Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package xtables-addons
This version adds support for Linux 4.9, without which the package
will be unsuitable for release in stretch. (It also adds support
for Linux 4.10, but there are no other changes.)
diff -Nru xtables-addons-2.11/aclocal.m4 xtables-addons-2.12/aclocal.m4
--- xtables-addons-2.11/aclocal.m4 2016-05-20 22:42:52.871834167 +0100
+++ xtables-addons-2.12/aclocal.m4 2017-01-11 00:40:27.110821172 +0000
@@ -377,10 +377,9 @@
# configured tree to be moved without reconfiguration.
AC_DEFUN([AM_AUX_DIR_EXPAND],
-[dnl Rely on autoconf to set up CDPATH properly.
-AC_PREREQ([2.50])dnl
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
+[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
+# Expand $ac_aux_dir to an absolute path.
+am_aux_dir=`cd "$ac_aux_dir" && pwd`
])
# AM_CONDITIONAL -*- Autoconf -*-
diff -Nru xtables-addons-2.11/configure xtables-addons-2.12/configure
--- xtables-addons-2.11/configure 2016-05-20 22:42:53.447820037 +0100
+++ xtables-addons-2.12/configure 2017-01-11 00:40:27.694807048 +0000
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for xtables-addons 2.11.
+# Generated by GNU Autoconf 2.69 for xtables-addons 2.12.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='xtables-addons'
PACKAGE_TARNAME='xtables-addons'
-PACKAGE_VERSION='2.11'
-PACKAGE_STRING='xtables-addons 2.11'
+PACKAGE_VERSION='2.12'
+PACKAGE_STRING='xtables-addons 2.12'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1322,7 +1322,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures xtables-addons 2.11 to adapt to many kinds of systems.
+\`configure' configures xtables-addons 2.12 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1392,7 +1392,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of xtables-addons 2.11:";;
+ short | recursive ) echo "Configuration of xtables-addons 2.12:";;
esac
cat <<\_ACEOF
@@ -1511,7 +1511,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-xtables-addons configure 2.11
+xtables-addons configure 2.12
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1876,7 +1876,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by xtables-addons $as_me 2.11, which was
+It was created by xtables-addons $as_me 2.12, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2428,8 +2428,8 @@
ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
+# Expand $ac_aux_dir to an absolute path.
+am_aux_dir=`cd "$ac_aux_dir" && pwd`
if test x"${MISSING+set}" != xset; then
case $am_aux_dir in
@@ -2742,7 +2742,7 @@
# Define the identity of the package.
PACKAGE='xtables-addons'
- VERSION='2.11'
+ VERSION='2.12'
cat >>confdefs.h <<_ACEOF
@@ -11963,9 +11963,9 @@
echo "WARNING: Version detection did not succeed. Continue at
own luck.";
else
echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
- if test "$kmajor" -gt 4 -o "$kmajor" -eq 7 -a "$kminor" -gt 3;
then
+ if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 10;
then
echo "WARNING: That kernel version is not officially
supported yet. Continue at own luck.";
- elif test "$kmajor" -eq 4 -a "$kminor" -le 3; then
+ elif test "$kmajor" -eq 4 -a "$kminor" -le 10; then
:;
elif test "$kmajor" -eq 3 -a "$kminor" -ge 7; then
:;
@@ -12511,7 +12511,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by xtables-addons $as_me 2.11, which was
+This file was extended by xtables-addons $as_me 2.12, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -12577,7 +12577,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-xtables-addons config.status 2.11
+xtables-addons config.status 2.12
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru xtables-addons-2.11/configure.ac xtables-addons-2.12/configure.ac
--- xtables-addons-2.11/configure.ac 2016-05-20 13:35:46.000000000 +0100
+++ xtables-addons-2.12/configure.ac 2017-01-11 00:39:53.000000000 +0000
@@ -1,4 +1,4 @@
-AC_INIT([xtables-addons], [2.11])
+AC_INIT([xtables-addons], [2.12])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
@@ -57,9 +57,9 @@
echo "WARNING: Version detection did not succeed. Continue at
own luck.";
else
echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
- if test "$kmajor" -gt 4 -o "$kmajor" -eq 7 -a "$kminor" -gt 3;
then
+ if test "$kmajor" -gt 4 -o "$kmajor" -eq 4 -a "$kminor" -gt 10;
then
echo "WARNING: That kernel version is not officially
supported yet. Continue at own luck.";
- elif test "$kmajor" -eq 4 -a "$kminor" -le 3; then
+ elif test "$kmajor" -eq 4 -a "$kminor" -le 10; then
:;
elif test "$kmajor" -eq 3 -a "$kminor" -ge 7; then
:;
diff -Nru xtables-addons-2.11/debian/changelog
xtables-addons-2.12/debian/changelog
--- xtables-addons-2.11/debian/changelog 2016-12-07 00:18:28.000000000
+0000
+++ xtables-addons-2.12/debian/changelog 2017-01-28 23:15:35.000000000
+0000
@@ -1,3 +1,11 @@
+xtables-addons (2.12-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release [January 2017]
+ + support for Linux 4.9, 4.10 (Closes: #851576)
+
+ -- Ben Hutchings <b...@decadent.org.uk> Sat, 28 Jan 2017 23:15:35 +0000
+
xtables-addons (2.11-3) unstable; urgency=medium
* Re-build for auto-iptables transition (Closes: #845516).
