From 74edc3b4b2904074c303de99baeca07a326ca029 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Thu, 9 Jan 2014 16:34:15 +0100 Subject: [PATCH] remove unused patches --- iptables-1.4.10-cloexec.patch | 150 ------------------------------- iptables-1.4.11-cloexec.patch | 50 ----------- iptables-1.4.12-fixresore.patch | 28 ------ iptables-1.4.7-xt_CHECKSUM.patch | 119 ------------------------ iptables-1.4.9-cloexec.patch | 149 ------------------------------ 5 files changed, 496 deletions(-) delete mode 100644 iptables-1.4.10-cloexec.patch delete mode 100644 iptables-1.4.11-cloexec.patch delete mode 100644 iptables-1.4.12-fixresore.patch delete mode 100644 iptables-1.4.7-xt_CHECKSUM.patch delete mode 100644 iptables-1.4.9-cloexec.patch diff --git a/iptables-1.4.10-cloexec.patch b/iptables-1.4.10-cloexec.patch deleted file mode 100644 index 78007b2..0000000 --- a/iptables-1.4.10-cloexec.patch +++ /dev/null @@ -1,150 +0,0 @@ -diff -up iptables-1.4.10/extensions/libipt_realm.c.cloexec iptables-1.4.10/extensions/libipt_realm.c ---- iptables-1.4.10/extensions/libipt_realm.c.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/extensions/libipt_realm.c 2011-01-10 13:23:31.373335720 +0100 -@@ -49,7 +49,7 @@ static void load_realms(void) - int id; - struct realmname *oldnm = NULL, *newnm = NULL; - -- fil = fopen(rfnm, "r"); -+ fil = fopen(rfnm, "re"); - if (!fil) { - rdberr = 1; - return; -diff -up iptables-1.4.10/extensions/libxt_set.h.cloexec iptables-1.4.10/extensions/libxt_set.h ---- iptables-1.4.10/extensions/libxt_set.h.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/extensions/libxt_set.h 2011-01-10 13:23:31.374335743 +0100 -@@ -2,6 +2,7 @@ - #define _LIBXT_SET_H - - #include -+#include - #include - #include - #include -@@ -23,6 +24,12 @@ get_version(unsigned *version) - xtables_error(OTHER_PROBLEM, - "Can't open socket to ipset.\n"); - -+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { -+ xtables_error(OTHER_PROBLEM, -+ "Could not set close on exec: %s\n", -+ strerror(errno)); -+ } -+ - req_version.op = IP_SET_OP_VERSION; - res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size); - if (res != 0) -diff -up iptables-1.4.10/ip6tables-restore.c.cloexec iptables-1.4.10/ip6tables-restore.c ---- iptables-1.4.10/ip6tables-restore.c.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/ip6tables-restore.c 2011-01-10 13:23:31.380335880 +0100 -@@ -169,7 +169,7 @@ int main(int argc, char *argv[]) - } - - if (optind == argc - 1) { -- in = fopen(argv[optind], "r"); -+ in = fopen(argv[optind], "re"); - if (!in) { - fprintf(stderr, "Can't open %s: %s\n", argv[optind], - strerror(errno)); -diff -up iptables-1.4.10/ip6tables-save.c.cloexec iptables-1.4.10/ip6tables-save.c ---- iptables-1.4.10/ip6tables-save.c.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/ip6tables-save.c 2011-01-10 13:23:31.381335904 +0100 -@@ -41,7 +41,7 @@ static int for_each_table(int (*func)(co - FILE *procfile = NULL; - char tablename[IP6T_TABLE_MAXNAMELEN+1]; - -- procfile = fopen("/proc/net/ip6_tables_names", "r"); -+ procfile = fopen("/proc/net/ip6_tables_names", "re"); - if (!procfile) - return ret; - -diff -up iptables-1.4.10/iptables-restore.c.cloexec iptables-1.4.10/iptables-restore.c ---- iptables-1.4.10/iptables-restore.c.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/iptables-restore.c 2011-01-10 13:23:31.383335950 +0100 -@@ -175,7 +175,7 @@ main(int argc, char *argv[]) - } - - if (optind == argc - 1) { -- in = fopen(argv[optind], "r"); -+ in = fopen(argv[optind], "re"); - if (!in) { - fprintf(stderr, "Can't open %s: %s\n", argv[optind], - strerror(errno)); -diff -up iptables-1.4.10/iptables-save.c.cloexec iptables-1.4.10/iptables-save.c ---- iptables-1.4.10/iptables-save.c.