.gitignore

@@ -1 +1 @@
-SOURCES/libnetfilter_cthelper-1.0.0.tar.bz2
+/libnetfilter_cthelper-1.0.0.tar.bz2

.libnetfilter_cthelper.metadata

@@ -1 +0,0 @@
-5d0a82794bd46aafde20c16800edca23d563de66 SOURCES/libnetfilter_cthelper-1.0.0.tar.bz2

0001-src-fix-use-after-free.patch

@@ -1,4 +1,4 @@
-From 9fe9ae5010f159539b4fc51890b9f218422ee8d8 Mon Sep 17 00:00:00 2001
+From 28fd339a4de2fa383fd8a887e570be542f170ac2 Mon Sep 17 00:00:00 2001
 From: Christopher Horler <cshorler@googlemail.com>
 Date: Mon, 8 Dec 2014 20:04:31 +0000
 Subject: [PATCH] src: fix use after free
@@ -8,7 +8,6 @@ Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=990
 Signed-off-by: Christopher Horler <cshorler@googlemail.com>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 (cherry picked from commit d48012fa7718195e3f897b01a36e4ba249aa6dfc)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
 ---
  src/libnetfilter_cthelper.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
@@ -31,5 +30,5 @@ index 297887040b20c..f8f58e6c9c5e8 100644
  EXPORT_SYMBOL(nfct_helper_free);
  
 -- 
-2.23.0
+2.34.1
 

0002-include-Sync-with-kernel-headers.patch

@@ -1,4 +1,4 @@
-From 68637125ac6842f20ac3898c0d0d252be882a017 Mon Sep 17 00:00:00 2001
+From fdedadd0dc934100a11c0a942c0b62193a4c0cf1 Mon Sep 17 00:00:00 2001
 From: Felix Janda <felix.janda@posteo.de>
 Date: Sat, 16 May 2015 13:35:14 +0200
 Subject: [PATCH] include: Sync with kernel headers
@@ -6,7 +6,6 @@ Subject: [PATCH] include: Sync with kernel headers
 Signed-off-by: Felix Janda <felix.janda@posteo.de>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 (cherry picked from commit 7d55aff4686a5910f84b9045c98d6f01e1daa297)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
 ---
  include/linux/netfilter/nfnetlink.h | 52 ++++++-----------------------
  1 file changed, 11 insertions(+), 41 deletions(-)
@@ -81,5 +80,5 @@ index f1b546e85d590..c755646752011 100644
 -#endif	/* _NFNETLINK_H */
 +#endif /* _NFNETLINK_H */
 -- 
-2.23.0
+2.34.1
 

0003-examples-fix-double-free-in-nftc-helper-add.patch

@@ -1,4 +1,4 @@
-From e155035446b39f6cda9c74c079e0b71cc408bb0b Mon Sep 17 00:00:00 2001
+From 110713ae423173168a417f1dde6af1c322cb958a Mon Sep 17 00:00:00 2001
 From: Liping Zhang <zlpnobody@gmail.com>
 Date: Sun, 19 Mar 2017 22:01:10 +0800
 Subject: [PATCH] examples: fix double free in nftc-helper-add
@@ -21,7 +21,6 @@ double free error will happen.
 Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 (cherry picked from commit 9f223e612d3b0be6e4dca84e1db8042dbec64e93)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
 ---
  examples/nfct-helper-add.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
@@ -47,5 +46,5 @@ index 6c476261b75e8..cb7291e8ec4b0 100644
  	nl = mnl_socket_open(NETLINK_NETFILTER);
  	if (nl == NULL) {
 -- 
-2.23.0
+2.34.1
 

