Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: ipset

ipset (7.1-0ubuntu1) disco; urgency=medium * New upstream version, compatible with the new kernel in disco * debian/control, debian/libipset13.symbols: - updated for the soname change 11 -> 13 * deian/libipset13.symbols: - updated the symbols list -- Sebastien Bacher <seb128@ubuntu.com> Fri, 15 Mar 2019 11:39:40 +0100

Modifications :
  1. Download patch kernel/net/netfilter/ipset/ip_set_hash_gen.h

    --- 6.38-1.2/kernel/net/netfilter/ipset/ip_set_hash_gen.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/net/netfilter/ipset/ip_set_hash_gen.h 2018-12-10 17:35:31.000000000 +0000 @@ -15,7 +15,7 @@ #define __ipset_dereference_protected(p, c) rcu_dereference_protected(p, c) #define ipset_dereference_protected(p, set) \ - __ipset_dereference_protected(p, spin_is_locked(&(set)->lock)) + __ipset_dereference_protected(p, lockdep_is_held(&(set)->lock)) #define rcu_dereference_bh_nfnl(p) rcu_dereference_bh_check(p, 1) @@ -1236,7 +1236,10 @@ IPSET_TOKEN(HTYPE, _create)(struct net * pr_debug("Create set %s with family %s\n", set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6"); -#ifndef IP_SET_PROTO_UNDEF +#ifdef IP_SET_PROTO_UNDEF + if (set->family != NFPROTO_UNSPEC) + return -IPSET_ERR_INVALID_FAMILY; +#else if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; #endif
  2. Download patch libltdl/libltdl/lt_dlloader.h

    --- 6.38-1.2/libltdl/libltdl/lt_dlloader.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt_dlloader.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,7 @@ /* lt_dlloader.h -- dynamic library loader interface - Copyright (C) 2004, 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 2004, 2007-2008, 2011-2015 Free Software Foundation, + Inc. Written by Gary V. Vaughan, 2004 NOTE: The canonical source of this file is maintained with the @@ -28,7 +29,7 @@ or obtained by writing to the Free Softw 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -#if !defined(LT_DLLOADER_H) +#if !defined LT_DLLOADER_H #define LT_DLLOADER_H 1 #include <libltdl/lt_system.h> @@ -87,4 +88,4 @@ LT_SCOPE void lt_dlloader_dump (void); LT_END_C_DECLS -#endif /*!defined(LT_DLLOADER_H)*/ +#endif /*!defined LT_DLLOADER_H*/
  3. Download patch debian/ipset.postrm

    --- 6.38-1.2/debian/ipset.postrm 2019-05-06 08:55:51.000000000 +0000 +++ 7.1-0ubuntu1/debian/ipset.postrm 1970-01-01 00:00:00.000000000 +0000 @@ -1,9 +0,0 @@ -#!/bin/sh - -set -e - -dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ -- "$@" - -#DEBHELPER# - -exit 0
  4. Download patch include/libipset/ui.h

    --- 6.38-1.2/include/libipset/ui.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/ui.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,56 +0,0 @@ -/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - */ -#ifndef LIBIPSET_UI_H -#define LIBIPSET_UI_H - -#include <stdbool.h> /* bool */ -#include <libipset/linux_ip_set.h> /* enum ipset_cmd */ - -#define IPSET_CMD_ALIASES 3 - -/* Commands in userspace */ -struct ipset_commands { - enum ipset_cmd cmd; - int has_arg; - const char *name[IPSET_CMD_ALIASES]; - const char *help; -}; - -#ifdef __cplusplus -extern "C" { -#endif - -extern const struct ipset_commands ipset_commands[]; - -struct ipset_session; -struct ipset_data; - -/* Environment options */ -struct ipset_envopts { - int flag; - int has_arg; - const char *name[2]; - const char *help; - int (*parse)(struct ipset_session *s, int flag, const char *str); - int (*print)(char *buf, unsigned int len, - const struct ipset_data *data, int flag, uint8_t env); -}; - -extern const struct ipset_envopts ipset_envopts[]; - -extern bool ipset_match_cmd(const char *arg, const char * const name[]); -extern bool ipset_match_option(const char *arg, const char * const name[]); -extern bool ipset_match_envopt(const char *arg, const char * const name[]); -extern void ipset_shift_argv(int *argc, char *argv[], int from); -extern void ipset_port_usage(void); -extern int ipset_parse_file(struct ipset_session *s, int opt, const char *str); - -#ifdef __cplusplus -} -#endif - -#endif /* LIBIPSET_UI_H */
  5. Download patch lib/ui.c

    --- 6.38-1.2/lib/ui.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/ui.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - */ - -#include <stdio.h> /* printf */ -#include <libipset/icmp.h> /* id_to_icmp */ -#include <libipset/icmpv6.h> /* id_to_icmpv6 */ -#include <libipset/ui.h> /* prototypes */ - -/** - * ipset_port_usage - prints the usage for the port parameter - * - * Print the usage for the port parameter to stdout. - */ -void -ipset_port_usage(void) -{ - int i; - const char *name; - - printf(" [PROTO:]PORT is a valid pattern of the following:\n" - " PORTNAME TCP port name from /etc/services\n" - " PORTNUMBER TCP port number identifier\n" - " tcp|sctp|udp|udplite:PORTNAME|PORTNUMBER\n" - " icmp:CODENAME supported ICMP codename\n" - " icmp:TYPE/CODE ICMP type/code value\n" - " icmpv6:CODENAME supported ICMPv6 codename\n" - " icmpv6:TYPE/CODE ICMPv6 type/code value\n" - " PROTO:0 all other protocols\n\n"); - - printf(" Supported ICMP codenames:\n"); - i = 0; - while ((name = id_to_icmp(i++)) != NULL) - printf(" %s\n", name); - printf(" Supported ICMPv6 codenames:\n"); - i = 0; - while ((name = id_to_icmpv6(i++)) != NULL) - printf(" %s\n", name); -}
  6. Download patch libltdl/lt__alloc.c

    --- 6.38-1.2/libltdl/lt__alloc.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/lt__alloc.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,7 @@ /* lt__alloc.c -- internal memory management interface - Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc. + Copyright (C) 2004, 2006-2007, 2011-2015 Free Software Foundation, + Inc. Written by Gary V. Vaughan, 2004 NOTE: The canonical source of this file is maintained with the
  7. Download patch libltdl/loaders/shl_load.c

    --- 6.38-1.2/libltdl/loaders/shl_load.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/loaders/shl_load.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,7 +1,7 @@ /* loader-shl_load.c -- dynamic linking with shl_load (HP-UX) - Copyright (C) 1998, 1999, 2000, 2004, 2006, - 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1998-2000, 2004, 2006-2008, 2011-2015 Free Software + Foundation, Inc. Written by Thomas Tanner, 1998 NOTE: The canonical source of this file is maintained with the @@ -90,7 +90,7 @@ get_vtable (lt_user_data loader_data) /* --- IMPLEMENTATION --- */ -#if defined(HAVE_DL_H) +#if defined HAVE_DL_H # include <dl.h> #endif @@ -103,11 +103,11 @@ get_vtable (lt_user_data loader_data) * * Optionally: * BIND_FIRST - Place the library at the head of the symbol search - * order. + * order. * BIND_NONFATAL - The default BIND_IMMEDIATE behavior is to treat all - * unsatisfied symbols as fatal. This flag allows - * binding of unsatisfied code symbols to be deferred - * until use. + * unsatisfied symbols as fatal. This flag allows + * binding of unsatisfied code symbols to be deferred + * until use. * [Perl: For certain libraries, like DCE, deferred * binding often causes run time problems. Adding * BIND_NONFATAL to BIND_IMMEDIATE still allows @@ -125,10 +125,10 @@ get_vtable (lt_user_data loader_data) * library specified by the path argument. */ -#if !defined(DYNAMIC_PATH) +#if !defined DYNAMIC_PATH # define DYNAMIC_PATH 0 #endif -#if !defined(BIND_RESTRICTED) +#if !defined BIND_RESTRICTED # define BIND_RESTRICTED 0 #endif @@ -138,7 +138,7 @@ get_vtable (lt_user_data loader_data) /* A function called through the vtable when this loader is no longer needed by the application. */ static int -vl_exit (lt_user_data LT__UNUSED loader_data) +vl_exit (lt_user_data loader_data LT__UNUSED) { vtable = NULL; return 0; @@ -148,8 +148,8 @@ vl_exit (lt_user_data LT__UNUSED loader_ loader. Returns an opaque representation of the newly opened module for processing with this loader's other vtable functions. */ static lt_module -vm_open (lt_user_data LT__UNUSED loader_data, const char *filename, - lt_dladvise LT__UNUSED advise) +vm_open (lt_user_data loader_data LT__UNUSED, const char *filename, + lt_dladvise advise LT__UNUSED) { static shl_t self = (shl_t) 0; lt_module module = shl_load (filename, LT_BIND_FLAGS, 0L); @@ -184,7 +184,7 @@ vm_open (lt_user_data LT__UNUSED loader_ /* A function called through the vtable when a particular module should be unloaded. */ static int -vm_close (lt_user_data LT__UNUSED loader_data, lt_module module) +vm_close (lt_user_data loader_data LT__UNUSED, lt_module module) { int errors = 0; @@ -201,7 +201,7 @@ vm_close (lt_user_data LT__UNUSED loader /* A function called through the vtable to get the address of a symbol loaded from a particular module. */ static void * -vm_sym (lt_user_data LT__UNUSED loader_data, lt_module module, const char *name) +vm_sym (lt_user_data loader_data LT__UNUSED, lt_module module, const char *name) { void *address = 0;
  8. Download patch lib/ipset_hash_netport.c

    --- 6.38-1.2/lib/ipset_hash_netport.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/ipset_hash_netport.c 2018-12-10 17:35:31.000000000 +0000 @@ -7,7 +7,7 @@ #include <libipset/data.h> /* IPSET_OPT_* */ #include <libipset/parse.h> /* parser functions */ #include <libipset/print.h> /* printing functions */ -#include <libipset/ui.h> /* ipset_port_usage */ +#include <libipset/ipset.h> /* ipset_port_usage */ #include <libipset/types.h> /* prototypes */ /* SCTP and UDPLITE support */
  9. Download patch lib/parse.c

    --- 6.38-1.2/lib/parse.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/parse.c 2018-12-10 17:35:31.000000000 +0000 @@ -443,7 +443,7 @@ ipset_parse_tcp_port(struct ipset_sessio */ int ipset_parse_single_tcp_port(struct ipset_session *session, - enum ipset_opt opt, const char *str) + enum ipset_opt opt, const char *str) { assert(session); assert(opt == IPSET_OPT_PORT || opt == IPSET_OPT_PORT_TO); @@ -759,7 +759,7 @@ print_warn(struct ipset_session *session { if (!ipset_envopt_test(session, IPSET_ENV_QUIET)) fprintf(stderr, "Warning: %s", - ipset_session_warning(session)); + ipset_session_report_msg(session)); ipset_session_report_reset(session); } @@ -1306,8 +1306,9 @@ ipset_parse_ip4_net6(struct ipset_sessio ipset_data_set(data, IPSET_OPT_FAMILY, &family); } - return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY) - : ipset_parse_ipnet(session, opt, str); + return family == NFPROTO_IPV4 ? + parse_ip(session, opt, str, IPADDR_ANY) : + ipset_parse_ipnet(session, opt, str); } @@ -1334,7 +1335,7 @@ ipset_parse_timeout(struct ipset_session assert(opt == IPSET_OPT_TIMEOUT); assert(str); - err = string_to_number_ll(session, str, 0, UINT_MAX/1000, &llnum); + err = string_to_number_ll(session, str, 0, (UINT_MAX>>1)/1000, &llnum); if (err == 0) { /* Timeout is expected to be 32bits wide, so we have to convert it here */ @@ -1396,10 +1397,11 @@ ipset_parse_iptimeout(struct ipset_sessi #define check_setname(str, saved) \ do { \ if (strlen(str) > IPSET_MAXNAMELEN - 1) { \ - if (saved != NULL) \ - free(saved); \ - return syntax_err("setname '%s' is longer than %u characters",\ + int __err; \ + __err = syntax_err("setname '%s' is longer than %u characters",\ str, IPSET_MAXNAMELEN - 1); \ + free(saved); \ + return __err; \ } \ } while (0) @@ -1539,7 +1541,7 @@ ipset_parse_before(struct ipset_session */ int ipset_parse_after(struct ipset_session *session, - enum ipset_opt opt, const char *str) + enum ipset_opt opt, const char *str) { struct ipset_data *data; @@ -1808,7 +1810,7 @@ ipset_parse_iface(struct ipset_session * * Returns 0 on success or a negative error code. */ int ipset_parse_comment(struct ipset_session *session, - enum ipset_opt opt, const char *str) + enum ipset_opt opt, const char *str) { struct ipset_data *data; @@ -1849,7 +1851,7 @@ ipset_parse_skbmark(struct ipset_session " MARK/MASK or MARK (see manpage)"); } result = ((uint64_t)(mark) << 32) | (mask & 0xffffffff); - return ipset_data_set(data, IPSET_OPT_SKBMARK, &result); + return ipset_data_set(data, opt, &result); } int @@ -1871,35 +1873,7 @@ ipset_parse_skbprio(struct ipset_session return syntax_err("Invalid skbprio format, it should be:"\ "MAJOR:MINOR (see manpage)"); major = ((uint32_t)maj << 16) | (min & 0xffff); - return ipset_data_set(data, IPSET_OPT_SKBPRIO, &major); -} - -/** - * ipset_parse_output - parse output format name - * @session: session structure - * @opt: option kind of the data - * @str: string to parse - * - * Parse output format names and set session mode. - * The value is stored in the session. - * - * Returns 0 on success or a negative error code. - */ -int -ipset_parse_output(struct ipset_session *session, - int opt UNUSED, const char *str) -{ - assert(session); - assert(str); - - if (STREQ(str, "plain")) - return ipset_session_output(session, IPSET_LIST_PLAIN); - else if (STREQ(str, "xml")) - return ipset_session_output(session, IPSET_LIST_XML); - else if (STREQ(str, "save")) - return ipset_session_output(session, IPSET_LIST_SAVE); - - return syntax_err("unknown output mode '%s'", str); + return ipset_data_set(data, opt, &major); } /** @@ -1922,8 +1896,9 @@ ipset_parse_ignored(struct ipset_session if (!ipset_data_ignored(ipset_session_data(session), opt)) ipset_warn(session, - "Option %s is ignored. " - "Please upgrade your syntax.", str); + "Option '--%s %s' is ignored. " + "Please upgrade your syntax.", + ipset_ignored_optname(opt), str); return 0; } @@ -1943,8 +1918,8 @@ ipset_parse_ignored(struct ipset_session */ int ipset_call_parser(struct ipset_session *session, - const struct ipset_arg *arg, - const char *str) + const struct ipset_arg *arg, + const char *str) { struct ipset_data *data = ipset_session_data(session);
  10. Download patch include/libipset/Makefile.am

    --- 6.38-1.2/include/libipset/Makefile.am 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/Makefile.am 2018-12-10 17:35:31.000000000 +0000 @@ -16,7 +16,7 @@ pkginclude_HEADERS = \ session.h \ transport.h \ types.h \ - ui.h \ + ipset.h \ utils.h EXTRA_DIST = debug.h icmp.h icmpv6.h
  11. Download patch include/libipset/linux_ip_set_list.h

    --- 6.38-1.2/include/libipset/linux_ip_set_list.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/linux_ip_set_list.h 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef __IP_SET_LIST_H #define __IP_SET_LIST_H
  12. Download patch debian/libipset11.symbols