diff -Nru xtables-addons-2.11/doc/changelog.txt
xtables-addons-2.12/doc/changelog.txt
--- xtables-addons-2.11/doc/changelog.txt 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/doc/changelog.txt 2017-01-11 00:39:53.000000000
+0000
@@ -3,6 +3,12 @@
====
+v2.12 (2017-01-11)
+==================
+Enhancements:
+- support for Linux up to 4.10
+
+
v2.11 (2016-05-20)
==================
Enhancements:
diff -Nru xtables-addons-2.11/extensions/ACCOUNT/xt_ACCOUNT.c
xtables-addons-2.12/extensions/ACCOUNT/xt_ACCOUNT.c
--- xtables-addons-2.11/extensions/ACCOUNT/xt_ACCOUNT.c 2016-05-20
13:35:46.000000000 +0100
+++ xtables-addons-2.12/extensions/ACCOUNT/xt_ACCOUNT.c 2017-01-11
00:39:53.000000000 +0000
@@ -482,12 +482,16 @@
static unsigned int
ipt_acc_target(struct sk_buff *skb, const struct xt_action_param *par)
{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ struct ipt_acc_net *ian = net_generic(par->state->net, ipt_acc_net_id);
+#else
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0)
struct ipt_acc_net *ian = net_generic(par->net, ipt_acc_net_id);
#else
struct net *net = dev_net(par->in ? par->in : par->out);
struct ipt_acc_net *ian = net_generic(net, ipt_acc_net_id);
#endif
+#endif
struct ipt_acc_table *ipt_acc_tables = ian->ipt_acc_tables;
const struct ipt_acc_info *info =
par->targinfo;
diff -Nru xtables-addons-2.11/extensions/compat_xtables.h
xtables-addons-2.12/extensions/compat_xtables.h
--- xtables-addons-2.11/extensions/compat_xtables.h 2016-05-20
13:35:46.000000000 +0100
+++ xtables-addons-2.12/extensions/compat_xtables.h 2017-01-11
00:39:53.000000000 +0000
@@ -82,11 +82,15 @@
static inline struct net *par_net(const struct xt_action_param *par)
{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
+ return par->state->net;
+#else
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
return par->net;
#else
return dev_net((par->in != NULL) ? par->in : par->out);
#endif
+#endif
}
#endif /* _XTABLES_COMPAT_H */
diff -Nru xtables-addons-2.11/extensions/xt_CHAOS.c
xtables-addons-2.12/extensions/xt_CHAOS.c
--- xtables-addons-2.11/extensions/xt_CHAOS.c 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/extensions/xt_CHAOS.c 2017-01-11 00:39:53.000000000
+0000
@@ -58,8 +58,12 @@
{
struct xt_action_param local_par;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ local_par.state = par->state;
+#else
local_par.in = par->in,
local_par.out = par->out,
+#endif
local_par.match = xm_tcp;
local_par.matchinfo = &tcp_params;
local_par.fragoff = fragoff;
@@ -74,12 +78,16 @@
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
{
struct xt_action_param local_par;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ local_par.state = par->state;
+#else
local_par.in = par->in;
local_par.out = par->out;
local_par.hooknum = par->hooknum;
+ local_par.family = par->family;
+#endif
local_par.target = destiny;
local_par.targinfo = par->targinfo;
- local_par.family = par->family;
destiny->target(skb, &local_par);
}
}
@@ -100,9 +108,13 @@
if ((unsigned int)prandom_u32() <= reject_percentage) {
struct xt_action_param local_par;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ local_par.state = par->state;
+#else
local_par.in = par->in;
local_par.out = par->out;
local_par.hooknum = par->hooknum;
+#endif
local_par.target = xt_reject;
local_par.targinfo = &reject_params;
return xt_reject->target(skb, &local_par);
@@ -111,7 +123,12 @@
/* TARPIT/DELUDE may not be called from the OUTPUT chain */
if (iph->protocol == IPPROTO_TCP &&
info->variant != XTCHAOS_NORMAL &&
- par->hooknum != NF_INET_LOCAL_OUT)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ par->state->hook
+#else
+ par->hooknum
+#endif
+ != NF_INET_LOCAL_OUT)
xt_chaos_total(skb, par);
return NF_DROP;
diff -Nru xtables-addons-2.11/extensions/xt_DELUDE.c
xtables-addons-2.12/extensions/xt_DELUDE.c
--- xtables-addons-2.11/extensions/xt_DELUDE.c 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/extensions/xt_DELUDE.c 2017-01-11 00:39:53.000000000
+0000
@@ -151,7 +151,13 @@
* a problem, as that is supported since Linux 2.6.35. But since we do
not
* actually want to have a connection open, we are still going to drop
it.