0004-examples-kill-the-invalid-argument-error-in-nftc-hel.patch

@@ -1,4 +1,4 @@
-From 5edc15389bb0b9d9a1c87eedb17edb58a28cebae Mon Sep 17 00:00:00 2001
+From 61c5a2b5cf1632d118ffff96edf30862b873b021 Mon Sep 17 00:00:00 2001
 From: Liping Zhang <zlpnobody@gmail.com>
 Date: Wed, 22 Mar 2017 21:00:47 +0800
 Subject: [PATCH] examples: kill the "invalid argument" error in
@@ -10,7 +10,6 @@ creating the cthelper, add it now. Otherwise -EINVAL will be returned.
 Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 (cherry picked from commit 5fec728cf69d137450e230a88793b1251176c035)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
 ---
  examples/nfct-helper-add.c | 1 +
  1 file changed, 1 insertion(+)
@@ -28,5 +27,5 @@ index cb7291e8ec4b0..79e09637415d3 100644
  	/* Will be freed by nfct_helper_free. */
  	p = nfct_helper_policy_alloc();
 -- 
-2.23.0
+2.34.1
 

0005-src-fix-incorrect-building-and-parsing-of-the-NFCTH_.patch

@@ -1,4 +1,4 @@
-From 4dcb3ad120ba11bf62fd880f028339b41c6fbeb5 Mon Sep 17 00:00:00 2001
+From adc96d86c74882c154a37b27424f0caf7b9f5a8a Mon Sep 17 00:00:00 2001
 From: Liping Zhang <zlpnobody@gmail.com>
 Date: Mon, 20 Mar 2017 22:35:22 +0800
 Subject: [PATCH] src: fix incorrect building and parsing of the
@@ -16,17 +16,16 @@ more than 3, later out of bound access will happen.
 Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 (cherry picked from commit 5ed4ddea21f30e8829def3603b2d112766a756f2)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
 ---
  src/libnetfilter_cthelper.c | 23 +++++++++++------------
  1 file changed, 11 insertions(+), 12 deletions(-)
 
 diff --git a/src/libnetfilter_cthelper.c b/src/libnetfilter_cthelper.c
-index af543a17fafa8..7ed1f6457eb5f 100644
+index f8f58e6c9c5e8..b3271a6bf01fb 100644
 --- a/src/libnetfilter_cthelper.c
 +++ b/src/libnetfilter_cthelper.c
-@@ -497,12 +497,12 @@ nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd,
- }
+@@ -512,12 +512,12 @@ nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd,
+ EXPORT_SYMBOL(nfct_helper_nlmsg_build_hdr);
  
  static void
 -nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh,
@@ -40,7 +39,7 @@ index af543a17fafa8..7ed1f6457eb5f 100644
  	mnl_attr_put_strz(nlh, NFCTH_POLICY_NAME, p->name);
  	mnl_attr_put_u32(nlh, NFCTH_POLICY_EXPECT_MAX, htonl(p->expect_max));
  	mnl_attr_put_u32(nlh, NFCTH_POLICY_EXPECT_TIMEOUT,
-@@ -549,22 +549,22 @@ nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h)
+@@ -564,22 +564,22 @@ nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h)
  		int policy_set_num = 0;
  
  		if (h->bitset & (1 << NFCTH_ATTR_POLICY1)) {
@@ -67,7 +66,7 @@ index af543a17fafa8..7ed1f6457eb5f 100644
  							h->expect_policy[3]);
  			policy_set_num++;
  		}
-@@ -717,14 +717,13 @@ nfct_helper_nlmsg_parse_policy_set(const struct nlattr *attr,
+@@ -733,14 +733,13 @@ nfct_helper_nlmsg_parse_policy_set(const struct nlattr *attr,
  				   struct nfct_helper *helper)
  {
  	struct nlattr *tb[NFCTH_POLICY_SET_MAX+1] = {};
@@ -88,5 +87,5 @@ index af543a17fafa8..7ed1f6457eb5f 100644
  			nfct_helper_nlmsg_parse_policy(tb[NFCTH_POLICY_SET+i],
  						       helper);
 -- 
-2.23.0
+2.34.1
 