    --- 6.38-1.2/debian/libipset11.symbols 2018-09-01 17:28:18.000000000 +0000 +++ 7.1-0ubuntu1/debian/libipset11.symbols 1970-01-01 00:00:00.000000000 +0000 @@ -1,132 +0,0 @@ -libipset.so.11 libipset11 #MINVER# - LIBIPSET_1.0@LIBIPSET_1.0 6.38-1~ - LIBIPSET_2.0@LIBIPSET_2.0 6.38-1~ - LIBIPSET_3.0@LIBIPSET_3.0 6.38-1~ - LIBIPSET_4.0@LIBIPSET_4.0 6.38-1~ - LIBIPSET_4.1@LIBIPSET_4.1 6.38-1~ - LIBIPSET_4.2@LIBIPSET_4.2 6.38-1~ - LIBIPSET_4.3@LIBIPSET_4.3 6.38-1~ - LIBIPSET_4.4@LIBIPSET_4.4 6.38-1~ - LIBIPSET_4.5@LIBIPSET_4.5 6.38-1~ - LIBIPSET_4.6@LIBIPSET_4.6 6.38-1~ - LIBIPSET_4.7@LIBIPSET_4.7 6.38-1~ - icmp_to_name@LIBIPSET_1.0 6.38-1~ - icmpv6_to_name@LIBIPSET_1.0 6.38-1~ - id_to_icmp@LIBIPSET_1.0 6.38-1~ - id_to_icmpv6@LIBIPSET_1.0 6.38-1~ - ipset_cache_add@LIBIPSET_1.0 6.38-1~ - ipset_cache_del@LIBIPSET_1.0 6.38-1~ - ipset_cache_fini@LIBIPSET_1.0 6.38-1~ - ipset_cache_init@LIBIPSET_1.0 6.38-1~ - ipset_cache_rename@LIBIPSET_1.0 6.38-1~ - ipset_cache_swap@LIBIPSET_1.0 6.38-1~ - ipset_call_parser@LIBIPSET_1.0 6.38-1~ - ipset_cmd@LIBIPSET_1.0 6.38-1~ - ipset_commit@LIBIPSET_1.0 6.38-1~ - ipset_data_cidr@LIBIPSET_1.0 6.38-1~ - ipset_data_family@LIBIPSET_1.0 6.38-1~ - ipset_data_fini@LIBIPSET_1.0 6.38-1~ - ipset_data_flags@LIBIPSET_1.0 6.38-1~ - ipset_data_flags_set@LIBIPSET_1.0 6.38-1~ - ipset_data_flags_test@LIBIPSET_1.0 6.38-1~ - ipset_data_flags_unset@LIBIPSET_1.0 6.38-1~ - ipset_data_get@LIBIPSET_1.0 6.38-1~ - ipset_data_ignored@LIBIPSET_1.0 6.38-1~ - ipset_data_init@LIBIPSET_1.0 6.38-1~ - ipset_data_reset@LIBIPSET_1.0 6.38-1~ - ipset_data_set@LIBIPSET_1.0 6.38-1~ - ipset_data_setname@LIBIPSET_1.0 6.38-1~ - ipset_data_sizeof@LIBIPSET_1.0 6.38-1~ - ipset_data_test_ignored@LIBIPSET_2.0 6.38-1~ - ipset_envopt_parse@LIBIPSET_1.0 6.38-1~ - ipset_envopt_test@LIBIPSET_1.0 6.38-1~ - ipset_errcode@LIBIPSET_1.0 6.38-1~ - ipset_get_nlmsg_type@LIBIPSET_1.0 6.38-1~ - ipset_keyword@LIBIPSET_4.6 6.38-1~ - ipset_load_types@LIBIPSET_2.0 6.38-1~ - ipset_match_typename@LIBIPSET_1.0 6.38-1~ - ipset_parse_after@LIBIPSET_1.0 6.38-1~ - ipset_parse_before@LIBIPSET_1.0 6.38-1~ - ipset_parse_comment@LIBIPSET_4.1 6.38-1~ - ipset_parse_elem@LIBIPSET_1.0 6.38-1~ - ipset_parse_ether@LIBIPSET_1.0 6.38-1~ - ipset_parse_family@LIBIPSET_1.0 6.38-1~ - ipset_parse_flag@LIBIPSET_1.0 6.38-1~ - ipset_parse_icmp@LIBIPSET_1.0 6.38-1~ - ipset_parse_icmpv6@LIBIPSET_1.0 6.38-1~ - ipset_parse_iface@LIBIPSET_1.0 6.38-1~ - ipset_parse_ignored@LIBIPSET_1.0 6.38-1~ - ipset_parse_ip4_net6@LIBIPSET_1.0 6.38-1~ - ipset_parse_ip4_single6@LIBIPSET_1.0 6.38-1~ - ipset_parse_ip@LIBIPSET_1.0 6.38-1~ - ipset_parse_ipnet@LIBIPSET_1.0 6.38-1~ - ipset_parse_iprange@LIBIPSET_1.0 6.38-1~ - ipset_parse_iptimeout@LIBIPSET_1.0 6.38-1~ - ipset_parse_mark@LIBIPSET_4.2 6.38-1~ - ipset_parse_name_compat@LIBIPSET_1.0 6.38-1~ - ipset_parse_net@LIBIPSET_1.0 6.38-1~ - ipset_parse_netmask@LIBIPSET_1.0 6.38-1~ - ipset_parse_netrange@LIBIPSET_1.0 6.38-1~ - ipset_parse_output@LIBIPSET_1.0 6.38-1~ - ipset_parse_port@LIBIPSET_1.0 6.38-1~ - ipset_parse_proto@LIBIPSET_1.0 6.38-1~ - ipset_parse_proto_port@LIBIPSET_1.0 6.38-1~ - ipset_parse_range@LIBIPSET_1.0 6.38-1~ - ipset_parse_setname@LIBIPSET_1.0 6.38-1~ - ipset_parse_single_ip@LIBIPSET_1.0 6.38-1~ - ipset_parse_single_tcp_port@LIBIPSET_1.0 6.38-1~ - ipset_parse_skbmark@LIBIPSET_4.3 6.38-1~ - ipset_parse_skbprio@LIBIPSET_4.3 6.38-1~ - ipset_parse_tcp_port@LIBIPSET_1.0 6.38-1~ - ipset_parse_tcp_udp_port@LIBIPSET_4.4 6.38-1~ - ipset_parse_tcpudp_port@LIBIPSET_1.0 6.38-1~ - ipset_parse_timeout@LIBIPSET_2.0 6.38-1~ - ipset_parse_typename@LIBIPSET_1.0 6.38-1~ - ipset_parse_uint16@LIBIPSET_4.4 6.38-1~ - ipset_parse_uint32@LIBIPSET_1.0 6.38-1~ - ipset_parse_uint64@LIBIPSET_4.0 6.38-1~ - ipset_parse_uint8@LIBIPSET_1.0 6.38-1~ - ipset_port_usage@LIBIPSET_2.0 6.38-1~ - ipset_print_comment@LIBIPSET_4.1 6.38-1~ - ipset_print_data@LIBIPSET_1.0 6.38-1~ - ipset_print_elem@LIBIPSET_1.0 6.38-1~ - ipset_print_ether@LIBIPSET_1.0 6.38-1~ - ipset_print_family@LIBIPSET_1.0 6.38-1~ - ipset_print_flag@LIBIPSET_1.0 6.38-1~ - ipset_print_icmp@LIBIPSET_1.0 6.38-1~ - ipset_print_icmpv6@LIBIPSET_1.0 6.38-1~ - ipset_print_iface@LIBIPSET_1.0 6.38-1~ - ipset_print_ip@LIBIPSET_1.0 6.38-1~ - ipset_print_ipaddr@LIBIPSET_1.0 6.38-1~ - ipset_print_mark@LIBIPSET_4.2 6.38-1~ - ipset_print_name@LIBIPSET_1.0 6.38-1~ - ipset_print_number@LIBIPSET_1.0 6.38-1~ - ipset_print_port@LIBIPSET_1.0 6.38-1~ - ipset_print_proto@LIBIPSET_1.0 6.38-1~ - ipset_print_proto_port@LIBIPSET_1.0 6.38-1~ - ipset_print_skbmark@LIBIPSET_4.3 6.38-1~ - ipset_print_skbprio@LIBIPSET_4.3 6.38-1~ - ipset_print_type@LIBIPSET_1.0 6.38-1~ - ipset_saved_type@LIBIPSET_1.0 6.38-1~ - ipset_session_data@LIBIPSET_1.0 6.38-1~ - ipset_session_error@LIBIPSET_1.0 6.38-1~ - ipset_session_fini@LIBIPSET_1.0 6.38-1~ - ipset_session_handle@LIBIPSET_1.0 6.38-1~ - ipset_session_init@LIBIPSET_1.0 6.38-1~ - ipset_session_lineno@LIBIPSET_1.0 6.38-1~ - ipset_session_outfn@LIBIPSET_3.0 6.38-1~ - ipset_session_output@LIBIPSET_1.0 6.38-1~ - ipset_session_report@LIBIPSET_1.0 6.38-1~ - ipset_session_report_reset@LIBIPSET_1.0 6.38-1~ - ipset_session_warning@LIBIPSET_1.0 6.38-1~ - ipset_session_warning_as_error@LIBIPSET_4.7 6.38-1~ - ipset_strlcat@LIBIPSET_4.1 6.38-1~ - ipset_strlcpy@LIBIPSET_1.0 6.38-1~ - ipset_type_add@LIBIPSET_1.0 6.38-1~ - ipset_type_check@LIBIPSET_1.0 6.38-1~ - ipset_type_get@LIBIPSET_1.0 6.38-1~ - ipset_type_higher_rev@LIBIPSET_4.5 6.38-1~ - ipset_typename_resolve@LIBIPSET_1.0 6.38-1~ - ipset_types@LIBIPSET_1.0 6.38-1~ - name_to_icmp@LIBIPSET_1.0 6.38-1~ - name_to_icmpv6@LIBIPSET_1.0 6.38-1~
  13. Download patch debian/ipset.postinst

    --- 6.38-1.2/debian/ipset.postinst 2019-05-06 08:55:51.000000000 +0000 +++ 7.1-0ubuntu1/debian/ipset.postinst 2019-03-15 10:39:00.000000000 +0000 @@ -3,7 +3,9 @@ set -e # Cleanup obsoleted bash completion configuration file -dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ -- "$@" +if [ -f /etc/bash_completion.d/ipset ]; then + rm -f /etc/bash_completion.d/ipset +fi #DEBHELPER#
  14. Download patch libltdl/libltdl/lt__glibc.h

    --- 6.38-1.2/libltdl/libltdl/lt__glibc.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt__glibc.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,7 @@ /* lt__glibc.h -- support for non glibc environments - Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc. + Copyright (C) 2004, 2006-2007, 2011-2015 Free Software Foundation, + Inc. Written by Gary V. Vaughan, 2004 NOTE: The canonical source of this file is maintained with the @@ -28,16 +29,16 @@ or obtained by writing to the Free Softw 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#if !defined(LT__GLIBC_H) +#if !defined LT__GLIBC_H #define LT__GLIBC_H 1 -#if defined(LT_CONFIG_H) +#if defined LT_CONFIG_H # include LT_CONFIG_H #else # include <config.h> #endif -#if !defined(HAVE_ARGZ_H) || !defined(HAVE_WORKING_ARGZ) +#if !defined HAVE_ARGZ_H || !defined HAVE_WORKING_ARGZ /* Redefine any glibc symbols we reimplement to import the implementations into our lt__ namespace so we don't ever clash with the system library if our clients use argz_* @@ -52,7 +53,10 @@ or obtained by writing to the Free Softw # define argz_next lt__argz_next # undef argz_stringify # define argz_stringify lt__argz_stringify -#endif + +# include <lt__argz.h> + +#else #ifdef __cplusplus extern "C" { @@ -64,6 +68,8 @@ extern "C" { } #endif +#endif /*!defined HAVE_ARGZ_H || !defined HAVE_WORKING_ARGZ*/ + # define slist_concat lt__slist_concat # define slist_cons lt__slist_cons # define slist_delete lt__slist_delete @@ -80,4 +86,4 @@ extern "C" { #include <slist.h> -#endif /*!defined(LT__GLIBC_H)*/ +#endif /*!defined LT__GLIBC_H*/
  15. Download patch lib/data.c

    --- 6.38-1.2/lib/data.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/data.c 2018-12-10 17:35:31.000000000 +0000 @@ -44,6 +44,7 @@ struct ipset_data { uint32_t mark; uint16_t port; uint16_t port_to; + uint16_t index; union { /* RENAME/SWAP */ char setname2[IPSET_MAXNAMELEN]; @@ -281,6 +282,9 @@ ipset_data_set(struct ipset_data *data, case IPSET_OPT_TIMEOUT: data->timeout = *(const uint32_t *) value; break; + case IPSET_OPT_INDEX: + data->index = *(const uint16_t *) value; + break; /* Create-specific options */ case IPSET_OPT_GC: data->create.gc = *(const uint32_t *) value; @@ -485,6 +489,8 @@ ipset_data_get(const struct ipset_data * return &data->port_to; case IPSET_OPT_TIMEOUT: return &data->timeout; + case IPSET_OPT_INDEX: + return &data->index; /* Create-specific options */ case IPSET_OPT_GC: return &data->create.gc; @@ -588,6 +594,7 @@ ipset_data_sizeof(enum ipset_opt opt, ui case IPSET_OPT_PORT: case IPSET_OPT_PORT_TO: case IPSET_OPT_SKBQUEUE: + case IPSET_OPT_INDEX: return sizeof(uint16_t); case IPSET_SETNAME: case IPSET_OPT_NAME:
  16. Download patch kernel/include/linux/netfilter/ipset/ip_set_timeout.h

    --- 6.38-1.2/kernel/include/linux/netfilter/ipset/ip_set_timeout.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/linux/netfilter/ipset/ip_set_timeout.h 2018-12-10 17:35:31.000000000 +0000 @@ -23,6 +23,9 @@ /* Set is defined with timeout support: timeout value may be 0 */ #define IPSET_NO_TIMEOUT UINT_MAX +/* Max timeout value, see msecs_to_jiffies() in jiffies.h */ +#define IPSET_MAX_TIMEOUT (UINT_MAX >> 1)/MSEC_PER_SEC + #define ip_set_adt_opt_timeout(opt, set) \ ((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (set)->timeout) @@ -32,11 +35,10 @@ ip_set_timeout_uget(struct nlattr *tb) unsigned int timeout = ip_set_get_h32(tb); /* Normalize to fit into jiffies */ - if (timeout > UINT_MAX/MSEC_PER_SEC) - timeout = UINT_MAX/MSEC_PER_SEC; + if (timeout > IPSET_MAX_TIMEOUT) + timeout = IPSET_MAX_TIMEOUT; - /* Userspace supplied TIMEOUT parameter: adjust crazy size */ - return timeout == IPSET_NO_TIMEOUT ? IPSET_NO_TIMEOUT - 1 : timeout; + return timeout; } static inline bool @@ -65,8 +67,14 @@ ip_set_timeout_set(unsigned long *timeou static inline u32 ip_set_timeout_get(const unsigned long *timeout) { - return *timeout == IPSET_ELEM_PERMANENT ? 0 : - jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC; + u32 t; + + if (*timeout == IPSET_ELEM_PERMANENT) + return 0; + + t = jiffies_to_msecs(*timeout - jiffies)/MSEC_PER_SEC; + /* Zero value in userspace means no timeout */ + return t == 0 ? 1 : t; } #endif /* __KERNEL__ */
  17. Download patch debian/libipset13.install

    --- 6.38-1.2/debian/libipset13.install 1970-01-01 00:00:00.000000000 +0000 +++ 7.1-0ubuntu1/debian/libipset13.install 2019-03-15 10:39:00.000000000 +0000 @@ -0,0 +1 @@ +lib/*/*.so.*
  18. Download patch libltdl/lt__dirent.c

    --- 6.38-1.2/libltdl/lt__dirent.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/lt__dirent.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,6 @@ /* lt__dirent.c -- internal directory entry scanning interface - Copyright (C) 2001, 2004 Free Software Foundation, Inc. + Copyright (C) 2001, 2004, 2011-2015 Free Software Foundation, Inc. Written by Bob Friesenhahn, 2001 NOTE: The canonical source of this file is maintained with the @@ -31,18 +31,17 @@ or obtained by writing to the Free Softw #include "lt__private.h" #include <assert.h> -#include <stddef.h> #include "lt__dirent.h" -#if defined(__WINDOWS__) +#if defined __WINDOWS__ void closedir (DIR *entry) { assert (entry != (DIR *) NULL); FindClose (entry->hSearch); - free ((void *) entry); + free (entry); } @@ -104,4 +103,4 @@ readdir (DIR *entry) return &entry->file_info; } -#endif /*defined(__WINDOWS__)*/ +#endif /*defined __WINDOWS__*/
  19. Download patch lib/libipset.map

    --- 6.38-1.2/lib/libipset.map 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/libipset.map 2018-12-10 17:35:31.000000000 +0000 @@ -173,3 +173,32 @@ LIBIPSET_4.7 { global: ipset_session_warning_as_error; } LIBIPSET_4.6; + +LIBIPSET_4.8 { +global: + ipset_parse_filename; + ipset_session; + ipset_is_interactive; + ipset_custom_printf; + ipset_parse_argv; + ipset_parse_line; + ipset_parse_stream; + ipset_init; + ipset_fini; + ipset_session_printf_private; + ipset_envopt_set; + ipset_envopt_unset; + ipset_session_print_outfn; + ipset_session_io_full; + ipset_session_io_normal; + ipset_session_io_stream; + ipset_session_io_close; +} LIBIPSET_4.7; + +LIBIPSET_4.9 { +global: + ipset_ignored_optname; + list_sort; + ipset_session_report_msg; + ipset_session_report_type; +} LIBIPSET_4.8;
  20. Download patch kernel/include/linux/netfilter/ipset/ip_set_compat.h.in

    --- 6.38-1.2/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in 2018-12-10 17:35:31.000000000 +0000 @@ -8,6 +8,7 @@ #@HAVE_STRUCT_XT_ACTION_PARAM@ HAVE_STRUCT_XT_ACTION_PARAM #@HAVE_VZALLOC@ HAVE_VZALLOC #@HAVE_ETHER_ADDR_EQUAL@ HAVE_ETHER_ADDR_EQUAL +#@HAVE_IS_ZERO_ETHER_ADDR@ HAVE_IS_ZERO_ETHER_ADDR #@HAVE_NLA_PUT_BE16@ HAVE_NLA_PUT_BE16 #@HAVE_NLA_PUT_BE64@ HAVE_NLA_PUT_BE64 #@HAVE_NLA_PUT_64BIT@ HAVE_NLA_PUT_64BIT @@ -20,8 +21,10 @@ #@HAVE_CHECKENTRY_BOOL@ HAVE_CHECKENTRY_BOOL #@HAVE_XT_TARGET_PARAM@ HAVE_XT_TARGET_PARAM #@HAVE_NET_OPS_ID@ HAVE_NET_OPS_ID +#@HAVE_NET_OPS_ASYNC@ HAVE_NET_OPS_ASYNC #@HAVE_USER_NS_IN_STRUCT_NET@ HAVE_USER_NS_IN_STRUCT_NET #@HAVE_RBTREE_POSTORDER_FOR_EACH_ENTRY_SAFE@ HAVE_RBTREE_POSTORDER_FOR_EACH_ENTRY_SAFE +#@HAVE_KVCALLOC@ HAVE_KVCALLOC #@HAVE_KVFREE@ HAVE_KVFREE #@HAVE_XT_MTCHK_PARAM_STRUCT_NET@ HAVE_XT_MTCHK_PARAM_STRUCT_NET #@HAVE_TCF_EMATCH_OPS_CHANGE_ARG_NET@ HAVE_TCF_EMATCH_OPS_CHANGE_ARG_NET @@ -44,6 +47,7 @@ #@HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS@ HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS #@HAVE_TYPEDEF_SCTP_SCTPHDR_T@ HAVE_TYPEDEF_SCTP_SCTPHDR_T #@HAVE_TIMER_SETUP@ HAVE_TIMER_SETUP +#@HAVE_STRSCPY@ HAVE_STRSCPY #@HAVE_LOCKDEP_NFNL_IS_HELD@ HAVE_LOCKDEP_NFNL_IS_HELD #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H @@ -131,11 +135,13 @@ do { \ __kfree_rcu(&((ptr)->rcu_head), offsetof(typeof(*(ptr)), rcu_head)) #endif +#if 0 #ifdef CHECK_KCONFIG #ifndef CONFIG_SPARSE_RCU_POINTER #error "CONFIG_SPARSE_RCU_POINTER must be enabled" #endif #endif +#endif #if defined(CONFIG_NETFILTER_NETLINK) || defined(CONFIG_NETFILTER_NETLINK_MODULE) #else @@ -152,15 +158,26 @@ do { \ PAGE_KERNEL) #endif -#ifndef HAVE_ETHER_ADDR_EQUAL +#if !defined(HAVE_ETHER_ADDR_EQUAL) || !defined(HAVE_IS_ZERO_ETHER_ADDR) #include <linux/etherdevice.h> +#ifndef HAVE_ETHER_ADDR_EQUAL static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2) { return !compare_ether_addr(addr1, addr2); } #endif +#ifndef HAVE_IS_ZERO_ETHER_ADDR +static inline bool is_zero_ether_addr(const u8 *addr) +{ + return (*(const u16 *)(addr + 0) | + *(const u16 *)(addr + 2) | + *(const u16 *)(addr + 4)) == 0; +} +#endif +#endif + #ifndef HAVE_NLA_PUT_BE64 static inline int nla_put_be64(struct sk_buff *skb, int attrtype, __be64 value) { @@ -203,6 +220,10 @@ static inline int nla_put_net64(struct s ipv6_skip_exthdr(skbuff, start, nexthdrp) #endif +#ifndef HAVE_KVCALLOC +#define kvcalloc(n, size, flags) kcalloc(n, size, flags) +#endif + #ifndef HAVE_KVFREE #include <linux/vmalloc.h> static inline void kvfree(const void *addr) @@ -357,6 +378,10 @@ static inline u16 nfnl_msg_type(u8 subsy struct type *var = set->data #endif +#ifndef HAVE_STRSCPY +#define strscpy(dst, src, n) (strncpy(dst, src, n) == (dst)) +#endif + #ifndef smp_mb__before_atomic #define smp_mb__before_atomic() smp_mb() #define smp_mb__after_atomic() smp_mb()
  21. Download patch include/libipset/list_sort.h

    --- 6.38-1.2/include/libipset/list_sort.h 1970-01-01 00:00:00.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/list_sort.h 2018-12-10 17:35:31.000000000 +0000 @@ -0,0 +1,103 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_LIST_SORT_H +#define _LINUX_LIST_SORT_H + +/* List manipulations from include/linux/list.h */ +struct list_head { + struct list_head *next, *prev; +}; + +static inline void INIT_LIST_HEAD(struct list_head *list) +{ + list->next = list; + list->prev = list; +} + +static inline int list_empty(const struct list_head *head) +{ + return head->next == head; +} + +#define container_of(ptr, type, member) ({ \ + typeof( ((type *)0)->member ) *__mptr = (ptr); \ + (type *)( (char *)__mptr - offsetof(type,member) );}) + +#define list_entry(ptr, type, member) \ + container_of(ptr, type, member) + +#define list_first_entry(ptr, type, member) \ + list_entry((ptr)->next, type, member) + +static inline void __list_add(struct list_head *new, + struct list_head *prev, + struct list_head *next) +{ + next->prev = new; + new->next = next; + new->prev = prev; + prev->next = new; +} + +static inline void list_add(struct list_head *new, struct list_head *head) +{ + __list_add(new, head, head->next); +} + +static inline void list_add_tail(struct list_head *new, struct list_head *head) +{ + __list_add(new, head->prev, head); +} + +static inline void __list_del(struct list_head *prev, struct list_head *next) +{ + next->prev = prev; + prev->next = next; +} + +static inline void list_del(struct list_head *entry) +{ + __list_del(entry->prev, entry->next); + // entry->next = (void *) 0; + // entry->prev = (void *) 0; +} + +static inline void __list_splice(const struct list_head *list, + struct list_head *prev, + struct list_head *next) +{ + struct list_head *first = list->next; + struct list_head *last = list->prev; + + first->prev = prev; + prev->next = first; + + last->next = next; + next->prev = last; +} + +static inline void list_splice(const struct list_head *list, + struct list_head *head) +{ + if (!list_empty(list)) + __list_splice(list, head, head->next); +} + +#define list_for_each_entry(pos, head, member) \ + for (pos = list_entry((head)->next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_entry(pos->member.next, typeof(*pos), member)) + +#define list_for_each_entry_safe(pos, n, head, member) \ + for (pos = list_entry((head)->next, typeof(*pos), member), \ + n = list_entry(pos->member.next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = n, n = list_entry(n->member.next, typeof(*n), member)) + +#ifndef unlikely +#define unlikely(x) (!!(x) == 0) +#endif + +extern void list_sort(void *priv, struct list_head *head, + int (*cmp)(void *priv, struct list_head *a, + struct list_head *b)); +#endif
  22. Download patch libltdl/argz_.h

