Compare commits

...

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

6 changed files with 94 additions and 167 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libnetfilter_queue-1.0.4.tar.bz2
SOURCES/libnetfilter_queue-1.0.5.tar.bz2

View File

@ -1 +1 @@
1f1b4d4238371ca89739b08cff8a8388b7d438ad SOURCES/libnetfilter_queue-1.0.4.tar.bz2
799e991428e14d65a5dc44d914e9af10a80a3526 SOURCES/libnetfilter_queue-1.0.5.tar.bz2

View File

@ -1,77 +0,0 @@
From b9986739f0ec0ffc2bf37951fc8308fbfb433d0c Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Sat, 6 Jun 2020 16:14:44 +0200
Subject: [PATCH] configure: add --with/without-doxygen switch
Allows to turn off doxygen even if its installed, via
--without-doxygen.
Default is to probe for doxygen presence (--with-doxygen).
Signed-off-by: Florian Westphal <fw@strlen.de>
(cherry picked from commit 3622e6061d5cc34db70cef7b8516217e27ffa57c)
Conflicts:
- Change configure script itself instead of configure.ac as original patch
does.
---
--- a/configure
+++ b/configure
@@ -770,6 +770,7 @@
with_gnu_ld
with_sysroot
enable_libtool_lock
+with_doxygen
'
ac_precious_vars='build_alias
host_alias
@@ -1441,6 +1442,7 @@
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot[=DIR] Search for dependent libraries within DIR (or the
compiler's sysroot if not specified).
+ --with-doxygen create doxygen documentation
Some influential environment variables:
CC C compiler command
@@ -13278,7 +13280,17 @@
-for ac_prog in doxygen
+# Check whether --with-doxygen was given.
+if test "${with_doxygen+set}" = set; then :
+ withval=$with_doxygen; with_doxygen="$withval"
+else
+ with_doxygen=yes
+fi
+
+
+if test "x$with_doxygen" != xno; then :
+
+ for ac_prog in doxygen
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
@@ -13320,9 +13332,7 @@
test -n "$DOXYGEN" && break
done
-if test -z "$DOXYGEN";
- then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Doxygen not found - continuing without Doxygen support" >&5
-$as_echo "$as_me: WARNING: Doxygen not found - continuing without Doxygen support" >&2;}
+
fi
if test -n "$DOXYGEN"; then
@@ -13333,6 +13343,10 @@
HAVE_DOXYGEN_FALSE=
fi
+if test -z "$DOXYGEN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Doxygen not found - continuing without Doxygen support" >&5
+$as_echo "$as_me: WARNING: Doxygen not found - continuing without Doxygen support" >&2;}
+fi
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure

View File

@ -0,0 +1,58 @@
From 89c17c1a301b3df0ae3b430a105f3208a0c6b53e Mon Sep 17 00:00:00 2001
From: Etan Kissling <etan_kissling@apple.com>
Date: Tue, 9 Feb 2021 23:51:33 +0100
Subject: [PATCH] src: fix IPv6 header handling
This corrects issues in IPv6 header handling that sometimes resulted
in an endless loop.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 51f25df304aeaa6c1b02ef7456a61278ee70c102)
---
src/extra/ipv6.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c
index 42c5e25054dff..23f64ba6706b8 100644
--- a/src/extra/ipv6.c
+++ b/src/extra/ipv6.c
@@ -67,10 +67,19 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
uint8_t nexthdr = ip6h->ip6_nxt;
uint8_t *cur = (uint8_t *)ip6h + sizeof(struct ip6_hdr);
- while (nexthdr != target) {
+ while (nexthdr == IPPROTO_HOPOPTS ||
+ nexthdr == IPPROTO_ROUTING ||
+ nexthdr == IPPROTO_FRAGMENT ||
+ nexthdr == IPPROTO_AH ||
+ nexthdr == IPPROTO_NONE ||
+ nexthdr == IPPROTO_DSTOPTS) {
struct ip6_ext *ip6_ext;
uint32_t hdrlen;
+ /* Extension header was requested, we're done. */
+ if (nexthdr == target)
+ break;
+
/* No more extensions, we're done. */
if (nexthdr == IPPROTO_NONE) {
cur = NULL;
@@ -107,11 +116,13 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
} else if (nexthdr == IPPROTO_AH)
hdrlen = (ip6_ext->ip6e_len + 2) << 2;
else
- hdrlen = ip6_ext->ip6e_len;
+ hdrlen = (ip6_ext->ip6e_len + 1) << 3;
nexthdr = ip6_ext->ip6e_nxt;
cur += hdrlen;
}
+ if (nexthdr != target)
+ cur = NULL;
pktb->transport_header = cur;
return cur ? 1 : 0;
}
--
2.32.0