SOURCES/0001-build-resolve-automake-1.12-warnings.patch

@@ -1,31 +0,0 @@
-From a6dbba81630db3f647d341c80c9ffa69f80eb869 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Mon, 8 Oct 2012 14:54:27 +0200
-Subject: [PATCH] build: resolve automake-1.12 warnings
-
-/usr/share/automake-1.12/am/ltlibrary.am: warning:
-'libnetfilter_cthelper.la': linking libtool libraries using a non-POSIX
-archiver requires 'AM_PROG_AR' in 'configure.ac'
-
-Signed-off-by: Jan Engelhardt <jengelh@inai.de>
-(cherry picked from commit af9ae9053e35f2861b9fcdf175500bdce42e597d)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- configure.ac | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configure.ac b/configure.ac
-index d9b0118ef0332..d52b1ce3841c2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -8,6 +8,7 @@ AC_CONFIG_HEADERS([config.h])
- 
- AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-bzip2
- 	1.6 subdir-objects])
-+m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
- 
- dnl kernel style compile messages
- m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
--- 
-2.23.0
-

SOURCES/0002-Update-.gitignore.patch

@@ -1,40 +0,0 @@
-From 490757aa64308c49611ae50e75470d9fd87ec6d2 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Mon, 8 Oct 2012 14:55:39 +0200
-Subject: [PATCH] Update .gitignore
-
-Signed-off-by: Jan Engelhardt <jengelh@inai.de>
-(cherry picked from commit c9753bf8e2bcc6510ca88133eaa79da1d9616550)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- .gitignore | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
- create mode 100644 .gitignore
-
-diff --git a/.gitignore b/.gitignore
-new file mode 100644
-index 0000000000000..a83525b35be2b
---- /dev/null
-+++ b/.gitignore
-@@ -0,0 +1,18 @@
-+.deps/
-+.libs/
-+Makefile
-+Makefile.in
-+*.o
-+*.la
-+*.lo
-+
-+/aclocal.m4
-+/autom4te.cache/
-+/build-aux/
-+/config.*
-+/configure
-+/libtool
-+
-+/doxygen.cfg
-+/*.pc
-+/stamp-h1
--- 
-2.23.0
-

SOURCES/0003-configure-uclinux-is-also-linux.patch

@@ -1,29 +0,0 @@
-From c69ddc73c814ecc2f9c68c68a0effb8bf7d6725b Mon Sep 17 00:00:00 2001
-From: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Date: Tue, 10 Sep 2013 16:23:32 -0300
-Subject: [PATCH] configure: uclinux is also linux
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-(cherry picked from commit 0c52422eb236b16bc663a7f22df3e30fb9c8bf71)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index d52b1ce3841c2..9389b70ebb4de 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -22,7 +22,7 @@ AC_DISABLE_STATIC
- LT_INIT
- CHECK_GCC_FVISIBILITY
- case "$host" in
--*-*-linux*) ;;
-+*-*-linux* | *-*-uclinux*) ;;
- *) AC_MSG_ERROR([Linux only, dude!]);;
- esac
- 
--- 
-2.23.0
-