    --- 6.38-1.2/libltdl/argz_.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/argz_.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,68 +0,0 @@ -/* lt__argz.h -- internal argz interface for non-glibc systems - - Copyright (C) 2004, 2007, 2008 Free Software Foundation, Inc. - Written by Gary V. Vaughan, 2004 - - NOTE: The canonical source of this file is maintained with the - GNU Libtool package. Report bugs to bug-libtool@gnu.org. - -GNU Libltdl is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; either -version 2 of the License, or (at your option) any later version. - -As a special exception to the GNU Lesser General Public License, -if you distribute this file as part of a program or library that -is built using GNU Libtool, you may include this file under the -same distribution terms that you use for the rest of that program. - -GNU Libltdl is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with GNU Libltdl; see the file COPYING.LIB. If not, a -copy can be downloaded from http://www.gnu.org/licenses/lgpl.html, -or obtained by writing to the Free Software Foundation, Inc., -51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#if !defined(LT__ARGZ_H) -#define LT__ARGZ_H 1 - -#include <stdlib.h> -#define __need_error_t -#include <errno.h> -#include <sys/types.h> - -#if defined(LTDL) -# include "lt__glibc.h" -# include "lt_system.h" -#else -# define LT_SCOPE -#endif - -#if defined(__cplusplus) -extern "C" { -#endif - -LT_SCOPE error_t argz_append (char **pargz, size_t *pargz_len, - const char *buf, size_t buf_len); -LT_SCOPE error_t argz_create_sep(const char *str, int delim, - char **pargz, size_t *pargz_len); -LT_SCOPE error_t argz_insert (char **pargz, size_t *pargz_len, - char *before, const char *entry); -LT_SCOPE char * argz_next (char *argz, size_t argz_len, - const char *entry); -LT_SCOPE void argz_stringify (char *argz, size_t argz_len, int sep); - -#if defined(__cplusplus) -} -#endif - -#if !defined(LTDL) -# undef LT_SCOPE -#endif - -#endif /*!defined(LT__ARGZ_H)*/
  23. Download patch libltdl/loaders/preopen.c

    --- 6.38-1.2/libltdl/loaders/preopen.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/loaders/preopen.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,7 +1,7 @@ /* loader-preopen.c -- emulate dynamic linking using preloaded_symbols - Copyright (C) 1998, 1999, 2000, 2004, 2006, - 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1998-2000, 2004, 2006-2008, 2011-2015 Free Software + Foundation, Inc. Written by Thomas Tanner, 1998 NOTE: The canonical source of this file is maintained with the @@ -113,7 +113,7 @@ static const lt_dlsymlist *default_pre /* A function called through the vtable to initialise this loader. */ static int -vl_init (lt_user_data LT__UNUSED loader_data) +vl_init (lt_user_data loader_data LT__UNUSED) { int errors = 0; @@ -130,7 +130,7 @@ vl_init (lt_user_data LT__UNUSED loader_ /* A function called through the vtable when this loader is no longer needed by the application. */ static int -vl_exit (lt_user_data LT__UNUSED loader_data) +vl_exit (lt_user_data loader_data LT__UNUSED) { vtable = NULL; free_symlists (); @@ -142,8 +142,8 @@ vl_exit (lt_user_data LT__UNUSED loader_ loader. Returns an opaque representation of the newly opened module for processing with this loader's other vtable functions. */ static lt_module -vm_open (lt_user_data LT__UNUSED loader_data, const char *filename, - lt_dladvise LT__UNUSED advise) +vm_open (lt_user_data loader_data LT__UNUSED, const char *filename, + lt_dladvise advise LT__UNUSED) { symlist_chain *lists; lt_module module = 0; @@ -168,7 +168,7 @@ vm_open (lt_user_data LT__UNUSED loader_ const lt_dlsymlist *symbol; for (symbol= lists->symlist; symbol->name; ++symbol) { - if (!symbol->address && streq (symbol->name, filename)) + if (!symbol->address && STREQ (symbol->name, filename)) { /* If the next symbol's name and address is 0, it means the module just contains the originator and no symbols. @@ -195,7 +195,7 @@ vm_open (lt_user_data LT__UNUSED loader_ /* A function called through the vtable when a particular module should be unloaded. */ static int -vm_close (lt_user_data LT__UNUSED loader_data, lt_module LT__UNUSED module) +vm_close (lt_user_data loader_data LT__UNUSED, lt_module module LT__UNUSED) { /* Just to silence gcc -Wall */ module = 0; @@ -206,15 +206,20 @@ vm_close (lt_user_data LT__UNUSED loader /* A function called through the vtable to get the address of a symbol loaded from a particular module. */ static void * -vm_sym (lt_user_data LT__UNUSED loader_data, lt_module module, const char *name) +vm_sym (lt_user_data loader_data LT__UNUSED, lt_module module, const char *name) { lt_dlsymlist *symbol = (lt_dlsymlist*) module; + if (symbol[1].name && STREQ (symbol[1].name, "@INIT@")) + { + symbol++; /* Skip optional init entry. */ + } + symbol +=2; /* Skip header (originator then libname). */ while (symbol->name) { - if (streq (symbol->name, name)) + if (STREQ (symbol->name, name)) { return symbol->address; } @@ -273,6 +278,13 @@ add_symlist (const lt_dlsymlist *symlist tmp->symlist = symlist; tmp->next = preloaded_symlists; preloaded_symlists = tmp; + + if (symlist[1].name && STREQ (symlist[1].name, "@INIT@")) + { + void (*init_symlist)(void); + *(void **)(&init_symlist) = symlist[1].address; + (*init_symlist)(); + } } else { @@ -336,8 +348,8 @@ lt_dlpreload_open (const char *originato for (list = preloaded_symlists; list; list = list->next) { /* ...that was preloaded by the requesting ORIGINATOR... */ - if ((originator && streq (list->symlist->name, originator)) - || (!originator && streq (list->symlist->name, "@PROGRAM@"))) + if ((originator && STREQ (list->symlist->name, originator)) + || (!originator && STREQ (list->symlist->name, "@PROGRAM@"))) { const lt_dlsymlist *symbol; unsigned int idx = 0; @@ -349,7 +361,7 @@ lt_dlpreload_open (const char *originato while ((symbol = &list->symlist[++idx])->name != 0) { if ((symbol->address == 0) - && (strneq (symbol->name, "@PROGRAM@"))) + && (STRNEQ (symbol->name, "@PROGRAM@"))) { lt_dlhandle handle = lt_dlopen (symbol->name); if (handle == 0)
  24. Download patch kernel/ChangeLog

    --- 6.38-1.2/kernel/ChangeLog 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/ChangeLog 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,32 @@ +7.1 + - netfilter/ipset: replace a strncpy() with strscpy() (Qian Cai) + - netfilter: ipset: fix ip_set_byindex function (Florent Fourcot) + - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel + (Pan Bian) + - Correct workaround in patch "Fix calling ip_set() macro at dumping" + +7.0 + - Introduction of new commands and protocol version 7 + - License cleanup: add SPDX license identifier to uapi header files with + no license (Greg Kroah-Hartman) + - net: Convert ip_set_net_ops (Kirill Tkhai) + - netfilter: Replace spin_is_locked() with lockdep (Lance Roy) + - Fix calling ip_set() macro at dumping + - Correct rcu_dereference() call in ip_set_put_comment() + - netfilter: ipset: fix ip_set_list allocation failure (Andrey Ryabinin) + - ipset: Make invalid MAC address checks consisten (Stefano Brivio) + - ipset: Allow matching on destination MAC address for mac and ipmac sets + (Stefano Brivio) + - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net + (Eric Westbrook) + - ipset: list:set: Decrease refcount synchronously on deletion and replace + (Stefano Brivio) + - netfilter: ipset: forbid family for hash:mac sets (Florent Fourcot) + - Limit max timeout value to (UINT_MAX >> 1)/MSEC_PER_SEC + - List timing out entries with "timeout 1" instead of zero timeout value + (Fixes bugzilla #1258) + - netfilter: xt_set: Check hook mask correctly (Serhey Popovych) + 6.37 - netfilter: ipset: Use is_zero_ether_addr instead of static and memcmp (Joe Perches)
  25. Download patch include/libipset/data.h

    --- 6.38-1.2/include/libipset/data.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/data.h 2018-12-10 17:35:31.000000000 +0000 @@ -74,6 +74,7 @@ enum ipset_opt { IPSET_OPT_LINENO, IPSET_OPT_REVISION, IPSET_OPT_REVISION_MIN, + IPSET_OPT_INDEX, IPSET_OPT_MAX, };
  26. Download patch debian/control

    --- 6.38-1.2/debian/control 2018-09-01 17:28:18.000000000 +0000 +++ 7.1-0ubuntu1/debian/control 2019-03-15 11:10:50.000000000 +0000 @@ -42,7 +42,7 @@ Package: libipset-dev Section: libdevel Architecture: linux-any Multi-Arch: same -Depends: libipset11 (= ${binary:Version}), libmnl-dev, ${misc:Depends} +Depends: libipset13 (= ${binary:Version}), libmnl-dev, ${misc:Depends} Description: development files for IP sets IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel which can be administered by the ipset(8) utility. Depending on the type, currently an @@ -64,7 +64,7 @@ Description: development files for IP se This package contains the development libraries and header files you need to develop your programs using the IP sets library. -Package: libipset11 +Package: libipset13 Section: libs Architecture: linux-any Multi-Arch: same
  27. Download patch build-aux/config.guess
  28. Download patch build-aux/compile

    --- 6.38-1.2/build-aux/compile 2018-04-10 21:37:29.000000000 +0000 +++ 7.1-0ubuntu1/build-aux/compile 2018-12-11 12:29:04.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Written by Tom Tromey <tromey@cygnus.com>. # # This program is free software; you can redistribute it and/or modify
  29. Download patch libltdl/libltdl/lt__alloc.h

    --- 6.38-1.2/libltdl/libltdl/lt__alloc.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt__alloc.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,6 @@ /* lt__alloc.h -- internal memory management interface - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. Written by Gary V. Vaughan, 2004 NOTE: The canonical source of this file is maintained with the @@ -28,7 +28,7 @@ or obtained by writing to the Free Softw 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#if !defined(LT__ALLOC_H) +#if !defined LT__ALLOC_H #define LT__ALLOC_H 1 #include "lt_system.h" @@ -37,10 +37,10 @@ LT_BEGIN_C_DECLS #define MALLOC(tp, n) (tp*) lt__malloc((n) * sizeof(tp)) #define REALLOC(tp, mem, n) (tp*) lt__realloc((mem), (n) * sizeof(tp)) -#define FREE(mem) LT_STMT_START { \ - if (mem) { free ((void *)mem); mem = NULL; } } LT_STMT_END -#define MEMREASSIGN(p, q) LT_STMT_START { \ - if ((p) != (q)) { if (p) free (p); (p) = (q); (q) = 0; } \ +#define FREE(mem) LT_STMT_START { \ + free (mem); mem = NULL; } LT_STMT_END +#define MEMREASSIGN(p, q) LT_STMT_START { \ + if ((p) != (q)) { free (p); (p) = (q); (q) = 0; } \ } LT_STMT_END /* If set, this function is called when memory allocation has failed. */ @@ -55,4 +55,4 @@ LT_SCOPE char *lt__strdup (const char *s LT_END_C_DECLS -#endif /*!defined(LT__ALLOC_H)*/ +#endif /*!defined LT__ALLOC_H*/
  30. Download patch lib/mnl.c

    --- 6.38-1.2/lib/mnl.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/mnl.c 2018-12-10 17:35:31.000000000 +0000 @@ -13,7 +13,7 @@ #include <libipset/linux_ip_set.h> /* enum ipset_cmd */ #include <libipset/debug.h> /* D() */ #include <libipset/session.h> /* ipset_session_handle */ -#include <libipset/ui.h> /* IPSET_ENV_EXIST */ +#include <libipset/ipset.h> /* IPSET_ENV_EXIST */ #include <libipset/utils.h> /* UNUSED */ #include <libipset/mnl.h> /* prototypes */ @@ -115,7 +115,7 @@ ipset_mnl_query(struct ipset_handle *han ret = mnl_socket_recvfrom(handle->h, buffer, len); D("message received, ret: %d", ret); } - return ret > 0 ? 0 : ret; + return ret; } static struct ipset_handle *
  31. Download patch kernel/include/linux/netfilter/ipset/ip_set.h

    --- 6.38-1.2/kernel/include/linux/netfilter/ipset/ip_set.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/linux/netfilter/ipset/ip_set.h 2018-12-10 17:35:31.000000000 +0000 @@ -304,18 +304,18 @@ ip_set_put_flags(struct sk_buff *skb, st /* Netlink CB args */ enum { IPSET_CB_NET = 0, /* net namespace */ + IPSET_CB_PROTO, /* ipset protocol */ IPSET_CB_DUMP, /* dump single set/all sets */ IPSET_CB_INDEX, /* set index */ IPSET_CB_PRIVATE, /* set private data */ IPSET_CB_ARG0, /* type specific */ - IPSET_CB_ARG1, }; /* register and unregister set references */ extern ip_set_id_t ip_set_get_byname(struct net *net, const char *name, struct ip_set **set); extern void ip_set_put_byindex(struct net *net, ip_set_id_t index); -extern const char *ip_set_name_byindex(struct net *net, ip_set_id_t index); +extern void ip_set_name_byindex(struct net *net, ip_set_id_t index, char *name); extern ip_set_id_t ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index); extern void ip_set_nfnl_put(struct net *net, ip_set_id_t index);
  32. Download patch include/libipset/Makefile.in

    --- 6.38-1.2/include/libipset/Makefile.in 2018-04-10 21:37:29.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/Makefile.in 2018-12-11 12:29:04.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,17 +88,16 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = include/libipset -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(pkginclude_HEADERS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/argz.m4 \ - $(top_srcdir)/m4/ax_cflags_gcc_option.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltdl.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_cflags_gcc_option.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltargz.m4 \ + $(top_srcdir)/m4/ltdl.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(pkginclude_HEADERS) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -160,13 +169,13 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) pkgincludedir = ${includedir}/libipset ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ -ARGZ_H = @ARGZ_H@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -195,6 +204,8 @@ HAVE_ETHER_ADDR_EQUAL = @HAVE_ETHER_ADDR HAVE_EXPORT_H = @HAVE_EXPORT_H@ HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H = @HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H@ HAVE_IPV6_SKIP_EXTHDR_ARGS = @HAVE_IPV6_SKIP_EXTHDR_ARGS@ +HAVE_IS_ZERO_ETHER_ADDR = @HAVE_IS_ZERO_ETHER_ADDR@ +HAVE_KVCALLOC = @HAVE_KVCALLOC@ HAVE_KVFREE = @HAVE_KVFREE@ HAVE_LIST_LAST_ENTRY = @HAVE_LIST_LAST_ENTRY@ HAVE_LIST_NEXT_ENTRY = @HAVE_LIST_NEXT_ENTRY@ @@ -203,6 +214,7 @@ HAVE_NETLINK_DUMP_START_ARGS = @HAVE_NET HAVE_NETLINK_EXTENDED_ACK = @HAVE_NETLINK_EXTENDED_ACK@ HAVE_NET_IN_NFNL_CALLBACK_FN = @HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_XT_ACTION_PARAM = @HAVE_NET_IN_XT_ACTION_PARAM@ +HAVE_NET_OPS_ASYNC = @HAVE_NET_OPS_ASYNC@ HAVE_NET_OPS_ID = @HAVE_NET_OPS_ID@ HAVE_NFNL_LOCK_SUBSYS = @HAVE_NFNL_LOCK_SUBSYS@ HAVE_NFNL_MSG_TYPE = @HAVE_NFNL_MSG_TYPE@ @@ -217,6 +229,7 @@ HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS = HAVE_PASSING_EXTENDED_ACK_TO_PARSERS = @HAVE_PASSING_EXTENDED_ACK_TO_PARSERS@ HAVE_RBTREE_POSTORDER_FOR_EACH_ENTRY_SAFE = @HAVE_RBTREE_POSTORDER_FOR_EACH_ENTRY_SAFE@ HAVE_STATE_IN_XT_ACTION_PARAM = @HAVE_STATE_IN_XT_ACTION_PARAM@ +HAVE_STRSCPY = @HAVE_STRSCPY@ HAVE_STRUCT_XT_ACTION_PARAM = @HAVE_STRUCT_XT_ACTION_PARAM@ HAVE_TCF_EMATCH_OPS_CHANGE_ARG_NET = @HAVE_TCF_EMATCH_OPS_CHANGE_ARG_NET@ HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@ @@ -252,9 +265,11 @@ LTDLDEPS = @LTDLDEPS@ LTDLINCL = @LTDLINCL@ LTDLOPEN = @LTDLOPEN@ LTLIBOBJS = @LTLIBOBJS@ +LT_ARGZ_H = @LT_ARGZ_H@ LT_CONFIG_H = @LT_CONFIG_H@ LT_DLLOADERS = @LT_DLLOADERS@ LT_DLPREOPEN = @LT_DLPREOPEN@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MAXSETS = @MAXSETS@ @@ -332,6 +347,7 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -358,7 +374,7 @@ pkginclude_HEADERS = \ session.h \ transport.h \ types.h \ - ui.h \ + ipset.h \ utils.h EXTRA_DIST = debug.h icmp.h icmpv6.h @@ -377,7 +393,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefi echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/libipset/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign include/libipset/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -624,6 +639,8 @@ uninstall-am: uninstall-pkgincludeHEADER ps ps-am tags tags-am uninstall uninstall-am \ uninstall-pkgincludeHEADERS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded.
  33. Download patch kernel/net/netfilter/ipset/ip_set_hash_ipmac.c

    --- 6.38-1.2/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c 2018-12-10 17:35:31.000000000 +0000 @@ -36,9 +36,6 @@ MODULE_ALIAS("ip_set_hash:ip,mac"); /* Type specific function prefix */ #define HTYPE hash_ipmac -/* Zero valued element is not supported */ -static const unsigned char invalid_ether[ETH_ALEN] = { 0 }; - /* IPv4 variant */ /* Member elements */ @@ -103,8 +100,12 @@ hash_ipmac4_kadt(struct ip_set *set, con (skb_mac_header(skb) + ETH_HLEN) > skb->data) return -EINVAL; - memcpy(e.ether, eth_hdr(skb)->h_source, ETH_ALEN); - if (ether_addr_equal(e.ether, invalid_ether)) + if (opt->flags & IPSET_DIM_ONE_SRC) + ether_addr_copy(e.ether, eth_hdr(skb)->h_source); + else + ether_addr_copy(e.ether, eth_hdr(skb)->h_dest); + + if (is_zero_ether_addr(e.ether)) return -EINVAL; ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip); @@ -140,7 +141,7 @@ hash_ipmac4_uadt(struct ip_set *set, str if (ret) return ret; memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN); - if (ether_addr_equal(e.ether, invalid_ether)) + if (is_zero_ether_addr(e.ether)) return -IPSET_ERR_HASH_ELEM; return adtfn(set, &e, &ext, &ext, flags); @@ -211,16 +212,16 @@ hash_ipmac6_kadt(struct ip_set *set, con }; struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); - /* MAC can be src only */ - if (!(opt->flags & IPSET_DIM_TWO_SRC)) - return 0; - if (skb_mac_header(skb) < skb->head || (skb_mac_header(skb) + ETH_HLEN) > skb->data) return -EINVAL; - memcpy(e.ether, eth_hdr(skb)->h_source, ETH_ALEN); - if (ether_addr_equal(e.ether, invalid_ether)) + if (opt->flags & IPSET_DIM_ONE_SRC) + ether_addr_copy(e.ether, eth_hdr(skb)->h_source); + else + ether_addr_copy(e.ether, eth_hdr(skb)->h_dest); + + if (is_zero_ether_addr(e.ether)) return -EINVAL; ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6); @@ -260,7 +261,7 @@ hash_ipmac6_uadt(struct ip_set *set, str return ret; memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN); - if (ether_addr_equal(e.ether, invalid_ether)) + if (is_zero_ether_addr(e.ether)) return -IPSET_ERR_HASH_ELEM; return adtfn(set, &e, &ext, &ext, flags);
  34. Download patch lib/PROTOCOL

