Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: iptables

iptables (1.8.3-2ubuntu4) eoan; urgency=medium * autopkgtest: allow-stderr on command9 to fix regression -- Julian Andres Klode <juliank@ubuntu.com> Mon, 16 Sep 2019 13:48:52 +0200 iptables (1.8.3-2ubuntu3) eoan; urgency=medium * Swap alternative priority around so we prefer legacy (LP: #1843468) -- Julian Andres Klode <juliank@ubuntu.com> Wed, 11 Sep 2019 16:02:54 +0200 iptables (1.8.3-2ubuntu2) eoan; urgency=medium * d/p/lp-1840633-nft-exit-in-case-we-can-t-fetch-current-genid.patch: avoid busy loop if cache can't be created (LP: #1840633) -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Aug 2019 14:04:49 +0200 iptables (1.8.3-2ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - debian/control: add linuxdoc-tools dep - 9000-howtos.patch: add howtos/ and install them - 9002-libxt_recent-Add-support-for-reap-option.patch: Some changes are upstream, patch needed for additional reap option checks. - debian/iptables-dev.doc-base.netfilter-extensions, debian/iptables-dev.doc-base.netfilter-hacking, debian/iptables.doc-base.nat, debian/iptables.doc-base.packet-filter: add howtos -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 29 Jul 2019 23:59:20 +0200

Modifications :
  1. Download patch debian/iptables.install

    --- 1.8.3-2/debian/iptables.install 2019-05-28 10:40:06.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/iptables.install 2019-08-21 07:57:28.000000000 +0000 @@ -7,3 +7,4 @@ usr/lib/*/xtables/libxt_*.so usr/sbin/* usr/share/man/man1 usr/share/man/man8 +howtos/NAT*html debian/tmp/howtos/packet*html usr/share/doc/iptables/html
  2. Download patch debian/tests/control

    --- 1.8.3-2/debian/tests/control 2019-05-28 10:40:06.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/tests/control 2019-09-16 11:48:22.000000000 +0000 @@ -32,7 +32,7 @@ Restrictions: needs-root, isolation-cont Test-Command: iptables-nft-save Depends: @ -Restrictions: needs-root, isolation-container +Restrictions: needs-root, isolation-container, allow-stderr Test-Command: ip6tables-nft-save Depends: @
  3. Download patch debian/iptables.postinst

    --- 1.8.3-2/debian/iptables.postinst 2019-05-28 10:40:06.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/iptables.postinst 2019-09-11 13:23:24.000000000 +0000 @@ -20,27 +20,27 @@ fi if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then update-alternatives \ - --install /usr/sbin/iptables iptables /usr/sbin/iptables-legacy 10 \ + --install /usr/sbin/iptables iptables /usr/sbin/iptables-legacy 20 \ --slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-legacy-restore \ --slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-legacy-save update-alternatives \ - --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tables-legacy 10 \ + --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tables-legacy 20 \ --slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/ip6tables-legacy-restore \ --slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/ip6tables-legacy-save update-alternatives \ - --install /usr/sbin/iptables iptables /usr/sbin/iptables-nft 20 \ + --install /usr/sbin/iptables iptables /usr/sbin/iptables-nft 10 \ --slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-nft-restore \ --slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-nft-save update-alternatives \ - --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tables-nft 20 \ + --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tables-nft 10 \ --slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/ip6tables-nft-restore \ --slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/ip6tables-nft-save update-alternatives \ - --install /usr/sbin/arptables arptables /usr/sbin/arptables-nft 20 \ + --install /usr/sbin/arptables arptables /usr/sbin/arptables-nft 10 \ --slave /usr/sbin/arptables-restore arptables-restore /usr/sbin/arptables-nft-restore \ --slave /usr/sbin/arptables-save arptables-save /usr/sbin/arptables-nft-save update-alternatives \ - --install /usr/sbin/ebtables ebtables /usr/sbin/ebtables-nft 20 \ + --install /usr/sbin/ebtables ebtables /usr/sbin/ebtables-nft 10 \ --slave /usr/sbin/ebtables-restore ebtables-restore /usr/sbin/ebtables-nft-restore \ --slave /usr/sbin/ebtables-save ebtables-save /usr/sbin/ebtables-nft-save fi
  4. Download patch debian/control