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/iptables-save.c 2011-01-10 13:23:31.383335950 +0100 -@@ -39,7 +39,7 @@ static int for_each_table(int (*func)(co - FILE *procfile = NULL; - char tablename[IPT_TABLE_MAXNAMELEN+1]; - -- procfile = fopen("/proc/net/ip_tables_names", "r"); -+ procfile = fopen("/proc/net/ip_tables_names", "re"); - if (!procfile) - return ret; - -diff -up iptables-1.4.10/iptables-xml.c.cloexec iptables-1.4.10/iptables-xml.c ---- iptables-1.4.10/iptables-xml.c.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/iptables-xml.c 2011-01-10 13:23:31.385335996 +0100 -@@ -653,7 +653,7 @@ main(int argc, char *argv[]) - } - - if (optind == argc - 1) { -- in = fopen(argv[optind], "r"); -+ in = fopen(argv[optind], "re"); - if (!in) { - fprintf(stderr, "Can't open %s: %s", argv[optind], - strerror(errno)); -diff -up iptables-1.4.10/libiptc/libiptc.c.cloexec iptables-1.4.10/libiptc/libiptc.c ---- iptables-1.4.10/libiptc/libiptc.c.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/libiptc/libiptc.c 2011-01-10 13:23:31.387336042 +0100 -@@ -29,6 +29,8 @@ - * - performance work: speedup initial ruleset parsing. - * - sponsored by ComX Networks A/S (http://www.comx.dk/) - */ -+#include -+#include - #include - #include - #include -@@ -1328,6 +1330,12 @@ TC_INIT(const char *tablename) - if (sockfd < 0) - return NULL; - -+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { -+ fprintf(stderr, "Could not set close on exec: %s\n", -+ strerror(errno)); -+ abort(); -+ } -+ - retry: - s = sizeof(info); - -diff -up iptables-1.4.10/xtables.c.cloexec iptables-1.4.10/xtables.c ---- iptables-1.4.10/xtables.c.cloexec 2010-10-29 16:37:22.000000000 +0200 -+++ iptables-1.4.10/xtables.c 2011-01-10 13:25:06.548552918 +0100 -@@ -285,6 +285,12 @@ static char *get_modprobe(void) - if (procfile < 0) - return NULL; - -+ if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) { -+ fprintf(stderr, "Could not set close on exec: %s\n", -+ strerror(errno)); -+ exit(1); -+ } -+ - ret = malloc(PROCFILE_BUFSIZ); - if (ret) { - memset(ret, 0, PROCFILE_BUFSIZ); -@@ -680,6 +686,12 @@ static int compatible_revision(const cha - exit(1); - } - -+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { -+ fprintf(stderr, "Could not set close on exec: %s\n", -+ strerror(errno)); -+ exit(1); -+ } -+ - xtables_load_ko(xtables_modprobe_program, true); - - strcpy(rev.name, name); diff --git a/iptables-1.4.11-cloexec.patch b/iptables-1.4.11-cloexec.patch deleted file mode 100644 index f791e6d..0000000 --- a/iptables-1.4.11-cloexec.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -up iptables-1.4.11/extensions/libxt_set.h.cloexec iptables-1.4.11/extensions/libxt_set.h ---- iptables-1.4.11/extensions/libxt_set.h.cloexec 2011-05-26 18:12:12.000000000 +0200 -+++ iptables-1.4.11/extensions/libxt_set.h 2011-06-07 16:39:04.308403784 +0200 -@@ -2,6 +2,7 @@ - #define _LIBXT_SET_H - - #include -+#include - #include - #include - #include -@@ -23,6 +24,12 @@ get_version(unsigned *version) - xtables_error(OTHER_PROBLEM, - "Can't open socket to ipset.