    --- 6.38-1.2/lib/PROTOCOL 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/PROTOCOL 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,5 @@ +PROTOCOL 6: + req: msg: IPSET_CMD_PROTOCOL attr: IPSET_ATTR_PROTOCOL @@ -88,3 +90,18 @@ resp: attr: IPSET_ATTR_TYPENAME IPSET_ATTR_FAMILY IPSET_ATTR_REVISION (version max) IPSET_ATTR_REVISION_MIN (version min, optional) + +PROTOCOL 7: PROTOCOL 6 + + +req: msg: IPSET_CMD_GET_BYNAME + attr: IPSET_ATTR_PROTOCOL + IPSET_ATTR_SETNAME + +resp: attr: IPSET_ATTR_INDEX + IPSET_ATTR_FAMILY + +req: msg: IPSET_CMD_GET_BYINDEX + attr: IPSET_ATTR_PROTOCOL + IPSET_ATTR_INDEX + +resp: attr: IPSET_ATTR_SETNAME
  35. Download patch include/libipset/linux_ip_set.h

    --- 6.38-1.2/include/libipset/linux_ip_set.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/linux_ip_set.h 2018-12-10 17:35:31.000000000 +0000 @@ -12,8 +12,9 @@ #include <linux/types.h> -/* The protocol version */ -#define IPSET_PROTOCOL 6 +/* The protocol versions */ +#define IPSET_PROTOCOL 7 +#define IPSET_PROTOCOL_MIN 6 /* The max length of strings including NUL: set and type identifiers */ #define IPSET_MAXNAMELEN 32 @@ -37,17 +38,19 @@ enum ipset_cmd { IPSET_CMD_TEST, /* 11: Test an element in a set */ IPSET_CMD_HEADER, /* 12: Get set header data only */ IPSET_CMD_TYPE, /* 13: Get set type */ + IPSET_CMD_GET_BYNAME, /* 14: Get set index by name */ + IPSET_CMD_GET_BYINDEX, /* 15: Get set name by index */ IPSET_MSG_MAX, /* Netlink message commands */ /* Commands in userspace: */ - IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ - IPSET_CMD_HELP, /* 15: Get help */ - IPSET_CMD_VERSION, /* 16: Get program version */ - IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ + IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 16: Enter restore mode */ + IPSET_CMD_HELP, /* 17: Get help */ + IPSET_CMD_VERSION, /* 18: Get program version */ + IPSET_CMD_QUIT, /* 19: Quit from interactive mode */ IPSET_CMD_MAX, - IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ + IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 20: Commit buffered commands */ }; /* Attributes at command level */ @@ -65,6 +68,7 @@ enum { IPSET_ATTR_LINENO, /* 9: Restore lineno */ IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ + IPSET_ATTR_INDEX, /* 11: Kernel index of set */ __IPSET_ATTR_CMD_MAX, }; #define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) @@ -222,6 +226,7 @@ enum ipset_adt { /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t * and IPSET_INVALID_ID if you want to increase the max number of sets. + * Also, IPSET_ATTR_INDEX must be changed. */ typedef __u16 ip_set_id_t;
  36. Download patch build-aux/missing

    --- 6.38-1.2/build-aux/missing 2018-04-10 21:37:29.000000000 +0000 +++ 7.1-0ubuntu1/build-aux/missing 2018-12-11 12:29:04.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify
  37. Download patch libltdl/libltdl/lt__dirent.h

    --- 6.38-1.2/libltdl/libltdl/lt__dirent.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt__dirent.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,7 @@ /* lt__dirent.h -- internal directory entry scanning interface - Copyright (C) 2001, 2004, 2006 Free Software Foundation, Inc. + Copyright (C) 2001, 2004, 2006, 2011-2015 Free Software Foundation, + Inc. Written by Bob Friesenhahn, 2001 NOTE: The canonical source of this file is maintained with the @@ -28,10 +29,10 @@ or obtained by writing to the Free Softw 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#if !defined(LT__DIRENT_H) +#if !defined LT__DIRENT_H #define LT__DIRENT_H 1 -#if defined(LT_CONFIG_H) +#if defined LT_CONFIG_H # include LT_CONFIG_H #else # include <config.h> @@ -80,8 +81,8 @@ LT_SCOPE void closedir (DIR *entry); LT_END_C_DECLS -#else /* !defined(__WINDOWS__)*/ +#else /* !defined __WINDOWS__*/ ERROR - cannot find dirent -#endif /*!defined(__WINDOWS__)*/ +#endif /*!defined __WINDOWS__*/ -#endif /*!defined(LT__DIRENT_H)*/ +#endif /*!defined LT__DIRENT_H*/
  38. Download patch lib/Makefile.am

    --- 6.38-1.2/lib/Makefile.am 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/Makefile.am 2018-12-10 17:35:31.000000000 +0000 @@ -32,12 +32,13 @@ libipset_la_SOURCES = \ errcode.c \ icmp.c \ icmpv6.c \ + list_sort.c \ mnl.c \ parse.c \ print.c \ session.c \ types.c \ - ui.c \ + ipset.c \ types_init.c EXTRA_libipset_la_SOURCES = \ @@ -48,6 +49,8 @@ EXTRA_DIST = $(IPSET_SETTYPE_LIST) libip pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libipset.pc +dist_man_MANS = libipset.3 + sparse-check: $(libipset_la_SOURCES:.c=.d) %.d: %.c
  39. Download patch include/libipset/ipset.h

    --- 6.38-1.2/include/libipset/ipset.h 1970-01-01 00:00:00.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/ipset.h 2018-12-10 17:35:31.000000000 +0000 @@ -0,0 +1,90 @@ +/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ +#ifndef LIBIPSET_IPSET_H +#define LIBIPSET_IPSET_H + +#include <stdbool.h> /* bool */ +#include <libipset/linux_ip_set.h> /* enum ipset_cmd */ +#include <libipset/session.h> /* ipset_session_* */ +#include <libipset/types.h> /* ipset_load_types */ + +#define IPSET_CMD_ALIASES 3 + +/* Commands in userspace */ +struct ipset_commands { + enum ipset_cmd cmd; + int has_arg; + const char *name[IPSET_CMD_ALIASES]; + const char *help; +}; + +#ifdef __cplusplus +extern "C" { +#endif + +extern const struct ipset_commands ipset_commands[]; + +struct ipset_session; +struct ipset_data; +struct ipset; + + +/* Environment options */ +struct ipset_envopts { + int flag; + int has_arg; + const char *name[2]; + const char *help; + int (*parse)(struct ipset *ipset, int flag, const char *str); + int (*print)(char *buf, unsigned int len, + const struct ipset_data *data, int flag, uint8_t env); +}; + +extern const struct ipset_envopts ipset_envopts[]; + +extern bool ipset_match_cmd(const char *arg, const char * const name[]); +extern bool ipset_match_option(const char *arg, const char * const name[]); +extern bool ipset_match_envopt(const char *arg, const char * const name[]); +extern void ipset_port_usage(void); +extern int ipset_parse_filename(struct ipset *ipset, int opt, const char *str); +extern int ipset_parse_output(struct ipset *ipset, + int opt, const char *str); +extern int ipset_envopt_parse(struct ipset *ipset, + int env, const char *str); + +enum ipset_exittype { + IPSET_NO_PROBLEM = 0, + IPSET_OTHER_PROBLEM, + IPSET_PARAMETER_PROBLEM, + IPSET_VERSION_PROBLEM, + IPSET_SESSION_PROBLEM, +}; + +typedef int (*ipset_custom_errorfn)(struct ipset *ipset, void *p, + int status, const char *msg, ...) + __attribute__ ((format (printf, 4, 5))); +typedef int (*ipset_standard_errorfn)(struct ipset *ipset, void *p); + +extern struct ipset_session * ipset_session(struct ipset *ipset); +extern bool ipset_is_interactive(struct ipset *ipset); +extern int ipset_custom_printf(struct ipset *ipset, + ipset_custom_errorfn custom_error, + ipset_standard_errorfn standard_error, + ipset_print_outfn outfn, + void *p); + +extern int ipset_parse_argv(struct ipset *ipset, int argc, char *argv[]); +extern int ipset_parse_line(struct ipset *ipset, char *line); +extern int ipset_parse_stream(struct ipset *ipset, FILE *f); +extern struct ipset * ipset_init(void); +extern int ipset_fini(struct ipset *ipset); + +#ifdef __cplusplus +} +#endif + +#endif /* LIBIPSET_IPSET_H */
  40. Download patch ChangeLog

    --- 6.38-1.2/ChangeLog 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/ChangeLog 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,33 @@ +7.1 + - Add compatibility support for strscpy() + - Correct the manpage about the sort option + - Add missing functions to libipset.map + - configure.ac: Fix build regression on RHEL/CentOS/SL + (Serhey Popovych) + - Implement sorting for hash types in the ipset tool + - Fix to list/save into file specified by option + (reported by Isaac Good) + +7.0 + - Introduction of new commands and protocol version 7, updated + kernel include files + - Add compatibility support for async in pernet_operations + - Use more robust awk patterns to check for backward compatibility + - Prepare the ipset tool to handle multiple protocol version + - Fix warning message handling + - Correct to test null valued entry in hash:net6,port,net6 test + - Library reworked to support embedding ipset completely + - Add compatibility to support kvcalloc() + - Validate string type attributes in attr2data() (Stefano Brivio) + - manpage: Add comment about matching on destination MAC address + (Stefano Brivio) + - Add compatibility to support is_zero_ether_addr() + - Fix use-after-free in ipset_parse_name_compat() (Stefano Brivio) + - Fix leak in build_argv() on line parsing error (Stefano Brivio) + - Simplify return statement in ipset_mnl_query() (Stefano Brivio) + - tests/check_klog.sh: Try dmesg too, don't let shell terminate script + (Stefano Brivio) + 6.38 - Fix API version number
  41. Download patch lib/list_sort.c

    --- 6.38-1.2/lib/list_sort.c 1970-01-01 00:00:00.000000000 +0000 +++ 7.1-0ubuntu1/lib/list_sort.c 2018-12-10 17:35:31.000000000 +0000 @@ -0,0 +1,141 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copied from the Linux kernel lib/list_sort.c file */ +#include <stdlib.h> +#include <string.h> /* memset */ +#include <libipset/list_sort.h> + +#define MAX_LIST_LENGTH_BITS 20 + +/* + * Returns a list organized in an intermediate format suited + * to chaining of merge() calls: null-terminated, no reserved or + * sentinel head node, "prev" links not maintained. + */ +static struct list_head *merge(void *priv, + int (*cmp)(void *priv, struct list_head *a, + struct list_head *b), + struct list_head *a, struct list_head *b) +{ + struct list_head head, *tail = &head; + + while (a && b) { + /* if equal, take 'a' -- important for sort stability */ + if ((*cmp)(priv, a, b) <= 0) { + tail->next = a; + a = a->next; + } else { + tail->next = b; + b = b->next; + } + tail = tail->next; + } + tail->next = a?:b; + return head.next; +} + +/* + * Combine final list merge with restoration of standard doubly-linked + * list structure. This approach duplicates code from merge(), but + * runs faster than the tidier alternatives of either a separate final + * prev-link restoration pass, or maintaining the prev links + * throughout. + */ +static void merge_and_restore_back_links(void *priv, + int (*cmp)(void *priv, struct list_head *a, + struct list_head *b), + struct list_head *head, + struct list_head *a, struct list_head *b) +{ + struct list_head *tail = head; + int count = 0; + + while (a && b) { + /* if equal, take 'a' -- important for sort stability */ + if ((*cmp)(priv, a, b) <= 0) { + tail->next = a; + a->prev = tail; + a = a->next; + } else { + tail->next = b; + b->prev = tail; + b = b->next; + } + tail = tail->next; + } + tail->next = a ? : b; + + do { + /* + * In worst cases this loop may run many iterations. + * Continue callbacks to the client even though no + * element comparison is needed, so the client's cmp() + * routine can invoke cond_resched() periodically. + */ + if (unlikely(!(++count))) + (*cmp)(priv, tail->next, tail->next); + + tail->next->prev = tail; + tail = tail->next; + } while (tail->next); + + tail->next = head; + head->prev = tail; +} + +/** + * list_sort - sort a list + * @priv: private data, opaque to list_sort(), passed to @cmp + * @head: the list to sort + * @cmp: the elements comparison function + * + * This function implements "merge sort", which has O(nlog(n)) + * complexity. + * + * The comparison function @cmp must return a negative value if @a + * should sort before @b, and a positive value if @a should sort after + * @b. If @a and @b are equivalent, and their original relative + * ordering is to be preserved, @cmp must return 0. + */ +void list_sort(void *priv, struct list_head *head, + int (*cmp)(void *priv, struct list_head *a, + struct list_head *b)) +{ + struct list_head *part[MAX_LIST_LENGTH_BITS+1]; /* sorted partial lists + -- last slot is a sentinel */ + int lev; /* index into part[] */ + int max_lev = 0; + struct list_head *list; + + if (list_empty(head)) + return; + + memset(part, 0, sizeof(part)); + + head->prev->next = NULL; + list = head->next; + + while (list) { + struct list_head *cur = list; + list = list->next; + cur->next = NULL; + + for (lev = 0; part[lev]; lev++) { + cur = merge(priv, cmp, part[lev], cur); + part[lev] = NULL; + } + if (lev > max_lev) { + if (unlikely(lev >= MAX_LIST_LENGTH_BITS)) { + // printk_once(KERN_DEBUG "list too long for efficiency\n"); + lev--; + } + max_lev = lev; + } + part[lev] = cur; + } + + for (lev = 0; lev < max_lev; lev++) + if (part[lev]) + list = merge(priv, cmp, part[lev], list); + + merge_and_restore_back_links(priv, cmp, head, part[max_lev], list); +}
  42. Download patch debian/ipset.preinst

    --- 6.38-1.2/debian/ipset.preinst 2019-05-06 08:55:51.000000000 +0000 +++ 7.1-0ubuntu1/debian/ipset.preinst 1970-01-01 00:00:00.000000000 +0000 @@ -1,9 +0,0 @@ -#!/bin/sh - -set -e - -dpkg-maintscript-helper rm_conffile /etc/bash_completion.d/ipset 6.25.1-1~ -- "$@" - -#DEBHELPER# - -exit 0
  43. Download patch configure.ac
  44. Download patch kernel/include/uapi/linux/netfilter/ipset/ip_set_hash.h

    --- 6.38-1.2/kernel/include/uapi/linux/netfilter/ipset/ip_set_hash.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/uapi/linux/netfilter/ipset/ip_set_hash.h 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef _UAPI__IP_SET_HASH_H #define _UAPI__IP_SET_HASH_H
  45. Download patch libltdl/loaders/load_add_on.c

    --- 6.38-1.2/libltdl/loaders/load_add_on.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/loaders/load_add_on.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,7 +1,7 @@ /* loader-load_add_on.c -- dynamic linking for BeOS - Copyright (C) 1998, 1999, 2000, 2004, 2006, - 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1998-2000, 2004, 2006-2008, 2011-2015 Free Software + Foundation, Inc. Written by Thomas Tanner, 1998 NOTE: The canonical source of this file is maintained with the @@ -95,7 +95,7 @@ get_vtable (lt_user_data loader_data) /* A function called through the vtable when this loader is no longer needed by the application. */ static int -vl_exit (lt_user_data LT__UNUSED loader_data) +vl_exit (lt_user_data loader_data LT__UNUSED) { vtable = NULL; return 0; @@ -105,8 +105,8 @@ vl_exit (lt_user_data LT__UNUSED loader_ loader. Returns an opaque representation of the newly opened module for processing with this loader's other vtable functions. */ static lt_module -vm_open (lt_user_data LT__UNUSED loader_data, const char *filename, - lt_dladvise LT__UNUSED advise) +vm_open (lt_user_data loader_data LT__UNUSED, const char *filename, + lt_dladvise advise LT__UNUSED) { image_id image = 0; @@ -135,7 +135,7 @@ vm_open (lt_user_data LT__UNUSED loader_ /* A function called through the vtable when a particular module should be unloaded. */ static int -vm_close (lt_user_data LT__UNUSED loader_data, lt_module module) +vm_close (lt_user_data loader_data LT__UNUSED, lt_module module) { int errors = 0; @@ -152,7 +152,7 @@ vm_close (lt_user_data LT__UNUSED loader /* A function called through the vtable to get the address of a symbol loaded from a particular module. */ static void * -vm_sym (lt_user_data LT__UNUSED loader_data, lt_module module, const char *name) +vm_sym (lt_user_data loader_data LT__UNUSED, lt_module module, const char *name) { void *address = 0; image_id image = (image_id) module;
  46. Download patch libltdl/ltdl.mk