SOURCES/0006-Use-__EXPORTED-rather-than-EXPORT_SYMBOL.patch

@@ -1,387 +0,0 @@
-From 06e046b30fe8d849c9e3425543661310c06797c7 Mon Sep 17 00:00:00 2001
-From: Kevin Cernekee <cernekee@chromium.org>
-Date: Wed, 4 Jan 2017 14:30:26 -0800
-Subject: [PATCH] Use __EXPORTED rather than EXPORT_SYMBOL
-
-clang is sensitive to the ordering of
-__attribute__((visibility("default"))) relative to the function
-body.  gcc is not.  So if we try to re-declare an existing function
-with default visibility, clang prints a warning and generates
-a broken .so file in which nfct_helper_* are not exported to library
-callers.
-
-Move the attribute up into the function definition to make clang happy.
-
-Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-(cherry picked from commit f58c5b09fb59baf07c942d373fc4d522b27e73c6)
-Signed-off-by: Phil Sutter <psutter@redhat.com>
----
- doxygen.cfg.in              |  2 +-
- src/internal.h              |  5 +--
- src/libnetfilter_cthelper.c | 83 +++++++++++++++----------------------
- 3 files changed, 36 insertions(+), 54 deletions(-)
-
-diff --git a/doxygen.cfg.in b/doxygen.cfg.in
-index cac9b0510b4d7..190b7cd6e716e 100644
---- a/doxygen.cfg.in
-+++ b/doxygen.cfg.in
-@@ -72,7 +72,7 @@ RECURSIVE              = YES
- EXCLUDE                = 
- EXCLUDE_SYMLINKS       = NO
- EXCLUDE_PATTERNS       = */.git/* .*.d
--EXCLUDE_SYMBOLS        = EXPORT_SYMBOL
-+EXCLUDE_SYMBOLS        = 
- EXAMPLE_PATH           = 
- EXAMPLE_PATTERNS       = 
- EXAMPLE_RECURSIVE      = NO
-diff --git a/src/internal.h b/src/internal.h
-index 3a88d1a1f7d8b..5d781718ddadc 100644
---- a/src/internal.h
-+++ b/src/internal.h
-@@ -3,10 +3,9 @@
- 
- #include "config.h"
- #ifdef HAVE_VISIBILITY_HIDDEN
--#	define __visible	__attribute__((visibility("default")))
--#	define EXPORT_SYMBOL(x)	typeof(x) (x) __visible
-+#	define __EXPORTED	__attribute__((visibility("default")))
- #else
--#	define EXPORT_SYMBOL
-+#	define __EXPORTED
- #endif
- 
- #endif
-diff --git a/src/libnetfilter_cthelper.c b/src/libnetfilter_cthelper.c
-index f8f58e6c9c5e8..af543a17fafa8 100644
---- a/src/libnetfilter_cthelper.c
-+++ b/src/libnetfilter_cthelper.c
-@@ -99,17 +99,16 @@ struct nfct_helper {
-  * In case of success, this function returns a valid pointer, otherwise NULL
-  * s returned and errno is appropriately set.
-  */
--struct nfct_helper *nfct_helper_alloc(void)
-+struct nfct_helper __EXPORTED *nfct_helper_alloc(void)
- {
- 	return calloc(1, sizeof(struct nfct_helper));
- }
--EXPORT_SYMBOL(nfct_helper_alloc);
- 
- /**
-  * nfct_helper_free - release one helper object
-  * \param nfct_helper pointer to the helper object
-  */
--void nfct_helper_free(struct nfct_helper *h)
-+void __EXPORTED nfct_helper_free(struct nfct_helper *h)
- {
- 	int i;
- 
-@@ -119,7 +118,6 @@ void nfct_helper_free(struct nfct_helper *h)
- 	}
- 	free(h);
- }
--EXPORT_SYMBOL(nfct_helper_free);
- 
- /**
-  * nfct_helper_policy_alloc - allocate a new helper policy object
-@@ -127,21 +125,19 @@ EXPORT_SYMBOL(nfct_helper_free);
-  * In case of success, this function returns a valid pointer, otherwise NULL
-  * s returned and errno is appropriately set.
-  */
--struct nfct_helper_policy *nfct_helper_policy_alloc(void)
-+struct nfct_helper_policy __EXPORTED *nfct_helper_policy_alloc(void)
- {
- 	return calloc(1, sizeof(struct nfct_helper_policy));
- }
--EXPORT_SYMBOL(nfct_helper_policy_alloc);
- 
- /**
-  * nfct_helper_free - release one helper policy object
-  * \param nfct_helper pointer to the helper object
-  */
--void nfct_helper_policy_free(struct nfct_helper_policy *p)
-+void __EXPORTED nfct_helper_policy_free(struct nfct_helper_policy *p)
- {
- 	free(p);
- }
--EXPORT_SYMBOL(nfct_helper_policy_free);
- 
- /**
-  * nfct_helper_policy_attr_set - set one attribute of the helper object
-@@ -149,7 +145,7 @@ EXPORT_SYMBOL(nfct_helper_policy_free);
-  * \param type attribute type you want to set
-  * \param data pointer to data that will be used to set this attribute
-  */
--void
-+void __EXPORTED
- nfct_helper_policy_attr_set(struct nfct_helper_policy *p,
- 			    enum nfct_helper_policy_attr_type type,
- 			    const void *data)
-@@ -170,7 +166,6 @@ nfct_helper_policy_attr_set(struct nfct_helper_policy *p,
- 		break;
- 	}
- }
--EXPORT_SYMBOL(nfct_helper_policy_attr_set);
