iptables: upgrade to 1.6.1

1.6.0 -> 1.6.1

Refreshed the following patches:
 a) 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
 b) 0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch

(From OE-Core rev: 0148bb131b2ac68f168562e9eaedce8aa4e4a875)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch

@@ -1,4 +1,7 @@
-[PATCH] configure: Add option to enable/disable libnfnetlink
+From c46db7c2e1f63ec525835553587e70c635565310 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Tue, 21 Feb 2017 11:16:31 +0200
+Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
 
 This changes the configure behaviour from autodetecting
 for libnfnetlink to having an option to disable it explicitly
@@ -8,20 +11,24 @@ Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 Signed-off-by: Maxin B. John <maxin.john@intel.com>
 ---
-diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
+ configure.ac | 10 +++++++---
---- iptables-1.6.0-old/configure.ac	2015-12-28 18:40:35.255417976 +0200
+ 1 file changed, 7 insertions(+), 3 deletions(-)
-+++ iptables-1.6.0/configure.ac	2015-12-29 13:01:12.388840200 +0200
+
-@@ -63,6 +63,9 @@
+diff --git a/configure.ac b/configure.ac
+index eda7871..03ddc50 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -63,6 +63,9 @@ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
  AC_ARG_ENABLE([nftables],
  	AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]),
  	[enable_nftables="$enableval"], [enable_nftables="yes"])
 +AC_ARG_ENABLE([libnfnetlink],
 +    AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
 +    [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
- 
+ AC_ARG_ENABLE([connlabel],
- libiptc_LDFLAGS2="";
+ 	AS_HELP_STRING([--disable-connlabel],
- AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
+ 	[Do not build libnetfilter_conntrack]),
-@@ -123,9 +126,10 @@
+@@ -115,9 +118,10 @@ if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then
  	AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
  fi
  
@@ -35,3 +42,6 @@ diff -Naur iptables-1.6.0-old/configure.ac iptables-1.6.0/configure.ac
  
  if test "x$enable_nftables" = "xyes"; then
  	PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
+-- 
+2.4.0
+

meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch

@@ -1,34 +1,51 @@
+From 26090b3dbcdf6a11e60535da949b726a6e86426d Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Tue, 21 Feb 2017 11:49:07 +0200
+Subject: [PATCH] configure.ac:
+ only-check-conntrack-when-libnfnetlink-enabled.patch
+
 Package libnetfilter-conntrack depends on package libnfnetlink. iptables
 checks package libnetfilter-conntrack whatever its package config
 libnfnetlink is enabled or not. When libnfnetlink is disabled but
 package libnetfilter-conntrack exists, it fails randomly with:
 
-| In file included from .../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
+In file included from
-| .../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42: fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
+.../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
-| compilation terminated.
-| GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
 
+.../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42:
+fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
+
+compilation terminated.
+GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
 Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.
 
 Upstream-Status: Pending
 
 Signed-off-by: Kai Kang <kai.kang@windriver.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ configure.ac | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 5d7e62b..e331ee7 100644
+index 03ddc50..523caea 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -88,8 +88,12 @@ if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
+@@ -172,10 +172,12 @@ if test "$nftables" != 1; then
- 	blacklist_modules="$blacklist_modules ipvs";
+ fi
- fi;
  
--PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],
+ if test "x$enable_connlabel" = "xyes"; then
-+nfconntrack=0
+-	PKG_CHECK_MODULES([libnetfilter_conntrack],
-+AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
++    nfconntrack=0
-+  PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],
++    AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
- 	[nfconntrack=1], [nfconntrack=0])
++    PKG_CHECK_MODULES([libnetfilter_conntrack],
-+  ])
+ 		[libnetfilter_conntrack >= 1.0.6],
-+
+ 		[nfconntrack=1], [nfconntrack=0])
- AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1])
+-
- 
++    ])
- if test "$nfconntrack" -ne 1; then
+ 	if test "$nfconntrack" -ne 1; then
+ 		blacklist_modules="$blacklist_modules connlabel";
+ 		echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
+-- 
+2.4.0
+

meta/recipes-extended/iptables/iptables_1.6.1.bb

@@ -25,8 +25,8 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
           "
 SRC_URI_append_libc-musl = " file://0001-fix-build-with-musl.patch"
 
-SRC_URI[md5sum] = "27ba3451cb622467fc9267a176f19a31"
+SRC_URI[md5sum] = "ab38a33806b6182c6f53d6afb4619add"
-SRC_URI[sha256sum] = "4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60"
+SRC_URI[sha256sum] = "0fc2d7bd5d7be11311726466789d4c65fb4c8e096c9182b56ce97440864f0cf5"
 
 inherit autotools pkgconfig