    --- 6.38-1.2/libltdl/ltdl.mk 1970-01-01 00:00:00.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/ltdl.mk 2018-12-11 12:29:00.000000000 +0000 @@ -0,0 +1,149 @@ +## ltdl.mk -- includable Makefile snippet +## +## Copyright (C) 2003-2005, 2007, 2011-2015 Free Software Foundation, +## Inc. +## Written by Gary V. Vaughan, 2003 +## +## NOTE: The canonical source of this file is maintained with the +## GNU Libtool package. Report bugs to bug-libtool@gnu.org. +## +## GNU Libltdl is free software; you can redistribute it and/or +## modify it under the terms of the GNU Lesser General Public +## License as published by the Free Software Foundation; either +## version 2 of the License, or (at your option) any later version. +## +## As a special exception to the GNU Lesser General Public License, +## if you distribute this file as part of a program or library that +## is built using GNU libtool, you may include this file under the +## same distribution terms that you use for the rest of that program. +## +## GNU Libltdl is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU Lesser General Public License for more details. +## +## You should have received a copy of the GNU LesserGeneral Public +## License along with GNU Libltdl; see the file COPYING.LIB. If not, a +## copy can be downloaded from http://www.gnu.org/licenses/lgpl.html, +## or obtained by writing to the Free Software Foundation, Inc., +## 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +##### + +## DO NOT REMOVE THIS LINE -- make depends on it + +# -I$(srcdir) is needed for user that built libltdl with a sub-Automake +# (not as a sub-package!) using 'nostdinc': +AM_CPPFLAGS += -DLT_CONFIG_H='<$(LT_CONFIG_H)>' \ + -DLTDL -I. -I$(srcdir) -Ilibltdl \ + -I$(srcdir)/libltdl -Ilibltdl/libltdl \ + -I$(srcdir)/libltdl/libltdl +AM_LDFLAGS += -no-undefined +LTDL_VERSION_INFO = -version-info 10:1:3 + +noinst_LTLIBRARIES += $(LT_DLLOADERS) + +if INSTALL_LTDL +ltdlincludedir = $(includedir)/libltdl +ltdlinclude_HEADERS = libltdl/libltdl/lt_system.h \ + libltdl/libltdl/lt_error.h \ + libltdl/libltdl/lt_dlloader.h +include_HEADERS += libltdl/ltdl.h +lib_LTLIBRARIES += libltdl/libltdl.la +endif + +if CONVENIENCE_LTDL +noinst_LTLIBRARIES += libltdl/libltdlc.la +endif + +libltdl_libltdl_la_SOURCES = libltdl/libltdl/lt__alloc.h \ + libltdl/libltdl/lt__dirent.h \ + libltdl/libltdl/lt__glibc.h \ + libltdl/libltdl/lt__private.h \ + libltdl/libltdl/lt__strl.h \ + libltdl/libltdl/lt_dlloader.h \ + libltdl/libltdl/lt_error.h \ + libltdl/libltdl/lt_system.h \ + libltdl/libltdl/slist.h \ + libltdl/loaders/preopen.c \ + libltdl/lt__alloc.c \ + libltdl/lt_dlloader.c \ + libltdl/lt_error.c \ + libltdl/ltdl.c \ + libltdl/ltdl.h \ + libltdl/slist.c + +EXTRA_DIST += libltdl/lt__dirent.c \ + libltdl/lt__strl.c + +libltdl_libltdl_la_CPPFLAGS = -DLTDLOPEN=$(LTDLOPEN) $(AM_CPPFLAGS) +libltdl_libltdl_la_LDFLAGS = $(AM_LDFLAGS) $(LTDL_VERSION_INFO) $(LT_DLPREOPEN) +libltdl_libltdl_la_LIBADD = $(ltdl_LTLIBOBJS) +libltdl_libltdl_la_DEPENDENCIES = $(LT_DLLOADERS) $(ltdl_LTLIBOBJS) + +libltdl_libltdlc_la_SOURCES = $(libltdl_libltdl_la_SOURCES) +libltdl_libltdlc_la_CPPFLAGS = -DLTDLOPEN=$(LTDLOPEN)c $(AM_CPPFLAGS) +libltdl_libltdlc_la_LDFLAGS = $(AM_LDFLAGS) $(LT_DLPREOPEN) +libltdl_libltdlc_la_LIBADD = $(libltdl_libltdl_la_LIBADD) +libltdl_libltdlc_la_DEPENDENCIES= $(libltdl_libltdl_la_DEPENDENCIES) + +## The loaders are preopened by libltdl, itself always built from +## pic-objects (either as a shared library, or a convenience library), +## so the loaders themselves must be made from pic-objects too. We +## use convenience libraries for that purpose: +EXTRA_LTLIBRARIES += libltdl/dlopen.la \ + libltdl/dld_link.la \ + libltdl/dyld.la \ + libltdl/load_add_on.la \ + libltdl/loadlibrary.la \ + libltdl/shl_load.la + +libltdl_dlopen_la_SOURCES = libltdl/loaders/dlopen.c +libltdl_dlopen_la_LDFLAGS = -module -avoid-version +libltdl_dlopen_la_LIBADD = $(LIBADD_DLOPEN) + +libltdl_dld_link_la_SOURCES = libltdl/loaders/dld_link.c +libltdl_dld_link_la_LDFLAGS = -module -avoid-version +libltdl_dld_link_la_LIBADD = -ldld + +libltdl_dyld_la_SOURCES = libltdl/loaders/dyld.c +libltdl_dyld_la_LDFLAGS = -module -avoid-version + +libltdl_load_add_on_la_SOURCES = libltdl/loaders/load_add_on.c +libltdl_load_add_on_la_LDFLAGS = -module -avoid-version + +libltdl_loadlibrary_la_SOURCES = libltdl/loaders/loadlibrary.c +libltdl_loadlibrary_la_LDFLAGS = -module -avoid-version + +libltdl_shl_load_la_SOURCES = libltdl/loaders/shl_load.c +libltdl_shl_load_la_LDFLAGS = -module -avoid-version +libltdl_shl_load_la_LIBADD = $(LIBADD_SHL_LOAD) + +## Make sure these will be cleaned even when they're not built by default: +CLEANFILES += libltdl/libltdl.la \ + libltdl/libltdlc.la \ + libltdl/libdlloader.la + +## Automake-1.9.6 doesn't clean subdir AC_LIBOBJ compiled objects +## automatically: +CLEANFILES += $(ltdl_LIBOBJS) $(ltdl_LTLIBOBJS) + +EXTRA_DIST += libltdl/COPYING.LIB \ + libltdl/README + +## --------------------------- ## +## Gnulib Makefile.am snippets ## +## --------------------------- ## + +BUILT_SOURCES += libltdl/libltdl/$(LT_ARGZ_H) +EXTRA_DIST += libltdl/libltdl/lt__argz_.h \ + libltdl/lt__argz.c + +# We need the following in order to create an <argz.h> when the system +# doesn't have one that works with the given compiler. +all-local $(lib_OBJECTS): libltdl/libltdl/$(LT_ARGZ_H) +libltdl/libltdl/lt__argz.h: libltdl/libltdl/lt__argz_.h + $(AM_V_at)$(mkinstalldirs) . libltdl/libltdl + $(AM_V_GEN)cp $(srcdir)/libltdl/libltdl/lt__argz_.h $@-t + $(AM_V_at)mv $@-t $@ +MOSTLYCLEANFILES += libltdl/libltdl/lt__argz.h \ + libltdl/libltdl/lt__argz.h-t
  47. Download patch libltdl/libltdl/lt__strl.h

    --- 6.38-1.2/libltdl/libltdl/lt__strl.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt__strl.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,6 @@ /* lt__strl.h -- size-bounded string copying and concatenation - Copyright (C) 2004, 2006 Free Software Foundation, Inc. + Copyright (C) 2004, 2006, 2011-2015 Free Software Foundation, Inc. Written by Bob Friesenhahn, 2004 NOTE: The canonical source of this file is maintained with the @@ -28,10 +28,10 @@ or obtained by writing to the Free Softw 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -#if !defined(LT__STRL_H) +#if !defined LT__STRL_H #define LT__STRL_H 1 -#if defined(LT_CONFIG_H) +#if defined LT_CONFIG_H # include LT_CONFIG_H #else # include <config.h> @@ -40,14 +40,14 @@ or obtained by writing to the Free Softw #include <string.h> #include "lt_system.h" -#if !defined(HAVE_STRLCAT) +#if !defined HAVE_STRLCAT # define strlcat(dst,src,dstsize) lt_strlcat(dst,src,dstsize) LT_SCOPE size_t lt_strlcat(char *dst, const char *src, const size_t dstsize); -#endif /* !defined(HAVE_STRLCAT) */ +#endif /* !defined HAVE_STRLCAT */ -#if !defined(HAVE_STRLCPY) +#if !defined HAVE_STRLCPY # define strlcpy(dst,src,dstsize) lt_strlcpy(dst,src,dstsize) LT_SCOPE size_t lt_strlcpy(char *dst, const char *src, const size_t dstsize); -#endif /* !defined(HAVE_STRLCPY) */ +#endif /* !defined HAVE_STRLCPY */ -#endif /*!defined(LT__STRL_H)*/ +#endif /*!defined LT__STRL_H*/
  48. Download patch build-aux/config.sub
  49. Download patch libltdl/loaders/dlopen.c

    --- 6.38-1.2/libltdl/loaders/dlopen.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/loaders/dlopen.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,7 +1,7 @@ /* loader-dlopen.c -- dynamic linking with dlopen/dlsym - Copyright (C) 1998, 1999, 2000, 2004, 2006, - 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1998-2000, 2004, 2006-2008, 2011-2015 Free Software + Foundation, Inc. Written by Thomas Tanner, 1998 NOTE: The canonical source of this file is maintained with the @@ -68,7 +68,7 @@ get_vtable (lt_user_data loader_data) if (vtable && !vtable->name) { vtable->name = "lt_dlopen"; -#if defined(DLSYM_USCORE) +#if defined DLSYM_USCORE vtable->sym_prefix = "_"; #endif vtable->module_open = vm_open; @@ -93,53 +93,53 @@ get_vtable (lt_user_data loader_data) /* --- IMPLEMENTATION --- */ -#if defined(HAVE_DLFCN_H) +#if defined HAVE_DLFCN_H # include <dlfcn.h> #endif -#if defined(HAVE_SYS_DL_H) +#if defined HAVE_SYS_DL_H # include <sys/dl.h> #endif /* We may have to define LT_LAZY_OR_NOW in the command line if we find out it does not work in some platform. */ -#if !defined(LT_LAZY_OR_NOW) -# if defined(RTLD_LAZY) +#if !defined LT_LAZY_OR_NOW +# if defined RTLD_LAZY # define LT_LAZY_OR_NOW RTLD_LAZY # else -# if defined(DL_LAZY) +# if defined DL_LAZY # define LT_LAZY_OR_NOW DL_LAZY # endif # endif /* !RTLD_LAZY */ #endif -#if !defined(LT_LAZY_OR_NOW) -# if defined(RTLD_NOW) +#if !defined LT_LAZY_OR_NOW +# if defined RTLD_NOW # define LT_LAZY_OR_NOW RTLD_NOW # else -# if defined(DL_NOW) +# if defined DL_NOW # define LT_LAZY_OR_NOW DL_NOW # endif # endif /* !RTLD_NOW */ #endif -#if !defined(LT_LAZY_OR_NOW) +#if !defined LT_LAZY_OR_NOW # define LT_LAZY_OR_NOW 0 #endif /* !LT_LAZY_OR_NOW */ /* We only support local and global symbols from modules for loaders that provide such a thing, otherwise the system default is used. */ -#if !defined(RTLD_GLOBAL) -# if defined(DL_GLOBAL) +#if !defined RTLD_GLOBAL +# if defined DL_GLOBAL # define RTLD_GLOBAL DL_GLOBAL # endif #endif /* !RTLD_GLOBAL */ -#if !defined(RTLD_LOCAL) -# if defined(DL_LOCAL) +#if !defined RTLD_LOCAL +# if defined DL_LOCAL # define RTLD_LOCAL DL_LOCAL # endif #endif /* !RTLD_LOCAL */ -#if defined(HAVE_DLERROR) +#if defined HAVE_DLERROR # define DLERROR(arg) dlerror () #else # define DLERROR(arg) LT__STRERROR (arg) @@ -152,7 +152,7 @@ get_vtable (lt_user_data loader_data) /* A function called through the vtable when this loader is no longer needed by the application. */ static int -vl_exit (lt_user_data LT__UNUSED loader_data) +vl_exit (lt_user_data loader_data LT__UNUSED) { vtable = NULL; return 0; @@ -163,11 +163,14 @@ vl_exit (lt_user_data LT__UNUSED loader_ loader. Returns an opaque representation of the newly opened module for processing with this loader's other vtable functions. */ static lt_module -vm_open (lt_user_data LT__UNUSED loader_data, const char *filename, +vm_open (lt_user_data loader_data LT__UNUSED, const char *filename, lt_dladvise advise) { int module_flags = LT_LAZY_OR_NOW; lt_module module; +#ifdef RTLD_MEMBER + int len = LT_STRLEN (filename); +#endif if (advise) { @@ -191,8 +194,45 @@ vm_open (lt_user_data LT__UNUSED loader_ #endif } +#ifdef RTLD_MEMBER /* AIX */ + if (len >= 4) /* at least "l(m)" */ + { + /* Advise loading an archive member only if the filename really + contains both the opening and closing parent, and a member. */ + if (filename[len-1] == ')') + { + const char *opening = strrchr(filename, '('); + if (opening && opening < (filename+len-2) && strchr(opening+1, '/') == NULL) + module_flags |= RTLD_MEMBER; + } + } +#endif + module = dlopen (filename, module_flags); +#if defined RTLD_MEMBER && defined LT_SHARED_LIB_MEMBER + if (!module && len && !(module_flags & RTLD_MEMBER) && errno == ENOEXEC) + { + /* Loading without a member specified failed with "Exec format error". + So the file is there, but either has wrong bitwidth, or is an + archive eventually containing the default shared archive member. + Retry with default member, getting same error in worst case. */ + const char *member = LT_SHARED_LIB_MEMBER; + + char *attempt = MALLOC (char, len + strlen (member) + 1); + if (!attempt) + { + LT__SETERROR (NO_MEMORY); + return module; + } + + sprintf (attempt, "%s%s", filename, member); + module = vm_open (loader_data, attempt, advise); + FREE (attempt); + return module; + } +#endif + if (!module) { DL__SETERROR (CANNOT_OPEN); @@ -205,7 +245,7 @@ vm_open (lt_user_data LT__UNUSED loader_ /* A function called through the vtable when a particular module should be unloaded. */ static int -vm_close (lt_user_data LT__UNUSED loader_data, lt_module module) +vm_close (lt_user_data loader_data LT__UNUSED, lt_module module) { int errors = 0; @@ -222,7 +262,7 @@ vm_close (lt_user_data LT__UNUSED loader /* A function called through the vtable to get the address of a symbol loaded from a particular module. */ static void * -vm_sym (lt_user_data LT__UNUSED loader_data, lt_module module, const char *name) +vm_sym (lt_user_data loader_data LT__UNUSED, lt_module module, const char *name) { void *address = dlsym (module, name);
  50. Download patch lib/ipset_hash_ipportip.c

    --- 6.38-1.2/lib/ipset_hash_ipportip.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/ipset_hash_ipportip.c 2018-12-10 17:35:31.000000000 +0000 @@ -7,7 +7,7 @@ #include <libipset/data.h> /* IPSET_OPT_* */ #include <libipset/parse.h> /* parser functions */ #include <libipset/print.h> /* printing functions */ -#include <libipset/ui.h> /* ipset_port_usage */ +#include <libipset/ipset.h> /* ipset_port_usage */ #include <libipset/types.h> /* prototypes */ /* SCTP and UDPLITE support */
  51. Download patch lib/Makefile.in
  52. Download patch kernel/net/netfilter/ipset/ip_set_hash_netportnet.c

    --- 6.38-1.2/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c 2018-12-10 17:35:31.000000000 +0000 @@ -213,13 +213,13 @@ hash_netportnet4_uadt(struct ip_set *set if (tb[IPSET_ATTR_CIDR]) { e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); - if (!e.cidr[0] || e.cidr[0] > HOST_MASK) + if (e.cidr[0] > HOST_MASK) return -IPSET_ERR_INVALID_CIDR; } if (tb[IPSET_ATTR_CIDR2]) { e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); - if (!e.cidr[1] || e.cidr[1] > HOST_MASK) + if (e.cidr[1] > HOST_MASK) return -IPSET_ERR_INVALID_CIDR; } @@ -493,13 +493,13 @@ hash_netportnet6_uadt(struct ip_set *set if (tb[IPSET_ATTR_CIDR]) { e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); - if (!e.cidr[0] || e.cidr[0] > HOST_MASK) + if (e.cidr[0] > HOST_MASK) return -IPSET_ERR_INVALID_CIDR; } if (tb[IPSET_ATTR_CIDR2]) { e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); - if (!e.cidr[1] || e.cidr[1] > HOST_MASK) + if (e.cidr[1] > HOST_MASK) return -IPSET_ERR_INVALID_CIDR; }
  53. Download patch libltdl/lt__strl.c

    --- 6.38-1.2/libltdl/lt__strl.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/lt__strl.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,6 @@ /* lt__strl.c -- size-bounded string copying and concatenation - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. Written by Bob Friesenhahn, 2004 NOTE: The canonical source of this file is maintained with the @@ -36,9 +36,9 @@ or obtained by writing to the Free Softw /* lt_strlcat appends the NULL-terminated string src to the end of dst. It will append at most dstsize - strlen(dst) - 1 bytes, - NULL-terminating the result. The total length of the string which + NULL-terminating the result. The total length of the string that would have been created given sufficient buffer size (may be longer - than dstsize) is returned. This function substitutes for strlcat() + than dstsize) is returned. This function substitutes for strlcat(), which is available under NetBSD, FreeBSD and Solaris 9. Buffer overflow can be checked as follows: @@ -46,7 +46,7 @@ or obtained by writing to the Free Softw if (lt_strlcat(dst, src, dstsize) >= dstsize) return -1; */ -#if !defined(HAVE_STRLCAT) +#if !defined HAVE_STRLCAT size_t lt_strlcat(char *dst, const char *src, const size_t dstsize) { @@ -65,7 +65,7 @@ lt_strlcat(char *dst, const char *src, c size - 1. */ for ( p = dst + length, q = src; - (*q != 0) && (length < dstsize - 1) ; + (*q != 0) && (length < dstsize - 1); length++, p++, q++ ) *p = *q; @@ -79,14 +79,14 @@ lt_strlcat(char *dst, const char *src, c return length; } -#endif /* !defined(HAVE_STRLCAT) */ +#endif /* !defined HAVE_STRLCAT */ /* lt_strlcpy copies up to dstsize - 1 characters from the NULL-terminated string src to dst, NULL-terminating the result. The total length of - the string which would have been created given sufficient buffer + the string that would have been created given sufficient buffer size (may be longer than dstsize) is returned. This function - substitutes for strlcpy() which is available under OpenBSD, FreeBSD + substitutes for strlcpy(), which is available under OpenBSD, FreeBSD and Solaris 9. Buffer overflow can be checked as follows: @@ -94,7 +94,7 @@ lt_strlcat(char *dst, const char *src, c if (lt_strlcpy(dst, src, dstsize) >= dstsize) return -1; */ -#if !defined(HAVE_STRLCPY) +#if !defined HAVE_STRLCPY size_t lt_strlcpy(char *dst, const char *src, const size_t dstsize) { @@ -109,8 +109,8 @@ lt_strlcpy(char *dst, const char *src, c /* Copy src to dst within bounds of size-1. */ - for ( p=dst, q=src, length=0 ; - (*q != 0) && (length < dstsize-1) ; + for ( p=dst, q=src, length=0; + (*q != 0) && (length < dstsize-1); length++, p++, q++ ) *p = *q; @@ -124,4 +124,4 @@ lt_strlcpy(char *dst, const char *src, c return length; } -#endif /* !defined(HAVE_STRLCPY) */ +#endif /* !defined HAVE_STRLCPY */
  54. Download patch configure
  55. Download patch libltdl/lt_error.c

    --- 6.38-1.2/libltdl/lt_error.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/lt_error.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,7 @@ -/* lt_error.c -- error propogation interface +/* lt_error.c -- error propagation interface - Copyright (C) 1999, 2000, 2001, 2004, 2005, 2007 Free Software Foundation, Inc. + Copyright (C) 1999-2001, 2004-2005, 2007, 2011-2015 Free Software + Foundation, Inc. Written by Thomas Tanner, 1999 NOTE: The canonical source of this file is maintained with the
  56. Download patch libltdl/libltdl/lt__private.h

    --- 6.38-1.2/libltdl/libltdl/lt__private.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt__private.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,6 @@ /* lt__private.h -- internal apis for libltdl - Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 2004-2008, 2011-2015 Free Software Foundation, Inc. Written by Gary V. Vaughan, 2004 NOTE: The canonical source of this file is maintained with the @@ -28,10 +28,10 @@ or obtained by writing to the Free Softw 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#if !defined(LT__PRIVATE_H) +#if !defined LT__PRIVATE_H #define LT__PRIVATE_H 1 -#if defined(LT_CONFIG_H) +#if defined LT_CONFIG_H # include LT_CONFIG_H #else # include <config.h> @@ -43,7 +43,7 @@ or obtained by writing to the Free Softw #include <errno.h> #include <string.h> -#if defined(HAVE_UNISTD_H) +#if defined HAVE_UNISTD_H # include <unistd.h> #endif @@ -56,15 +56,15 @@ or obtained by writing to the Free Softw /* ...and all exported interfaces. */ #include "ltdl.h" -#if defined(WITH_DMALLOC) +#if defined WITH_DMALLOC # include <dmalloc.h> #endif /* DLL building support on win32 hosts; mostly to workaround their ridiculous implementation of data symbol exporting. */ #ifndef LT_GLOBAL_DATA -# if defined(__WINDOWS__) || defined(__CYGWIN__) -# if defined(DLL_EXPORT) /* defined by libtool (if required) */ +# if defined __WINDOWS__ || defined __CYGWIN__ +# if defined DLL_EXPORT /* defined by libtool (if required) */ # define LT_GLOBAL_DATA __declspec(dllexport) # endif # endif @@ -86,7 +86,7 @@ or obtained by writing to the Free Softw LT_BEGIN_C_DECLS -#if !defined(errno) +#if !defined errno extern int errno; #endif @@ -94,8 +94,8 @@ LT_SCOPE void lt__alloc_die_callback (vo /* For readability: */ -#define strneq(s1, s2) (strcmp((s1), (s2)) != 0) -#define streq(s1, s2) (!strcmp((s1), (s2))) +#define STRNEQ(s1, s2) (strcmp((s1), (s2)) != 0) +#define STREQ(s1, s2) (strcmp((s1), (s2)) == 0) @@ -146,4 +146,4 @@ LT_SCOPE const char *lt__set_last_error LT_END_C_DECLS -#endif /*!defined(LT__PRIVATE_H)*/ +#endif /*!defined LT__PRIVATE_H*/
  57. Download patch lib/args.c