- 
- /**
-  * nfct_helper_attr_set_str - set one attribute the helper object
-@@ -178,23 +173,21 @@ EXPORT_SYMBOL(nfct_helper_policy_attr_set);
-  * \param type attribute type you want to set
-  * \param name string that will be used to set this attribute
-  */
--void
-+void __EXPORTED
- nfct_helper_policy_attr_set_str(struct nfct_helper_policy *p,
- 				enum nfct_helper_policy_attr_type type,
- 				const char *name)
- {
- 	nfct_helper_policy_attr_set(p, type, name);
- }
--EXPORT_SYMBOL(nfct_helper_policy_attr_set_str);
- 
--void
-+void __EXPORTED
- nfct_helper_policy_attr_set_u32(struct nfct_helper_policy *p,
- 				enum nfct_helper_policy_attr_type type,
- 				uint32_t value)
- {
- 	nfct_helper_policy_attr_set(p, type, &value);
- }
--EXPORT_SYMBOL(nfct_helper_policy_attr_set_u32);
- 
- /**
-  * nfct_helper_attr_set - set one attribute of the helper object
-@@ -202,7 +195,7 @@ EXPORT_SYMBOL(nfct_helper_policy_attr_set_u32);
-  * \param type attribute type you want to set
-  * \param data pointer to data that will be used to set this attribute
-  */
--void
-+void __EXPORTED
- nfct_helper_attr_set(struct nfct_helper *h,
- 		     enum nfct_helper_attr_type type, const void *data)
- {
-@@ -250,7 +243,6 @@ nfct_helper_attr_set(struct nfct_helper *h,
- 		break;
- 	}
- }
--EXPORT_SYMBOL(nfct_helper_attr_set);
- 
- /**
-  * nfct_helper_attr_set_str - set one attribute the helper object
-@@ -258,44 +250,40 @@ EXPORT_SYMBOL(nfct_helper_attr_set);
-  * \param type attribute type you want to set
-  * \param name string that will be used to set this attribute
-  */
--void
-+void __EXPORTED
- nfct_helper_attr_set_str(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type,
- 		    const char *name)
- {
- 	nfct_helper_attr_set(nfct_helper, type, name);
- }
--EXPORT_SYMBOL(nfct_helper_attr_set_str);
- 
--void
-+void __EXPORTED
- nfct_helper_attr_set_u8(struct nfct_helper *nfct_helper,
- 			 enum nfct_helper_attr_type type, uint8_t value)
- {
- 	nfct_helper_attr_set(nfct_helper, type, &value);
- }
--EXPORT_SYMBOL(nfct_helper_attr_set_u8);
- 
--void
-+void __EXPORTED
- nfct_helper_attr_set_u16(struct nfct_helper *nfct_helper,
- 			 enum nfct_helper_attr_type type, uint16_t value)
- {
- 	nfct_helper_attr_set(nfct_helper, type, &value);
- }
--EXPORT_SYMBOL(nfct_helper_attr_set_u16);
- 
--void
-+void __EXPORTED
- nfct_helper_attr_set_u32(struct nfct_helper *nfct_helper,
- 			 enum nfct_helper_attr_type type, uint32_t value)
- {
- 	nfct_helper_attr_set(nfct_helper, type, &value);
- }
--EXPORT_SYMBOL(nfct_helper_attr_set_u32);
- 
- /**
-  * nfct_helper_attr_unset - unset one attribute the helper object
-  * \param nfct_helper pointer to the helper object
-  * \param type attribute type you want to set
-  */
--void
-+void __EXPORTED
- nfct_helper_attr_unset(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type)
- {
- 	switch(type) {
-@@ -307,7 +295,6 @@ nfct_helper_attr_unset(struct nfct_helper *nfct_helper, enum nfct_helper_attr_ty
- 		break;
- 	}
- }
--EXPORT_SYMBOL(nfct_helper_attr_unset);
- 
- /**
-  * nfct_helper_attr_get - get one attribute the helper object
-@@ -317,8 +304,9 @@ EXPORT_SYMBOL(nfct_helper_attr_unset);
-  * This function returns a valid pointer to the attribute data. If a
-  * unsupported attribute is used, this returns NULL.
-  */
--const void *nfct_helper_attr_get(struct nfct_helper *helper,
--				 enum nfct_helper_attr_type type)
-+const void __EXPORTED *
-+nfct_helper_attr_get(struct nfct_helper *helper,
-+		     enum nfct_helper_attr_type type)
- {
- 	const void *ret = NULL;
- 
-@@ -358,7 +346,6 @@ const void *nfct_helper_attr_get(struct nfct_helper *helper,
- 	}
- 	return ret;
- }
--EXPORT_SYMBOL(nfct_helper_attr_get);
- 
- /**
-  * nfct_helper_attr_get_str - get one attribute the helper object
-@@ -368,13 +355,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get);
-  * This function returns a valid pointer to the beginning of the string.
-  * If the attribute is unsupported, this returns NULL.
-  */
--const char *
-+const char __EXPORTED *
- nfct_helper_attr_get_str(struct nfct_helper *nfct_helper,
- 			 enum nfct_helper_attr_type type)
- {
- 	return (const char *)nfct_helper_attr_get(nfct_helper, type);
- }
--EXPORT_SYMBOL(nfct_helper_attr_get_str);
- 
- /**