\n"); - -+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { -+ xtables_error(OTHER_PROBLEM, -+ "Could not set close on exec: %s\n", -+ strerror(errno)); -+ } -+ - req_version.op = IP_SET_OP_VERSION; - res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size); - if (res != 0) -diff -up iptables-1.4.11/libiptc/libiptc.c.cloexec iptables-1.4.11/libiptc/libiptc.c ---- iptables-1.4.11/libiptc/libiptc.c.cloexec 2011-05-26 18:12:12.000000000 +0200 -+++ iptables-1.4.11/libiptc/libiptc.c 2011-06-07 16:43:15.283421508 +0200 -@@ -29,6 +29,8 @@ - * - performance work: speedup initial ruleset parsing. - * - sponsored by ComX Networks A/S (http://www.comx.dk/) - */ -+#include -+#include - #include - #include - #include -@@ -1329,6 +1331,12 @@ TC_INIT(const char *tablename) - if (sockfd < 0) - return NULL; - -+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { -+ fprintf(stderr, "Could not set close on exec: %s\n", -+ strerror(errno)); -+ abort(); -+ } -+ - retry: - s = sizeof(info); - -diff -up iptables-1.4.11/xtables.c.cloexec iptables-1.4.11/xtables.c diff --git a/iptables-1.4.12-fixresore.patch b/iptables-1.4.12-fixresore.patch deleted file mode 100644 index 94358f7..0000000 --- a/iptables-1.4.12-fixresore.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -Nur iptables-1.4.12.2/iptables/ip6tables-restore.c iptables-1.4.12.2-fixrestore/iptables/ip6tables-restore.c ---- iptables-1.4.12.2/iptables/ip6tables-restore.c 2012-01-03 02:19:09.000000000 +0900 -+++ iptables-1.4.12.2-fixrestore/iptables/ip6tables-restore.c 2012-03-01 10:56:10.000000000 +0900 -@@ -380,9 +380,9 @@ - quote_open = 0; - escaped = 0; - param_len = 0; -+ char param_buffer[1024]; - - for (curchar = parsestart; *curchar; curchar++) { -- char param_buffer[1024]; - - if (quote_open) { - if (escaped) { -diff -Nur iptables-1.4.12.2/iptables/iptables-restore.c iptables-1.4.12.2-fixrestore/iptables/iptables-restore.c ---- iptables-1.4.12.2/iptables/iptables-restore.c 2012-01-03 02:19:09.000000000 +0900 -+++ iptables-1.4.12.2-fixrestore/iptables/iptables-restore.c 2012-03-01 10:56:00.000000000 +0900 -@@ -377,9 +377,9 @@ - quote_open = 0; - escaped = 0; - param_len = 0; -+ char param_buffer[1024]; - - for (curchar = parsestart; *curchar; curchar++) { -- char param_buffer[1024]; - - if (quote_open) { - if (escaped) { diff --git a/iptables-1.4.7-xt_CHECKSUM.patch b/iptables-1.4.7-xt_CHECKSUM.patch deleted file mode 100644 index 282f934..0000000 --- a/iptables-1.4.7-xt_CHECKSUM.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff --git a/extensions/libxt_CHECKSUM.c b/extensions/libxt_CHECKSUM.c -new file mode 100644 -index 0000000..00fbd8f ---- /dev/null -+++ b/extensions/libxt_CHECKSUM.c -@@ -0,0 +1,99 @@ -+/* Shared library add-on to xtables for CHECKSUM -+ * -+ * (C) 2002 by Harald Welte -+ * (C) 2010 by Red Hat, Inc -+ * Author: Michael S. Tsirkin -+ * -+ * This program is distributed under the terms of GNU GPL v2, 1991 -+ * -+ * libxt_CHECKSUM.c borrowed some bits from libipt_ECN.c -+ * -+ * $Id$ -+ */ -+#include -+#include -+#include -+#include -+ -+#include -+#include -+ -+static void CHECKSUM_help(void) -+{ -+ printf( -+"CHECKSUM target options\n" -+" --checksum-fill Fill in packet checksum.\n"); -+} -+ -+static const struct option CHECKSUM_opts[] = { -+ { "checksum-fill", 0, NULL, 'F' }, -+ { .name = NULL } -+}; -+ -+static int CHECKSUM_parse(int c, char **argv, int invert, unsigned int *flags, -+ const void *entry, struct xt_entry_target **target) -+{ -+ struct xt_CHECKSUM_info *einfo -+ = (struct xt_CHECKSUM_info *)(*target)->data; -+ -+ switch (c) { -+ case 'F': -+ if (*flags) -+ xtables_error(PARAMETER_PROBLEM, -+ "CHECKSUM target: Only use --checksum-fill ONCE!"); -+ einfo->operation = XT_CHECKSUM_OP_FILL; -+ *flags |= XT_CHECKSUM_OP_FILL; -+ break; -+ default: -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static void CHECKSUM_check(unsigned int flags) -+{ -+ if (!flags) -+ xtables_error(PARAMETER_PROBLEM, -+ "CHECKSUM target: Parameter --checksum-fill is required"); -+} -+ -+static void CHECKSUM_print(const void *ip, const struct xt_entry_target *target, -+ int numeric) -+{ -+ const struct xt_CHECKSUM_info *einfo = -+ (const struct xt_CHECKSUM_info *)target->data; -+ -+ printf("CHECKSUM "); -+ -+ if (einfo->operation & XT_CHECKSUM_OP_FILL) -+ printf("fill "); -+} -+ -+static void CHECKSUM_save(const void *ip, const struct xt_entry_target *target) -+{ -+ const struct xt_CHECKSUM_info *einfo = -+ (const struct xt_CHECKSUM_info *)target->data; -+ -+ if (einfo->operation & XT_CHECKSUM_OP_FILL) -+ printf("--checksum-fill "); -+} -+ -+static struct xtables_target checksum_tg_reg = { -+ .name = "CHECKSUM", -+ .version = XTABLES_VERSION, -+ .family = NFPROTO_UNSPEC, -+ .size = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)), -+ .userspacesize = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)), -+ .help = CHECKSUM_help, -+ .parse = CHECKSUM_parse, -+ .final_check = CHECKSUM_check, -+ .print = CHECKSUM_print, -+ .save = CHECKSUM_save, -+ .extra_opts = CHECKSUM_opts, -+}; -+ -+void _init(void) -+{ -+ xtables_register_target(&checksum_tg_reg); -+} -diff --git a/extensions/libxt_CHECKSUM.man b/extensions/libxt_CHECKSUM.man -new file mode 100644 -index 0000000..92ae700 ---- /dev/null -+++ b/extensions/libxt_CHECKSUM.man -@@ -0,0 +1,8 @@ -+This target allows to selectively work around broken/old applications. -+It can only be used in the mangle table. -+.TP -+\fB\-\-checksum\-fill\fP -+Compute and fill in the checksum in a packet that lacks a checksum. -+This is particularly useful, if you need to work around old applications -+such as dhcp clients, that do not work well with checksum offloads, -+but don't want to disable checksum offload in your device. diff --git a/iptables-1.4.9-cloexec.patch b/iptables-1.4.9-cloexec.patch deleted file mode 100644 index 9f4c140..0000000 --- a/iptables-1.4.9-cloexec.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff -up iptables-1.4.9/extensions/libipt_realm.c.cloexec iptables-1.4.9/extensions/libipt_realm.c ---- iptables-1.4.9/extensions/libipt_realm.c.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/extensions/libipt_realm.c 2010-08-04 12:17:51.000000000 +0200 -@@ -48,7 +48,7 @@ static void load_realms(void) - int id; - struct realmname *oldnm = NULL, *newnm = NULL; - -- fil = fopen(rfnm, "r"); -+ fil = fopen(rfnm, "re"); - if (!fil) { - rdberr = 1; - return; -diff -up iptables-1.4.9/extensions/libxt_set.h.cloexec iptables-1.4.9/extensions/libxt_set.h ---- iptables-1.4.9/extensions/libxt_set.h.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/extensions/libxt_set.h 2010-08-04 12:19:48.000000000 +0200 -@@ -2,6 +2,7 @@ - #define _LIBXT_SET_H - - #include -+#include - #include - #include - #include -@@ -23,6 +24,12 @@ get_version(unsigned *version) - xtables_error(OTHER_PROBLEM, - "Can't open socket to ipset.\n"); - -+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { -+ xtables_error(OTHER_PROBLEM, -+ "Could not set close on exec: %s\n", -+ strerror(errno)); -+ } -+ - req_version.op = IP_SET_OP_VERSION; - res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size); - if (res != 0) -diff -up iptables-1.4.9/ip6tables-restore.c.cloexec iptables-1.4.9/ip6tables-restore.c ---- iptables-1.4.9/ip6tables-restore.c.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/ip6tables-restore.c 2010-08-04 12:17:51.000000000 +0200 -@@ -169,7 +169,7 @@ int main(int argc, char *argv[]) - } - - if (optind == argc - 1) { -- in = fopen(argv[optind], "r"); -+ in = fopen(argv[optind], "re"); - if (!in) { - fprintf(stderr, "Can't open %s: %s\n", argv[optind], - strerror(errno)); -diff -up iptables-1.4.9/ip6tables-save.c.cloexec iptables-1.4.9/ip6tables-save.c ---- iptables-1.4.9/ip6tables-save.c.