    --- 1.8.3-2/debian/control 2019-07-10 08:47:52.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/control 2019-08-21 11:58:27.000000000 +0000 @@ -1,7 +1,8 @@ Source: iptables Section: net Priority: important -Maintainer: Debian Netfilter Packaging Team <pkg-netfilter-team@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian Netfilter Packaging Team <pkg-netfilter-team@lists.alioth.debian.org> Uploaders: Arturo Borrero Gonzalez <arturo@debian.org>, Laurence J. Lane <ljlane@debian.org> Build-Depends: autoconf, @@ -13,6 +14,7 @@ Build-Depends: autoconf, libnetfilter-conntrack-dev, libnetfilter-conntrack3, libnfnetlink-dev, + linuxdoc-tools, libnftnl-dev (>= 1.1.3), libtool (>= 2.2.6) Standards-Version: 4.4.0
  5. Download patch debian/iptables.doc-base.packet-filter

    --- 1.8.3-2/debian/iptables.doc-base.packet-filter 1970-01-01 00:00:00.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/iptables.doc-base.packet-filter 2019-08-21 07:57:28.000000000 +0000 @@ -0,0 +1,10 @@ +Document: packet-filter +Title: Linux 2.4/2.6 Packet Filtering HOWTO +Author: Rusty Russell +Abstract: This document describes how to use iptables to filter + IP packets for the 2.6+ Linux kernels. +Section: Help/HOWTO + +Format: HTML +Index: /usr/share/doc/iptables/html/packet-filtering-HOWTO.html +Files: /usr/share/doc/iptables/html/packet-filtering-HOWTO*.html
  6. Download patch debian/patches/9002-libxt_recent-Add-support-for-reap-option.patch

    --- 1.8.3-2/debian/patches/9002-libxt_recent-Add-support-for-reap-option.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/patches/9002-libxt_recent-Add-support-for-reap-option.patch 2019-08-21 07:57:28.000000000 +0000 @@ -0,0 +1,26 @@ +Description: Fix support for reap option. +Origin: 79ddbf202a06e6f018e087a328c2ca91e65a8463 +Author: Tim Gardner <tim.gardner@canonical.com> +Last-Update: <2013-06-07> + +Index: iptables/extensions/libxt_recent.c +=================================================================== +--- iptables.orig/extensions/libxt_recent.c 2013-10-23 19:37:20.190616082 -0400 ++++ iptables/extensions/libxt_recent.c 2013-10-23 19:37:20.186616082 -0400 +@@ -170,10 +170,16 @@ + + static void recent_check(struct xt_fcheck_call *cb) + { ++ struct xt_recent_mtinfo *info = cb->data; ++ + if (!(cb->xflags & F_ANY_OP)) + xtables_error(PARAMETER_PROBLEM, + "recent: you must specify one of `--set', `--rcheck' " + "`--update' or `--remove'"); ++ ++ if ((info->check_set & XT_RECENT_REAP) && !info->seconds) ++ xtables_error(PARAMETER_PROBLEM, ++ "recent: you must specify `--seconds' with `--reap'"); + } + + static void recent_print(const void *ip, const struct xt_entry_match *match,
  7. Download patch debian/iptables-dev.doc-base.netfilter-extensions

    --- 1.8.3-2/debian/iptables-dev.doc-base.netfilter-extensions 1970-01-01 00:00:00.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/iptables-dev.doc-base.netfilter-extensions 2019-08-21 07:57:28.000000000 +0000 @@ -0,0 +1,9 @@ +Document: netfilter-extensions +Title: Netfilter Extensions HOWTO +Author: Fabrice MARIE <fabrice@celestix.com> +Abstract: This document describes how to install and use current iptables extensions for netfilter. +Section: Help/HOWTO + +Format: HTML +Index: /usr/share/doc/iptables-dev/html/netfilter-extensions-HOWTO.html +Files: /usr/share/doc/iptables-dev/html/netfilter-extensions-HOWTO-?.html
  8. Download patch debian/iptables.doc-base.nat

    --- 1.8.3-2/debian/iptables.doc-base.nat 1970-01-01 00:00:00.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/iptables.doc-base.nat 2019-08-21 07:57:28.000000000 +0000 @@ -0,0 +1,11 @@ +Document: nat +Title: Linux 2.4/2.6 NAT HOWTO +Author: Rusty Russell +Abstract: This document describes how to do masquerading, transparent + proxying, port forwarding, and other forms of Network Address + Translations with the 2.6+ Linux Kernels. +Section: Help/HOWTO + +Format: HTML +Index: /usr/share/doc/iptables/html/NAT-HOWTO.html +Files: /usr/share/doc/iptables/html/NAT-HOWTO*.html
  9. Download patch debian/patches/series