-  * nfct_helper_attr_get_u8 - get one attribute the helper object
-@@ -384,12 +370,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_str);
-  * This function returns a unsigned 8-bits integer. If the attribute is
-  * unsupported, this returns NULL.
-  */
--uint8_t nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper,
--				  enum nfct_helper_attr_type type)
-+uint8_t __EXPORTED
-+nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper,
-+			enum nfct_helper_attr_type type)
- {
- 	return *((uint8_t *)nfct_helper_attr_get(nfct_helper, type));
- }
--EXPORT_SYMBOL(nfct_helper_attr_get_u8);
- 
- /**
-  * nfct_helper_attr_get_u16 - get one attribute the helper object
-@@ -399,12 +385,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u8);
-  * This function returns a unsigned 16-bits integer. If the attribute is
-  * unsupported, this returns NULL.
-  */
--uint16_t nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper,
--				  enum nfct_helper_attr_type type)
-+uint16_t __EXPORTED
-+nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper,
-+			 enum nfct_helper_attr_type type)
- {
- 	return *((uint16_t *)nfct_helper_attr_get(nfct_helper, type));
- }
--EXPORT_SYMBOL(nfct_helper_attr_get_u16);
- 
- /**
-  * nfct_helper_attr_get_u32 - get one attribute the helper object
-@@ -414,12 +400,12 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u16);
-  * This function returns a unsigned 32-bits integer. If the attribute is
-  * unsupported, this returns NULL.
-  */
--uint32_t nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper,
--				  enum nfct_helper_attr_type type)
-+uint32_t __EXPORTED
-+nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper,
-+			 enum nfct_helper_attr_type type)
- {
- 	return *((uint32_t *)nfct_helper_attr_get(nfct_helper, type));
- }
--EXPORT_SYMBOL(nfct_helper_attr_get_u32);
- 
- /**
-  * nfct_helper_snprintf - print helper object into one buffer
-@@ -431,9 +417,10 @@ EXPORT_SYMBOL(nfct_helper_attr_get_u32);
-  * This function returns -1 in case that some mandatory attributes are
-  * missing. On sucess, it returns 0.
-  */
--int nfct_helper_snprintf(char *buf, size_t size,
--			 struct nfct_helper *helper,
--			 unsigned int type, unsigned int flags)
-+int __EXPORTED
-+nfct_helper_snprintf(char *buf, size_t size,
-+		     struct nfct_helper *helper,
-+		     unsigned int type, unsigned int flags)
- {
- 	int ret;
- 
-@@ -454,7 +441,6 @@ int nfct_helper_snprintf(char *buf, size_t size,
- 
- 	return ret;
- }
--EXPORT_SYMBOL(nfct_helper_snprintf);
- 
- /**
-  * @}
-@@ -490,7 +476,7 @@ EXPORT_SYMBOL(nfct_helper_snprintf);
-  * - Command NFNL_MSG_ACCT_DEL, to delete one specific nfct_helper object (if
-  *   unused, otherwise you hit EBUSY).
-  */
--struct nlmsghdr *
-+struct nlmsghdr __EXPORTED *
- nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd,
- 			    uint16_t flags, uint32_t seq)
- {
-@@ -509,7 +495,6 @@ nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd,
- 
- 	return nlh;
- }
--EXPORT_SYMBOL(nfct_helper_nlmsg_build_hdr);
- 
- static void
- nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh,
-@@ -530,7 +515,7 @@ nfct_helper_nlmsg_build_policy(struct nlmsghdr *nlh,
-  * \param nlh: netlink message that you want to use to add the payload.
-  * \param nfct_helper: pointer to a helper object
-  */
--void
-+void __EXPORTED
- nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h)
- {
- 	struct nlattr *nest;
-@@ -593,7 +578,6 @@ nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *h)
- 	if (h->bitset & (1 << NFCTH_ATTR_STATUS))
- 		mnl_attr_put_u32(nlh, NFCTH_STATUS, ntohl(h->status));
- }
--EXPORT_SYMBOL(nfct_helper_nlmsg_build_payload);
- 
- static int
- nfct_helper_nlmsg_parse_tuple_cb(const struct nlattr *attr, void *data)
-@@ -795,7 +779,7 @@ nfct_helper_nlmsg_parse_attr_cb(const struct nlattr *attr, void *data)
-  * This function returns -1 in case that some mandatory attributes are
-  * missing. On sucess, it returns 0.
-  */
--int
-+int __EXPORTED
- nfct_helper_nlmsg_parse_payload(const struct nlmsghdr *nlh,
- 				struct nfct_helper *h)
- {
-@@ -832,7 +816,6 @@ nfct_helper_nlmsg_parse_payload(const struct nlmsghdr *nlh,
- 	}
- 	return 0;
- }
--EXPORT_SYMBOL(nfct_helper_nlmsg_parse_payload);
- 
- /**
-  * @}
--- 
-2.23.0
-

