diff --git a/build-avoid-symbol-namespace-pollution.patch b/build-avoid-symbol-namespace-pollution.patch deleted file mode 100644 index 1e12e1e..0000000 --- a/build-avoid-symbol-namespace-pollution.patch +++ /dev/null @@ -1,428 +0,0 @@ -From 7983983a2912165aaa3b9fff2f7aa42421d2f730 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Tue, 13 Aug 2013 10:48:50 +0200 -Subject: [PATCH 11/38] build: avoid symbol namespace pollution - -As of f40eabb01 (add pkt_buff and protocol helper functions) -libnetfilter_queue accidentally exports the internal function named -'checksum'. This is a bit too generic and may cause crashes with -applications that worked fine before. - -This patch makes the functions checksum, checksum_tcpudp_ipv4 and -checksum_tcpudp_ipv6 local by building with fvis-hidden and adding -EXPORTs for the legacy api calls and the ones that seem to have missing -EXPORT tags (mainly pktbuff api). - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - Make_global.am | 2 +- - src/extra/pktbuff.c | 12 ++++++++++++ - src/internal.h | 2 ++ - src/libnetfilter_queue.c | 38 +++++++++++++++++++++++++++++++++++--- - 4 files changed, 50 insertions(+), 4 deletions(-) - -diff --git a/Make_global.am b/Make_global.am -index 9bc8ea1..91da5da 100644 ---- a/Make_global.am -+++ b/Make_global.am -@@ -1,2 +1,2 @@ - AM_CPPFLAGS = -I${top_srcdir}/include ${LIBNFNETLINK_CFLAGS} ${LIBMNL_CFLAGS} --AM_CFLAGS = -Wall -+AM_CFLAGS = -Wall ${GCC_FVISIBILITY_HIDDEN} -diff --git a/src/extra/pktbuff.c b/src/extra/pktbuff.c -index 0bd778d..1c15a00 100644 ---- a/src/extra/pktbuff.c -+++ b/src/extra/pktbuff.c -@@ -84,6 +84,7 @@ pktb_alloc(int family, void *data, size_t len, size_t extra) - } - return pktb; - } -+EXPORT_SYMBOL(pktb_alloc); - - /** - * pktb_data - return pointer to the beginning of the packet buffer -@@ -93,6 +94,7 @@ uint8_t *pktb_data(struct pkt_buff *pktb) - { - return pktb->data; - } -+EXPORT_SYMBOL(pktb_data); - - /** - * pktb_len - return length of the packet buffer -@@ -102,6 +104,7 @@ uint32_t pktb_len(struct pkt_buff *pktb) - { - return pktb->len; - } -+EXPORT_SYMBOL(pktb_len); - - /** - * pktb_free - release packet buffer -@@ -111,6 +114,7 @@ void pktb_free(struct pkt_buff *pktb) - { - free(pktb); - } -+EXPORT_SYMBOL(pktb_free); - - /** - * pktb_push - update pointer to the beginning of the packet buffer -@@ -121,6 +125,7 @@ void pktb_push(struct pkt_buff *pktb, unsigned int len) - pktb->data -= len; - pktb->len += len; - } -+EXPORT_SYMBOL(pktb_push); - - /** - * pktb_pull - update pointer to the beginning of the packet buffer -@@ -131,6 +136,7 @@ void pktb_pull(struct pkt_buff *pktb, unsigned int len) - pktb->data += len; - pktb->len -= len; - } -+EXPORT_SYMBOL(pktb_pull); - - /** - * pktb_put - add extra bytes to the tail of the packet buffer -@@ -141,6 +147,7 @@ void pktb_put(struct pkt_buff *pktb, unsigned int len) - pktb->tail += len; - pktb->len += len; - } -+EXPORT_SYMBOL(pktb_put); - - /** - * pktb_trim - set new length for this packet buffer -@@ -150,6 +157,7 @@ void pktb_trim(struct pkt_buff *pktb, unsigned int len) - { - pktb->len = len; - } -+EXPORT_SYMBOL(pktb_trim); - - /** - * pktb_tailroom - get room in bytes in the tail of the