    --- 6.38-1.2/lib/args.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/args.c 2018-12-10 17:35:31.000000000 +0000 @@ -278,8 +278,20 @@ static const struct ipset_arg ipset_args }, }; -const struct ipset_arg * ipset_keyword(enum ipset_keywords i) +const struct ipset_arg * +ipset_keyword(enum ipset_keywords i) { return (i > IPSET_ARG_NONE && i < IPSET_ARG_MAX) ? &ipset_args[i] : NULL; } + +const char * +ipset_ignored_optname(unsigned int opt) +{ + enum ipset_keywords i; + + for (i = IPSET_ARG_NONE + 1 ; i < IPSET_ARG_MAX; i++) + if (ipset_args[i].opt == opt) + return ipset_args[i].name[0]; + return ""; +}
  58. Download patch include/libipset/linux_ip_set_hash.h

    --- 6.38-1.2/include/libipset/linux_ip_set_hash.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/linux_ip_set_hash.h 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef __IP_SET_HASH_H #define __IP_SET_HASH_H
  59. Download patch kernel/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h

    --- 6.38-1.2/kernel/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef _UAPI__IP_SET_BITMAP_H #define _UAPI__IP_SET_BITMAP_H
  60. Download patch build-aux/install-sh
  61. Download patch build-aux/depcomp

    --- 6.38-1.2/build-aux/depcomp 2018-04-10 21:37:29.000000000 +0000 +++ 7.1-0ubuntu1/build-aux/depcomp 2018-12-11 12:29:04.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2013-05-30.07; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by
  62. Download patch libltdl/libltdl/slist.h

    --- 6.38-1.2/libltdl/libltdl/slist.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/slist.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,7 @@ /* slist.h -- generalised singly linked lists - Copyright (C) 2000, 2004, 2009 Free Software Foundation, Inc. + Copyright (C) 2000, 2004, 2009, 2011-2015 Free Software Foundation, + Inc. Written by Gary V. Vaughan, 2000 NOTE: The canonical source of this file is maintained with the @@ -30,7 +31,7 @@ or obtained by writing to the Free Softw /* A generalised list. This is deliberately transparent so that you can make the NEXT field of all your chained data structures first, - and then cast them to `(SList *)' so that they can be manipulated + and then cast them to '(SList *)' so that they can be manipulated by this API. Alternatively, you can generate raw SList elements using slist_new(), @@ -38,10 +39,10 @@ or obtained by writing to the Free Softw get to manage the memory involved by yourself. */ -#if !defined(SLIST_H) +#if !defined SLIST_H #define SLIST_H 1 -#if defined(LTDL) +#if defined LTDL # include <libltdl/lt__glibc.h> # include <libltdl/lt_system.h> #else @@ -50,13 +51,13 @@ or obtained by writing to the Free Softw #include <stddef.h> -#if defined(__cplusplus) +#if defined __cplusplus extern "C" { #endif typedef struct slist { struct slist *next; /* chain forward pointer*/ - const void *userdata; /* for boxed `SList' item */ + const void *userdata; /* for boxed 'SList' item */ } SList; typedef void * SListCallback (SList *item, void *userdata); @@ -85,12 +86,12 @@ LT_SCOPE void * slist_foreach (SList * LT_SCOPE SList *slist_box (const void *userdata); LT_SCOPE void * slist_unbox (SList *item); -#if defined(__cplusplus) +#if defined __cplusplus } #endif -#if !defined(LTDL) +#if !defined LTDL # undef LT_SCOPE #endif -#endif /*!defined(SLIST_H)*/ +#endif /*!defined SLIST_H*/
  63. Download patch lib/print.c

    --- 6.38-1.2/lib/print.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/print.c 2018-12-10 17:35:31.000000000 +0000 @@ -23,7 +23,7 @@ #include <libipset/types.h> /* ipset set types */ #include <libipset/session.h> /* IPSET_FLAG_ */ #include <libipset/utils.h> /* UNUSED */ -#include <libipset/ui.h> /* IPSET_ENV_* */ +#include <libipset/ipset.h> /* IPSET_ENV_* */ #include <libipset/print.h> /* prototypes */ /* Print data (to output buffer). All function must follow snprintf. */
  64. Download patch libltdl/lt__argz.c
  65. Download patch kernel/include/uapi/linux/netfilter/ipset/ip_set.h

    --- 6.38-1.2/kernel/include/uapi/linux/netfilter/ipset/ip_set.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/uapi/linux/netfilter/ipset/ip_set.h 2018-12-10 17:35:31.000000000 +0000 @@ -12,8 +12,9 @@ #include <linux/types.h> -/* The protocol version */ -#define IPSET_PROTOCOL 6 +/* The protocol versions */ +#define IPSET_PROTOCOL 7 +#define IPSET_PROTOCOL_MIN 6 /* The max length of strings including NUL: set and type identifiers */ #define IPSET_MAXNAMELEN 32 @@ -37,17 +38,19 @@ enum ipset_cmd { IPSET_CMD_TEST, /* 11: Test an element in a set */ IPSET_CMD_HEADER, /* 12: Get set header data only */ IPSET_CMD_TYPE, /* 13: Get set type */ + IPSET_CMD_GET_BYNAME, /* 14: Get set index by name */ + IPSET_CMD_GET_BYINDEX, /* 15: Get set name by index */ IPSET_MSG_MAX, /* Netlink message commands */ /* Commands in userspace: */ - IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ - IPSET_CMD_HELP, /* 15: Get help */ - IPSET_CMD_VERSION, /* 16: Get program version */ - IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ + IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 16: Enter restore mode */ + IPSET_CMD_HELP, /* 17: Get help */ + IPSET_CMD_VERSION, /* 18: Get program version */ + IPSET_CMD_QUIT, /* 19: Quit from interactive mode */ IPSET_CMD_MAX, - IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ + IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 20: Commit buffered commands */ }; /* Attributes at command level */ @@ -65,6 +68,7 @@ enum { IPSET_ATTR_LINENO, /* 9: Restore lineno */ IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ + IPSET_ATTR_INDEX, /* 11: Kernel index of set */ __IPSET_ATTR_CMD_MAX, }; #define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) @@ -222,6 +226,7 @@ enum ipset_adt { /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t * and IPSET_INVALID_ID if you want to increase the max number of sets. + * Also, IPSET_ATTR_INDEX must be changed. */ typedef __u16 ip_set_id_t;
  66. Download patch lib/ipset.c
  67. Download patch kernel/net/netfilter/ipset/ip_set_hash_mac.c

    --- 6.38-1.2/kernel/net/netfilter/ipset/ip_set_hash_mac.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/net/netfilter/ipset/ip_set_hash_mac.c 2018-12-10 17:35:31.000000000 +0000 @@ -81,15 +81,15 @@ hash_mac4_kadt(struct ip_set *set, const struct hash_mac4_elem e = { { .foo[0] = 0, .foo[1] = 0 } }; struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); - /* MAC can be src only */ - if (!(opt->flags & IPSET_DIM_ONE_SRC)) - return 0; - if (skb_mac_header(skb) < skb->head || (skb_mac_header(skb) + ETH_HLEN) > skb->data) return -EINVAL; - ether_addr_copy(e.ether, eth_hdr(skb)->h_source); + if (opt->flags & IPSET_DIM_ONE_SRC) + ether_addr_copy(e.ether, eth_hdr(skb)->h_source); + else + ether_addr_copy(e.ether, eth_hdr(skb)->h_dest); + if (is_zero_ether_addr(e.ether)) return -EINVAL; return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
  68. Download patch debian/libipset13.symbols

    --- 6.38-1.2/debian/libipset13.symbols 1970-01-01 00:00:00.000000000 +0000 +++ 7.1-0ubuntu1/debian/libipset13.symbols 2019-03-15 11:22:09.000000000 +0000 @@ -0,0 +1,155 @@ +libipset.so.13 libipset13 #MINVER# + LIBIPSET_1.0@LIBIPSET_1.0 6.38-1~ + LIBIPSET_2.0@LIBIPSET_2.0 6.38-1~ + LIBIPSET_3.0@LIBIPSET_3.0 6.38-1~ + LIBIPSET_4.0@LIBIPSET_4.0 6.38-1~ + LIBIPSET_4.1@LIBIPSET_4.1 6.38-1~ + LIBIPSET_4.2@LIBIPSET_4.2 6.38-1~ + LIBIPSET_4.3@LIBIPSET_4.3 6.38-1~ + LIBIPSET_4.4@LIBIPSET_4.4 6.38-1~ + LIBIPSET_4.5@LIBIPSET_4.5 6.38-1~ + LIBIPSET_4.6@LIBIPSET_4.6 6.38-1~ + LIBIPSET_4.7@LIBIPSET_4.7 6.38-1~ + LIBIPSET_4.8@LIBIPSET_4.8 7.1 + LIBIPSET_4.9@LIBIPSET_4.9 7.1 + icmp_to_name@LIBIPSET_1.0 6.38-1~ + icmpv6_to_name@LIBIPSET_1.0 6.38-1~ + id_to_icmp@LIBIPSET_1.0 6.38-1~ + id_to_icmpv6@LIBIPSET_1.0 6.38-1~ + ipset_cache_add@LIBIPSET_1.0 6.38-1~ + ipset_cache_del@LIBIPSET_1.0 6.38-1~ + ipset_cache_fini@LIBIPSET_1.0 6.38-1~ + ipset_cache_init@LIBIPSET_1.0 6.38-1~ + ipset_cache_rename@LIBIPSET_1.0 6.38-1~ + ipset_cache_swap@LIBIPSET_1.0 6.38-1~ + ipset_call_parser@LIBIPSET_1.0 6.38-1~ + ipset_cmd@LIBIPSET_1.0 6.38-1~ + ipset_commit@LIBIPSET_1.0 6.38-1~ + ipset_custom_printf@LIBIPSET_4.8 7.1 + ipset_data_cidr@LIBIPSET_1.0 6.38-1~ + ipset_data_family@LIBIPSET_1.0 6.38-1~ + ipset_data_fini@LIBIPSET_1.0 6.38-1~ + ipset_data_flags@LIBIPSET_1.0 6.38-1~ + ipset_data_flags_set@LIBIPSET_1.0 6.38-1~ + ipset_data_flags_test@LIBIPSET_1.0 6.38-1~ + ipset_data_flags_unset@LIBIPSET_1.0 6.38-1~ + ipset_data_get@LIBIPSET_1.0 6.38-1~ + ipset_data_ignored@LIBIPSET_1.0 6.38-1~ + ipset_data_init@LIBIPSET_1.0 6.38-1~ + ipset_data_reset@LIBIPSET_1.0 6.38-1~ + ipset_data_set@LIBIPSET_1.0 6.38-1~ + ipset_data_setname@LIBIPSET_1.0 6.38-1~ + ipset_data_sizeof@LIBIPSET_1.0 6.38-1~ + ipset_data_test_ignored@LIBIPSET_2.0 6.38-1~ + ipset_envopt_parse@LIBIPSET_1.0 6.38-1~ + ipset_envopt_set@LIBIPSET_4.8 7.1 + ipset_envopt_test@LIBIPSET_1.0 6.38-1~ + ipset_envopt_unset@LIBIPSET_4.8 7.1 + ipset_errcode@LIBIPSET_1.0 6.38-1~ + ipset_fini@LIBIPSET_4.8 7.1 + ipset_get_nlmsg_type@LIBIPSET_1.0 6.38-1~ + ipset_ignored_optname@LIBIPSET_4.9 7.1 + ipset_init@LIBIPSET_4.8 7.1 + ipset_is_interactive@LIBIPSET_4.8 7.1 + ipset_keyword@LIBIPSET_4.6 6.38-1~ + ipset_load_types@LIBIPSET_2.0 6.38-1~ + ipset_match_cmd@LIBIPSET_1.0 7.1 + ipset_match_envopt@LIBIPSET_1.0 7.1 + ipset_match_option@LIBIPSET_1.0 7.1 + ipset_match_typename@LIBIPSET_1.0 6.38-1~ + ipset_parse_after@LIBIPSET_1.0 6.38-1~ + ipset_parse_argv@LIBIPSET_4.8 7.1 + ipset_parse_before@LIBIPSET_1.0 6.38-1~ + ipset_parse_comment@LIBIPSET_4.1 6.38-1~ + ipset_parse_elem@LIBIPSET_1.0 6.38-1~ + ipset_parse_ether@LIBIPSET_1.0 6.38-1~ + ipset_parse_family@LIBIPSET_1.0 6.38-1~ + ipset_parse_filename@LIBIPSET_4.8 7.1 + ipset_parse_flag@LIBIPSET_1.0 6.38-1~ + ipset_parse_icmp@LIBIPSET_1.0 6.38-1~ + ipset_parse_icmpv6@LIBIPSET_1.0 6.38-1~ + ipset_parse_iface@LIBIPSET_1.0 6.38-1~ + ipset_parse_ignored@LIBIPSET_1.0 6.38-1~ + ipset_parse_ip4_net6@LIBIPSET_1.0 6.38-1~ + ipset_parse_ip4_single6@LIBIPSET_1.0 6.38-1~ + ipset_parse_ip@LIBIPSET_1.0 6.38-1~ + ipset_parse_ipnet@LIBIPSET_1.0 6.38-1~ + ipset_parse_iprange@LIBIPSET_1.0 6.38-1~ + ipset_parse_iptimeout@LIBIPSET_1.0 6.38-1~ + ipset_parse_line@LIBIPSET_4.8 7.1 + ipset_parse_mark@LIBIPSET_4.2 6.38-1~ + ipset_parse_name_compat@LIBIPSET_1.0 6.38-1~ + ipset_parse_net@LIBIPSET_1.0 6.38-1~ + ipset_parse_netmask@LIBIPSET_1.0 6.38-1~ + ipset_parse_netrange@LIBIPSET_1.0 6.38-1~ + ipset_parse_output@LIBIPSET_1.0 6.38-1~ + ipset_parse_port@LIBIPSET_1.0 6.38-1~ + ipset_parse_proto@LIBIPSET_1.0 6.38-1~ + ipset_parse_proto_port@LIBIPSET_1.0 6.38-1~ + ipset_parse_range@LIBIPSET_1.0 6.38-1~ + ipset_parse_setname@LIBIPSET_1.0 6.38-1~ + ipset_parse_single_ip@LIBIPSET_1.0 6.38-1~ + ipset_parse_single_tcp_port@LIBIPSET_1.0 6.38-1~ + ipset_parse_skbmark@LIBIPSET_4.3 6.38-1~ + ipset_parse_skbprio@LIBIPSET_4.3 6.38-1~ + ipset_parse_stream@LIBIPSET_4.8 7.1 + ipset_parse_tcp_port@LIBIPSET_1.0 6.38-1~ + ipset_parse_tcp_udp_port@LIBIPSET_4.4 6.38-1~ + ipset_parse_tcpudp_port@LIBIPSET_1.0 6.38-1~ + ipset_parse_timeout@LIBIPSET_2.0 6.38-1~ + ipset_parse_typename@LIBIPSET_1.0 6.38-1~ + ipset_parse_uint16@LIBIPSET_4.4 6.38-1~ + ipset_parse_uint32@LIBIPSET_1.0 6.38-1~ + ipset_parse_uint64@LIBIPSET_4.0 6.38-1~ + ipset_parse_uint8@LIBIPSET_1.0 6.38-1~ + ipset_port_usage@LIBIPSET_2.0 6.38-1~ + ipset_print_comment@LIBIPSET_4.1 6.38-1~ + ipset_print_data@LIBIPSET_1.0 6.38-1~ + ipset_print_elem@LIBIPSET_1.0 6.38-1~ + ipset_print_ether@LIBIPSET_1.0 6.38-1~ + ipset_print_family@LIBIPSET_1.0 6.38-1~ + ipset_print_flag@LIBIPSET_1.0 6.38-1~ + ipset_print_icmp@LIBIPSET_1.0 6.38-1~ + ipset_print_icmpv6@LIBIPSET_1.0 6.38-1~ + ipset_print_iface@LIBIPSET_1.0 6.38-1~ + ipset_print_ip@LIBIPSET_1.0 6.38-1~ + ipset_print_ipaddr@LIBIPSET_1.0 6.38-1~ + ipset_print_mark@LIBIPSET_4.2 6.38-1~ + ipset_print_name@LIBIPSET_1.0 6.38-1~ + ipset_print_number@LIBIPSET_1.0 6.38-1~ + ipset_print_port@LIBIPSET_1.0 6.38-1~ + ipset_print_proto@LIBIPSET_1.0 6.38-1~ + ipset_print_proto_port@LIBIPSET_1.0 6.38-1~ + ipset_print_skbmark@LIBIPSET_4.3 6.38-1~ + ipset_print_skbprio@LIBIPSET_4.3 6.38-1~ + ipset_print_type@LIBIPSET_1.0 6.38-1~ + ipset_saved_type@LIBIPSET_1.0 6.38-1~ + ipset_session@LIBIPSET_4.8 7.1 + ipset_session_data@LIBIPSET_1.0 6.38-1~ + ipset_session_fini@LIBIPSET_1.0 6.38-1~ + ipset_session_handle@LIBIPSET_1.0 6.38-1~ + ipset_session_init@LIBIPSET_1.0 6.38-1~ + ipset_session_io_close@LIBIPSET_4.8 7.1 + ipset_session_io_full@LIBIPSET_4.8 7.1 + ipset_session_io_normal@LIBIPSET_4.8 7.1 + ipset_session_io_stream@LIBIPSET_4.8 7.1 + ipset_session_lineno@LIBIPSET_1.0 6.38-1~ + ipset_session_output@LIBIPSET_1.0 6.38-1~ + ipset_session_print_outfn@LIBIPSET_4.8 7.1 + ipset_session_printf_private@LIBIPSET_4.8 7.1 + ipset_session_report@LIBIPSET_1.0 6.38-1~ + ipset_session_report_msg@LIBIPSET_4.9 7.1 + ipset_session_report_reset@LIBIPSET_1.0 6.38-1~ + ipset_session_report_type@LIBIPSET_4.9 7.1 + ipset_session_warning_as_error@LIBIPSET_4.7 6.38-1~ + ipset_strlcat@LIBIPSET_4.1 6.38-1~ + ipset_strlcpy@LIBIPSET_1.0 6.38-1~ + ipset_type_add@LIBIPSET_1.0 6.38-1~ + ipset_type_check@LIBIPSET_1.0 6.38-1~ + ipset_type_get@LIBIPSET_1.0 6.38-1~ + ipset_type_higher_rev@LIBIPSET_4.5 6.38-1~ + ipset_typename_resolve@LIBIPSET_1.0 6.38-1~ + ipset_types@LIBIPSET_1.0 6.38-1~ + list_sort@LIBIPSET_4.9 7.1 + name_to_icmp@LIBIPSET_1.0 6.38-1~ + name_to_icmpv6@LIBIPSET_1.0 6.38-1~
  69. Download patch libltdl/ltdl.c
  70. Download patch libltdl/loaders/dld_link.c

    --- 6.38-1.2/libltdl/loaders/dld_link.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/loaders/dld_link.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,7 +1,7 @@ /* loader-dld_link.c -- dynamic linking with dld - Copyright (C) 1998, 1999, 2000, 2004, 2006, - 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1998-2000, 2004, 2006-2008, 2011-2015 Free Software + Foundation, Inc. Written by Thomas Tanner, 1998 NOTE: The canonical source of this file is maintained with the @@ -90,14 +90,14 @@ get_vtable (lt_user_data loader_data) /* --- IMPLEMENTATION --- */ -#if defined(HAVE_DLD_H) +#if defined HAVE_DLD_H # include <dld.h> #endif /* A function called through the vtable when this loader is no longer needed by the application. */ static int -vl_exit (lt_user_data LT__UNUSED loader_data) +vl_exit (lt_user_data loader_data LT__UNUSED) { vtable = NULL; return 0; @@ -107,8 +107,8 @@ vl_exit (lt_user_data LT__UNUSED loader_ loader. Returns an opaque representation of the newly opened module for processing with this loader's other vtable functions. */ static lt_module -vm_open (lt_user_data LT__UNUSED loader_data, const char *filename, - lt_dladvise LT__UNUSED advise) +vm_open (lt_user_data loader_data LT__UNUSED, const char *filename, + lt_dladvise advise LT__UNUSED) { lt_module module = lt__strdup (filename); @@ -124,7 +124,7 @@ vm_open (lt_user_data LT__UNUSED loader_ /* A function called through the vtable when a particular module should be unloaded. */ static int -vm_close (lt_user_data LT__UNUSED loader_data, lt_module module) +vm_close (lt_user_data loader_data LT__UNUSED, lt_module module) { int errors = 0; @@ -144,7 +144,7 @@ vm_close (lt_user_data LT__UNUSED loader /* A function called through the vtable to get the address of a symbol loaded from a particular module. */ static void * -vm_sym (lt_user_data LT__UNUSED loader_data, lt_module LT__UNUSED module, +vm_sym (lt_user_data loader_data LT__UNUSED, lt_module module LT__UNUSED, const char *name) { void *address = dld_get_func (name);
  71. Download patch include/libipset/args.h

    --- 6.38-1.2/include/libipset/args.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/args.h 2018-12-10 17:35:31.000000000 +0000 @@ -63,7 +63,7 @@ extern "C" { #endif extern const struct ipset_arg * ipset_keyword(enum ipset_keywords i); - +extern const char * ipset_ignored_optname(unsigned int opt); #ifdef __cplusplus } #endif
  72. Download patch libltdl/argz.c
  73. Download patch lib/ipset_hash_ipport.c

    --- 6.38-1.2/lib/ipset_hash_ipport.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/ipset_hash_ipport.c 2018-12-10 17:35:31.000000000 +0000 @@ -7,7 +7,7 @@ #include <libipset/data.h> /* IPSET_OPT_* */ #include <libipset/parse.h> /* parser functions */ #include <libipset/print.h> /* printing functions */ -#include <libipset/ui.h> /* ipset_port_usage */ +#include <libipset/ipset.h> /* ipset_port_usage */ #include <libipset/types.h> /* prototypes */ /* SCTP and UDPLITE support */
  74. Download patch include/libipset/session.h

    --- 6.38-1.2/include/libipset/session.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/session.h 2018-12-10 17:35:31.000000000 +0000 @@ -19,7 +19,6 @@ struct ipset_session; struct ipset_data; -struct ipset_handle; #ifdef __cplusplus extern "C" { @@ -33,10 +32,13 @@ extern const struct ipset_type * ipset_saved_type(const struct ipset_session *session); extern void ipset_session_lineno(struct ipset_session *session, uint32_t lineno); +extern void * ipset_session_printf_private(struct ipset_session *session); enum ipset_err_type { - IPSET_ERROR, - IPSET_WARNING, + IPSET_NO_ERROR, + IPSET_WARNING, /* Success code when exit */ + IPSET_NOTICE, /* Error code and exit in non interactive mode */ + IPSET_ERROR, /* Error code and exit */ }; extern int ipset_session_report(struct ipset_session *session, @@ -50,14 +52,18 @@ extern int ipset_session_warning_as_erro #define ipset_warn(session, fmt, args...) \ ipset_session_report(session, IPSET_WARNING, fmt , ## args) +#define ipset_notice(session, fmt, args...) \ + ipset_session_report(session, IPSET_NOTICE, fmt , ## args) + #define ipset_errptr(session, fmt, args...) ({ \ ipset_session_report(session, IPSET_ERROR, fmt , ## args); \ NULL; \ }) extern void ipset_session_report_reset(struct ipset_session *session); -extern const char *ipset_session_error(const struct ipset_session *session); -extern const char *ipset_session_warning(const struct ipset_session *session); +extern const char *ipset_session_report_msg(const struct ipset_session *session); +extern enum ipset_err_type ipset_session_report_type( + const struct ipset_session *session); #define ipset_session_data_set(session, opt, value) \ ipset_data_set(ipset_session_data(session), opt, value) @@ -80,10 +86,12 @@ enum ipset_envopt { IPSET_ENV_LIST_HEADER = (1 << IPSET_ENV_BIT_LIST_HEADER), }; -extern int ipset_envopt_parse(struct ipset_session *session, - int env, const char *str); extern bool ipset_envopt_test(struct ipset_session *session, enum ipset_envopt env); +extern void ipset_envopt_set(struct ipset_session *session, + enum ipset_envopt env); +extern void ipset_envopt_unset(struct ipset_session *session, + enum ipset_envopt env); enum ipset_output_mode { IPSET_LIST_NONE, @@ -99,12 +107,30 @@ extern int ipset_commit(struct ipset_ses extern int ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd, uint32_t lineno); -typedef int (*ipset_outfn)(const char *fmt, ...) - __attribute__ ((format (printf, 1, 2))); +typedef int (*ipset_print_outfn)(struct ipset_session *session, + void *p, const char *fmt, ...) + __attribute__ ((format (printf, 3, 4))); + +extern int ipset_session_print_outfn(struct ipset_session *session, + ipset_print_outfn outfn, + void *p); + +enum ipset_io_type { + IPSET_IO_INPUT, + IPSET_IO_OUTPUT, +}; + +extern int ipset_session_io_full(struct ipset_session *session, + const char *filename, enum ipset_io_type what); +extern int ipset_session_io_normal(struct ipset_session *session, + const char *filename, enum ipset_io_type what); +extern FILE * ipset_session_io_stream(struct ipset_session *session, + enum ipset_io_type what); +extern int ipset_session_io_close(struct ipset_session *session, + enum ipset_io_type what); -extern int ipset_session_outfn(struct ipset_session *session, - ipset_outfn outfn); -extern struct ipset_session *ipset_session_init(ipset_outfn outfn); +extern struct ipset_session *ipset_session_init(ipset_print_outfn outfn, + void *p); extern int ipset_session_fini(struct ipset_session *session); extern void ipset_debug_msg(const char *dir, void *buffer, int len);
  75. Download patch debian/libipset11.install

    --- 6.38-1.2/debian/libipset11.install 2018-09-01 17:28:18.000000000 +0000 +++ 7.1-0ubuntu1/debian/libipset11.install 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -lib/*/*.so.*
  76. Download patch libltdl/loaders/loadlibrary.c

    --- 6.38-1.2/libltdl/loaders/loadlibrary.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/loaders/loadlibrary.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,7 +1,7 @@ /* loader-loadlibrary.c -- dynamic linking for Win32 - Copyright (C) 1998, 1999, 2000, 2004, 2005, 2006, - 2007, 2008, 2010 Free Software Foundation, Inc. + Copyright (C) 1998-2000, 2004-2008, 2010-2015 Free Software + Foundation, Inc. Written by Thomas Tanner, 1998 NOTE: The canonical source of this file is maintained with the @@ -32,7 +32,7 @@ or obtained by writing to the Free Softw #include "lt__private.h" #include "lt_dlloader.h" -#if defined(__CYGWIN__) +#if defined __CYGWIN__ # include <sys/cygwin.h> #endif @@ -120,7 +120,7 @@ static char *error_message = 0; /* A function called through the vtable when this loader is no longer needed by the application. */ static int -vl_exit (lt_user_data LT__UNUSED loader_data) +vl_exit (lt_user_data loader_data LT__UNUSED) { vtable = NULL; LOCALFREE (error_message); @@ -131,8 +131,8 @@ vl_exit (lt_user_data LT__UNUSED loader_ loader. Returns an opaque representation of the newly opened module for processing with this loader's other vtable functions. */ static lt_module -vm_open (lt_user_data LT__UNUSED loader_data, const char *filename, - lt_dladvise LT__UNUSED advise) +vm_open (lt_user_data loader_data LT__UNUSED, const char *filename, + lt_dladvise advise LT__UNUSED) { lt_module module = 0; char *ext; @@ -163,7 +163,7 @@ vm_open (lt_user_data LT__UNUSED loader_ return 0; } len = 0; -#elif defined(__CYGWIN__) +#elif defined __CYGWIN__ cygwin_conv_to_full_win32_path (filename, wpath); len = 0; #else @@ -173,8 +173,8 @@ vm_open (lt_user_data LT__UNUSED loader_ ext = strrchr (wpath, '.'); if (!ext) { - /* Append a `.' to stop Windows from adding an - implicit `.dll' extension. */ + /* Append a '.' to stop Windows from adding an + implicit '.dll' extension. */ if (!len) len = strlen (wpath); @@ -245,7 +245,7 @@ vm_open (lt_user_data LT__UNUSED loader_ /* A function called through the vtable when a particular module should be unloaded. */ static int -vm_close (lt_user_data LT__UNUSED loader_data, lt_module module) +vm_close (lt_user_data loader_data LT__UNUSED, lt_module module) { int errors = 0; @@ -262,7 +262,7 @@ vm_close (lt_user_data LT__UNUSED loader /* A function called through the vtable to get the address of a symbol loaded from a particular module. */ static void * -vm_sym (lt_user_data LT__UNUSED loader_data, lt_module module, const char *name) +vm_sym (lt_user_data loader_data LT__UNUSED, lt_module module, const char *name) { void *address = (void *) GetProcAddress ((HMODULE) module, name); @@ -306,7 +306,7 @@ loadlibraryerror (const char *default_er return len ? error_message : default_errmsg; } -/* A function called through the getthreaderrormode variable which checks +/* A function called through the getthreaderrormode variable that checks if the system supports GetThreadErrorMode (or GetErrorMode) and arranges for it or a fallback implementation to be called directly in the future. The selected version is then called. */ @@ -339,7 +339,7 @@ fallback_getthreaderrormode (void) return (DWORD) SetErrorMode (SEM_FAILCRITICALERRORS); } -/* A function called through the setthreaderrormode variable which checks +/* A function called through the setthreaderrormode variable that checks if the system supports SetThreadErrorMode and arranges for it or a fallback implementation to be called directly in the future. The selected version is then called. */
  77. Download patch lib/ipset_hash_netiface.c

    --- 6.38-1.2/lib/ipset_hash_netiface.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/ipset_hash_netiface.c 2018-12-10 17:35:31.000000000 +0000 @@ -7,7 +7,7 @@ #include <libipset/data.h> /* IPSET_OPT_* */ #include <libipset/parse.h> /* parser functions */ #include <libipset/print.h> /* printing functions */ -#include <libipset/ui.h> /* ipset_port_usage */ +#include <libipset/ipset.h> /* ipset_port_usage */ #include <libipset/types.h> /* prototypes */ /* Initial revision */
  78. Download patch libltdl/ltdl.h

    --- 6.38-1.2/libltdl/ltdl.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/ltdl.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,7 +1,7 @@ /* ltdl.h -- generic dlopen functions - Copyright (C) 1998-2000, 2004, 2005, - 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1998-2000, 2004-2005, 2007-2008, 2011-2015 Free + Software Foundation, Inc. Written by Thomas Tanner, 1998 NOTE: The canonical source of this file is maintained with the @@ -30,7 +30,7 @@ or obtained by writing to the Free Softw */ /* Only include this header file once. */ -#if !defined(LTDL_H) +#if !defined LTDL_H #define LTDL_H 1 #include <libltdl/lt_system.h> @@ -57,7 +57,7 @@ LT_SCOPE int lt_dlexit (void); LT_SCOPE int lt_dladdsearchdir (const char *search_dir); LT_SCOPE int lt_dlinsertsearchdir (const char *before, const char *search_dir); -LT_SCOPE int lt_dlsetsearchpath (const char *search_path); +LT_SCOPE int lt_dlsetsearchpath (const char *search_path); LT_SCOPE const char *lt_dlgetsearchpath (void); LT_SCOPE int lt_dlforeachfile ( const char *search_path, @@ -160,4 +160,4 @@ LT_SCOPE int lt_dlisresident (lt_dlh LT_END_C_DECLS -#endif /*!defined(LTDL_H)*/ +#endif /*!defined LTDL_H*/
  79. Download patch aclocal.m4
  80. Download patch libltdl/libltdl/lt_error.h

    --- 6.38-1.2/libltdl/libltdl/lt_error.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt_error.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,7 @@ -/* lt_error.h -- error propogation interface +/* lt_error.h -- error propagation interface - Copyright (C) 1999, 2000, 2001, 2004, 2007 Free Software Foundation, Inc. + Copyright (C) 1999-2001, 2004, 2007, 2011-2015 Free Software + Foundation, Inc. Written by Thomas Tanner, 1999 NOTE: The canonical source of this file is maintained with the @@ -29,7 +30,7 @@ or obtained by writing to the Free Softw */ /* Only include this header file once. */ -#if !defined(LT_ERROR_H) +#if !defined LT_ERROR_H #define LT_ERROR_H 1 #include <libltdl/lt_system.h> @@ -82,4 +83,4 @@ LT_SCOPE int lt_dlseterror (int errorcod LT_END_C_DECLS -#endif /*!defined(LT_ERROR_H)*/ +#endif /*!defined LT_ERROR_H*/
  81. Download patch lib/session.c
  82. Download patch lib/libipset.3
  83. Download patch kernel/net/netfilter/xt_set.c

    --- 6.38-1.2/kernel/net/netfilter/xt_set.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/net/netfilter/xt_set.c 2018-12-10 17:35:31.000000000 +0000 @@ -407,8 +407,8 @@ set_target_v2(struct sk_buff *skb, const /* Normalize to fit into jiffies */ if (add_opt.ext.timeout != IPSET_NO_TIMEOUT && - add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC) - add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC; + add_opt.ext.timeout > IPSET_MAX_TIMEOUT) + add_opt.ext.timeout = IPSET_MAX_TIMEOUT; if (info->add_set.index != IPSET_INVALID_ID) ip_set_add(info->add_set.index, skb, CAST_TO_MATCH par, &add_opt); @@ -444,8 +444,8 @@ set_target_v3(struct sk_buff *skb, const /* Normalize to fit into jiffies */ if (add_opt.ext.timeout != IPSET_NO_TIMEOUT && - add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC) - add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC; + add_opt.ext.timeout > IPSET_MAX_TIMEOUT) + add_opt.ext.timeout = IPSET_MAX_TIMEOUT; if (info->add_set.index != IPSET_INVALID_ID) ip_set_add(info->add_set.index, skb, CAST_TO_MATCH par, &add_opt); @@ -510,7 +510,7 @@ set_target_v3_checkentry(const struct xt } if (((info->flags & IPSET_FLAG_MAP_SKBPRIO) | (info->flags & IPSET_FLAG_MAP_SKBQUEUE)) && - !(par->hook_mask & (1 << NF_INET_FORWARD | + (par->hook_mask & ~(1 << NF_INET_FORWARD | 1 << NF_INET_LOCAL_OUT | 1 << NF_INET_POST_ROUTING))) { pr_warn("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n");
  84. Download patch lib/ipset_hash_ipportnet.c

    --- 6.38-1.2/lib/ipset_hash_ipportnet.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/ipset_hash_ipportnet.c 2018-12-10 17:35:31.000000000 +0000 @@ -7,7 +7,7 @@ #include <libipset/data.h> /* IPSET_OPT_* */ #include <libipset/parse.h> /* parser functions */ #include <libipset/print.h> /* printing functions */ -#include <libipset/ui.h> /* ipset_port_usage */ +#include <libipset/ipset.h> /* ipset_port_usage */ #include <libipset/types.h> /* prototypes */ /* SCTP and UDPLITE support */
  85. Download patch kernel/net/netfilter/ipset/ip_set_core.c
  86. Download patch kernel/include/linux/netfilter/ipset/ip_set_comment.h

    --- 6.38-1.2/kernel/include/linux/netfilter/ipset/ip_set_comment.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/linux/netfilter/ipset/ip_set_comment.h 2018-12-10 17:35:31.000000000 +0000 @@ -43,11 +43,11 @@ ip_set_init_comment(struct ip_set *set, rcu_assign_pointer(comment->c, c); } -/* Used only when dumping a set, protected by rcu_read_lock_bh() */ +/* Used only when dumping a set, protected by rcu_read_lock() */ static inline int ip_set_put_comment(struct sk_buff *skb, const struct ip_set_comment *comment) { - struct ip_set_comment_rcu *c = rcu_dereference_bh(comment->c); + struct ip_set_comment_rcu *c = rcu_dereference(comment->c); if (!c) return 0;
  87. Download patch include/libipset/parse.h

    --- 6.38-1.2/include/libipset/parse.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/parse.h 2018-12-10 17:35:31.000000000 +0000 @@ -51,7 +51,7 @@ extern int ipset_parse_icmpv6(struct ips extern int ipset_parse_proto_port(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_tcp_udp_port(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_family(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_ip(struct ipset_session *session, @@ -69,7 +69,7 @@ extern int ipset_parse_iprange(struct ip extern int ipset_parse_ipnet(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_ip4_single6(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_ip4_net6(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_name(struct ipset_session *session, @@ -99,13 +99,11 @@ extern int ipset_parse_typename(struct i extern int ipset_parse_iface(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_comment(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_skbmark(struct ipset_session *session, - enum ipset_opt opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_skbprio(struct ipset_session *session, - enum ipset_opt opt, const char *str); -extern int ipset_parse_output(struct ipset_session *session, - int opt, const char *str); + enum ipset_opt opt, const char *str); extern int ipset_parse_ignored(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_elem(struct ipset_session *session,
  88. Download patch libltdl/COPYING.LIB
  89. Download patch libltdl/libltdl/lt_system.h

    --- 6.38-1.2/libltdl/libltdl/lt_system.h 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt_system.h 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,6 @@ /* lt_system.h -- system portability abstraction layer - Copyright (C) 2004, 2007, 2010 Free Software Foundation, Inc. + Copyright (C) 2004, 2007, 2010-2015 Free Software Foundation, Inc. Written by Gary V. Vaughan, 2004 NOTE: The canonical source of this file is maintained with the @@ -28,7 +28,7 @@ or obtained by writing to the Free Softw 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -#if !defined(LT_SYSTEM_H) +#if !defined LT_SYSTEM_H #define LT_SYSTEM_H 1 #include <stddef.h> @@ -36,10 +36,10 @@ or obtained by writing to the Free Softw #include <sys/types.h> /* Some systems do not define EXIT_*, even with STDC_HEADERS. */ -#if !defined(EXIT_SUCCESS) +#if !defined EXIT_SUCCESS # define EXIT_SUCCESS 0 #endif -#if !defined(EXIT_FAILURE) +#if !defined EXIT_FAILURE # define EXIT_FAILURE 1 #endif @@ -53,7 +53,7 @@ or obtained by writing to the Free Softw /* LTDL_BEGIN_C_DECLS should be used at the beginning of your declarations, so that C++ compilers don't mangle their names. Use LTDL_END_C_DECLS at the end of C declarations. */ -#if defined(__cplusplus) +#if defined __cplusplus # define LT_BEGIN_C_DECLS extern "C" { # define LT_END_C_DECLS } #else @@ -61,13 +61,13 @@ or obtained by writing to the Free Softw # define LT_END_C_DECLS /* empty */ #endif -/* LT_STMT_START/END are used to create macros which expand to a +/* LT_STMT_START/END are used to create macros that expand to a a single compound statement in a portable way. */ -#if defined (__GNUC__) && !defined (__STRICT_ANSI__) && !defined (__cplusplus) +#if defined __GNUC__ && !defined __STRICT_ANSI__ && !defined __cplusplus # define LT_STMT_START (void)( # define LT_STMT_END ) #else -# if (defined (sun) || defined (__sun__)) +# if (defined sun || defined __sun__) # define LT_STMT_START if (1) # define LT_STMT_END else (void)0 # else @@ -77,11 +77,11 @@ or obtained by writing to the Free Softw #endif /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) -/* DATA imports from DLLs on WIN32 con't be const, because runtime +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST -#elif defined(__osf__) +#elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else @@ -91,41 +91,41 @@ or obtained by writing to the Free Softw /* Canonicalise Windows and Cygwin recognition macros. To match the values set by recent Cygwin compilers, make sure that if __CYGWIN__ is defined (after canonicalisation), __WINDOWS__ is NOT! */ -#if defined(__CYGWIN32__) && !defined(__CYGWIN__) +#if defined __CYGWIN32__ && !defined __CYGWIN__ # define __CYGWIN__ __CYGWIN32__ #endif -#if defined(__CYGWIN__) -# if defined(__WINDOWS__) +#if defined __CYGWIN__ +# if defined __WINDOWS__ # undef __WINDOWS__ # endif -#elif defined(_WIN32) +#elif defined _WIN32 # define __WINDOWS__ _WIN32 -#elif defined(WIN32) +#elif defined WIN32 # define __WINDOWS__ WIN32 #endif -#if defined(__CYGWIN__) && defined(__WINDOWS__) +#if defined __CYGWIN__ && defined __WINDOWS__ # undef __WINDOWS__ #endif /* DLL building support on win32 hosts; mostly to workaround their ridiculous implementation of data symbol exporting. */ -#if !defined(LT_SCOPE) -# if defined(__WINDOWS__) || defined(__CYGWIN__) -# if defined(DLL_EXPORT) /* defined by libtool (if required) */ +#if !defined LT_SCOPE +# if defined __WINDOWS__ || defined __CYGWIN__ +# if defined DLL_EXPORT /* defined by libtool (if required) */ # define LT_SCOPE extern __declspec(dllexport) # endif -# if defined(LIBLTDL_DLL_IMPORT) /* define if linking with this dll */ +# if defined LIBLTDL_DLL_IMPORT /* define if linking with this dll */ /* note: cygwin/mingw compilers can rely instead on auto-import */ # define LT_SCOPE extern __declspec(dllimport) # endif # endif -# if !defined(LT_SCOPE) /* static linking or !__WINDOWS__ */ +# if !defined LT_SCOPE /* static linking or !__WINDOWS__ */ # define LT_SCOPE extern # endif #endif -#if defined(__WINDOWS__) +#if defined __WINDOWS__ /* LT_DIRSEP_CHAR is accepted *in addition* to '/' as a directory separator when it is set. */ # define LT_DIRSEP_CHAR '\\' @@ -134,13 +134,13 @@ or obtained by writing to the Free Softw # define LT_PATHSEP_CHAR ':' #endif -#if defined(_MSC_VER) /* Visual Studio */ +#if defined _MSC_VER /* Visual Studio */ # define R_OK 4 #endif /* fopen() mode flags for reading a text file */ #undef LT_READTEXT_MODE -#if defined(__WINDOWS__) || defined(__CYGWIN__) +#if defined __WINDOWS__ || defined __CYGWIN__ # define LT_READTEXT_MODE "rt" #else # define LT_READTEXT_MODE "r" @@ -163,4 +163,4 @@ or obtained by writing to the Free Softw # define LT_CONC3(a, b, c) LT__CONC3(a, b, c) #endif -#endif /*!defined(LT_SYSTEM_H)*/ +#endif /*!defined LT_SYSTEM_H*/
  90. Download patch libltdl/lt_dlloader.c

    --- 6.38-1.2/libltdl/lt_dlloader.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/lt_dlloader.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,6 +1,7 @@ /* lt_dlloader.c -- dynamic library loader interface - Copyright (C) 2004, 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 2004, 2007-2008, 2011-2015 Free Software Foundation, + Inc. Written by Gary V. Vaughan, 2004 NOTE: The canonical source of this file is maintained with the @@ -52,7 +53,7 @@ loader_callback (SList *item, void *user assert (vtable); - return streq (vtable->name, name) ? (void *) item : NULL; + return STREQ (vtable->name, name) ? (void *) item : NULL; } @@ -165,7 +166,7 @@ lt_dlloader_remove (const char *name) return 0; } - /* Fail if there are any open modules which use this loader. */ + /* Fail if there are any open modules that use this loader. */ iface = lt_dlinterface_register (id_string, NULL); while ((handle = lt_dlhandle_iterate (iface, handle))) {
  91. Download patch kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c

    --- 6.38-1.2/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c 2018-12-10 17:35:31.000000000 +0000 @@ -221,10 +221,6 @@ bitmap_ipmac_kadt(struct ip_set *set, co struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); u32 ip; - /* MAC can be src only */ - if (!(opt->flags & IPSET_DIM_TWO_SRC)) - return 0; - ip = ntohl(ip4addr(skb, opt->flags & IPSET_DIM_ONE_SRC)); if (ip < map->first_ip || ip > map->last_ip) return -IPSET_ERR_BITMAP_RANGE; @@ -235,7 +231,14 @@ bitmap_ipmac_kadt(struct ip_set *set, co return -EINVAL; e.id = ip_to_id(map, ip); - memcpy(e.ether, eth_hdr(skb)->h_source, ETH_ALEN); + + if (opt->flags & IPSET_DIM_ONE_SRC) + ether_addr_copy(e.ether, eth_hdr(skb)->h_source); + else + ether_addr_copy(e.ether, eth_hdr(skb)->h_dest); + + if (is_zero_ether_addr(e.ether)) + return -EINVAL; return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags); }
  92. Download patch kernel/include/uapi/linux/netfilter/xt_set.h

    --- 6.38-1.2/kernel/include/uapi/linux/netfilter/xt_set.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/uapi/linux/netfilter/xt_set.h 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef _XT_SET_H #define _XT_SET_H
  93. Download patch libltdl/libltdl/lt__argz_.h

    --- 6.38-1.2/libltdl/libltdl/lt__argz_.h 1970-01-01 00:00:00.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/libltdl/lt__argz_.h 2018-12-11 12:29:00.000000000 +0000 @@ -0,0 +1,69 @@ +/* lt__argz.h -- internal argz interface for non-glibc systems + + Copyright (C) 2004, 2007-2008, 2011-2015 Free Software Foundation, + Inc. + Written by Gary V. Vaughan, 2004 + + NOTE: The canonical source of this file is maintained with the + GNU Libtool package. Report bugs to bug-libtool@gnu.org. + +GNU Libltdl is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2 of the License, or (at your option) any later version. + +As a special exception to the GNU Lesser General Public License, +if you distribute this file as part of a program or library that +is built using GNU Libtool, you may include this file under the +same distribution terms that you use for the rest of that program. + +GNU Libltdl is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with GNU Libltdl; see the file COPYING.LIB. If not, a +copy can be downloaded from http://www.gnu.org/licenses/lgpl.html, +or obtained by writing to the Free Software Foundation, Inc., +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +#if !defined LT__ARGZ_H +#define LT__ARGZ_H 1 + +#include <stdlib.h> +#define __need_error_t +#include <errno.h> +#include <sys/types.h> + +#if defined LTDL +# include "lt__glibc.h" +# include "lt_system.h" +#else +# define LT_SCOPE +#endif + +#if defined __cplusplus +extern "C" { +#endif + +LT_SCOPE error_t argz_append (char **pargz, size_t *pargz_len, + const char *buf, size_t buf_len); +LT_SCOPE error_t argz_create_sep(const char *str, int delim, + char **pargz, size_t *pargz_len); +LT_SCOPE error_t argz_insert (char **pargz, size_t *pargz_len, + char *before, const char *entry); +LT_SCOPE char * argz_next (char *argz, size_t argz_len, + const char *entry); +LT_SCOPE void argz_stringify (char *argz, size_t argz_len, int sep); + +#if defined __cplusplus +} +#endif + +#if !defined LTDL +# undef LT_SCOPE +#endif + +#endif /*!defined LT__ARGZ_H*/
  94. Download patch config.h.in

    --- 6.38-1.2/config.h.in 2018-04-10 21:37:28.000000000 +0000 +++ 7.1-0ubuntu1/config.h.in 2018-12-11 12:29:03.000000000 +0000 @@ -158,13 +158,15 @@ module search path. */ #undef LT_MODULE_PATH_VAR -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to the shared library suffix, say, ".dylib". */ #undef LT_SHARED_EXT +/* Define to the shared archive member specification, say "(shr.o)". */ +#undef LT_SHARED_LIB_MEMBER + /* Define if dlsym() requires a leading underscore in symbol names. */ #undef NEED_USCORE @@ -198,5 +200,5 @@ /* Define so that glibc/gnulib argp.h does not typedef error_t. */ #undef __error_t_defined -/* Define to a type to use for `error_t' if it is not otherwise available. */ +/* Define to a type to use for 'error_t' if it is not otherwise available. */ #undef error_t
  95. Download patch libltdl/loaders/dyld.c

    --- 6.38-1.2/libltdl/loaders/dyld.c 2018-04-10 21:37:26.000000000 +0000 +++ 7.1-0ubuntu1/libltdl/loaders/dyld.c 2018-12-11 12:29:00.000000000 +0000 @@ -1,7 +1,7 @@ /* loader-dyld.c -- dynamic linking on darwin and OS X - Copyright (C) 1998, 1999, 2000, 2004, 2006, - 2007, 2008 Free Software Foundation, Inc. + Copyright (C) 1998-2000, 2004, 2006-2008, 2011-2015 Free Software + Foundation, Inc. Written by Peter O'Gorman, 1998 NOTE: The canonical source of this file is maintained with the @@ -93,8 +93,8 @@ get_vtable (lt_user_data loader_data) /* --- IMPLEMENTATION --- */ -#if defined(HAVE_MACH_O_DYLD_H) -# if !defined(__APPLE_CC__) && !defined(__MWERKS__) && !defined(__private_extern__) +#if defined HAVE_MACH_O_DYLD_H +# if !defined __APPLE_CC__ && !defined __MWERKS__ && !defined __private_extern__ /* Is this correct? Does it still function properly? */ # define __private_extern__ extern # endif @@ -104,7 +104,7 @@ get_vtable (lt_user_data loader_data) #include <mach-o/getsect.h> /* We have to put some stuff here that isn't in older dyld.h files */ -#if !defined(ENUM_DYLD_BOOL) +#if !defined ENUM_DYLD_BOOL # define ENUM_DYLD_BOOL # undef FALSE # undef TRUE @@ -113,46 +113,46 @@ get_vtable (lt_user_data loader_data) TRUE }; #endif -#if !defined(LC_REQ_DYLD) +#if !defined LC_REQ_DYLD # define LC_REQ_DYLD 0x80000000 #endif -#if !defined(LC_LOAD_WEAK_DYLIB) +#if !defined LC_LOAD_WEAK_DYLIB # define LC_LOAD_WEAK_DYLIB (0x18 | LC_REQ_DYLD) #endif -#if !defined(NSADDIMAGE_OPTION_NONE) +#if !defined NSADDIMAGE_OPTION_NONE # define NSADDIMAGE_OPTION_NONE 0x0 #endif -#if !defined(NSADDIMAGE_OPTION_RETURN_ON_ERROR) +#if !defined NSADDIMAGE_OPTION_RETURN_ON_ERROR # define NSADDIMAGE_OPTION_RETURN_ON_ERROR 0x1 #endif -#if !defined(NSADDIMAGE_OPTION_WITH_SEARCHING) +#if !defined NSADDIMAGE_OPTION_WITH_SEARCHING # define NSADDIMAGE_OPTION_WITH_SEARCHING 0x2 #endif -#if !defined(NSADDIMAGE_OPTION_RETURN_ONLY_IF_LOADED) +#if !defined NSADDIMAGE_OPTION_RETURN_ONLY_IF_LOADED # define NSADDIMAGE_OPTION_RETURN_ONLY_IF_LOADED 0x4 #endif -#if !defined(NSADDIMAGE_OPTION_MATCH_FILENAME_BY_INSTALLNAME) +#if !defined NSADDIMAGE_OPTION_MATCH_FILENAME_BY_INSTALLNAME # define NSADDIMAGE_OPTION_MATCH_FILENAME_BY_INSTALLNAME 0x8 #endif -#if !defined(NSLOOKUPSYMBOLINIMAGE_OPTION_BIND) +#if !defined NSLOOKUPSYMBOLINIMAGE_OPTION_BIND # define NSLOOKUPSYMBOLINIMAGE_OPTION_BIND 0x0 #endif -#if !defined(NSLOOKUPSYMBOLINIMAGE_OPTION_BIND_NOW) +#if !defined NSLOOKUPSYMBOLINIMAGE_OPTION_BIND_NOW # define NSLOOKUPSYMBOLINIMAGE_OPTION_BIND_NOW 0x1 #endif -#if !defined(NSLOOKUPSYMBOLINIMAGE_OPTION_BIND_FULLY) +#if !defined NSLOOKUPSYMBOLINIMAGE_OPTION_BIND_FULLY # define NSLOOKUPSYMBOLINIMAGE_OPTION_BIND_FULLY 0x2 #endif -#if !defined(NSLOOKUPSYMBOLINIMAGE_OPTION_RETURN_ON_ERROR) +#if !defined NSLOOKUPSYMBOLINIMAGE_OPTION_RETURN_ON_ERROR # define NSLOOKUPSYMBOLINIMAGE_OPTION_RETURN_ON_ERROR 0x4 #endif #define LT__SYMLOOKUP_OPTS (NSLOOKUPSYMBOLINIMAGE_OPTION_BIND_NOW \ | NSLOOKUPSYMBOLINIMAGE_OPTION_RETURN_ON_ERROR) -#if defined(__BIG_ENDIAN__) +#if defined __BIG_ENDIAN__ # define LT__MAGIC MH_MAGIC #else # define LT__MAGIC MH_CIGAM @@ -185,7 +185,7 @@ static int dyld_cannot_close = 0; /* A function called through the vtable when this loader is no longer needed by the application. */ static int -vl_exit (lt_user_data LT__UNUSED loader_data) +vl_exit (lt_user_data loader_data LT__UNUSED) { vtable = NULL; return 0; @@ -226,7 +226,7 @@ vl_init (lt_user_data loader_data) module for processing with this loader's other vtable functions. */ static lt_module vm_open (lt_user_data loader_data, const char *filename, - lt_dladvise LT__UNUSED advise) + lt_dladvise advise LT__UNUSED) { lt_module module = 0; NSObjectFileImage ofi = 0; @@ -240,8 +240,8 @@ vm_open (lt_user_data loader_data, const { case NSObjectFileImageSuccess: module = NSLinkModule (ofi, filename, NSLINKMODULE_OPTION_RETURN_ON_ERROR - | NSLINKMODULE_OPTION_PRIVATE - | NSLINKMODULE_OPTION_BINDNOW); + | NSLINKMODULE_OPTION_PRIVATE + | NSLINKMODULE_OPTION_BINDNOW); NSDestroyObjectFileImage (ofi); if (module) @@ -302,7 +302,7 @@ vm_close (lt_user_data loader_data, lt_m { flags |= NSUNLINKMODULE_OPTION_KEEP_MEMORY_MAPPED; } -#if defined(__ppc__) +#if defined __ppc__ flags |= NSUNLINKMODULE_OPTION_RESET_LAZY_REFERENCES; #endif if (!NSUnLinkModule (module, flags)) @@ -350,7 +350,7 @@ vm_sym (lt_user_data loader_data, lt_mod if (!nssym) { - strncpy (saveError, dylderror (LT__STRERROR (SYMBOL_NOT_FOUND)), 255); + strlcpy (saveError, dylderror (LT__STRERROR (SYMBOL_NOT_FOUND)), 255); saveError[255] = 0; if (!mh) {
  96. Download patch kernel/net/netfilter/ipset/ip_set_list_set.c

    --- 6.38-1.2/kernel/net/netfilter/ipset/ip_set_list_set.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/net/netfilter/ipset/ip_set_list_set.c 2018-12-10 17:35:31.000000000 +0000 @@ -150,9 +150,7 @@ __list_set_del_rcu(struct rcu_head * rcu { struct set_elem *e = container_of(rcu, struct set_elem, rcu); struct ip_set *set = e->set; - struct list_set *map = set->data; - ip_set_put_byindex(map->net, e->id); ip_set_ext_destroy(set, e); kfree(e); } @@ -160,15 +158,21 @@ __list_set_del_rcu(struct rcu_head * rcu static inline void list_set_del(struct ip_set *set, struct set_elem *e) { + struct list_set *map = set->data; + set->elements--; list_del_rcu(&e->list); + ip_set_put_byindex(map->net, e->id); call_rcu(&e->rcu, __list_set_del_rcu); } static inline void -list_set_replace(struct set_elem *e, struct set_elem *old) +list_set_replace(struct ip_set *set, struct set_elem *e, struct set_elem *old) { + struct list_set *map = set->data; + list_replace_rcu(&old->list, &e->list); + ip_set_put_byindex(map->net, old->id); call_rcu(&old->rcu, __list_set_del_rcu); } @@ -300,7 +304,7 @@ list_set_uadd(struct ip_set *set, void * INIT_LIST_HEAD(&e->list); list_set_init_extensions(set, ext, e); if (n) - list_set_replace(e, n); + list_set_replace(set, e, n); else if (next) list_add_tail_rcu(&e->list, &next->list); else if (prev) @@ -488,6 +492,7 @@ list_set_list(const struct ip_set *set, const struct list_set *map = set->data; struct nlattr *atd, *nested; u32 i = 0, first = cb->args[IPSET_CB_ARG0]; + char name[IPSET_MAXNAMELEN]; struct set_elem *e; int ret = 0; @@ -506,8 +511,8 @@ list_set_list(const struct ip_set *set, nested = ipset_nest_start(skb, IPSET_ATTR_DATA); if (!nested) goto nla_put_failure; - if (nla_put_string(skb, IPSET_ATTR_NAME, - ip_set_name_byindex(map->net, e->id))) + ip_set_name_byindex(map->net, e->id, name); + if (nla_put_string(skb, IPSET_ATTR_NAME, name)) goto nla_put_failure; if (ip_set_put_extensions(skb, set, e, true)) goto nla_put_failure; @@ -528,8 +533,8 @@ nla_put_failure: ret = -EMSGSIZE; } else { cb->args[IPSET_CB_ARG0] = i; + ipset_nest_end(skb, atd); } - ipset_nest_end(skb, atd); out: rcu_read_unlock(); return ret;
  97. Download patch build-aux/ltmain.sh
  98. Download patch lib/ipset_hash_netportnet.c

    --- 6.38-1.2/lib/ipset_hash_netportnet.c 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/lib/ipset_hash_netportnet.c 2018-12-10 17:35:31.000000000 +0000 @@ -7,7 +7,7 @@ #include <libipset/data.h> /* IPSET_OPT_* */ #include <libipset/parse.h> /* parser functions */ #include <libipset/print.h> /* printing functions */ -#include <libipset/ui.h> /* ipset_port_usage */ +#include <libipset/ipset.h> /* ipset_port_usage */ #include <libipset/types.h> /* prototypes */ /* initial revision */
  99. Download patch kernel/include/uapi/linux/netfilter/ipset/ip_set_list.h

    --- 6.38-1.2/kernel/include/uapi/linux/netfilter/ipset/ip_set_list.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/kernel/include/uapi/linux/netfilter/ipset/ip_set_list.h 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef _UAPI__IP_SET_LIST_H #define _UAPI__IP_SET_LIST_H
  100. Download patch include/libipset/linux_ip_set_bitmap.h

    --- 6.38-1.2/include/libipset/linux_ip_set_bitmap.h 2018-04-10 21:36:27.000000000 +0000 +++ 7.1-0ubuntu1/include/libipset/linux_ip_set_bitmap.h 2018-12-10 17:35:31.000000000 +0000 @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef __IP_SET_BITMAP_H #define __IP_SET_BITMAP_H
  101. ...
  1. ipset