From e8557c2d8da74c5e40151afc5cbbb1d9996c72dc Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 7 Oct 2015 18:56:31 -0700
Subject: libnetfilter: Avoid using VLAs

VLAs in composite data types like structures and unions
are not a standard feature of C language,  gcc has specific
implementations for but other compilers dont have that done specifically clang, and
the community refuses to implement it since its non standard.

Change-Id: I6ae24adb455bf262fe9406a1c8e3b3a4a0cf77d4
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
 .../libnetfilter/files/replace-VLAs-in-union.patch | 89 ++++++++++++++++++++++
 .../libnetfilter/libnetfilter-conntrack_1.0.4.bb   |  4 +-
 2 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-filter/libnetfilter/files/replace-VLAs-in-union.patch

diff --git a/meta-networking/recipes-filter/libnetfilter/files/replace-VLAs-in-union.patch b/meta-networking/recipes-filter/libnetfilter/files/replace-VLAs-in-union.patch
new file mode 100644
index 0000000000..16e4af405d
--- /dev/null
+++ b/meta-networking/recipes-filter/libnetfilter/files/replace-VLAs-in-union.patch
@@ -0,0 +1,89 @@
+VLAs in structs and unions (non-PODs) is unsupported in non-gcc compilers
+therefore convert it to not use VLAs instead use fixed arrays
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Pending
+Index: libnetfilter_conntrack-1.0.4/src/conntrack/api.c
+===================================================================
+--- libnetfilter_conntrack-1.0.4.orig/src/conntrack/api.c
++++ libnetfilter_conntrack-1.0.4/src/conntrack/api.c
+@@ -954,16 +954,15 @@ int nfct_query(struct nfct_handle *h,
+ 	       const enum nf_conntrack_query qt,
+ 	       const void *data)
+ {
+-	size_t size = 4096;	/* enough for now */
+ 	union {
+-		char buffer[size];
++		char buffer[4096];
+ 		struct nfnlhdr req;
+ 	} u;
+ 
+ 	assert(h != NULL);
+ 	assert(data != NULL);
+ 
+-	if (__build_query_ct(h->nfnlssh_ct, qt, data, &u.req, size) == -1)
++	if (__build_query_ct(h->nfnlssh_ct, qt, data, &u.req, 4096) == -1)
+ 		return -1;
+ 
+ 	return nfnl_query(h->nfnlh, &u.req.nlh);
+@@ -986,16 +985,15 @@ int nfct_send(struct nfct_handle *h,
+ 	      const enum nf_conntrack_query qt,
+ 	      const void *data)
+ {
+-	size_t size = 4096;	/* enough for now */
+ 	union {
+-		char buffer[size];
++		char buffer[4096];
+ 		struct nfnlhdr req;
+ 	} u;
+ 
+ 	assert(h != NULL);
+ 	assert(data != NULL);
+ 
+-	if (__build_query_ct(h->nfnlssh_ct, qt, data, &u.req, size) == -1)
++	if (__build_query_ct(h->nfnlssh_ct, qt, data, &u.req, 4096) == -1)
+ 		return -1;
+ 
+ 	return nfnl_send(h->nfnlh, &u.req.nlh);
+Index: libnetfilter_conntrack-1.0.4/src/expect/api.c
+===================================================================
+--- libnetfilter_conntrack-1.0.4.orig/src/expect/api.c
++++ libnetfilter_conntrack-1.0.4/src/expect/api.c
+@@ -669,16 +669,15 @@ int nfexp_query(struct nfct_handle *h,
+ 	        const enum nf_conntrack_query qt,
+ 	        const void *data)
+ {
+-	size_t size = 4096;	/* enough for now */
+ 	union {
+-		char buffer[size];
++		char buffer[4096];
+ 		struct nfnlhdr req;
+ 	} u;
+ 
+ 	assert(h != NULL);
+ 	assert(data != NULL);
+ 
+-	if (__build_query_exp(h->nfnlssh_exp, qt, data, &u.req, size) == -1)
++	if (__build_query_exp(h->nfnlssh_exp, qt, data, &u.req, 4096) == -1)
+ 		return -1;
+ 
+ 	return nfnl_query(h->nfnlh, &u.req.nlh);
+@@ -701,16 +700,15 @@ int nfexp_send(struct nfct_handle *h,
+ 	       const enum nf_conntrack_query qt,
+ 	       const void *data)
+ {
+-	size_t size = 4096;	/* enough for now */
+ 	union {
+-		char buffer[size];
++		char buffer[4096];
+ 		struct nfnlhdr req;
+ 	} u;
+ 
+ 	assert(h != NULL);
+ 	assert(data != NULL);
+ 
+-	if (__build_query_exp(h->nfnlssh_exp, qt, data, &u.req, size) == -1)
++	if (__build_query_exp(h->nfnlssh_exp, qt, data, &u.req, 4096) == -1)
+ 		return -1;
+ 
+ 	return nfnl_send(h->nfnlh, &u.req.nlh);
diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.4.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.4.bb
index c1df1cb66a..ecbc86ba71 100644
--- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.4.bb
+++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.4.bb
@@ -6,7 +6,9 @@ LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
 DEPENDS = "libnfnetlink libmnl"
 
-SRC_URI = "http://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2;name=tar"
+SRC_URI = "http://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2;name=tar \
+           file://replace-VLAs-in-union.patch \
+"
 SRC_URI[tar.md5sum] = "18cf80c4b339a3285e78822dbd4f08d7"
 SRC_URI[tar.sha256sum] = "d9ec4a3caf49417f2b0a2d8d44249133e8c3ec78c757b7eb8c273f1cb6929c7d"
 
-- 
cgit 1.2.3-korg