packet buffer -@@ -159,6 +167,7 @@ unsigned int pktb_tailroom(struct pkt_buff *pktb) - { - return pktb->data_len - pktb->len; - } -+EXPORT_SYMBOL(pktb_tailroom); - - /** - * pktb_mac_header - return pointer to layer 2 header (if any) -@@ -168,6 +177,7 @@ uint8_t *pktb_mac_header(struct pkt_buff *pktb) - { - return pktb->mac_header; - } -+EXPORT_SYMBOL(pktb_mac_header); - - /** - * pktb_network_header - return pointer to layer 3 header -@@ -177,6 +187,7 @@ uint8_t *pktb_network_header(struct pkt_buff *pktb) - { - return pktb->network_header; - } -+EXPORT_SYMBOL(pktb_network_header); - - /** - * pktb_transport_header - return pointer to layer 4 header (if any) -@@ -186,6 +197,7 @@ uint8_t *pktb_transport_header(struct pkt_buff *pktb) - { - return pktb->transport_header; - } -+EXPORT_SYMBOL(pktb_transport_header); - - static int pktb_expand_tail(struct pkt_buff *pkt, int extra) - { -diff --git a/src/internal.h b/src/internal.h -index 37bf79e..7f9d5f4 100644 ---- a/src/internal.h -+++ b/src/internal.h -@@ -2,6 +2,8 @@ - #define INTERNAL_H 1 - - #include "config.h" -+#include -+#include - #ifdef HAVE_VISIBILITY_HIDDEN - # define __visible __attribute__((visibility("default"))) - # define EXPORT_SYMBOL(x) typeof(x) (x) __visible -diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c -index 6817957..fa8efe7 100644 ---- a/src/libnetfilter_queue.c -+++ b/src/libnetfilter_queue.c -@@ -32,6 +32,7 @@ - - #include - #include -+#include "src/internal.h" - - /** - * \mainpage -@@ -133,6 +134,7 @@ struct nfq_data { - }; - - int nfq_errno; -+EXPORT_SYMBOL(nfq_errno); - - /*********************************************************************** - * low level stuff -@@ -225,6 +227,7 @@ struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h) - { - return h->nfnlh; - } -+EXPORT_SYMBOL(nfq_nfnlh); - - /** - * -@@ -300,7 +303,7 @@ int nfq_fd(struct nfq_handle *h) - { - return nfnl_fd(nfq_nfnlh(h)); - } -- -+EXPORT_SYMBOL(nfq_fd); - /** - * @} - */ -@@ -368,6 +371,7 @@ struct nfq_handle *nfq_open(void) - - return qh; - } -+EXPORT_SYMBOL(nfq_open); - - /** - * @} -@@ -416,6 +420,7 @@ out_free: - free(h); - return NULL; - } -+EXPORT_SYMBOL(nfq_open_nfnl); - - /** - * \addtogroup LibrarySetup -@@ -443,6 +448,7 @@ int nfq_close(struct nfq_handle *h) - free(h); - return ret; - } -+EXPORT_SYMBOL(nfq_close); - - /** - * nfq_bind_pf - bind a nfqueue handler to a given protocol family -@@ -458,6 +464,7 @@ int nfq_bind_pf(struct nfq_handle *h, u_int16_t pf) - { - return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf); - } -+EXPORT_SYMBOL(nfq_bind_pf); - - /** - * nfq_unbind_pf - unbind nfqueue handler from a protocol family -@@ -471,7 +478,7 @@ int nfq_unbind_pf(struct nfq_handle *h, u_int16_t pf) - { - return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf); - } -- -+EXPORT_SYMBOL(nfq_unbind_pf); - - - /** -@@ -544,6 +551,7 @@ struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, - add_qh(qh); - return qh; - } -+EXPORT_SYMBOL(nfq_create_queue); - - /** - * @} -@@ -571,6 +579,7 @@ int nfq_destroy_queue(struct nfq_q_handle *qh) - - return ret; - } -+EXPORT_SYMBOL(nfq_destroy_queue); - - /** - * nfq_handle_packet - handle a packet received from the nfqueue