    --- 1.8.3-2/debian/patches/series 2019-07-02 10:49:17.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/patches/series 2019-08-21 12:04:06.000000000 +0000 @@ -6,3 +6,7 @@ 0202-725413-sctp_man_description.patch 0301-install_iptables_apply.patch 0401-580941-iptables_apply_update.patch + +9000-howtos.patch +9002-libxt_recent-Add-support-for-reap-option.patch +lp-1840633-nft-exit-in-case-we-can-t-fetch-current-genid.patch
  10. Download patch debian/patches/lp-1840633-nft-exit-in-case-we-can-t-fetch-current-genid.patch

    --- 1.8.3-2/debian/patches/lp-1840633-nft-exit-in-case-we-can-t-fetch-current-genid.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/patches/lp-1840633-nft-exit-in-case-we-can-t-fetch-current-genid.patch 2019-08-21 12:03:46.000000000 +0000 @@ -0,0 +1,51 @@ +From e5cab728c40be88c541f68e4601d39178c36111f Mon Sep 17 00:00:00 2001 +From: Florian Westphal <fw@strlen.de> +Date: Sun, 14 Jul 2019 10:49:28 +0200 +Subject: [PATCH] nft: exit in case we can't fetch current genid + +When running iptables -nL as non-root user, iptables would loop indefinitely. + +With this change, it will fail with +iptables v1.8.3 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root) + +Reported-by: Amish <anon.amish@gmail.com> +Signed-off-by: Florian Westphal <fw@strlen.de> +Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> + +Origin: upstream, https://git.netfilter.org/iptables/commit/?id=e5cab728c40be88c541f68e4601d39178c36111f +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1840633 +Last-Update: 2019-08-21 + +--- + iptables/nft.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/iptables/nft.c b/iptables/nft.c +index e927d1db..8f0d5e66 100644 +--- a/iptables/nft.c ++++ b/iptables/nft.c +@@ -82,13 +82,19 @@ out: + return MNL_CB_ERROR; + } + +-static int mnl_genid_get(struct nft_handle *h, uint32_t *genid) ++static void mnl_genid_get(struct nft_handle *h, uint32_t *genid) + { + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nlmsghdr *nlh; ++ int ret; + + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETGEN, 0, 0, h->seq); +- return mnl_talk(h, nlh, genid_cb, genid); ++ ret = mnl_talk(h, nlh, genid_cb, genid); ++ if (ret == 0) ++ return; ++ ++ xtables_error(RESOURCE_PROBLEM, ++ "Could not fetch rule set generation id: %s\n", nft_strerror(errno)); + } + + int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh, +-- +2.22.0 +
  11. Download patch debian/patches/9000-howtos.patch
  12. Download patch debian/iptables-dev.doc-base.netfilter-hacking

    --- 1.8.3-2/debian/iptables-dev.doc-base.netfilter-hacking 1970-01-01 00:00:00.000000000 +0000 +++ 1.8.3-2ubuntu4/debian/iptables-dev.doc-base.netfilter-hacking 2019-08-21 07:57:28.000000000 +0000 @@ -0,0 +1,9 @@ +Document: netfilter-hacking +Title: Linux netfilter Hacking HOWTO +Author: Rusty Russell +Abstract: This document describes the netfilter architecture for Linux, how to hack it, and some of the major systems which sit on top of it, such as packet filtering, connection tracking and Network Address Translation. +Section: Help/HOWTO + +Format: HTML +Index: /usr/share/doc/iptables-dev/html/netfilter-hacking-HOWTO.html +Files: /usr/share/doc/iptables-dev/html/netfilter-hacking-HOWTO-*.html

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: iptables-netflow

iptables-netflow (2.3-5ubuntu2) eoan; urgency=medium * Add support for Linux 5.2 (LP: #1830047) -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Fri, 31 May 2019 13:38:08 -0300 iptables-netflow (2.3-5ubuntu1) disco; urgency=medium * Add support for Linux 5.0 (LP: #1813061) -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Fri, 08 Feb 2019 13:11:59 -0200

Modifications :
  1. Download patch debian/patches/0001-Use-nf_bridge_info_get-instead-of-skb-nf_bridge

