From 5628648f87ff6d0ed86a459d2f10e47ffd2d8471 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Tue, 16 Dec 2014 09:28:59 +0000 Subject: [PATCH] nftables: bump to release 0.4, cleanup our patches Signed-off-by: Steven Barth SVN-Revision: 43730 --- package/network/utils/nftables/Makefile | 4 +- .../101-build-restore-disable-debug.patch | 60 --- ...1-make-nftables-usable-with-mini-gmp.patch | 357 ------------------ ...rename-VERSION-token-to-IPHDRVERSION.patch | 55 +++ ...se-mpz_set_str-instead-of-gmp_sscanf.patch | 28 ++ ...o-vasprintf-instead-of-gmp_vasprintf.patch | 58 +++ ...-gmp-source-and-headers-from-gmplib.patch} | 17 +- ...t-libgmp-switch-to-disable-use-of-sh.patch | 186 +++++++++ 8 files changed, 333 insertions(+), 432 deletions(-) delete mode 100644 package/network/utils/nftables/patches/101-build-restore-disable-debug.patch delete mode 100644 package/network/utils/nftables/patches/201-make-nftables-usable-with-mini-gmp.patch create mode 100644 package/network/utils/nftables/patches/201-parser-rename-VERSION-token-to-IPHDRVERSION.patch create mode 100644 package/network/utils/nftables/patches/202-datatype-use-mpz_set_str-instead-of-gmp_sscanf.patch create mode 100644 package/network/utils/nftables/patches/203-erec-use-stdio-vasprintf-instead-of-gmp_vasprintf.patch rename package/network/utils/nftables/patches/{202-add-mini-gmp-from-gmplib-6.0.patch => 204-mini-gmp-add-mini-gmp-source-and-headers-from-gmplib.patch} (99%) create mode 100644 package/network/utils/nftables/patches/205-build-add-without-libgmp-switch-to-disable-use-of-sh.patch diff --git a/package/network/utils/nftables/Makefile b/package/network/utils/nftables/Makefile index 3788e16ee9..7c7ce26215 100644 --- a/package/network/utils/nftables/Makefile +++ b/package/network/utils/nftables/Makefile @@ -7,14 +7,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nftables -PKG_VERSION:=0.3+2014-12-12 +PKG_VERSION:=0.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_URL:=git://git.netfilter.org/nftables PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=a698868d52a550bab4867c0dc502037155baa11d +PKG_SOURCE_VERSION:=v0.4 PKG_MAINTAINER:=Steven Barth PKG_LICENSE:=GPL-2.0 diff --git a/package/network/utils/nftables/patches/101-build-restore-disable-debug.patch b/package/network/utils/nftables/patches/101-build-restore-disable-debug.patch deleted file mode 100644 index ca035c395e..0000000000 --- a/package/network/utils/nftables/patches/101-build-restore-disable-debug.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 3c30c8b6fd2ea715eb4bdaa5a6d4e1623f28834c Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Sun, 14 Dec 2014 21:04:49 +0100 -Subject: [PATCH 1/3] build: restore --disable-debug - -Fix fallout from the automake conversion. Display after configuration -if it is enabled or not. - -Reported-by: Steven Barth -Signed-off-by: Pablo Neira Ayuso ---- - configure.ac | 10 ++++++---- - src/Makefile.am | 5 ++++- - 2 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 1525ac4..b55b2b1 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -24,9 +24,10 @@ AC_DEFINE([_STDC_FORMAT_MACROS], [], [printf-style format macros]) - - AC_ARG_ENABLE([debug], - AS_HELP_STRING([--enable-debug], [Enable debugging]), -- [CONFIG_DEBUG="$(echo $enableval | cut -b1)"], -- [CONFIG_DEBUG="y"]) --AC_SUBST([CONFIG_DEBUG]) -+ [with_debug=no], -+ [with_debug=yes]) -+AC_SUBST(with_debug) -+AM_CONDITIONAL([BUILD_DEBUG], [test "x$with_debug" != xno]) - - # Checks for programs. - AC_PROG_CC -@@ -128,4 +129,5 @@ AC_OUTPUT - - echo " - nft configuration: -- cli support: ${with_cli}" -+ cli support: ${with_cli} -+ enable debugging: ${with_debug}" -diff --git a/src/Makefile.am b/src/Makefile.am -index d53c347..378424d 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -3,8 +3,11 @@ sbin_PROGRAMS = nft - CLEANFILES = scanner.c parser_bison.c - - AM_CPPFLAGS = -I$(top_srcdir)/include --AM_CPPFLAGS += -DDEFAULT_INCLUDE_PATH="\"${sysconfdir}\"" -DDEBUG \ -+AM_CPPFLAGS += -DDEFAULT_INCLUDE_PATH="\"${sysconfdir}\"" \ - ${LIBMNL_CFLAGS} ${LIBNFTNL_CFLAGS} -+if BUILD_DEBUG -+AM_CPPFLAGS += -g -DDEBUG -+endif - - AM_CFLAGS = -Wall \ - -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations \ --- -2.1.3 - diff --git a/package/network/utils/nftables/patches/201-make-nftables-usable-with-mini-gmp.patch b/package/network/utils/nftables/patches/201-make-nftables-usable-with-mini-gmp.patch deleted file mode 100644 index 4533e3111d..0000000000 --- a/package/network/utils/nftables/patches/201-make-nftables-usable-with-mini-gmp.patch +++ /dev/null @@ -1,357 +0,0 @@ -From d559314e3e3debe1ff8c2c1372701df6154a53ef Mon Sep 17 00:00:00 2001 -From: Steven Barth -Date: Mon, 15 Dec 2014 10:13:39 +0100 -Subject: [PATCH 2/3] build: make nftables usable with mini-gmp - -libgmp usually compiles to >400KB which can put a burden on embedded -device firmware especially if libgmp isn't used for other purposes. -mini-gmp in contrast adds only ~30KB to the nft-binary itself. - -However mini-gmp does not support gmp_sscanf and gmp_printf. - -This patch: -* Adds a configure flag --without-libgmp to select mini-gmp -* Replaces the single gmp_sscanf occurence with mpz_set_str -* Replaces calls to gmp_printf outside of pr_debug with - a minimalistic mpz_printf usable to format one mpz_t -* Replaces gmp_vasprintf in erec_vcreate with vasprintf - and rewrites the single user of the gmp format-flags -* Changes the parser token VERSION to IPHDRVERSION to avoid - clashes with the VERSION-define in config.h - -Signed-off-by: Steven Barth ---- - configure.ac | 17 ++++++++++++++--- - include/expression.h | 2 +- - include/gmputil.h | 10 ++++++++++ - include/utils.h | 3 +-- - src/Makefile.am | 4 ++++ - src/ct.c | 2 +- - src/datatype.c | 8 +++----- - src/erec.c | 6 +++++- - src/evaluate.c | 8 ++++++-- - src/gmputil.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++- - src/parser_bison.y | 6 +++--- - src/scanner.l | 2 +- - 12 files changed, 102 insertions(+), 20 deletions(-) - -diff --git a/configure.ac b/configure.ac -index b55b2b1..1e3729d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -73,8 +73,18 @@ AM_CONDITIONAL([BUILD_PDF], [test "$DBLATEX" == "found"]) - PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3]) - PKG_CHECK_MODULES([LIBNFTNL], [libnftnl >= 1.0.2]) - --AC_CHECK_LIB([gmp], [__gmpz_init], , -- AC_MSG_ERROR([No suitable version of libgmp found])) -+AC_ARG_WITH([libgmp], [AS_HELP_STRING([--without-libgmp], -+ [Disable libgmp support (use builtin mini-gmp)])], [], -+ [with_libgmp=yes]) -+AS_IF([test "x$with_libgmp" != xno], [ -+AC_CHECK_LIB([gmp],[__gmpz_init], , AC_MSG_ERROR([No suitable version of libgmp found])) -+]) -+AM_CONDITIONAL([BUILD_MINIGMP], [test "x$with_libgmp" == xno]) -+ -+ -+AS_IF([test "x$with_libgmp" != xyes -a "x$CONFIG_DEBUG" = xy], [ -+AC_MSG_ERROR([--without-libgmp MUST be used with --disable-debug]) -+]) - - AC_ARG_WITH([cli], [AS_HELP_STRING([--without-cli], - [disable interactive CLI (libreadline support)])], -@@ -130,4 +140,5 @@ AC_OUTPUT - echo " - nft configuration: - cli support: ${with_cli} -- enable debugging: ${with_debug}" -+ enable debugging: ${with_debug} -+ use shared libgmp: ${with_libgmp}" -diff --git a/include/expression.h b/include/expression.h -index 4b96879..7477c3e 100644 ---- a/include/expression.h -+++ b/include/expression.h -@@ -2,7 +2,7 @@ - #define NFTABLES_EXPRESSION_H - - #include --#include -+#include - #include - - #include -diff --git a/include/gmputil.h b/include/gmputil.h -index 63eb0ba..b9ced6d 100644 ---- a/include/gmputil.h -+++ b/include/gmputil.h -@@ -1,9 +1,17 @@ - #ifndef NFTABLES_GMPUTIL_H - #define NFTABLES_GMPUTIL_H - -+#include -+ -+#ifdef HAVE_LIBGMP - #include -+#else -+#include -+#endif -+ - #include - -+ - enum mpz_word_order { - MPZ_MSWF = 1, - MPZ_LSWF = -1, -@@ -48,4 +56,6 @@ extern void mpz_import_data(mpz_t rop, const void *data, - unsigned int len); - extern void mpz_switch_byteorder(mpz_t rop, unsigned int len); - -+extern int mpz_printf(const char *format, const mpz_t value); -+ - #endif /* NFTABLES_GMPUTIL_H */ -diff --git a/include/utils.h b/include/utils.h -index 15b2e39..3c436ba 100644 ---- a/include/utils.h -+++ b/include/utils.h -@@ -9,14 +9,13 @@ - #include - #include - #include --#include - - #define BITS_PER_BYTE 8 - - #ifdef DEBUG - #define pr_debug(fmt, arg...) gmp_printf(fmt, ##arg) - #else --#define pr_debug(fmt, arg...) ({ if (false) gmp_printf(fmt, ##arg); 0; }) -+#define pr_debug(fmt, arg...) ({ if (false) {}; 0; }) - #endif - - #define __fmtstring(x, y) __attribute__((format(printf, x, y))) -diff --git a/src/Makefile.am b/src/Makefile.am -index 378424d..099052a 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -51,4 +51,8 @@ if BUILD_CLI - nft_SOURCES += cli.c - endif - -+if BUILD_MINIGMP -+nft_SOURCES += mini-gmp.c -+endif -+ - nft_LDADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} -diff --git a/src/ct.c b/src/ct.c -index 2eb85ea..759e65d 100644 ---- a/src/ct.c -+++ b/src/ct.c -@@ -110,7 +110,7 @@ static void ct_label_type_print(const struct expr *expr) - return; - } - /* can happen when connlabel.conf is altered after rules were added */ -- gmp_printf("0x%Zx", expr->value); -+ mpz_printf("0x%Zx", expr->value); - } - - static struct error_record *ct_label_type_parse(const struct expr *sym, -diff --git a/src/datatype.c b/src/datatype.c -index 4519d87..40ce898 100644 ---- a/src/datatype.c -+++ b/src/datatype.c -@@ -186,7 +186,7 @@ void symbol_table_print(const struct symbol_table *tbl, - - static void invalid_type_print(const struct expr *expr) - { -- gmp_printf("0x%Zx [invalid type]", expr->value); -+ mpz_printf("0x%Zx [invalid type]", expr->value); - } - - const struct datatype invalid_type = { -@@ -268,18 +268,16 @@ static void integer_type_print(const struct expr *expr) - - if (expr->dtype->basefmt != NULL) - fmt = expr->dtype->basefmt; -- gmp_printf(fmt, expr->value); -+ mpz_printf(fmt, expr->value); - } - - static struct error_record *integer_type_parse(const struct expr *sym, - struct expr **res) - { - mpz_t v; -- int len; - - mpz_init(v); -- if (gmp_sscanf(sym->identifier, "%Zu%n", v, &len) != 1 || -- (int)strlen(sym->identifier) != len) { -+ if (mpz_set_str(v, sym->identifier, 0)) { - mpz_clear(v); - return error(&sym->location, "Could not parse %s", - sym->dtype->desc); -diff --git a/src/erec.c b/src/erec.c -index 82543e6..810e9bf 100644 ---- a/src/erec.c -+++ b/src/erec.c -@@ -44,6 +44,7 @@ static void erec_destroy(struct error_record *erec) - xfree(erec); - } - -+__attribute__((format(printf, 3, 0))) - struct error_record *erec_vcreate(enum error_record_types type, - const struct location *loc, - const char *fmt, va_list ap) -@@ -55,10 +56,13 @@ struct error_record *erec_vcreate(enum error_record_types type, - erec->num_locations = 0; - erec_add_location(erec, loc); - -- gmp_vasprintf(&erec->msg, fmt, ap); -+ if (vasprintf(&erec->msg, fmt, ap) < 0) -+ erec->msg = NULL; -+ - return erec; - } - -+__attribute__((format(printf, 3, 4))) - struct error_record *erec_create(enum error_record_types type, - const struct location *loc, - const char *fmt, ...) -diff --git a/src/evaluate.c b/src/evaluate.c -index 0732660..3cb5cca 100644 ---- a/src/evaluate.c -+++ b/src/evaluate.c -@@ -232,9 +232,13 @@ static int expr_evaluate_value(struct eval_ctx *ctx, struct expr **expr) - case TYPE_INTEGER: - mpz_init_bitmask(mask, ctx->ectx.len); - if (mpz_cmp((*expr)->value, mask) > 0) { -+ char *valstr = mpz_get_str(NULL, 10, (*expr)->value); -+ char *rangestr = mpz_get_str(NULL, 10, mask); - expr_error(ctx->msgs, *expr, -- "Value %Zu exceeds valid range 0-%Zu", -- (*expr)->value, mask); -+ "Value %s exceeds valid range 0-%s", -+ valstr, rangestr); -+ free(valstr); -+ free(rangestr); - mpz_clear(mask); - return -1; - } -diff --git a/src/gmputil.c b/src/gmputil.c -index cb46445..acbf369 100644 ---- a/src/gmputil.c -+++ b/src/gmputil.c -@@ -14,7 +14,6 @@ - #include - #include - #include --#include - - #include - #include -@@ -148,6 +147,59 @@ void mpz_switch_byteorder(mpz_t rop, unsigned int len) - mpz_import_data(rop, data, BYTEORDER_HOST_ENDIAN, len); - } - -+int mpz_printf(const char *f, const mpz_t value) -+{ -+ /* minimalistic gmp_printf replacement to format a single mpz_t -+ * using only mini-gmp functions */ -+ int n = 0; -+ while (*f) { -+ if (*f != '%') { -+ if (fputc(*f, stdout) != *f) -+ return -1; -+ -+ ++n; -+ } else { -+ unsigned long prec = 0; -+ int base; -+ size_t len; -+ char *str; -+ bool ok; -+ -+ if (*++f == '.') -+ prec = strtoul(++f, (char**)&f, 10); -+ -+ if (*f++ != 'Z') -+ return -1; -+ -+ if (*f == 'u') -+ base = 10; -+ else if (*f == 'x') -+ base = 16; -+ else -+ return -1; -+ -+ len = mpz_sizeinbase(value, base); -+ while (prec-- > len) { -+ if (fputc('0', stdout) != '0') -+ return -1; -+ -+ ++n; -+ } -+ -+ str = mpz_get_str(NULL, base, value); -+ ok = str && fwrite(str, 1, len, stdout) == len; -+ free(str); -+ -+ if (!ok) -+ return -1; -+ -+ n += len; -+ } -+ ++f; -+ } -+ return n; -+} -+ - static void *gmp_xrealloc(void *ptr, size_t old_size, size_t new_size) - { - return xrealloc(ptr, new_size); -diff --git a/src/parser_bison.y b/src/parser_bison.y -index 99dbd08..eb5cf90 100644 ---- a/src/parser_bison.y -+++ b/src/parser_bison.y -@@ -237,7 +237,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) - %token OPERATION "operation" - - %token IP "ip" --%token VERSION "version" -+%token IPHDRVERSION "version" - %token HDRLENGTH "hdrlength" - %token TOS "tos" - %token LENGTH "length" -@@ -1947,7 +1947,7 @@ ip_hdr_expr : IP ip_hdr_field - } - ; - --ip_hdr_field : VERSION { $$ = IPHDR_VERSION; } -+ip_hdr_field : IPHDRVERSION { $$ = IPHDR_VERSION; } - | HDRLENGTH { $$ = IPHDR_HDRLENGTH; } - | TOS { $$ = IPHDR_TOS; } - | LENGTH { $$ = IPHDR_LENGTH; } -@@ -1994,7 +1994,7 @@ ip6_hdr_expr : IP6 ip6_hdr_field - } - ; - --ip6_hdr_field : VERSION { $$ = IP6HDR_VERSION; } -+ip6_hdr_field : IPHDRVERSION { $$ = IP6HDR_VERSION; } - | PRIORITY { $$ = IP6HDR_PRIORITY; } - | FLOWLABEL { $$ = IP6HDR_FLOWLABEL; } - | LENGTH { $$ = IP6HDR_LENGTH; } -diff --git a/src/scanner.l b/src/scanner.l -index ed87da6..92b6a10 100644 ---- a/src/scanner.l -+++ b/src/scanner.l -@@ -349,7 +349,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) - "operation" { return OPERATION; } - - "ip" { return IP; } --"version" { return VERSION; } -+"version" { return IPHDRVERSION; } - "hdrlength" { return HDRLENGTH; } - "tos" { return TOS; } - "length" { return LENGTH; } --- -2.1.3 - diff --git a/package/network/utils/nftables/patches/201-parser-rename-VERSION-token-to-IPHDRVERSION.patch b/package/network/utils/nftables/patches/201-parser-rename-VERSION-token-to-IPHDRVERSION.patch new file mode 100644 index 0000000000..a82b8c600e --- /dev/null +++ b/package/network/utils/nftables/patches/201-parser-rename-VERSION-token-to-IPHDRVERSION.patch @@ -0,0 +1,55 @@ +From 20417d50a2f2c6d9ed1b22ca1195214d0c2c402d Mon Sep 17 00:00:00 2001 +From: Steven Barth +Date: Mon, 15 Dec 2014 13:58:55 +0100 +Subject: [PATCH 1/5] parser: rename VERSION token to IPHDRVERSION + +A token name of VERSION results in a macro being defined +with the same name. This prevents inclusion of config.h +in commonly used headers. + +Signed-off-by: Steven Barth +--- + src/parser_bison.y | 6 +++--- + src/scanner.l | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/src/parser_bison.y ++++ b/src/parser_bison.y +@@ -237,7 +237,7 @@ static void location_update(struct locat + %token OPERATION "operation" + + %token IP "ip" +-%token VERSION "version" ++%token IPHDRVERSION "version" + %token HDRLENGTH "hdrlength" + %token TOS "tos" + %token LENGTH "length" +@@ -1947,7 +1947,7 @@ ip_hdr_expr : IP ip_hdr_field + } + ; + +-ip_hdr_field : VERSION { $$ = IPHDR_VERSION; } ++ip_hdr_field : IPHDRVERSION { $$ = IPHDR_VERSION; } + | HDRLENGTH { $$ = IPHDR_HDRLENGTH; } + | TOS { $$ = IPHDR_TOS; } + | LENGTH { $$ = IPHDR_LENGTH; } +@@ -1994,7 +1994,7 @@ ip6_hdr_expr : IP6 ip6_hdr_field + } + ; + +-ip6_hdr_field : VERSION { $$ = IP6HDR_VERSION; } ++ip6_hdr_field : IPHDRVERSION { $$ = IP6HDR_VERSION; } + | PRIORITY { $$ = IP6HDR_PRIORITY; } + | FLOWLABEL { $$ = IP6HDR_FLOWLABEL; } + | LENGTH { $$ = IP6HDR_LENGTH; } +--- a/src/scanner.l ++++ b/src/scanner.l +@@ -349,7 +349,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr + "operation" { return OPERATION; } + + "ip" { return IP; } +-"version" { return VERSION; } ++"version" { return IPHDRVERSION; } + "hdrlength" { return HDRLENGTH; } + "tos" { return TOS; } + "length" { return LENGTH; } diff --git a/package/network/utils/nftables/patches/202-datatype-use-mpz_set_str-instead-of-gmp_sscanf.patch b/package/network/utils/nftables/patches/202-datatype-use-mpz_set_str-instead-of-gmp_sscanf.patch new file mode 100644 index 0000000000..4b22ec26e5 --- /dev/null +++ b/package/network/utils/nftables/patches/202-datatype-use-mpz_set_str-instead-of-gmp_sscanf.patch @@ -0,0 +1,28 @@ +From 23e8958a5e539f682be4cbdf5196aa2014c7e295 Mon Sep 17 00:00:00 2001 +From: Steven Barth +Date: Mon, 15 Dec 2014 14:09:27 +0100 +Subject: [PATCH 2/5] datatype: use mpz_set_str instead of gmp_sscanf + +This simplifies the integer parsing logic and restricts it to +functions being part of the mini-gmp subset. + +Signed-off-by: Steven Barth +--- + src/datatype.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/src/datatype.c ++++ b/src/datatype.c +@@ -275,11 +275,9 @@ static struct error_record *integer_type + struct expr **res) + { + mpz_t v; +- int len; + + mpz_init(v); +- if (gmp_sscanf(sym->identifier, "%Zu%n", v, &len) != 1 || +- (int)strlen(sym->identifier) != len) { ++ if (mpz_set_str(v, sym->identifier, 0)) { + mpz_clear(v); + return error(&sym->location, "Could not parse %s", + sym->dtype->desc); diff --git a/package/network/utils/nftables/patches/203-erec-use-stdio-vasprintf-instead-of-gmp_vasprintf.patch b/package/network/utils/nftables/patches/203-erec-use-stdio-vasprintf-instead-of-gmp_vasprintf.patch new file mode 100644 index 0000000000..dc4d965497 --- /dev/null +++ b/package/network/utils/nftables/patches/203-erec-use-stdio-vasprintf-instead-of-gmp_vasprintf.patch @@ -0,0 +1,58 @@ +From ee23bda1e4a85243fa02dc712f0f323e366dbf8c Mon Sep 17 00:00:00 2001 +From: Steven Barth +Date: Mon, 15 Dec 2014 14:14:46 +0100 +Subject: [PATCH 3/5] erec: use stdio vasprintf instead of gmp_vasprintf + +Use stdio's vasprintf instead of gmp_vasprintf which is not part +of the mini-gmp function subset. Furthermore convert the only +gmp-specific user and allow the compiler to verify format-strings. + +Signed-off-by: Steven Barth +--- + src/erec.c | 6 +++++- + src/evaluate.c | 8 ++++++-- + 2 files changed, 11 insertions(+), 3 deletions(-) + +--- a/src/erec.c ++++ b/src/erec.c +@@ -44,6 +44,7 @@ static void erec_destroy(struct error_re + xfree(erec); + } + ++__attribute__((format(printf, 3, 0))) + struct error_record *erec_vcreate(enum error_record_types type, + const struct location *loc, + const char *fmt, va_list ap) +@@ -55,10 +56,13 @@ struct error_record *erec_vcreate(enum e + erec->num_locations = 0; + erec_add_location(erec, loc); + +- gmp_vasprintf(&erec->msg, fmt, ap); ++ if (vasprintf(&erec->msg, fmt, ap) < 0) ++ erec->msg = NULL; ++ + return erec; + } + ++__attribute__((format(printf, 3, 4))) + struct error_record *erec_create(enum error_record_types type, + const struct location *loc, + const char *fmt, ...) +--- a/src/evaluate.c ++++ b/src/evaluate.c +@@ -232,9 +232,13 @@ static int expr_evaluate_value(struct ev + case TYPE_INTEGER: + mpz_init_bitmask(mask, ctx->ectx.len); + if (mpz_cmp((*expr)->value, mask) > 0) { ++ char *valstr = mpz_get_str(NULL, 10, (*expr)->value); ++ char *rangestr = mpz_get_str(NULL, 10, mask); + expr_error(ctx->msgs, *expr, +- "Value %Zu exceeds valid range 0-%Zu", +- (*expr)->value, mask); ++ "Value %s exceeds valid