subsystem -@@ -588,6 +597,7 @@ int nfq_handle_packet(struct nfq_handle *h, char *buf, int len) - { - return nfnl_handle_packet(h->nfnlh, buf, len); - } -+EXPORT_SYMBOL(nfq_handle_packet); - - /** - * nfq_set_mode - set the amount of packet data that nfqueue copies to userspace -@@ -624,6 +634,7 @@ int nfq_set_mode(struct nfq_q_handle *qh, - - return nfnl_query(qh->h->nfnlh, &u.nmh); - } -+EXPORT_SYMBOL(nfq_set_mode); - - /** - * nfq_set_queue_flags - set flags (options) for the kernel queue -@@ -693,6 +704,7 @@ int nfq_set_queue_flags(struct nfq_q_handle *qh, - - return nfnl_query(qh->h->nfnlh, &u.nmh); - } -+EXPORT_SYMBOL(nfq_set_queue_flags); - - /** - * nfq_set_queue_maxlen - Set kernel queue maximum length parameter -@@ -723,6 +735,7 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh, - - return nfnl_query(qh->h->nfnlh, &u.nmh); - } -+EXPORT_SYMBOL(nfq_set_queue_maxlen); - - /** - * @} -@@ -815,7 +828,8 @@ int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id, - { - return __set_verdict(qh, id, verdict, 0, 0, data_len, buf, - NFQNL_MSG_VERDICT); --} -+} -+EXPORT_SYMBOL(nfq_set_verdict); - - /** - * nfq_set_verdict2 - like nfq_set_verdict, but you can set the mark. -@@ -833,6 +847,7 @@ int nfq_set_verdict2(struct nfq_q_handle *qh, u_int32_t id, - return __set_verdict(qh, id, verdict, htonl(mark), 1, data_len, - buf, NFQNL_MSG_VERDICT); - } -+EXPORT_SYMBOL(nfq_set_verdict2); - - /** - * nfq_set_verdict_batch - issue verdicts on several packets at once -@@ -852,6 +867,7 @@ int nfq_set_verdict_batch(struct nfq_q_handle *qh, u_int32_t id, - return __set_verdict(qh, id, verdict, 0, 0, 0, NULL, - NFQNL_MSG_VERDICT_BATCH); - } -+EXPORT_SYMBOL(nfq_set_verdict_batch); - - /** - * nfq_set_verdict_batch2 - like nfq_set_verdict_batch, but you can set a mark. -@@ -866,6 +882,7 @@ int nfq_set_verdict_batch2(struct nfq_q_handle *qh, u_int32_t id, - return __set_verdict(qh, id, verdict, htonl(mark), 1, 0, - NULL, NFQNL_MSG_VERDICT_BATCH); - } -+EXPORT_SYMBOL(nfq_set_verdict_batch2); - - /** - * nfq_set_verdict_mark - like nfq_set_verdict, but you can set the mark. -@@ -888,6 +905,7 @@ int nfq_set_verdict_mark(struct nfq_q_handle *qh, u_int32_t id, - return __set_verdict(qh, id, verdict, mark, 1, data_len, buf, - NFQNL_MSG_VERDICT); - } -+EXPORT_SYMBOL(nfq_set_verdict_mark); - - /** - * @} -@@ -927,6 +945,7 @@ struct nfqnl_msg_packet_hdr *nfq_get_msg_packet_hdr(struct nfq_data *nfad) - return nfnl_get_pointer_to_data(nfad->data, NFQA_PACKET_HDR, - struct nfqnl_msg_packet_hdr); - } -+EXPORT_SYMBOL(nfq_get_msg_packet_hdr); - - /** - * nfq_get_nfmark - get the packet mark -@@ -938,6 +957,7 @@ uint32_t nfq_get_nfmark(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_MARK, u_int32_t)); - } -+EXPORT_SYMBOL(nfq_get_nfmark); - - /** - * nfq_get_timestamp - get the packet timestamp -@@ -961,6 +981,7 @@ int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) - - return 0; - } -+EXPORT_SYMBOL(nfq_get_timestamp); - - /** - * nfq_get_indev - get the interface that the packet was received through -@@ -977,6 +998,7 @@ u_int32_t nfq_get_indev(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_INDEV, u_int32_t)); - } -+EXPORT_SYMBOL(nfq_get_indev); - - /** - * nfq_get_physindev - get the physical interface that the packet was received -@@ -990,6 +1012,7 @@ u_int32_t nfq_get_physindev(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSINDEV, u_int32_t)); - } -+EXPORT_SYMBOL(nfq_get_physindev); - - /** - * nfq_get_outdev - gets the interface that the packet will be routed out -@@ -1003,6 +1026,7 @@ u_int32_t nfq_get_outdev(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_OUTDEV, u_int32_t)); - } -+EXPORT_SYMBOL(nfq_get_outdev); - - /** - * nfq_get_physoutdev - get the physical interface that the packet output -@@ -1018,6 +1042,7 @@ u_int32_t nfq_get_physoutdev(struct nfq_data *nfad) - { - return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSOUTDEV, u_int32_t)); - } -+EXPORT_SYMBOL(nfq_get_physoutdev); - - /** - * nfq_get_indev_name - get the name of the interface the packet -@@ -1063,6 +1088,7 @@ int nfq_get_indev_name(struct nlif_handle *nlif_handle, - u_int32_t ifindex = nfq_get_indev(nfad); - return nlif_index2name(nlif_handle, ifindex, name); - } -+EXPORT_SYMBOL(nfq_get_indev_name); - - /** - * nfq_get_physindev_name - get the name of the physical interface the -@@ -1082,6 +1108,7 @@ int nfq_get_physindev_name(struct nlif_handle *nlif_handle, - u_int32_t ifindex = nfq_get_physindev(nfad); - return nlif_index2name(nlif_handle, ifindex, name); - } -+EXPORT_SYMBOL(nfq_get_physindev_name); - - /** - * nfq_get_outdev_name - get the name of the physical interface the -@@ -1101,6 +1128,7 @@ int nfq_get_outdev_name(struct nlif_handle *nlif_handle, - u_int32_t ifindex = nfq_get_outdev(nfad); - return nlif_index2name(nlif_handle, ifindex, name); - } -+EXPORT_SYMBOL(nfq_get_outdev_name); - - /** - * nfq_get_physoutdev_name - get the name of the interface the -@@ -1121,6 +1149,7 @@ int nfq_get_physoutdev_name(struct nlif_handle *nlif_handle, - u_int32_t ifindex = nfq_get_physoutdev(nfad); - return nlif_index2name(nlif_handle, ifindex, name); - } -+EXPORT_SYMBOL(nfq_get_physoutdev_name); - - /** - * nfq_get_packet_hw -@@ -1149,6 +1178,7 @@ struct nfqnl_msg_packet_hw *nfq_get_packet_hw(struct nfq_data *nfad) - return nfnl_get_pointer_to_data(nfad->data, NFQA_HWADDR, - struct nfqnl_msg_packet_hw); - } -+EXPORT_SYMBOL(nfq_get_packet_hw); - - /** - * nfq_get_payload - get payload -@@ -1170,6 +1200,7 @@ int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) - - return -1; - } -+EXPORT_SYMBOL(nfq_get_payload); - - /** - * @} -@@ -1356,6 +1387,7 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) - - return len; - } -+EXPORT_SYMBOL(nfq_snprintf_xml); - - /** - * @} --- -1.8.3.1 - diff --git a/extra-fix-wrong-implementation-in-nfq_udp_get_payloa.patch b/extra-fix-wrong-implementation-in-nfq_udp_get_payloa.patch deleted file mode 100644 index fe8232e..0000000 --- a/extra-fix-wrong-implementation-in-nfq_udp_get_payloa.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 7335cbed46eb81cd4f521966ef508e18b6e8059f Mon Sep 17 00:00:00 2001 -From: Ting-Wei Lan -Date: Fri, 20 Jun 2014 18:27:00 +0800 -Subject: [PATCH 21/38] extra: fix wrong implementation in nfq_udp_get_payload - -Signed-off-by: Pablo Neira Ayuso ---- - src/extra/udp.