*/
- delude_send_reset(par_net(par), skb, par->hooknum);
+ delude_send_reset(par_net(par), skb,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ par->state->hook
+#else
+ par->hooknum
+#endif
+ );
return NF_DROP;
}
diff -Nru xtables-addons-2.11/extensions/xt_DNETMAP.c
xtables-addons-2.12/extensions/xt_DNETMAP.c
--- xtables-addons-2.11/extensions/xt_DNETMAP.c 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/extensions/xt_DNETMAP.c 2017-01-11 00:39:53.000000000
+0000
@@ -356,7 +356,11 @@
static unsigned int
dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ struct net *net = dev_net(par->state->in ? par->state->in :
par->state->out);
+#else
struct net *net = dev_net(par->in ? par->in : par->out);
+#endif
struct dnetmap_net *dnetmap_net = dnetmap_pernet(net);
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;
@@ -367,16 +371,21 @@
struct dnetmap_entry *e;
struct dnetmap_prefix *p;
__s32 jttl;
-
- NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING ||
- par->hooknum == NF_INET_LOCAL_OUT ||
- par->hooknum == NF_INET_PRE_ROUTING);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ unsigned int hooknum = par->state->hook;
+#else
+ unsigned int hooknum = par->hooknum;
+#endif
+
+ NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING ||
+ hooknum == NF_INET_LOCAL_OUT ||
+ hooknum == NF_INET_PRE_ROUTING);
ct = nf_ct_get(skb, &ctinfo);
jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout;
/* in prerouting we try to map postnat-ip to prenat-ip */
- if (par->hooknum == NF_INET_PRE_ROUTING) {
+ if (hooknum == NF_INET_PRE_ROUTING) {
postnat_ip = ip_hdr(skb)->daddr;
spin_lock_bh(&dnetmap_lock);
@@ -407,7 +416,7 @@
newrange.min_proto = mr->min_proto;
newrange.max_proto = mr->max_proto;
return nf_nat_setup_info(ct, &newrange,
- HOOK2MANIP(par->hooknum));
+ HOOK2MANIP(hooknum));
}
prenat_ip = ip_hdr(skb)->saddr;
@@ -495,7 +504,11 @@
newrange.max_addr.ip = postnat_ip;
newrange.min_proto = mr->min_proto;
newrange.max_proto = mr->max_proto;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->state->hook));
+#else
return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
+#endif
no_rev_map:
no_free_ip:
diff -Nru xtables-addons-2.11/extensions/xt_ECHO.c
xtables-addons-2.12/extensions/xt_ECHO.c
--- xtables-addons-2.11/extensions/xt_ECHO.c 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/extensions/xt_ECHO.c 2017-01-11 00:39:53.000000000
+0000
@@ -35,7 +35,11 @@
void *payload;
struct flowi6 fl;
struct dst_entry *dst = NULL;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ struct net *net = dev_net((par->state->in != NULL) ? par->state->in :
par->state->out);
+#else
struct net *net = dev_net((par->in != NULL) ? par->in : par->out);
+#endif
/* This allows us to do the copy operation in fewer lines of code. */
if (skb_linearize(oldskb) < 0)
diff -Nru xtables-addons-2.11/extensions/xt_iface.c
xtables-addons-2.12/extensions/xt_iface.c
--- xtables-addons-2.11/extensions/xt_iface.c 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/extensions/xt_iface.c 2017-01-11 00:39:53.000000000
+0000
@@ -45,9 +45,17 @@
const struct xt_action_param *par, struct net_device **put)
{
if (info->flags & XT_IFACE_DEV_IN)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ return par->state->in;
+#else
