[packages/iptables] - updated to 1.8.2
adamg
adamg at pld-linux.org
Wed Nov 14 07:46:29 CET 2018
commit 54750b58f97e4e3117caaab750b7004d29387b9a
Author: Adam Gołębiowski <adamg at pld-linux.org>
Date: Wed Nov 14 07:46:21 2018 +0100
- updated to 1.8.2
...s-format-security-fixes-in-libip-6-t_icmp.patch | 57 ++++++++++++++++++++++
iptables.spec | 7 ++-
2 files changed, 62 insertions(+), 2 deletions(-)
---
diff --git a/iptables.spec b/iptables.spec
index aa29597..0c4fb03 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -35,12 +35,12 @@ Summary(ru.UTF-8): Утилиты для управления пакетными
Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
Name: iptables%{?with_vserver:-vserver}
-Version: 1.8.1
+Version: 1.8.2
Release: 1
License: GPL v2
Group: Networking/Admin
Source0: https://netfilter.org/projects/iptables/files/%{orgname}-%{version}.tar.bz2
-# Source0-md5: b5b0b43afc245176c36a14c4fca6e661
+# Source0-md5: 944558e88ddcc3b9b0d9550070fa3599
Source1: cvs://cvs.samba.org/netfilter/%{orgname}-howtos.tar.bz2
# Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
Source2: %{orgname}.init
@@ -61,6 +61,7 @@ Patch2: no-libiptc.patch
Patch3: %{orgname}-aligned_u64.patch
Patch5: ebtables-X.patch
+Patch6: 0001-extensions-format-security-fixes-in-libip-6-t_icmp.patch
# --- ADDITIONAL/CHANGED EXTENSIONS:
# just ipt_IPV4OPTSSTRIP now
Patch10: %{orgname}-20070806.patch
@@ -246,6 +247,7 @@ Uwaga: nie jest to w pełni zgodny zamiennik!
%patch3 -p1
%patch5 -p1
+%patch6 -p1
%{?with_ipt_IPV4OPTSSTRIP:%patch10 -p1}
%{?with_xt_layer7:%patch11 -p1}
@@ -387,6 +389,7 @@ fi
%dir %{_libdir}/xtables
%attr(755,root,root) %{_libdir}/xtables/libebt_802_3.so
%attr(755,root,root) %{_libdir}/xtables/libebt_arp.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_arpreply.so
%attr(755,root,root) %{_libdir}/xtables/libebt_dnat.so
%attr(755,root,root) %{_libdir}/xtables/libebt_ip6.so
%attr(755,root,root) %{_libdir}/xtables/libebt_ip.so
diff --git a/0001-extensions-format-security-fixes-in-libip-6-t_icmp.patch b/0001-extensions-format-security-fixes-in-libip-6-t_icmp.patch
new file mode 100644
index 0000000..eccf74b
--- /dev/null
+++ b/0001-extensions-format-security-fixes-in-libip-6-t_icmp.patch
@@ -0,0 +1,57 @@
+From 1cf06c9f88af5a5acb27b0483a43b69d6b209aa2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg at pld-linux.org>
+Date: Wed, 14 Nov 2018 07:26:04 +0100
+Subject: [PATCH] extensions: format-security fixes in libip[6]t_icmp
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+commit 61d6c3834de32c0ff5808c93da94b2b30b4791c8 introduced support
+for gcc feature to check format string against passed argument.
+This commit adds missing bits to extenstions's libipt_icmp.c and
+libip6t_icmp6.c that were causing build to fail.
+
+Signed-off-by: Adam Gołębiowski <adamg at pld-linux.org>
+---
+ extensions/libip6t_icmp6.c | 4 ++--
+ extensions/libipt_icmp.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
+index 45a71875..cc7bfaeb 100644
+--- a/extensions/libip6t_icmp6.c
++++ b/extensions/libip6t_icmp6.c
+@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ type_name = icmp6_type_xlate(icmptype);
+
+ if (type_name) {
+- xt_xlate_add(xl, type_name);
++ xt_xlate_add(xl, "%s", type_name);
+ } else {
+ for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
+ if (icmpv6_codes[i].type == icmptype &&
+@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ break;
+
+ if (i != ARRAY_SIZE(icmpv6_codes))
+- xt_xlate_add(xl, icmpv6_codes[i].name);
++ xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
+ else
+ return 0;
+ }
+diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
+index 54189976..e76257c5 100644
+--- a/extensions/libipt_icmp.c
++++ b/extensions/libipt_icmp.c
+@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ if (icmp_codes[i].type == icmptype &&
+ icmp_codes[i].code_min == code_min &&
+ icmp_codes[i].code_max == code_max) {
+- xt_xlate_add(xl, icmp_codes[i].name);
++ xt_xlate_add(xl, "%s", icmp_codes[i].name);
+ return 1;
+ }
+ }
+--
+2.19.0
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/iptables.git/commitdiff/54750b58f97e4e3117caaab750b7004d29387b9a
More information about the pld-cvs-commit
mailing list