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/extra/udp.c b/src/extra/udp.c -index eee732e..6e6baed 100644 ---- a/src/extra/udp.c -+++ b/src/extra/udp.c -@@ -56,13 +56,17 @@ EXPORT_SYMBOL(nfq_udp_get_hdr); - */ - void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) - { -- unsigned int doff = udph->len; -+ uint16_t len = ntohs(udph->len); - -- /* malformed UDP data offset. */ -- if (pktb->transport_header + doff > pktb->tail) -+ /* the UDP packet is too short. */ -+ if (len < sizeof(struct udphdr)) - return NULL; - -- return pktb->transport_header + doff; -+ /* malformed UDP packet. */ -+ if (pktb->transport_header + len > pktb->tail) -+ return NULL; -+ -+ return pktb->transport_header + sizeof(struct udphdr); - } - EXPORT_SYMBOL(nfq_udp_get_payload); - --- -1.8.3.1 - diff --git a/extra-tcp-insufficient-sanitization-in-nfq_tcp_get_p.patch b/extra-tcp-insufficient-sanitization-in-nfq_tcp_get_p.patch deleted file mode 100644 index 6e07eaf..0000000 --- a/extra-tcp-insufficient-sanitization-in-nfq_tcp_get_p.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 32946848916002e1014e6125f2b3aee208d37700 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Mon, 30 Jun 2014 12:18:07 +0200 -Subject: [PATCH 22/38] extra: tcp: insufficient sanitization in - nfq_tcp_get_payload() - -Similar to 7335cbe ("extra: fix wrong implementation in -nfq_udp_get_payload"). - -Signed-off-by: Pablo Neira Ayuso ---- - src/extra/tcp.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/extra/tcp.c b/src/extra/tcp.c -index 2eb5763..bf161aa 100644 ---- a/src/extra/tcp.c -+++ b/src/extra/tcp.c -@@ -59,13 +59,17 @@ EXPORT_SYMBOL(nfq_tcp_get_hdr); - */ - void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) - { -- unsigned int doff = tcph->doff * 4; -+ unsigned int len = tcph->doff * 4; -+ -+ /* TCP packet is too short */ -+ if (len < sizeof(struct tcphdr)) -+ return NULL; - - /* malformed TCP data offset. */ -- if (pktb->transport_header + doff >= pktb->tail) -+ if (pktb->transport_header + len > pktb->tail) - return NULL; - -- return pktb->transport_header + doff; -+ return pktb->transport_header + len; - } - EXPORT_SYMBOL(nfq_tcp_get_payload); - --- -1.8.3.1 - diff --git a/extra-use-inet_ntop-instead-of-inet_ntoa.patch b/extra-use-inet_ntop-instead-of-inet_ntoa.patch deleted file mode 100644 index 58ddadf..0000000 --- a/extra-use-inet_ntop-instead-of-inet_ntoa.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 3065fb3642c8e554432059629808a62560e2184f Mon Sep 17 00:00:00 2001 -From: Ting-Wei Lan -Date: Fri, 20 Jun 2014 18:26:59 +0800 -Subject: [PATCH 20/38] extra: use inet_ntop instead of inet_ntoa - -The result of inet_ntoa() will be overwritten by the next call to -inet_ntoa(), so using it twice in the same snprintf() call causes -wrong result. - -Signed-off-by: Pablo Neira Ayuso ---- - src/extra/ipv4.