poky: subtree update:b66b9f7548..26ae42ded7
Adrian Bunk (1):
dpkg: Remove workaound patch for host tar < 1.27
Alexander Kanavin (39):
linux-yocto: exclude from version checks/automated version updates
pciutils: upgrade 3.6.4 -> 3.7.0
createrepo-c: upgrade 0.15.10 -> 0.15.11
librepo: upgrade 1.11.3 -> 1.12.0
pkgconf: upgrade 1.6.3 -> 1.7.3
python3-numpy: upgrade 1.18.4 -> 1.18.5
python3-git: upgrade 3.1.2 -> 3.1.3
strace: upgrade 5.6 -> 5.7
acpica: upgrade 20200430 -> 20200528
man-db: upgrade 2.9.1 -> 2.9.2
msmtp: upgrade 1.8.10 -> 1.8.11
epiphany: upgrade 3.36.1 -> 3.36.2
cogl-1.0: upgrade 1.22.6 -> 1.22.8
libdrm: upgrade 2.4.101 -> 2.4.102
vulkan-demos: upgrade to latest revision
xkeyboard-config: upgrade 2.29 -> 2.30
linux-firmware: upgrade 20200421 -> 20200519
babeltrace2: upgrade 2.0.2 -> 2.0.3
lttng-tools: upgrade 2.12.0 -> 2.12.1
ffmpeg: upgrade 4.2.2 -> 4.2.3
wpebackend-fdo: upgrade 1.6.0 -> 1.6.1
gnutls: upgrade 3.6.13 -> 3.6.14
libcap: upgrade 2.34 -> 2.36
bison: upgrade 3.6.2 -> 3.6.3
asciidoc: 8.6.10 -> 9.0.0
debianutils: 4.9.1 -> 4.11
git: upgrade 2.26.2 -> 2.27.0
go: 1.14.3 -> 1.14.4
iproute2: upgrade 5.6.0 -> 5.7.0
libksba: 1.3.5 -> 1.4.0
lttng-modules: update to 2.12.1
mpg123: update to 1.26.1
ovmf: update to 202005
shared-mime-info: upgrade 1.15 -> 2.0
subversion: upgrade 1.13.0 -> 1.14.0
xinetd: 2.3.15 -> 2.3.15.4
init-system-helpers: use https for fetching
ca-certificates: correct upstream version check
build-sysroots: add sysroot paths with native binaries to PATH
Andreas Müller (4):
vte: tiny cleanup / renumber patch
vte: upgrade 0.60.2 -> 0.60.3
harfbuzz: upgrade 2.6.4 -> 2.6.7
sqlite3: upgrade 3.32.1 -> 3.32.2
Changqing Li (1):
cups.inc: remove template service from SYSTEMD_SERVICE
Chen Qi (2):
db: do not install db_verify if 'verify' is not enabled
vim: restore the 'chmod -x' workaround in do_install
Hongxu Jia (1):
glib-networking/btrfs-tools/dosfstools/parted/bmap-tools/libsoup-2.4: add nativesdk support
Jacob Kroon (4):
features_check: Factorize code for checking features
meta: Don't inherit 'features_check' in recipes that don't utilize it
features_check: Warn if not used
insane: Check for feature check variables not being used
Joe Slater (2):
qemu: force build type to production
vim: _FORTIFY_SOURCE=2 be gone
Joshua Watt (12):
bitbake: bitbake: cooker: Split file collections per multiconfig
bitbake: bitbake: cache: Use multiconfig aware caches
bitbake: bitbake: lib: Add support for Logging Adapters
bitbake: bitbake: lib: Add PrefixLoggerAdapter helper
bitbake: bitbake: cache: Improve logging
bitbake: bitbake: cache: Cache size optimization
bitbake: bitbake: tests: Add tests for BBMASK in multiconfig
bitbake: bitbake: command: Move split_mc_pn to runqueue
bitbake: bitbake: cache: Fix error when cache is rebuilt
wic: Fix --extra-space argument handling
bitbake: bitbake: siggen: Pass all data caches to hash functions
bitbake: bitbake: tests: Add mcdepends test
Kai Kang (4):
mdadm: remove service template from SYSTEMD_SERVICE
wpa-supplicant: remove service templates from SYSTEMD_SERVICE
encodings: clear postinst script
avahi-dnsconfd: rdepends on avahi-daemon
Khem Raj (2):
libunwind: Fix build on aarch64/musl
stress-ng: Fix build on musl
Lee Chee Yang (1):
qemu: fix CVE-2020-13361
Ming Liu (1):
u-boot: support merging .cfg files for UBOOT_CONFIG
Mingli Yu (2):
python3-magic: add the missing rdepends
python3-setuptools: add missing rdepends for python3-pkg-resources
Paul Barker (5):
selftest: git-submodule-test: New recipe for testing a gitsm SRC_URI
archiver: Capture git submodules in mirror archiver
selftest-ed: Support native builds
selftest-nopackages: New recipe in meta-selftest
archiver: Speed up tests
Pierre-Jean Texier (2):
libarchive: upgrade 3.4.2 -> 3.4.3
iptables: upgrade 1.8.4 -> 1.8.5
Rasmus Villemoes (1):
glibc: move ld.so.conf back to main package
Richard Purdie (1):