    --- 2.3-5/debian/patches/0001-Use-nf_bridge_info_get-instead-of-skb-nf_bridge 1970-01-01 00:00:00.000000000 +0000 +++ 2.3-5ubuntu2/debian/patches/0001-Use-nf_bridge_info_get-instead-of-skb-nf_bridge 2019-02-08 15:10:49.000000000 +0000 @@ -0,0 +1,80 @@ +Author: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> +Forwarded: https://github.com/aabc/ipt-netflow/pull/110 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1813061 +Description: Use nf_bridge_info_get() instead of skb->nf_bridge + +Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> + + +diff --git a/compat.h b/compat.h +index 707d6422c4d2..2a6628cbdfd0 100644 +--- a/compat.h ++++ b/compat.h +@@ -679,4 +679,12 @@ static inline int is_vlan_dev(struct net_device *dev) + } + #endif + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5,0,0) ++static inline struct nf_bridge_info * ++nf_bridge_info_get(const struct sk_buff *skb) ++{ ++ return skb->nf_bridge; ++} ++#endif ++ + #endif /* COMPAT_NETFLOW_H */ +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index 76a5547f25e3..12f37b29933e 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -50,6 +50,7 @@ + #include <net/addrconf.h> + #include <net/dst.h> + #include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_bridge.h> + #ifndef ENABLE_NAT + # undef CONFIG_NF_NAT_NEEDED + #endif +@@ -75,9 +76,6 @@ + #include "compat.h" + #include "ipt_NETFLOW.h" + #include "murmur3.h" +-#ifdef CONFIG_BRIDGE_NETFILTER +-# include <linux/netfilter_bridge.h> +-#endif + #ifdef CONFIG_SYSCTL + # include <linux/sysctl.h> + #endif +@@ -4962,8 +4960,8 @@ static unsigned int netflow_target( + memset(&tuple, 0, sizeof(tuple)); + tuple.l3proto = family; + #ifdef ENABLE_PHYSDEV_OVER +- if (skb->nf_bridge && skb->nf_bridge->physindev) +- tuple.i_ifc = skb->nf_bridge->physindev->ifindex; ++ if (nf_bridge_info_get(skb) && nf_bridge_info_get(skb)->physindev) ++ tuple.i_ifc = nf_bridge_info_get(skb)->physindev->ifindex; + else /* FALLTHROUGH */ + #endif + tuple.i_ifc = if_in? if_in->ifindex : -1; +@@ -5227,8 +5225,8 @@ do_protocols: + nf->tcp_flags = tcp_flags; + nf->o_ifc = if_out? if_out->ifindex : -1; + #ifdef ENABLE_PHYSDEV_OVER +- if (skb->nf_bridge && skb->nf_bridge->physoutdev) +- nf->o_ifc = skb->nf_bridge->physoutdev->ifindex; ++ if (nf_bridge_info_get(skb) && nf_bridge_info_get(skb)->physoutdev) ++ nf->o_ifc = nf_bridge_info_get(skb)->physoutdev->ifindex; + #endif + + #ifdef SNMP_RULES +@@ -5238,8 +5236,8 @@ do_protocols: + #endif + /* copy and snmp-resolve device with physdev overriding normal dev */ + #define copy_dev(out, physdev, dev) \ +- if (skb->nf_bridge && skb->nf_bridge->physdev) \ +- out = resolve_snmp(skb->nf_bridge->physdev); \ ++ if (nf_bridge_info_get(skb) && nf_bridge_info_get(skb)->physdev) \ ++ out = resolve_snmp(nf_bridge_info_get(skb)->physdev); \ + else \ + out = resolve_snmp(dev); + #ifdef ENABLE_PHYSDEV
  2. Download patch debian/patches/0001-Use-totalram_pages-starting-with-5.0

    --- 2.3-5/debian/patches/0001-Use-totalram_pages-starting-with-5.0 1970-01-01 00:00:00.000000000 +0000 +++ 2.3-5ubuntu2/debian/patches/0001-Use-totalram_pages-starting-with-5.0 2019-02-08 15:10:45.000000000 +0000 @@ -0,0 +1,23 @@ +Author: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> +Forwarded: https://github.com/aabc/ipt-netflow/pull/110 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1813061 +Description: Use totalram_pages() starting with 5.0 + +Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> + + +diff --git a/compat.h b/compat.h +index 027a736f858c..707d6422c4d2 100644 +--- a/compat.h ++++ b/compat.h +@@ -206,7 +206,9 @@ err: + } + #endif + +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,11,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0) ++#define num_physpages totalram_pages() ++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,11,0) + #define num_physpages totalram_pages + #endif +
  3. Download patch debian/patches/0001-Implement-do_gettimeofday-wrapper-starting-with-5.0