View File

@ -1,65 +0,0 @@
#!/bin/bash -p
#set -x
function main
{
set -e
cd doxygen/man/man3
rm -f _*
setgroup LibrarySetup nfq_open
add2group nfq_close nfq_bind_pf nfq_unbind_pf
setgroup Parsing nfq_get_msg_packet_hdr
add2group nfq_get_nfmark nfq_get_timestamp nfq_get_indev nfq_get_physindev
add2group nfq_get_outdev nfq_get_physoutdev nfq_get_indev_name
add2group nfq_get_physindev_name nfq_get_outdev_name
add2group nfq_get_physoutdev_name nfq_get_packet_hw
add2group nfq_get_skbinfo
add2group nfq_get_uid nfq_get_gid
add2group nfq_get_secctx nfq_get_payload
setgroup Queue nfq_fd
add2group nfq_create_queue nfq_destroy_queue nfq_handle_packet nfq_set_mode
add2group nfq_set_queue_flags nfq_set_queue_maxlen nfq_set_verdict
add2group nfq_set_verdict2 nfq_set_verdict_batch
add2group nfq_set_verdict_batch2 nfq_set_verdict_mark
setgroup ipv4 nfq_ip_get_hdr
add2group nfq_ip_set_transport_header nfq_ip_mangle nfq_ip_snprintf
setgroup ip_internals nfq_ip_set_checksum
setgroup ipv6 nfq_ip6_get_hdr
add2group nfq_ip6_set_transport_header nfq_ip6_mangle nfq_ip6_snprintf
setgroup nfq_cfg nfq_nlmsg_cfg_put_cmd
add2group nfq_nlmsg_cfg_put_params nfq_nlmsg_cfg_put_qmaxlen
setgroup nfq_verd nfq_nlmsg_verdict_put
add2group nfq_nlmsg_verdict_put_mark nfq_nlmsg_verdict_put_pkt
setgroup nlmsg nfq_nlmsg_parse
add2group nfq_nlmsg_put
setgroup pktbuff pktb_alloc
add2group pktb_data pktb_len pktb_mangle pktb_mangled
add2group pktb_free
setgroup otherfns pktb_tailroom
add2group pktb_mac_header pktb_network_header pktb_transport_header
setgroup uselessfns pktb_push
add2group pktb_pull pktb_put pktb_trim
setgroup tcp nfq_tcp_get_hdr
add2group nfq_tcp_get_payload nfq_tcp_get_payload_len
add2group nfq_tcp_snprintf nfq_tcp_mangle_ipv4 nfq_tcp_mangle_ipv6
setgroup tcp_internals nfq_tcp_compute_checksum_ipv4
add2group nfq_tcp_compute_checksum_ipv6
setgroup udp nfq_udp_get_hdr
add2group nfq_udp_get_payload nfq_udp_get_payload_len
add2group nfq_udp_mangle_ipv4 nfq_udp_mangle_ipv6 nfq_udp_snprintf
setgroup udp_internals nfq_udp_compute_checksum_ipv4
add2group nfq_udp_compute_checksum_ipv6
setgroup Printing nfq_snprintf_xml
}
function setgroup
{
mv $1.3 $2.3
BASE=$2
}
function add2group
{
for i in $@
do
ln -sf $BASE.3 $i.3
done
}
main

View File

@ -1,21 +1,19 @@
%define libnfnetlink 1.0.1
Name: libnetfilter_queue
Version: 1.0.4
Release: 3%{?dist}
Version: 1.0.5
Release: 1%{?dist}
Summary: Netfilter queue userspace library
Group: System Environment/Libraries
# Most files say GPLv2+, one says v2 only.
License: GPLv2
URL: http://netfilter.org
Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2
Source1: fixmanpages.sh
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch1: 0001-configure-add-with-without-doxygen-switch.patch
Patch1: 0001-src-fix-IPv6-header-handling.patch
BuildRequires: libnfnetlink-devel >= %{libnfnetlink}, pkgconfig, kernel-headers
BuildRequires: autoconf, automake, libtool, libmnl-devel >= 1.0.3
BuildRequires: make
%description
libnetfilter_queue is a userspace library providing an API to packets that have
@ -26,7 +24,6 @@ libnetfilter_queue has been previously known as libnfnetlink_queue.
%package devel
Summary: Netfilter queue userspace library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}, pkgconfig
Requires: libnfnetlink-devel >= %{libnfnetlink}, kernel-headers
@ -39,10 +36,9 @@ libnetfilter_queue has been previously known as libnfnetlink_queue.
%prep
%autosetup -p1
install -m0755 %{SOURCE1} .
%build
%configure --disable-static --without-doxygen
%configure --disable-static
make %{?_smp_mflags}
%install
@ -50,34 +46,49 @@ rm -rf $RPM_BUILD_ROOT
make DESTDIR=%{buildroot} install
find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
%clean
rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%ldconfig_scriptlets
%files
%defattr(-,root,root,-)
%doc COPYING
%{_libdir}/*.so.*
%files devel
%defattr(-,root,root,-)
%{_libdir}/*.so
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/*.h
%{_libdir}/pkgconfig/%{name}.pc
%changelog
* Mon Jun 08 2020 Phil Sutter <psutter@redhat.com> - 1.0.4-3
- Add missing fixmanpages.sh script
- Allow for and explicitly disable doxygen docs
* Fri Aug 13 2021 Phil Sutter <psutter@redhat.com> - 1.0.5-1
- Rebase onto upstream version 1.0.5
* Fri Jun 05 2020 Phil Sutter <psutter@redhat.com> - 1.0.4-2
- No need to drop internal.h, it is no longer installed.
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.2-20
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Jun 05 2020 Phil Sutter <psutter@redhat.com> - 1.0.4-1
- Rebase onto version 1.0.4
* Mon Apr 19 2021 Phil Sutter <psutter@redhat.com> - 1.0.2-19
- extra: use inet_ntop instead of inet_ntoa
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.2-18
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild