[packages/iptables] don't execute crucial code in assert (unbreaks iptables-nft)
atler
atler at pld-linux.org
Mon Dec 28 00:07:09 CET 2020
commit 9594a0ac823e659de93a7ec2034af74332f85e54
Author: Jan Palus <atler at pld-linux.org>
Date: Mon Dec 28 00:03:21 2020 +0100
don't execute crucial code in assert (unbreaks iptables-nft)
asserts disabled in PLD with -DNDEBUG
iptables-code_in_assert.patch | 12 ++++++++++++
iptables.spec | 2 ++
2 files changed, 14 insertions(+)
---
diff --git a/iptables.spec b/iptables.spec
index 9440e5c..9d1dbaa 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -76,6 +76,7 @@ Patch14: %{orgname}-owner-xid.patch
# adjusts xt_owner for vserver-enabled kernel
Patch15: %{orgname}-owner-struct-size-vs.patch
Patch16: %{orgname}-rpc.patch
+Patch17: %{orgname}-code_in_assert.patch
URL: https://netfilter.org/
BuildRequires: autoconf >= 2.50
BuildRequires: automake
@@ -254,6 +255,7 @@ Uwaga: nie jest to w pełni zgodny zamiennik!
%patch15 -p1
%endif
%patch16 -p1
+%patch17 -p1
%build
%{__libtoolize}
diff --git a/iptables-code_in_assert.patch b/iptables-code_in_assert.patch
new file mode 100644
index 0000000..03021fa
--- /dev/null
+++ b/iptables-code_in_assert.patch
@@ -0,0 +1,12 @@
+--- iptables-1.8.6/iptables/nft.c.orig 2020-12-27 23:59:42.360558144 +0100
++++ iptables-1.8.6/iptables/nft.c 2020-12-28 00:00:07.059393662 +0100
+@@ -107,7 +107,8 @@
+
+ static void mnl_nft_batch_continue(struct nftnl_batch *batch)
+ {
+- assert(nftnl_batch_update(batch) >= 0);
++ int ret = nftnl_batch_update(batch);
++ assert(ret >= 0);
+ }
+
+ static uint32_t mnl_batch_begin(struct nftnl_batch *batch, uint32_t genid, uint32_t seqnum)
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/iptables.git/commitdiff/9594a0ac823e659de93a7ec2034af74332f85e54
More information about the pld-cvs-commit
mailing list