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

libnetfilter_cthelper.spec

@@ -1,23 +1,19 @@
 Name:           libnetfilter_cthelper
 Version:        1.0.0
-Release:        15%{?dist}
+Release:        22%{?dist}
 Summary:        User-space infrastructure for connection tracking helpers
-Group:          System Environment/Libraries
 License:        GPLv2
 URL:            http://www.netfilter.org/projects/libnetfilter_cthelper/index.html
 Source0:        http://www.netfilter.org/projects/libnetfilter_cthelper/files/libnetfilter_cthelper-%{version}.tar.bz2
+BuildRequires:  gcc
 BuildRequires:  libmnl-devel >= 1.0.0, pkgconfig, kernel-headers
-BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: make
 
-Patch1: 0001-build-resolve-automake-1.12-warnings.patch
-Patch2: 0002-Update-.gitignore.patch
-Patch3: 0003-configure-uclinux-is-also-linux.patch
-Patch4: 0004-src-fix-use-after-free.patch
-Patch5: 0005-include-Sync-with-kernel-headers.patch
-Patch6: 0006-Use-__EXPORTED-rather-than-EXPORT_SYMBOL.patch
-Patch7: 0007-examples-fix-double-free-in-nftc-helper-add.patch
-Patch8: 0008-examples-kill-the-invalid-argument-error-in-nftc-hel.patch
-Patch9: 0009-src-fix-incorrect-building-and-parsing-of-the-NFCTH_.patch
+Patch1: 0001-src-fix-use-after-free.patch
+Patch2: 0002-include-Sync-with-kernel-headers.patch
+Patch3: 0003-examples-fix-double-free-in-nftc-helper-add.patch
+Patch4: 0004-examples-kill-the-invalid-argument-error-in-nftc-hel.patch
+Patch5: 0005-src-fix-incorrect-building-and-parsing-of-the-NFCTH_.patch
 
 %description
 This library provides the infrastructure for the user-space helper
@@ -25,7 +21,6 @@ infrastructure available since the Linux kernel 3.6.
 
