libnetfilter_cthelper package update

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>

SOURCES/libnetfilter_cthelper-1.0.0-cleanup.patch

@@ -0,0 +1,131 @@
+diff --git a/.gitignore b/.gitignore
+new file mode 100644
+index 0000000..a83525b
+--- /dev/null
++++ b/.gitignore
+@@ -0,0 +1,18 @@
++.deps/
++.libs/
++Makefile
++Makefile.in
++*.o
++*.la
++*.lo
++
++/aclocal.m4
++/autom4te.cache/
++/build-aux/
++/config.*
++/configure
++/libtool
++
++/doxygen.cfg
++/*.pc
++/stamp-h1
+diff --git a/configure.ac b/configure.ac
+index d9b0118..9389b70 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -8,6 +8,7 @@ AC_CONFIG_HEADERS([config.h])
+ 
+ AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-bzip2
+ 	1.6 subdir-objects])
++m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
+ 
+ dnl kernel style compile messages
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+@@ -21,7 +22,7 @@ AC_DISABLE_STATIC
+ LT_INIT
+ CHECK_GCC_FVISIBILITY
+ case "$host" in
+-*-*-linux*) ;;
++*-*-linux* | *-*-uclinux*) ;;
+ *) AC_MSG_ERROR([Linux only, dude!]);;
+ esac
+ 
+diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
+index f1b546e..c755646 100644
+--- a/include/linux/netfilter/nfnetlink.h
++++ b/include/linux/netfilter/nfnetlink.h
+@@ -18,6 +18,10 @@ enum nfnetlink_groups {
+ #define NFNLGRP_CONNTRACK_EXP_UPDATE	NFNLGRP_CONNTRACK_EXP_UPDATE
+ 	NFNLGRP_CONNTRACK_EXP_DESTROY,
+ #define NFNLGRP_CONNTRACK_EXP_DESTROY	NFNLGRP_CONNTRACK_EXP_DESTROY
++	NFNLGRP_NFTABLES,
++#define NFNLGRP_NFTABLES                NFNLGRP_NFTABLES
++	NFNLGRP_ACCT_QUOTA,
++#define NFNLGRP_ACCT_QUOTA		NFNLGRP_ACCT_QUOTA
+ 	__NFNLGRP_MAX,
+ };
+ #define NFNLGRP_MAX	(__NFNLGRP_MAX - 1)
+@@ -51,46 +55,12 @@ struct nfgenmsg {
+ #define NFNL_SUBSYS_ACCT		7
+ #define NFNL_SUBSYS_CTNETLINK_TIMEOUT	8
+ #define NFNL_SUBSYS_CTHELPER		9
+-#define NFNL_SUBSYS_COUNT		10
++#define NFNL_SUBSYS_NFTABLES		10
++#define NFNL_SUBSYS_NFT_COMPAT		11
++#define NFNL_SUBSYS_COUNT		12
+ 
+-#ifdef __KERNEL__
++/* Reserved control nfnetlink messages */
++#define NFNL_MSG_BATCH_BEGIN		NLMSG_MIN_TYPE
++#define NFNL_MSG_BATCH_END		NLMSG_MIN_TYPE+1
+ 
+-#include <linux/netlink.h>
+-#include <linux/capability.h>
+-#include <net/netlink.h>
+-
+-struct nfnl_callback {
+-	int (*call)(struct sock *nl, struct sk_buff *skb, 
+-		    const struct nlmsghdr *nlh,
+-		    const struct nlattr * const cda[]);
+-	int (*call_rcu)(struct sock *nl, struct sk_buff *skb, 
+-		    const struct nlmsghdr *nlh,
+-		    const struct nlattr * const cda[]);
+-	const struct nla_policy *policy;	/* netlink attribute policy */
+-	const u_int16_t attr_count;		/* number of nlattr's */
+-};
+-
+-struct nfnetlink_subsystem {
+-	const char *name;
+-	__u8 subsys_id;			/* nfnetlink subsystem ID */
+-	__u8 cb_count;			/* number of callbacks */
+-	const struct nfnl_callback *cb;	/* callback for individual types */
+-};
+-
+-extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n);
+-extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);
+-
+-extern int nfnetlink_has_listeners(struct net *net, unsigned int group);
+-extern int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, unsigned group,
+-			  int echo, gfp_t flags);
+-extern int nfnetlink_set_err(struct net *net, u32 pid, u32 group, int error);
+-extern int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u_int32_t pid, int flags);
+-
+-extern void nfnl_lock(void);
+-extern void nfnl_unlock(void);
+-
+-#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
+-	MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
+-
+-#endif	/* __KERNEL__ */
+-#endif	/* _NFNETLINK_H */
++#endif /* _NFNETLINK_H */
+diff --git a/src/libnetfilter_cthelper.c b/src/libnetfilter_cthelper.c
+index 2978870..f8f58e6 100644
+--- a/src/libnetfilter_cthelper.c
++++ b/src/libnetfilter_cthelper.c
+@@ -113,11 +113,11 @@ void nfct_helper_free(struct nfct_helper *h)
+ {
+ 	int i;
+ 
+-	free(h);
+ 	for (i=0; i<NF_CT_HELPER_CLASS_MAX; i++) {
+ 		if (h->expect_policy[i])
+ 			free(h->expect_policy[i]);
+ 	}
++	free(h);
+ }
+ EXPORT_SYMBOL(nfct_helper_free);
+ 

SPECS/libnetfilter_cthelper.spec

@@ -0,0 +1,62 @@
+Name:           libnetfilter_cthelper
+Version:        1.0.0
+Release:        9%{?dist}
+Summary:        User-space infrastructure for connection tracking helpers
+Group:          System Environment/Libraries
+License:        GPLv2
+URL:            http://www.netfilter.org/projects/libnetfilter_cthelper/index.html
+Source0:        http://www.netfilter.org/projects/libnetfilter_cthelper/files/libnetfilter_cthelper-%{version}.tar.bz2
+BuildRequires:  libmnl-devel >= 1.0.0, pkgconfig, kernel-headers
+
+Patch1:		libnetfilter_cthelper-1.0.0-cleanup.patch
+
+%description
+This library provides the infrastructure for the user-space helper
+infrastructure available since the Linux kernel 3.6.
+
+%package        devel
+Summary:        Development files for %{name}
+Group:          Development/Libraries
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       libmnl-devel >= 1.0.0
+Requires:       kernel-headers
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%prep
+%setup -q
+%patch1 -p1
+
+%build
+%configure --disable-static
+make %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%make_install
+find $RPM_BUILD_ROOT -type f -name '*.la' -exec rm -f {} ';'
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%doc COPYING README
+%{_libdir}/*.so.*
+
+%files devel
+%{_libdir}/pkgconfig/*.pc
+%dir %{_includedir}/libnetfilter_cthelper
+%{_includedir}/libnetfilter_cthelper/*.h
+%{_libdir}/*.so
+
+%changelog
+* Mon Jul 25 2016 Paul Wouters <pwouters@redhat.com> - 1.0.0-9
+- Resolves: rhbz#1252344 Use after free in nfct_helper_free
+
+* Wed Oct 14 2015 Paul Wouters <pwouters@redhat.com> - 1.0.0-8
+- Resolves: rhbz#1233222 (do not include examples/ as these become arch specific)
+
+* Wed Jun 10 2015 Paul Wouters <pwouters@redhat.com> - 1.0.0-7
+- Resolves: rhbz#1233222 Add libnetfilter_cthelper package to RHEL-7