From d7613bd02f54ac149a62563174627f5083637f67 Mon Sep 17 00:00:00 2001
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Date: Tue, 31 Dec 2019 10:55:50 +0000
Subject: [PATCH] iptables: update to 1.8.4

Bump to iptable 1.8.4 and address packaging issue as mentioned in the
original bump/revert cycle.

"This reverts commit 10cbc896c0a26aecff37261450c21f29fb5b99db.
The updated iptables package does not build due to the following error
encountered on the buildbots:
    cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory

The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so
it appears as if further packaging changes are needed beyond a simple
version bump."

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
 package/network/utils/iptables/Makefile       | 21 +++----------------
 .../iptables/patches/600-shared-libext.patch  | 12 +++++------
 .../700-disable-legacy-revisions.patch        | 10 ++++-----
 3 files changed, 14 insertions(+), 29 deletions(-)

diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 7e8e6f7eaa..616274ebdd 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=iptables
-PKG_VERSION:=1.8.3
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.4
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80
+PKG_HASH:=993a3a5490a544c2cbf2ef15cf7e7ed21af1845baf228318d5c36ef8827e157c
 
 PKG_FIXUP:=autoreconf
 PKG_FLAGS:=nonshared
@@ -487,15 +487,6 @@ define Package/ip6tables-mod-nat/description
 iptables extensions for IPv6-NAT targets.
 endef
 
-define Package/libiptc
-$(call Package/iptables/Default)
-  SECTION:=libs
-  CATEGORY:=Libraries
-  DEPENDS:=+libip4tc +libip6tc +libxtables
-  ABI_VERSION:=0
-  TITLE:=IPv4/IPv6 firewall - shared libiptc library (nf compatibility stub)
-endef
-
 define Package/libip4tc
 $(call Package/iptables/Default)
   SECTION:=libs
@@ -629,11 +620,6 @@ define Package/ip6tables-nft/install
 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
 endef
 
-define Package/libiptc/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so.* $(1)/usr/lib/
-endef
-
 define Package/libip4tc/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
@@ -699,7 +685,6 @@ $(eval $(call BuildPackage,ip6tables))
 $(eval $(call BuildPackage,ip6tables-nft))
 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
-$(eval $(call BuildPackage,libiptc))
 $(eval $(call BuildPackage,libip4tc))
 $(eval $(call BuildPackage,libip6tc))
 $(eval $(call BuildPackage,libxtables))
diff --git a/package/network/utils/iptables/patches/600-shared-libext.patch b/package/network/utils/iptables/patches/600-shared-libext.patch
index f5c9c9d779..7b798b7fda 100644
--- a/package/network/utils/iptables/patches/600-shared-libext.patch
+++ b/package/network/utils/iptables/patches/600-shared-libext.patch
@@ -54,7 +54,7 @@
  initextb_func := $(addprefix ebt_,${pfb_build_static})
 --- a/iptables/Makefile.am
 +++ b/iptables/Makefile.am
-@@ -8,19 +8,22 @@ BUILT_SOURCES =
+@@ -7,19 +7,22 @@ BUILT_SOURCES =
  
  xtables_legacy_multi_SOURCES  = xtables-legacy-multi.c iptables-xml.c
  xtables_legacy_multi_CFLAGS   = ${AM_CFLAGS}
@@ -80,8 +80,8 @@
  endif
  xtables_legacy_multi_SOURCES += xshared.c iptables-restore.c iptables-save.c
  xtables_legacy_multi_LDADD   += ../libxtables/libxtables.la -lm
-@@ -30,7 +33,8 @@ if ENABLE_NFTABLES
- BUILT_SOURCES += xtables-config-parser.h
+@@ -28,7 +31,8 @@ xtables_legacy_multi_LDADD   += ../libxt
+ if ENABLE_NFTABLES
  xtables_nft_multi_SOURCES  = xtables-nft-multi.c iptables-xml.c
  xtables_nft_multi_CFLAGS   = ${AM_CFLAGS}
 -xtables_nft_multi_LDADD    = ../extensions/libext.a ../extensions/libext_ebt.a
@@ -90,13 +90,13 @@
  if ENABLE_STATIC
  xtables_nft_multi_CFLAGS  += -DALL_INCLUSIVE
  endif
-@@ -45,7 +49,8 @@ xtables_nft_multi_SOURCES += xtables-sav
+@@ -42,7 +46,8 @@ xtables_nft_multi_SOURCES += xtables-sav
  				xtables-eb-standalone.c xtables-eb.c \
  				xtables-eb-translate.c \
  				xtables-translate.c
 -xtables_nft_multi_LDADD   += ${libmnl_LIBS} ${libnftnl_LIBS} ${libnetfilter_conntrack_LIBS} ../extensions/libext4.a ../extensions/libext6.a ../extensions/libext_ebt.a ../extensions/libext_arpt.a
 +xtables_nft_multi_LDADD   += ${libmnl_LIBS} ${libnftnl_LIBS} ${libnetfilter_conntrack_LIBS}
 +xtables_nft_multi_LDFLAGS += -liptext4 -liptext6 -liptext_arpt
- # yacc and lex generate dirty code
- xtables_nft_multi-xtables-config-parser.o xtables_nft_multi-xtables-config-syntax.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls
  xtables_nft_multi_SOURCES += xshared.c
+ xtables_nft_multi_LDADD   += ../libxtables/libxtables.la -lm
+ endif
diff --git a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
index 328f3af18d..86715fc8e7 100644
--- a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
+++ b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
@@ -1,6 +1,6 @@
 --- a/extensions/libxt_conntrack.c
 +++ b/extensions/libxt_conntrack.c
-@@ -1389,6 +1389,7 @@ static int conntrack3_mt6_xlate(struct x
+@@ -1387,6 +1387,7 @@ static int conntrack3_mt6_xlate(struct x
  }
  
  static struct xtables_match conntrack_mt_reg[] = {
@@ -8,7 +8,7 @@
  	{
  		.version       = XTABLES_VERSION,
  		.name          = "conntrack",
-@@ -1464,6 +1465,7 @@ static struct xtables_match conntrack_mt
+@@ -1462,6 +1463,7 @@ static struct xtables_match conntrack_mt
  		.alias	       = conntrack_print_name_alias,
  		.x6_options    = conntrack2_mt_opts,
  	},
@@ -16,7 +16,7 @@
  	{
  		.version       = XTABLES_VERSION,
  		.name          = "conntrack",
-@@ -1496,6 +1498,7 @@ static struct xtables_match conntrack_mt
+@@ -1494,6 +1496,7 @@ static struct xtables_match conntrack_mt
  		.x6_options    = conntrack3_mt_opts,
  		.xlate	       = conntrack3_mt6_xlate,
  	},
@@ -24,7 +24,7 @@
  	{
  		.family        = NFPROTO_UNSPEC,
  		.name          = "state",
-@@ -1526,6 +1529,8 @@ static struct xtables_match conntrack_mt
+@@ -1524,6 +1527,8 @@ static struct xtables_match conntrack_mt
  		.x6_parse      = state_ct23_parse,
  		.x6_options    = state_opts,
  	},
@@ -33,7 +33,7 @@
  	{
  		.family        = NFPROTO_UNSPEC,
  		.name          = "state",
-@@ -1555,6 +1560,7 @@ static struct xtables_match conntrack_mt
+@@ -1553,6 +1558,7 @@ static struct xtables_match conntrack_mt
  		.x6_parse      = state_parse,
  		.x6_options    = state_opts,
  	},