[packages/iptables] - updated to 1.8.2

adamg adamg at pld-linux.org
Wed Nov 14 07:46:29 CET 2018 

commit 54750b58f97e4e3117caaab750b7004d29387b9a
Author: Adam Gołębiowski <adamg at pld-linux.org>
Date:   Wed Nov 14 07:46:21 2018 +0100

    - updated to 1.8.2

 ...s-format-security-fixes-in-libip-6-t_icmp.patch | 57 ++++++++++++++++++++++
 iptables.spec                                      |  7 ++-
 2 files changed, 62 insertions(+), 2 deletions(-)
---
diff --git a/iptables.spec b/iptables.spec
index aa29597..0c4fb03 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -35,12 +35,12 @@ Summary(ru.UTF-8):	Утилиты для управления пакетными
 Summary(uk.UTF-8):	Утиліти для керування пакетними фільтрами ядра Linux
 Summary(zh_CN.UTF-8):	Linux内核包过滤管理工具
 Name:		iptables%{?with_vserver:-vserver}
-Version:	1.8.1
+Version:	1.8.2
 Release:	1
 License:	GPL v2
 Group:		Networking/Admin
 Source0:	https://netfilter.org/projects/iptables/files/%{orgname}-%{version}.tar.bz2
-# Source0-md5:	b5b0b43afc245176c36a14c4fca6e661
+# Source0-md5:	944558e88ddcc3b9b0d9550070fa3599
 Source1:	cvs://cvs.samba.org/netfilter/%{orgname}-howtos.tar.bz2
 # Source1-md5:	2ed2b452daefe70ededd75dc0061fd07
 Source2:	%{orgname}.init
@@ -61,6 +61,7 @@ Patch2:		no-libiptc.patch
 Patch3:		%{orgname}-aligned_u64.patch
 
 Patch5:		ebtables-X.patch
+Patch6:		0001-extensions-format-security-fixes-in-libip-6-t_icmp.patch
 # --- ADDITIONAL/CHANGED EXTENSIONS:
 # just ipt_IPV4OPTSSTRIP now
 Patch10:	%{orgname}-20070806.patch
@@ -246,6 +247,7 @@ Uwaga: nie jest to w pełni zgodny zamiennik!
 %patch3 -p1
 
 %patch5 -p1
+%patch6 -p1
 
 %{?with_ipt_IPV4OPTSSTRIP:%patch10 -p1}
 %{?with_xt_layer7:%patch11 -p1}
@@ -387,6 +389,7 @@ fi
 %dir %{_libdir}/xtables
 %attr(755,root,root) %{_libdir}/xtables/libebt_802_3.so
 %attr(755,root,root) %{_libdir}/xtables/libebt_arp.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_arpreply.so
 %attr(755,root,root) %{_libdir}/xtables/libebt_dnat.so
 %attr(755,root,root) %{_libdir}/xtables/libebt_ip6.so
 %attr(755,root,root) %{_libdir}/xtables/libebt_ip.so
diff --git a/0001-extensions-format-security-fixes-in-libip-6-t_icmp.patch b/0001-extensions-format-security-fixes-in-libip-6-t_icmp.patch
new file mode 100644
index 0000000..eccf74b
--- /dev/null
+++ b/0001-extensions-format-security-fixes-in-libip-6-t_icmp.patch
@@ -0,0 +1,57 @@
+From 1cf06c9f88af5a5acb27b0483a43b69d6b209aa2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg at pld-linux.org>
+Date: Wed, 14 Nov 2018 07:26:04 +0100
+Subject: [PATCH] extensions: format-security fixes in libip[6]t_icmp
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+commit 61d6c3834de32c0ff5808c93da94b2b30b4791c8 introduced support
+for gcc feature to check format string against passed argument.
+This commit adds missing bits to extenstions's libipt_icmp.c and
+libip6t_icmp6.c that were causing build to fail.
+
+Signed-off-by: Adam Gołębiowski <adamg at pld-linux.org>
+---
+ extensions/libip6t_icmp6.c | 4 ++--
+ extensions/libipt_icmp.c   | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
+index 45a71875..cc7bfaeb 100644
+--- a/extensions/libip6t_icmp6.c
++++ b/extensions/libip6t_icmp6.c
+@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ 	type_name = icmp6_type_xlate(icmptype);
+ 
+ 	if (type_name) {
+-		xt_xlate_add(xl, type_name);
++		xt_xlate_add(xl, "%s", type_name);
+ 	} else {
+ 		for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
+ 			if (icmpv6_codes[i].type == icmptype &&
+@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ 				break;
+ 
+ 		if (i != ARRAY_SIZE(icmpv6_codes))
+-			xt_xlate_add(xl, icmpv6_codes[i].name);
++			xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
+ 		else
+ 			return 0;
+ 	}
+diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
+index 54189976..e76257c5 100644
+--- a/extensions/libipt_icmp.c
++++ b/extensions/libipt_icmp.c
+@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ 			if (icmp_codes[i].type == icmptype &&
+ 			    icmp_codes[i].code_min == code_min &&
+ 			    icmp_codes[i].code_max == code_max) {
+-				xt_xlate_add(xl, icmp_codes[i].name);
++				xt_xlate_add(xl, "%s", icmp_codes[i].name);
+ 				return 1;
+ 			}
+ 	}
+-- 
+2.19.0
+
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/iptables.git/commitdiff/54750b58f97e4e3117caaab750b7004d29387b9a

More information about the pld-cvs-commit mailing list