Date: Wednesday, March 25, 2015 @ 09:11:32 Author: ronald Revision: 234672
upgpkg: iptables 1.4.21-2 add patch for upstream bug 940 Added: iptables/trunk/iptables_upstream940.patch Modified: iptables/trunk/PKGBUILD Deleted: iptables/trunk/iptables-1.4.12-fixresore.patch ---------------------------------+ PKGBUILD | 10 +++++-- iptables-1.4.12-fixresore.patch | 28 -------------------- iptables_upstream940.patch | 52 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 31 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-03-25 07:53:39 UTC (rev 234671) +++ PKGBUILD 2015-03-25 08:11:32 UTC (rev 234672) @@ -4,7 +4,7 @@ pkgname=iptables pkgver=1.4.21 -pkgrel=1 +pkgrel=2 pkgdesc='Linux kernel packet control tool' arch=('i686' 'x86_64') license=('GPL2') @@ -11,8 +11,8 @@ url='http://www.netfilter.org/projects/iptables/index.html' depends=('glibc' 'bash') makedepends=('linux-api-headers') -backup=('etc/xtables/connlabel.conf') -source=(http://www.netfilter.org/projects/iptables/files/${pkgname}-${pkgver}.tar.bz2{,.sig} +source=(http://www.netfilter.org/projects/iptables/files/${pkgname}-${pkgver}.tar.bz2{,.sig} \ + iptables_upstream940.patch empty.rules simple_firewall.rules empty-filter.rules @@ -25,6 +25,7 @@ iptables-flush) sha1sums=('85d4160537546a23a7e42bc26dd7ee62a0ede4c8' 'SKIP' + 'ae7f56344ae6b1fc5e1761ae2ca1d1be47815d44' '83b3363878e3660ce23b2ad325b53cbd6c796ecf' 'f085a71f467e4d7cb2cf094d9369b0bcc4bab6ec' 'd9f9f06b46b4187648e860afa0552335aafe3ce4' @@ -42,6 +43,9 @@ # use system one rm include/linux/types.h + + # https://bugzilla.netfilter.org/show_bug.cgi?id=940 + patch -Np1 -i "${srcdir}/iptables_upstream940.patch" } build() { Deleted: iptables-1.4.12-fixresore.patch =================================================================== --- iptables-1.4.12-fixresore.patch 2015-03-25 07:53:39 UTC (rev 234671) +++ iptables-1.4.12-fixresore.patch 2015-03-25 08:11:32 UTC (rev 234672) @@ -1,28 +0,0 @@ -diff -Nur iptables-1.4.12.2/iptables/ip6tables-restore.c iptables-1.4.12.2-fixrestore/iptables/ip6tables-restore.c ---- iptables-1.4.12.2/iptables/ip6tables-restore.c 2012-01-03 02:19:09.000000000 +0900 -+++ iptables-1.4.12.2-fixrestore/iptables/ip6tables-restore.c 2012-03-01 10:56:10.000000000 +0900 -@@ -380,9 +380,9 @@ - quote_open = 0; - escaped = 0; - param_len = 0; -+ char param_buffer[1024]; - - for (curchar = parsestart; *curchar; curchar++) { -- char param_buffer[1024]; - - if (quote_open) { - if (escaped) { -diff -Nur iptables-1.4.12.2/iptables/iptables-restore.c iptables-1.4.12.2-fixrestore/iptables/iptables-restore.c ---- iptables-1.4.12.2/iptables/iptables-restore.c 2012-01-03 02:19:09.000000000 +0900 -+++ iptables-1.4.12.2-fixrestore/iptables/iptables-restore.c 2012-03-01 10:56:00.000000000 +0900 -@@ -377,9 +377,9 @@ - quote_open = 0; - escaped = 0; - param_len = 0; -+ char param_buffer[1024]; - - for (curchar = parsestart; *curchar; curchar++) { -- char param_buffer[1024]; - - if (quote_open) { - if (escaped) { Added: iptables_upstream940.patch =================================================================== --- iptables_upstream940.patch (rev 0) +++ iptables_upstream940.patch 2015-03-25 08:11:32 UTC (rev 234672) @@ -0,0 +1,52 @@ +From 87cb94ba87208c369a349ff6b3767e2ba63d673c Mon Sep 17 00:00:00 2001 +From: Kazunori Kojima <kjm.k...@gmail.com> +Date: Wed, 14 May 2014 01:19:46 +0900 +Subject: [PATCH] extensions: S/DNPT: fix invalid output in save function + +ip6tables-save output is invalid rule. +--- + extensions/libip6t_DNPT.c | 4 ++-- + extensions/libip6t_SNPT.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/extensions/libip6t_DNPT.c b/extensions/libip6t_DNPT.c +index a442de6..4659ec8 100644 +--- a/extensions/libip6t_DNPT.c ++++ b/extensions/libip6t_DNPT.c +@@ -65,12 +65,12 @@ static void DNPT_save(const void *ip, const struct xt_entry_target *target) + + if (memcmp(&info->src_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 || + info->src_pfx_len != 0) +- printf("--src-pfx %s/%u ", ++ printf(" --src-pfx %s/%u ", + xtables_ip6addr_to_numeric(&info->src_pfx.in6), + info->src_pfx_len); + if (memcmp(&info->dst_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 || + info->dst_pfx_len != 0) +- printf("--dst-pfx %s/%u ", ++ printf(" --dst-pfx %s/%u ", + xtables_ip6addr_to_numeric(&info->dst_pfx.in6), + info->dst_pfx_len); + } +diff --git a/extensions/libip6t_SNPT.c b/extensions/libip6t_SNPT.c +index 4f10de0..bd3ab28 100644 +--- a/extensions/libip6t_SNPT.c ++++ b/extensions/libip6t_SNPT.c +@@ -65,12 +65,12 @@ static void SNPT_save(const void *ip, const struct xt_entry_target *target) + + if (memcmp(&info->src_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 || + info->src_pfx_len != 0) +- printf("--src-pfx %s/%u ", ++ printf(" --src-pfx %s/%u ", + xtables_ip6addr_to_numeric(&info->src_pfx.in6), + info->src_pfx_len); + if (memcmp(&info->dst_pfx.in6, &zero_addr, sizeof(zero_addr)) != 0 || + info->dst_pfx_len != 0) +- printf("--dst-pfx %s/%u ", ++ printf(" --dst-pfx %s/%u ", + xtables_ip6addr_to_numeric(&info->dst_pfx.in6), + info->dst_pfx_len); + } +-- +1.9.2 +