    --- 2.3-5/debian/patches/0001-Implement-do_gettimeofday-wrapper-starting-with-5.0 1970-01-01 00:00:00.000000000 +0000 +++ 2.3-5ubuntu2/debian/patches/0001-Implement-do_gettimeofday-wrapper-starting-with-5.0 2019-02-08 15:10:53.000000000 +0000 @@ -0,0 +1,27 @@ +Author: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> +Forwarded: https://github.com/aabc/ipt-netflow/pull/110 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1813061 +Description: Implement do_gettimeofday wrapper starting with 5.0 + +Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> + + +diff --git a/compat.h b/compat.h +index 2a6628cbdfd0..948f87eb4113 100644 +--- a/compat.h ++++ b/compat.h +@@ -687,4 +687,14 @@ nf_bridge_info_get(const struct sk_buff *skb) + } + #endif + ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0) ++static inline void do_gettimeofday(struct timeval *tv) ++{ ++ struct timespec64 ts64; ++ ktime_get_real_ts64(&ts64); ++ tv->tv_sec = ts64.tv_sec; ++ tv->tv_usec = ts64.tv_nsec/1000; ++} ++#endif ++ + #endif /* COMPAT_NETFLOW_H */
  4. Download patch debian/patches/0001-Fix-build-with-5.2-kernel

    --- 2.3-5/debian/patches/0001-Fix-build-with-5.2-kernel 1970-01-01 00:00:00.000000000 +0000 +++ 2.3-5ubuntu2/debian/patches/0001-Fix-build-with-5.2-kernel 2019-05-31 16:38:08.000000000 +0000 @@ -0,0 +1,26 @@ +Author: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> +Origin: upstream, commit:0e5af37bf63681ff4ee95b98466ee26fa3e4df13 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1830047 +Description: Fix build with 5.2 kernel + +Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> + + +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index b3348cea67e5..724ebf25743d 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -5274,8 +5274,13 @@ do_protocols: + nf->hooknumx = hooknum + 1; + #endif + if (likely(family == AF_INET)) { ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5,2,0) + if (rt) + nf->nh.ip = rt->rt_gateway; ++#else ++ if (rt && rt->rt_gw_family == AF_INET) ++ nf->nh.ip = rt->rt_gw4; ++#endif + } else { + if (rt) + nf->nh.in6 = ((struct rt6_info *)rt)->rt6i_gateway;
  5. Download patch debian/patches/0001-Fix-compilation-for-kernel-5.1

    --- 2.3-5/debian/patches/0001-Fix-compilation-for-kernel-5.1 1970-01-01 00:00:00.000000000 +0000 +++ 2.3-5ubuntu2/debian/patches/0001-Fix-compilation-for-kernel-5.1 2019-05-31 16:38:08.000000000 +0000 @@ -0,0 +1,24 @@ +Author: ABC <abc@openwall.com> +Origin: upstream, commit:fd37b58a81c3df1f375fe784547b77b7a9d1ebc4 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1830047 +Description: Fix compilation for kernel 5.1 + +Fixes #115 reported by danrimal. + + +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index 69751aa0dd42..7632b9974534 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -5723,7 +5723,11 @@ static void __exit ipt_netflow_fini(void) + netflow_scan_and_export(AND_FLUSH); + del_timer_sync(&rate_timer); + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5,1,0) + synchronize_sched(); ++#else ++ synchronize_rcu(); ++#endif + + free_templates(); + destination_removeall();
  6. Download patch debian/patches/series

    --- 2.3-5/debian/patches/series 2018-03-24 00:01:06.000000000 +0000 +++ 2.3-5ubuntu2/debian/patches/series 2019-05-31 16:38:08.000000000 +0000 @@ -2,3 +2,8 @@ ignore-unknown-configure-options.patch add-quoting-needed-by-dh_dkms.patch properly-pass-CPPFLAGS-and-LDFLAGS.patch disable-kernel-check.patch +0001-Implement-do_gettimeofday-wrapper-starting-with-5.0 +0001-Use-nf_bridge_info_get-instead-of-skb-nf_bridge +0001-Use-totalram_pages-starting-with-5.0 +0001-Fix-compilation-for-kernel-5.1 +0001-Fix-build-with-5.2-kernel
  1. iptables
  2. iptables-netflow