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/extra/ipv4.c b/src/extra/ipv4.c -index 0fe716b..a93d113 100644 ---- a/src/extra/ipv4.c -+++ b/src/extra/ipv4.c -@@ -134,9 +134,13 @@ int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) - struct in_addr src = { iph->saddr }; - struct in_addr dst = { iph->daddr }; - -+ char src_str[INET_ADDRSTRLEN]; -+ char dst_str[INET_ADDRSTRLEN]; -+ - ret = snprintf(buf, size, "SRC=%s DST=%s LEN=%u TOS=0x%X " - "PREC=0x%X TTL=%u ID=%u PROTO=%u ", -- inet_ntoa(src), inet_ntoa(dst), -+ inet_ntop(AF_INET, &src, src_str, INET_ADDRSTRLEN), -+ inet_ntop(AF_INET, &dst, dst_str, INET_ADDRSTRLEN), - ntohs(iph->tot_len), IPTOS_TOS(iph->tos), - IPTOS_PREC(iph->tos), iph->ttl, ntohs(iph->id), - iph->protocol); --- -1.8.3.1 - diff --git a/fix-valgrind-errors-of-uninitialised-byte-during-cal.patch b/fix-valgrind-errors-of-uninitialised-byte-during-cal.patch deleted file mode 100644 index c6ae5ec..0000000 --- a/fix-valgrind-errors-of-uninitialised-byte-during-cal.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 84d24281f4cfac9597ee9184a30cb1aa91d8a86e Mon Sep 17 00:00:00 2001 -From: Tamas Lengyel -Date: Fri, 31 May 2013 12:20:57 +0000 -Subject: [PATCH 10/38] fix valgrind errors of uninitialised byte during call - to nfq_unbind_pf - -Valgrind generates error reports during a call -to the nfq_unbind_pf function: - -==00:00:00:08.662 22111== 4 errors in context 1 of 1: -==00:00:00:08.662 22111== Syscall param socketcall.sendto(msg) points -to uninitialised byte(s) -... -==00:00:00:08.662 22111== Uninitialised value was created by a stack allocation -==00:00:00:08.662 22111== at 0x679C30B: __build_send_cfg_msg -(libnetfilter_queue.c:178 - -Signed-off-by: Tamas K Lengyel -Signed-off-by: Florian Westphal ---- - src/libnetfilter_queue.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c -index 2894ccd..bf944f0 100644 ---- a/src/libnetfilter_queue.c -+++ b/src/libnetfilter_queue.c -@@ -186,6 +186,7 @@ __build_send_cfg_msg(struct nfq_handle *h, u_int8_t command, - nfnl_fill_hdr(h->nfnlssh, &u.nmh, 0, AF_UNSPEC, queuenum, - NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK); - -+ cmd._pad = 0; - cmd.command = command; - cmd.pf = htons(pf); - nfnl_addattr_l(&u.nmh, sizeof(u), NFQA_CFG_CMD, &cmd, sizeof(cmd)); --- -1.8.3.1 - diff --git a/libnetfilter_queue-1.0.2.tar.bz2 b/libnetfilter_queue-1.0.2.tar.bz2 deleted file mode 100644 index 2f6f46c..0000000 Binary files a/libnetfilter_queue-1.0.2.tar.bz2 and /dev/null differ diff --git a/libnetfilter_queue-1.0.5.tar.bz2 b/libnetfilter_queue-1.0.5.tar.bz2 new file mode 100644 index 0000000..a3cd668 Binary files /dev/null and b/libnetfilter_queue-1.0.5.tar.bz2 differ diff --git a/libnetfilter_queue.spec b/libnetfilter_queue.spec index b10ed45..13c2b8e 100644 --- a/libnetfilter_queue.spec +++ b/libnetfilter_queue.spec @@ -1,6 +1,6 @@ Name: libnetfilter_queue -Version: 1.0.2 -Release: 13 +Version: 1.0.5 +Release: 1 Summary: A userspace library to the queued packets License: GPLv2 URL: http://netfilter.org @@ -8,14 +8,6 @@ Source0: https://netfilter.org/projects/libnetfilter_queue/files/libnetfil BuildRequires: autoconf automake libtool pkgconfig kernel-headers BuildRequires: libnfnetlink-devel >= 1.0.1 libmnl-devel >= 1.0.3 -Patch6001: fix-valgrind-errors-of-uninitialised-byte-during-cal.patch -Patch6002: build-avoid-symbol-namespace-pollution.patch -Patch6003: extra-use-inet_ntop-instead-of-inet_ntoa.patch -Patch6004: extra-fix-wrong-implementation-in-nfq_udp_get_payloa.patch -Patch6005: extra-tcp-insufficient-sanitization-in-nfq_tcp_get_p.patch -Patch6006: src-make-nfq_open_nfnl-thread-safe.patch -Patch6007: src-check-result-of-malloc-when-creating-queue.patch - %description libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. It is is part of a system that @@ -35,7 +27,7 @@ Includes development headers and librarys for libnetfilter_queue. %autosetup -n %{name}-%{version} -p1 %build -%configure +%configure --disable-static %make_build %install @@ -67,6 +59,12 @@ make check %exclude %{_libdir}/libnetfilter_queue.la %changelog +* Fri Jul 24 2020 openEuler Buildteam - 1.0.5-1 +- Type:NA +- Id:NA +- SUG:NA +- DESC: update to 1.0.5 + * Tue Sep 17 2019 Huiming Xie - 1.0.2.13 - Package init diff --git a/src-check-result-of-malloc-when-creating-queue.patch b/src-check-result-of-malloc-when-creating-queue.patch deleted file mode 100644 index cb32fc6..0000000 --- a/src-check-result-of-malloc-when-creating-queue.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 981025e103d887fb6a9c9bb49c74ec323108d098 Mon Sep 17 00:00:00 2001 -From: Victor Julien -Date: Sun, 3 Jul 2016 09:38:02 +0200 -Subject: [PATCH 30/38] src: check result of malloc when creating queue - -Signed-off-by: Victor Julien -Signed-off-by: Florian Westphal ---- - src/libnetfilter_queue.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c -index 5fbde5b..211a8ba 100644 ---- a/src/libnetfilter_queue.c -+++ b/src/libnetfilter_queue.c -@@ -536,6 +536,8 @@ struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, - return NULL; - - qh = malloc(sizeof(*qh)); -+ if (!qh) -+ return NULL; - - memset(qh, 0, sizeof(*qh)); - qh->h = h; --- -1.8.3.1 - diff --git a/src-make-nfq_open_nfnl-thread-safe.patch b/src-make-nfq_open_nfnl-thread-safe.patch deleted file mode 100644 index 8832279..0000000 --- a/src-make-nfq_open_nfnl-thread-safe.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 4ca06bc967d94b7b7b5a6efc76e870f0efc77e24 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Thu, 16 Jun 2016 15:11:32 +0200 -Subject: [PATCH 29/38] src: make nfq_open_nfnl thread-safe - -nfq_open_nfnl uses an intermediate static object, so when it is invoked -by distinct threads at the same time there is a small chance that some -threads end up with another threads nfq_handle pointer stored in ->data. - -The result is that the affected queue will be stuck because the thread -that was supposed to service it is handling another/wrong queue instead. - -Tested-by: Michal Tesar -Signed-off-by: Florian Westphal -Acked-by: Pablo Neira Ayuso ---- - src/libnetfilter_queue.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c -index 84184ee..5fbde5b 100644 ---- a/src/libnetfilter_queue.c -+++ b/src/libnetfilter_queue.c -@@ -216,11 +216,6 @@ static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[], - return qh->cb(qh, nfmsg, &nfqa, qh->data); - } - --static struct nfnl_callback pkt_cb = { -- .call = &__nfq_rcv_pkt, -- .attr_count = NFQA_MAX, --}; -- - /* public interface */ - - struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h) -@@ -389,6 +384,10 @@ EXPORT_SYMBOL(nfq_open); - */ - struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh) - { -+ struct nfnl_callback pkt_cb = { -+ .call = __nfq_rcv_pkt, -+ .attr_count = NFQA_MAX, -+ }; - struct nfq_handle *h; - int err; - --- -1.8.3.1 -