range 0-%s", ++ valstr, rangestr); ++ free(valstr); ++ free(rangestr); + mpz_clear(mask); + return -1; + } diff --git a/package/network/utils/nftables/patches/202-add-mini-gmp-from-gmplib-6.0.patch b/package/network/utils/nftables/patches/204-mini-gmp-add-mini-gmp-source-and-headers-from-gmplib.patch similarity index 99% rename from package/network/utils/nftables/patches/202-add-mini-gmp-from-gmplib-6.0.patch rename to package/network/utils/nftables/patches/204-mini-gmp-add-mini-gmp-source-and-headers-from-gmplib.patch index a4e68fccaa..301320c906 100644 --- a/package/network/utils/nftables/patches/202-add-mini-gmp-from-gmplib-6.0.patch +++ b/package/network/utils/nftables/patches/204-mini-gmp-add-mini-gmp-source-and-headers-from-gmplib.patch @@ -1,7 +1,7 @@ -From b1417739f91682442a254cbd732aed6e9a5c5b69 Mon Sep 17 00:00:00 2001 -From: Steven Barth -Date: Mon, 15 Dec 2014 10:36:04 +0100 -Subject: [PATCH 3/3] build: add mini-gmp from gmplib 6.0 +From fd1f58387c4dc1d90c8943167ef2aa9b23367890 Mon Sep 17 00:00:00 2001 +From: Steven Barth +Date: Mon, 15 Dec 2014 14:25:59 +0100 +Subject: [PATCH 4/5] mini-gmp: add mini-gmp source and headers from gmplib 6.0 Signed-off-by: Steven Barth --- @@ -11,9 +11,6 @@ Signed-off-by: Steven Barth create mode 100644 include/mini-gmp.h create mode 100644 src/mini-gmp.c -diff --git a/include/mini-gmp.h b/include/mini-gmp.h -new file mode 100644 -index 0000000..c043ca7 --- /dev/null +++ b/include/mini-gmp.h @@ -0,0 +1,294 @@ @@ -311,9 +308,6 @@ index 0000000..c043ca7 +} +#endif +#endif /* __MINI_GMP_H__ */ -diff --git a/src/mini-gmp.c b/src/mini-gmp.c -new file mode 100644 -index 0000000..acbe1be --- /dev/null +++ b/src/mini-gmp.c @@ -0,0 +1,4386 @@ @@ -4703,6 +4697,3 @@ index 0000000..acbe1be + + return r; +} --- -2.1.3 - diff --git a/package/network/utils/nftables/patches/205-build-add-without-libgmp-switch-to-disable-use-of-sh.patch b/package/network/utils/nftables/patches/205-build-add-without-libgmp-switch-to-disable-use-of-sh.patch new file mode 100644 index 0000000000..195c2daaad --- /dev/null +++ b/package/network/utils/nftables/patches/205-build-add-without-libgmp-switch-to-disable-use-of-sh.patch @@ -0,0 +1,186 @@ +From d73f1b630848fb7d90f51938e3c75a42ad947c26 Mon Sep 17 00:00:00 2001 +From: Steven Barth +Date: Mon, 15 Dec 2014 14:26:34 +0100 +Subject: [PATCH 5/5] build: add --without-libgmp switch to disable use of + shared libgmp + +This disables linking the >400 KB big libgmp and replace it with +the builtin mini-gmp which only increases size by ~30KB. + +Signed-off-by: Steven Barth +--- + configure.ac | 17 +++++++++++++--- + include/expression.h | 2 +- + include/gmputil.h | 10 +++++++++ + include/utils.h | 4 ++-- + src/Makefile.am | 4 ++++ + src/gmputil.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++-- + 6 files changed, 86 insertions(+), 8 deletions(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -73,8 +73,18 @@ AM_CONDITIONAL([BUILD_PDF], [test "$DBLA + PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3]) + PKG_CHECK_MODULES([LIBNFTNL], [libnftnl >= 1.0.2]) + +-AC_CHECK_LIB([gmp], [__gmpz_init], , +- AC_MSG_ERROR([No suitable version of libgmp found])) ++AC_ARG_WITH([libgmp], [AS_HELP_STRING([--without-libgmp], ++ [Disable libgmp support (use builtin mini-gmp)])], [], ++ [with_libgmp=yes]) ++AS_IF([test "x$with_libgmp" != xno], [ ++AC_CHECK_LIB([gmp],[__gmpz_init], , AC_MSG_ERROR([No suitable version of libgmp found])) ++]) ++AM_CONDITIONAL([BUILD_MINIGMP], [test "x$with_libgmp" == xno]) ++ ++ ++AS_IF([test "x$with_libgmp" != xyes -a "x$CONFIG_DEBUG" = xy], [ ++AC_MSG_ERROR([--without-libgmp MUST be used with --disable-debug]) ++]) + + AC_ARG_WITH([cli], [AS_HELP_STRING([--without-cli], + [disable interactive CLI (libreadline support)])], +@@ -130,4 +140,5 @@ AC_OUTPUT + echo " + nft configuration: + cli support: ${with_cli} +- enable debugging: ${with_debug}" ++ enable debugging: ${with_debug} ++ use shared libgmp: ${with_libgmp}" +--- a/include/expression.h ++++ b/include/expression.h +@@ -2,7 +2,7 @@ + #define NFTABLES_EXPRESSION_H + + #include +-#include ++#include + #include + + #include +--- a/include/gmputil.h ++++ b/include/gmputil.h +@@ -1,7 +1,17 @@ + #ifndef NFTABLES_GMPUTIL_H + #define NFTABLES_GMPUTIL_H + ++#include ++ ++#ifdef HAVE_LIBGMP + #include ++#else ++#include ++/* mini-gmp doesn't come with gmp_printf, so we use our own minimal variant */ ++extern int mpz_printf(const char *format, const mpz_t value); ++#define gmp_printf mpz_printf ++#endif ++ + #include + + enum mpz_word_order { +--- a/include/utils.h ++++ b/include/utils.h +@@ -9,14 +9,14 @@ + #include + #include + #include +-#include ++#include + + #define BITS_PER_BYTE 8 + + #ifdef DEBUG + #define pr_debug(fmt, arg...) gmp_printf(fmt, ##arg) + #else +-#define pr_debug(fmt, arg...) ({ if (false) gmp_printf(fmt, ##arg); 0; }) ++#define pr_debug(fmt, arg...) ({ if (false) {}; 0; }) + #endif + + #define __fmtstring(x, y) __attribute__((format(printf, x, y))) +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -51,4 +51,8 @@ if BUILD_CLI + nft_SOURCES += cli.c + endif + ++if BUILD_MINIGMP ++nft_SOURCES += mini-gmp.c ++endif ++ + nft_LDADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} +--- a/src/gmputil.c ++++ b/src/gmputil.c +@@ -14,11 +14,9 @@ + #include + #include + #include +-#include + + #include + #include +-#include + #include + + void mpz_bitmask(mpz_t rop, unsigned int width) +@@ -148,6 +146,61 @@ void mpz_switch_byteorder(mpz_t rop, uns + mpz_import_data(rop, data, BYTEORDER_HOST_ENDIAN, len); + } + ++#ifndef HAVE_LIBGMP ++/* mini-gmp doesn't have a gmp_printf so we use our own minimal ++ * variant here which is able to format a single mpz_t */ ++int mpz_printf(const char *f, const mpz_t value) ++{ ++ int n = 0; ++ while (*f) { ++ if (*f != '%') { ++ if (fputc(*f, stdout) != *f) ++ return -1; ++ ++ ++n; ++ } else { ++ unsigned long prec = 0; ++ int base; ++ size_t len; ++ char *str; ++ bool ok; ++ ++ if (*++f == '.') ++ prec = strtoul(++f, (char**)&f, 10); ++ ++ if (*f++ != 'Z') ++ return -1; ++ ++ if (*f == 'u') ++ base = 10; ++ else if (*f == 'x') ++ base = 16; ++ else ++ return -1; ++ ++ len = mpz_sizeinbase(value, base); ++ while (prec-- > len) { ++ if (fputc('0', stdout) != '0') ++ return -1; ++ ++ ++n; ++ } ++ ++ str = mpz_get_str(NULL, base, value); ++ ok = str && fwrite(str, 1, len, stdout) == len; ++ free(str); ++ ++ if (!ok) ++ return -1; ++ ++ n += len; ++ } ++ ++f; ++ } ++ return n; ++} ++#endif ++ + static void *gmp_xrealloc(void *ptr, size_t old_size, size_t new_size) + { + return xrealloc(ptr, new_size); -- 2.25.1