return par->in;
+#endif
else if (info->flags & XT_IFACE_DEV_OUT)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ return par->state->out;
+#else
return par->out;
+#endif
return *put = dev_get_by_name(&init_net, info->ifname);
}
diff -Nru xtables-addons-2.11/extensions/xt_LOGMARK.c
xtables-addons-2.12/extensions/xt_LOGMARK.c
--- xtables-addons-2.11/extensions/xt_LOGMARK.c 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/extensions/xt_LOGMARK.c 2017-01-11 00:39:53.000000000
+0000
@@ -58,8 +58,12 @@
printk("%s""ASSURED", prev++ ? "," : "");
if (ct->status & IPS_CONFIRMED)
printk("%s""CONFIRMED", prev++ ? "," : "");
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,9,0)
+ printk(" lifetime=%lus", nf_ct_expires(ct) / HZ);
+#else
printk(" lifetime=%lus",
(jiffies - ct->timeout.expires) / HZ);
+#endif
}
static unsigned int
@@ -72,7 +76,11 @@
printk("<%u>%.*s""iif=%d hook=%s nfmark=0x%x "
"secmark=0x%x classify=0x%x",
info->level, (unsigned int)sizeof(info->prefix), info->prefix,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ skb_ifindex(skb), hook_names[par->state->hook],
+#else
skb_ifindex(skb), hook_names[par->hooknum],
+#endif
skb_nfmark(skb), skb_secmark(skb), skb->priority);
ct = nf_ct_get(skb, &ctinfo);
diff -Nru xtables-addons-2.11/extensions/xt_lscan.c
xtables-addons-2.12/extensions/xt_lscan.c
--- xtables-addons-2.11/extensions/xt_lscan.c 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/extensions/xt_lscan.c 2017-01-11 00:39:53.000000000
+0000
@@ -204,7 +204,11 @@
unsigned int n;
n = lscan_mt_full(ctdata->mark & connmark_mask, ctstate,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ par->state->in == init_net.loopback_dev, tcph,
+#else
par->in == init_net.loopback_dev, tcph,
+#endif
skb->len - par->thoff - 4 * tcph->doff);
ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
diff -Nru xtables-addons-2.11/extensions/xt_TARPIT.c
xtables-addons-2.12/extensions/xt_TARPIT.c
--- xtables-addons-2.11/extensions/xt_TARPIT.c 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/extensions/xt_TARPIT.c 2017-01-11 00:39:53.000000000
+0000
@@ -455,7 +455,11 @@
if (iph->frag_off & htons(IP_OFFSET))
return NF_DROP;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ tarpit_tcp4(par_net(par), skb, par->state->hook, info->variant);
+#else
tarpit_tcp4(par_net(par), skb, par->hooknum, info->variant);
+#endif
return NF_DROP;
}
@@ -497,7 +501,11 @@
return NF_DROP;
}
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ tarpit_tcp6(par_net(par), skb, par->state->hook, info->variant);
+#else
tarpit_tcp6(par_net(par), skb, par->hooknum, info->variant);
+#endif
return NF_DROP;
}
#endif
diff -Nru xtables-addons-2.11/xtables-addons.8.in
xtables-addons-2.12/xtables-addons.8.in
--- xtables-addons-2.11/xtables-addons.8.in 2016-05-20 13:35:46.000000000
+0100
+++ xtables-addons-2.12/xtables-addons.8.in 2017-01-11 00:39:53.000000000
+0000
@@ -1,4 +1,4 @@
-.TH xtables-addons 8 "For Workgroups?" "" "v2.11 (2016-05-20)"
+.TH xtables-addons 8 "Not For Workgroups" "" "v2.12 (2017-01-11)"
.SH Name
Xtables-addons \(em additional extensions for iptables, ip6tables, etc.
.SH Targets
--- END ---
unblock xtables-addons/2.12-0.1
-- System Information:
Debian Release: 9.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