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/ip6tables-save.c 2010-08-04 12:17:51.000000000 +0200 -@@ -41,7 +41,7 @@ static int for_each_table(int (*func)(co - FILE *procfile = NULL; - char tablename[IP6T_TABLE_MAXNAMELEN+1]; - -- procfile = fopen("/proc/net/ip6_tables_names", "r"); -+ procfile = fopen("/proc/net/ip6_tables_names", "re"); - if (!procfile) - return ret; - -diff -up iptables-1.4.9/iptables-restore.c.cloexec iptables-1.4.9/iptables-restore.c ---- iptables-1.4.9/iptables-restore.c.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/iptables-restore.c 2010-08-04 12:17:51.000000000 +0200 -@@ -175,7 +175,7 @@ main(int argc, char *argv[]) - } - - if (optind == argc - 1) { -- in = fopen(argv[optind], "r"); -+ in = fopen(argv[optind], "re"); - if (!in) { - fprintf(stderr, "Can't open %s: %s\n", argv[optind], - strerror(errno)); -diff -up iptables-1.4.9/iptables-save.c.cloexec iptables-1.4.9/iptables-save.c ---- iptables-1.4.9/iptables-save.c.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/iptables-save.c 2010-08-04 12:17:51.000000000 +0200 -@@ -39,7 +39,7 @@ static int for_each_table(int (*func)(co - FILE *procfile = NULL; - char tablename[IPT_TABLE_MAXNAMELEN+1]; - -- procfile = fopen("/proc/net/ip_tables_names", "r"); -+ procfile = fopen("/proc/net/ip_tables_names", "re"); - if (!procfile) - return ret; - -diff -up iptables-1.4.9/iptables-xml.c.cloexec iptables-1.4.9/iptables-xml.c ---- iptables-1.4.9/iptables-xml.c.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/iptables-xml.c 2010-08-04 12:17:51.000000000 +0200 -@@ -653,7 +653,7 @@ main(int argc, char *argv[]) - } - - if (optind == argc - 1) { -- in = fopen(argv[optind], "r"); -+ in = fopen(argv[optind], "re"); - if (!in) { - fprintf(stderr, "Can't open %s: %s", argv[optind], - strerror(errno)); -diff -up iptables-1.4.9/libiptc/libiptc.c.cloexec iptables-1.4.9/libiptc/libiptc.c ---- iptables-1.4.9/libiptc/libiptc.c.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/libiptc/libiptc.c 2010-08-04 12:17:51.000000000 +0200 -@@ -29,6 +29,8 @@ - * - performance work: speedup initial ruleset parsing. - * - sponsored by ComX Networks A/S (http://www.comx.dk/) - */ -+#include -+#include - #include - #include - #include -@@ -1328,6 +1330,12 @@ TC_INIT(const char *tablename) - if (sockfd < 0) - return NULL; - -+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { -+ fprintf(stderr, "Could not set close on exec: %s\n", -+ strerror(errno)); -+ abort(); -+ } -+ - retry: - s = sizeof(info); - -diff -up iptables-1.4.9/xtables.c.cloexec iptables-1.4.9/xtables.c ---- iptables-1.4.9/xtables.c.cloexec 2010-08-03 16:54:25.000000000 +0200 -+++ iptables-1.4.9/xtables.c 2010-08-04 12:17:51.000000000 +0200 -@@ -284,6 +284,11 @@ static char *get_modprobe(void) - procfile = open(PROC_SYS_MODPROBE, O_RDONLY); - if (procfile < 0) - return NULL; -+ if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) { -+ fprintf(stderr, "Could not set close on exec: %s\n", -+ strerror(errno)); -+ exit(1); -+ } - - ret = (char *) malloc(PROCFILE_BUFSIZ); - if (ret) { -@@ -680,6 +685,12 @@ static int compatible_revision(const cha - exit(1); - } - -+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) { -+ fprintf(stderr, "Could not set close on exec: %s\n", -+ strerror(errno)); -+ exit(1); -+ } -+ - xtables_load_ko(xtables_modprobe_program, true); - - strcpy(rev.name, name);