 %package        devel
 Summary:        Development files for %{name}
-Group:          Development/Libraries
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 Requires:       libmnl-devel >= 1.0.0
 Requires:       kernel-headers
@@ -46,8 +41,7 @@ rm -rf $RPM_BUILD_ROOT
 %make_install
 find $RPM_BUILD_ROOT -type f -name '*.la' -exec rm -f {} ';'
 
-%post -p /sbin/ldconfig
-%postun -p /sbin/ldconfig
+%ldconfig_scriptlets
 
 %files
 %doc COPYING README
@@ -61,11 +55,37 @@ find $RPM_BUILD_ROOT -type f -name '*.la' -exec rm -f {} ';'
 %{_libdir}/*.so
 
 %changelog
-* Thu Oct 24 2019 Phil Sutter <psutter@redhat.com> - 1.0.0-15
-- Rebuild for added CI tests
+* Wed Dec 22 2021 Phil Sutter <psutter@redhat.com> - 1.0.0-22
+- src: fix incorrect building and parsing of the NFCTH_POLICY_SETX attribute
+- examples: kill the "invalid argument" error in nftc-helper-add
+- examples: fix double free in nftc-helper-add
+- include: Sync with kernel headers
+- src: fix use after free
 
-* Thu Oct 24 2019 Phil Sutter <psutter@redhat.com> - 1.0.0-14
-- Add missing backports from upstream
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.0-21
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.0-20
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

sources

@@ -0,0 +1 @@
+b2efab1a3a198a5add448960ba011acd  libnetfilter_cthelper-1.0.0.tar.bz2

tests/test.sh

@@ -0,0 +1,62 @@
+libnetfilter_cthelper_tests()
+{
+    local fail=0
+
+    # add helper object
+    nfct add helper ftp inet tcp || let fail++
+    nfct add helper rpc inet tcp || let fail++
+    nfct add helper rpc inet udp || let fail++
+    nfct add helper amanda inet udp || let fail++
+    nfct add helper sane inet tcp || let fail++
+    nfct add helper dhcpv6 inet udp || let fail++
+    nfct add helper ssdp inet udp || let fail++
+    nfct add helper tftp inet udp || let fail++
+    nfct add helper tns inet tcp || let fail++
+    nfct add helper mdns inet udp || let fail++
+
+    # list helpers
+    nfct list helper || let fail++
+
+    # clear helpers
+    nfct flush helper || let fail++
+
+    # add helper object
+    nfct add helper ftp inet tcp || let fail++
+    nfct add helper rpc inet tcp || let fail++
+    nfct add helper rpc inet udp || let fail++
+
+    # get helper object
+    nfct get helper ftp || let fail++
+    nfct get helper rpc || let fail++
+
+    # delete helper object
+    nfct delete helper ftp || let fail++
+    nfct delete helper rpc || let fail++
+
+    # add helper object
+    nfct add helper ftp inet tcp || let fail++
+    nfct add helper rpc inet tcp || let fail++
+    nfct add helper rpc inet udp || let fail++
+
+    # get helper object
+    nfct get helper ftp inet tcp || let fail++
+    nfct get helper rpc inet tcp || let fail++
+    nfct get helper rpc inet udp || let fail++
+
+    # delete helper object
+    nfct delete helper ftp inet tcp || let fail++
+    nfct delete helper rpc inet tcp || let fail++
+    nfct delete helper rpc inet udp || let fail++
+    nfct delete helper amanda inet udp || let fail++
+    nfct delete helper sane inet tcp || let fail++
+    nfct delete helper dhcpv6 inet udp || let fail++
+    nfct delete helper ssdp inet udp || let fail++
+    nfct delete helper tftp inet udp || let fail++
+    nfct delete helper tns inet tcp || let fail++
+    nfct delete helper mdns inet udp || let fail++
+
+    echo "There are $fail command(s) failed"
+    return $fail
+}
+
+libnetfilter_cthelper_tests

tests/tests.yml

@@ -0,0 +1,12 @@
+# Tests for libnetfilter_cthelper
+- hosts: localhost
+  tags:
+  - classic
+  roles:
+  - role: standard-test-basic
+    required_packages:
+    - conntrack-tools
+    tests:
+    - sanity-tests:
+        dir: .
+        run: sh test.sh