netfilter_arp/arpt_mangle.h | 2 +- + iptables/xshared.c | 2 +- + iptables/xshared.h | 2 +- + libipq/ipq_create_handle.3 | 2 +- + libipq/ipq_set_mode.3 | 2 +- + 8 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c +index 64018ce1..234085c5 100644 +--- a/extensions/libxt_conntrack.c ++++ b/extensions/libxt_conntrack.c +@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric, + + static void + conntrack_dump_ports(const char *prefix, const char *opt, +- u_int16_t port_low, u_int16_t port_high) ++ uint16_t port_low, uint16_t port_high) + { + if (port_high == 0 || port_low == port_high) + printf(" %s%s %u", prefix, opt, port_low); +diff --git a/include/libipq/libipq.h b/include/libipq/libipq.h +index 3cd13292..dd0cb205 100644 +--- a/include/libipq/libipq.h ++++ b/include/libipq/libipq.h +@@ -24,7 +24,7 @@ + #include <errno.h> + #include <unistd.h> + #include <fcntl.h> +-#include <sys/types.h> ++#include <stdint.h> + #include <sys/socket.h> + #include <sys/uio.h> + #include <asm/types.h> +@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t; + struct ipq_handle + { + int fd; +- u_int8_t blocking; ++ uint8_t blocking; + struct sockaddr_nl local; + struct sockaddr_nl peer; + }; + +-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol); ++struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol); + + int ipq_destroy_handle(struct ipq_handle *h); + + ssize_t ipq_read(const struct ipq_handle *h, + unsigned char *buf, size_t len, int timeout); + +-int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len); ++int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len); + + ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf); + +diff --git a/include/libiptc/libxtc.h b/include/libiptc/libxtc.h +index 37010188..a1d16ef9 100644 +--- a/include/libiptc/libxtc.h ++++ b/include/libiptc/libxtc.h +@@ -10,7 +10,7 @@ extern "C" { + #endif + + #ifndef XT_MIN_ALIGN +-/* xt_entry has pointers and u_int64_t's in it, so if you align to ++/* xt_entry has pointers and uint64_t's in it, so if you align to + it, you'll also align to any crazy matches and targets someone + might write */ + #define XT_MIN_ALIGN (__alignof__(struct xt_entry)) +diff --git a/include/linux/netfilter_arp/arpt_mangle.h b/include/linux/netfilter_arp/arpt_mangle.h +index 250f5029..8c2b16a1 100644 +--- a/include/linux/netfilter_arp/arpt_mangle.h ++++ b/include/linux/netfilter_arp/arpt_mangle.h +@@ -13,7 +13,7 @@ struct arpt_mangle + union { + struct in_addr tgt_ip; + } u_t; +- u_int8_t flags; ++ __u8 flags; + int target; + }; + +diff --git a/iptables/xshared.c b/iptables/xshared.c +index a8512d38..9b5e5b5b 100644 +--- a/iptables/xshared.c ++++ b/iptables/xshared.c +@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] = + }; + + void +-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, ++set_option(unsigned int *options, unsigned int option, uint16_t *invflg, + bool invert) + { + if (*options & option) +diff --git a/iptables/xshared.h b/iptables/xshared.h +index 14568bb0..f8212988 100644 +--- a/iptables/xshared.h ++++ b/iptables/xshared.h +@@ -80,7 +80,7 @@ struct xtables_target; + #define IPT_INV_ARPHRD 0x0800 + + void +-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, ++set_option(unsigned int *options, unsigned int option, uint16_t *invflg, + bool invert); + + /** +diff --git a/libipq/ipq_create_handle.3 b/libipq/ipq_create_handle.3 +index 11ef95c4..ebe46daa 100644 +--- a/libipq/ipq_create_handle.3 ++++ b/libipq/ipq_create_handle.3 +@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles. + .br + .B #include <libipq.h> + .sp +-.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");" ++.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");" + .br + .BI "int ipq_destroy_handle(struct ipq_handle *" h ); + .SH DESCRIPTION +diff --git a/libipq/ipq_set_mode.3 b/libipq/ipq_set_mode.3 +index 0edd3c00..e206886c 100644 +--- a/libipq/ipq_set_mode.3 ++++ b/libipq/ipq_set_mode.3 +@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode + .br + .B #include <libipq.h> + .sp +-.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range ); ++.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range ); + .SH DESCRIPTION + The + .B ipq_set_mode +-- +cgit v1.2.3 + diff --git a/aports/iptables/fix-xtables.patch b/aports/iptables/fix-xtables.patch new file mode 100644 index 0000000..657c821 --- /dev/null +++ b/aports/iptables/fix-xtables.patch @@ -0,0 +1,10 @@ +--- a/libxtables/xtables.c 2022-05-13 13:26:26.000000000 +0000 ++++ b/libxtables/xtables.c 2022-05-17 08:56:52.670556393 +0000 +@@ -45,7 +45,6 @@ + + #include <xtables.h> + #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */ +-#include <linux/if_ether.h> /* ETH_ALEN */ + #include <linux/netfilter_ipv4/ip_tables.h> + #include <linux/netfilter_ipv6/ip6_tables.h> + #include <libiptc/libxtc.h> diff --git a/aports/iptables/use-sh-iptables-apply.patch b/aports/iptables/use-sh-iptables-apply.patch new file mode 100644 index 0000000..b31fc94 --- /dev/null +++ b/aports/iptables/use-sh-iptables-apply.patch @@ -0,0 +1,39 @@ +From: Simon Frankenberger <simon-alpine@fraho.eu> + +make iptables-apply use posix sh + +--- a/iptables/iptables-apply ++++ b/iptables/iptables-apply +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + # iptables-apply -- a safer way to update iptables remotely + # + # Usage: +@@ -110,7 +110,7 @@ + } + + function checkcommands() { +- for cmd in "${COMMANDS[@]}"; do ++ for cmd in ${COMMANDS}; do + if ! command -v "$cmd" >/dev/null; then + echo "Error: needed command not found: $cmd" >&2 + exit 127 +@@ -184,7 +184,7 @@ + fi + + # Needed commands +- COMMANDS=(mktemp "$SAVE" "$RESTORE" "$RUNCMD") ++ COMMANDS="mktemp $SAVE $RESTORE $RUNCMD" + checkcommands + ;; + (*) +@@ -196,7 +196,7 @@ + fi + + # Needed commands +- COMMANDS=(mktemp "$SAVE" "$RESTORE") ++ COMMANDS="mktemp $SAVE $RESTORE" + checkcommands + ;; + esac |