iptables: upgrade 1.6.2 -> 1.8.2

To enable security flash, get the build error. To fix this,
0003-extensions-format-security-fixes-in-libipt_icmp.patch is required.

(From OE-Core rev: 2e135cea41c1276566a7390320468d1925481558)

Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch

@@ -0,0 +1,61 @@
+From 907e429d7548157016cd51aba4adc5d0c7d9f816 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg@pld-linux.org>
+Date: Wed, 14 Nov 2018 07:35:28 +0100
+Subject: extensions: format-security fixes in libip[6]t_icmp
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
+introduced support for gcc feature to check format string against passed
+argument.  This commit adds missing bits to extenstions's libipt_icmp.c
+and libip6t_icmp6.c that were causing build to fail.
+
+Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add")
+Signed-off-by: Adam Gołębiowski <adamg@pld-linux.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+
+Upstream-Status: Backport
+---
+ extensions/libip6t_icmp6.c | 4 ++--
+ extensions/libipt_icmp.c   | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c
+index 45a71875..cc7bfaeb 100644
+--- a/extensions/libip6t_icmp6.c
++++ b/extensions/libip6t_icmp6.c
+@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ 	type_name = icmp6_type_xlate(icmptype);
+ 
+ 	if (type_name) {
+-		xt_xlate_add(xl, type_name);
++		xt_xlate_add(xl, "%s", type_name);
+ 	} else {
+ 		for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i)
+ 			if (icmpv6_codes[i].type == icmptype &&
+@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ 				break;
+ 
+ 		if (i != ARRAY_SIZE(icmpv6_codes))
+-			xt_xlate_add(xl, icmpv6_codes[i].name);
++			xt_xlate_add(xl, "%s", icmpv6_codes[i].name);
+ 		else
+ 			return 0;
+ 	}
+diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c
+index 54189976..e76257c5 100644
+--- a/extensions/libipt_icmp.c
++++ b/extensions/libipt_icmp.c
+@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype,
+ 			if (icmp_codes[i].type == icmptype &&
+ 			    icmp_codes[i].code_min == code_min &&
+ 			    icmp_codes[i].code_max == code_max) {
+-				xt_xlate_add(xl, icmp_codes[i].name);
++				xt_xlate_add(xl, "%s", icmp_codes[i].name);
+ 				return 1;
+ 			}
+ 	}
+-- 
+cgit v1.2.1
+

meta/recipes-extended/iptables/iptables_1.8.2.bb

@@ -10,10 +10,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\
 SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
            file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
            file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \
+           file://0003-extensions-format-security-fixes-in-libipt_icmp.patch  \
 "
 
-SRC_URI[md5sum] = "7d2b7847e4aa8832a18437b8a4c1873d"
-SRC_URI[sha256sum] = "55d02dfa46263343a401f297d44190f2a3e5113c8933946f094ed40237053733"
+SRC_URI[md5sum] = "944558e88ddcc3b9b0d9550070fa3599"
+SRC_URI[sha256sum] = "a3778b50ed1a3256f9ca975de82c2204e508001fc2471238c8c97f3d1c4c12af"
 
 inherit autotools pkgconfig