Revert "bitbake.conf: Remove unused DEPLOY_DIR_TOOLS variable"
Stefan Agner (1):
initramfs-framework: check successful mount using mountpoint
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I047d0fa664dcc2864fd7c1a09d124e3d8c197e9f
diff --git a/poky/meta/recipes-extended/iptables/iptables_1.8.5.bb b/poky/meta/recipes-extended/iptables/iptables_1.8.5.bb
new file mode 100644
index 0000000..fa1e5c2
--- /dev/null
+++ b/poky/meta/recipes-extended/iptables/iptables_1.8.5.bb
@@ -0,0 +1,107 @@
+SUMMARY = "Tools for managing kernel packet filtering capabilities"
+DESCRIPTION = "iptables is the userspace command line program used to configure and control network packet \
+filtering code in Linux."
+HOMEPAGE = "http://www.netfilter.org/"
+BUGTRACKER = "http://bugzilla.netfilter.org/"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc \
+"
+
+SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
+ file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
+ file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
+ file://iptables.service \
+ file://iptables.rules \
+ file://ip6tables.service \
+ file://ip6tables.rules \
+"
+SRC_URI[sha256sum] = "d457d74512e63aa3f50336e0597d4023c0e3c6845594d38532efb6ebcb294309"
+
+SYSTEMD_SERVICE_${PN} = "\
+ iptables.service \
+ ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'ip6tables.service', '', d)} \
+"
+
+inherit autotools pkgconfig systemd
+
+EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}"
+
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+
+# libnfnetlink recipe is in meta-networking layer
+PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"
+
+# libnftnl recipe is in meta-networking layer(previously known as libnftables)
+PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"
+
+do_configure_prepend() {
+ # Remove some libtool m4 files
+ # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
+ rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
+}
+
+IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}"
+
+do_install_append() {
+ install -d ${D}${IPTABLES_RULES_DIR}
+ install -m 0644 ${WORKDIR}/iptables.rules ${D}${IPTABLES_RULES_DIR}
+
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_system_unitdir}
+
+ sed -i \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \
+ ${D}${systemd_system_unitdir}/iptables.service
+
+ if ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'true', 'false', d)} ; then
+ install -m 0644 ${WORKDIR}/ip6tables.rules ${D}${IPTABLES_RULES_DIR}
+ install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_system_unitdir}
+
+ sed -i \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \
+ ${D}${systemd_system_unitdir}/ip6tables.service
+ fi
+}
+
+PACKAGES += "${PN}-modules"
+PACKAGES_DYNAMIC += "^${PN}-module-.*"
+
+python populate_packages_prepend() {
+ modules = do_split_packages(d, '${libdir}/xtables', r'lib(.*)\.so$', '${PN}-module-%s', '${PN} module %s', extra_depends='')
+ if modules:
+ metapkg = d.getVar('PN') + '-modules'
+ d.appendVar('RDEPENDS_' + metapkg, ' ' + ' '.join(modules))
+}
+
+RDEPENDS_${PN} = "${PN}-module-xt-standard"
+RRECOMMENDS_${PN} = " \
+ ${PN}-modules \
+ kernel-module-x-tables \
+ kernel-module-ip-tables \
+ kernel-module-iptable-filter \
+ kernel-module-iptable-nat \
+ kernel-module-nf-defrag-ipv4 \
+ kernel-module-nf-conntrack \
+ kernel-module-nf-conntrack-ipv4 \
+ kernel-module-nf-nat \
+ kernel-module-ipt-masquerade \
+ ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', '\
+ kernel-module-ip6table-filter \
+ kernel-module-ip6-tables \
+ ', '', d)} \
+"
+
+FILES_${PN} += "${datadir}/xtables"
+
+# Include the symlinks as well in respective packages
+FILES_${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so"
+FILES_${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so"
+
+ALLOW_EMPTY_${PN}-modules = "1"
+
+INSANE_SKIP_${PN}-module-xt-conntrack = "dev-so"
+INSANE_SKIP_${PN}-module-xt-ct = "dev-so"