Merge #173114: iptables: 1.8.7 -> 1.8.8 (into staging)

2 years ago · c04f36461c
parent 650cf38784 131fce41a3
commit c04f36461c
3 changed files with 29 additions and 13 deletions
--- a/pkgs/development/libraries/libnetfilter_cthelper/default.nix
+++ b/pkgs/development/libraries/libnetfilter_cthelper/default.nix
@ -2,13 +2,15 @@

 stdenv.mkDerivation rec {
  pname = "libnetfilter_cthelper";
-  version = "1.0.0";
+  version = "1.0.1";

  src = fetchurl {
    url = "https://netfilter.org/projects/libnetfilter_cthelper/files/${pname}-${version}.tar.bz2";
-    sha256 = "07618e71c4d9a6b6b3dc1986540486ee310a9838ba754926c7d14a17d8fccf3d";
+    sha256 = "sha256-FAc9VIcjOJc1XT/wTdwcjQPMW6jSNWI2qogWGp8tyRI=";
  };

+  outputs = [ "out" "dev" ];
+
  nativeBuildInputs = [ pkg-config ];
  buildInputs = [ libmnl ];

--- a/pkgs/development/libraries/libnetfilter_cttimeout/default.nix
+++ b/pkgs/development/libraries/libnetfilter_cttimeout/default.nix
@ -2,13 +2,15 @@

 stdenv.mkDerivation rec {
  pname = "libnetfilter_cttimeout";
-  version = "1.0.0";
+  version = "1.0.1";

  src = fetchurl {
    url = "https://netfilter.org/projects/libnetfilter_cttimeout/files/${pname}-${version}.tar.bz2";
-    sha256 = "aeab12754f557cba3ce2950a2029963d817490df7edb49880008b34d7ff8feba";
+    sha256 = "sha256-C1naLzIE4cgMuF0fbXIoX8B7AaL1Z4q/Xcz7vv1lAyU=";
  };

+  outputs = [ "out" "dev" ];
+
  nativeBuildInputs = [ pkg-config ];
  buildInputs = [ libmnl ];

--- a/pkgs/os-specific/linux/iptables/default.nix
+++ b/pkgs/os-specific/linux/iptables/default.nix
@ -1,19 +1,33 @@
 { lib, stdenv, fetchurl, pkg-config, pruneLibtoolFiles, flex, bison
 , libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap
 , nftablesCompat ? true
+, fetchpatch
 }:

-with lib;
-
 stdenv.mkDerivation rec {
-  version = "1.8.7";
+  version = "1.8.8";
  pname = "iptables";

  src = fetchurl {
    url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
-    sha256 = "1w6qx3sxzkv80shk21f63rq41c84irpx68k62m2cv629n1mwj2f1";
+    sha256 = "sha256-ccdYidxxBnZjFVPrFRHaAXe7qvG1USZbkS0jbD9RhZ8=";
  };

+  patches = [
+    # xshared: Fix build for -Werror=format-security
+    (fetchpatch {
+      url = "https://git.netfilter.org/iptables/patch/?id=b72eb12ea5a61df0655ad99d5048994e916be83a";
+      sha256 = "sha256-pnamqOagwNWoiwlxPnKCqSc2N7MP/eZlT7JiE09c8OE=";
+    })
+    # treewide: use uint* instead of u_int*
+    (fetchpatch {
+      url = "https://git.netfilter.org/iptables/patch/?id=f319389525b066b7dc6d389c88f16a0df3b8f189";
+      sha256 = "sha256-rOxCEWZoI8Ac5fQDp286YHAwvreUAoDVAbomboKrGyM=";
+    })
+  ];
+
+  outputs = [ "out" "dev" "man" ];
+
  nativeBuildInputs = [ pkg-config pruneLibtoolFiles flex bison ];

  buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ];
@ -28,11 +42,9 @@ stdenv.mkDerivation rec {
    "--enable-libipq"
    "--enable-nfsynproxy"
    "--enable-shared"
-  ] ++ optional (!nftablesCompat) "--disable-nftables";
-
-  outputs = [ "out" "dev" ];
+  ] ++ lib.optional (!nftablesCompat) "--disable-nftables";

-  postInstall = optionalString nftablesCompat ''
+  postInstall = lib.optionalString nftablesCompat ''
    rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
    ln -sv xtables-nft-multi $out/bin/iptables
    ln -sv xtables-nft-multi $out/bin/iptables-restore
@ -42,7 +54,7 @@ stdenv.mkDerivation rec {
    ln -sv xtables-nft-multi $out/bin/ip6tables-save
  '';

-  meta = {
+  meta = with lib; {
    description = "A program to configure the Linux IP packet filtering ruleset";
    homepage = "https://www.netfilter.org/projects/iptables/index.html";
    platforms = platforms.linux;