1
0
forked from jengelh/iptables
iptables/iptables.spec

291 lines
10 KiB
RPMSpec
Raw Normal View History

#
# spec file for package iptables (Version 1.4.0)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: iptables
BuildRequires: kernel-source
License: GPL v2 or later
Group: Productivity/Networking/Security
AutoReqProv: on
Version: 1.4.0
Release: 1
Summary: IP Packet Filter Administration
Source0: %{name}-%{version}.tar.bz2
Source1: %{name}-%{version}-debian-docs.tar.bz2
Patch0: %{name}-%{version}-makefile.diff
Patch1: %{name}-%{version}-batch.diff
Url: http://www.iptables.org
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Iptables is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel. This version requires kernel
2.4.0 or newer.
Authors:
--------
Netfilter Core Team <netfilter-core@linuxcare.com.au>
%package devel
Summary: Libraries, Headers and Development Man Pages for libipq
Group: Development/Libraries/C and C++
AutoReqProv: on
Requires: %{name} = %{version}
%description devel
These libraries are needed to compile programs against libipq.
Authors:
--------
Netfilter Core Team <netfilter-core@linuxcare.com.au>
%prep
%setup -q -a 1
%patch0
%patch1
%build
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR"
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" experimental
CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" iptables-batch ip6tables-batch
%install
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"
CFLAGS="$RPM_OPT_FLAGS" \
make IPT_LIBDIR=%{_libdir}/iptables \
BINDIR=$RPM_BUILD_ROOT%{_sbindir} \
LIBDIR=$RPM_BUILD_ROOT%{_libdir} \
INCDIR=$RPM_BUILD_ROOT%{_includedir} \
MANDIR=$RPM_BUILD_ROOT%{_mandir} \
KERNEL_DIR="$KERNEL_DIR" \
install install-devel install-experimental
install -m755 iptables-batch ip6tables-batch $RPM_BUILD_ROOT%{_sbindir}
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc COPYING doc/*.html
%doc %{_mandir}/man8/*
%{_sbindir}/iptables*
%{_sbindir}/ip6tables*
%{_libdir}/iptables
%files devel
%defattr(-,root,root)
%doc %{_mandir}/man3/*
%{_libdir}/*.a
%{_includedir}/*
%changelog
* Tue Jan 08 2008 - prusnak@suse.cz
- updated to 1.4.0:
* Add support for generic xtables infrastructure (improved IPv6 support!)
* Deletes empty ->final_check() functions
* Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
* Remove last vestiges of NFC
* Make @msg argument a const char *, just like printf
* Makes it possible to omit extra_opts of matches/targets if unnecessary
* Fix "iptables getsockopt failed strangely" when querying revisions
for non-existant matches and targets
* Introduces DEST_IPT_LIBDIR in Makefile
* Change default KERNEL_DIR location and add KBUILD_OUTPUT
* Removes obsolete KERNEL_64_USERSPACE_32 definitions
* Fix unused function warning
* Don't use dlfcn.h if NO_SHARED_LIBS is defined
* Fix showing help text for matches/targets with revision as user
* Print warnings to stderr
* Fix sscanf type errors
* Always print mask in iptables-save
* Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
* Adds --table to iptables-restore
* Make DO_MULTI=1 work for ip6tables* binaries
* Add ip6tables-{save,restore} to non-experimental target,
fix strict aliasing warnings
* Introducing libxt_*.man files. Sorted matches and modules
* Install ip6tables-{save,restore} manpages
* Performance optimization in sorting chain during pull-out
* Fix sockfd use accounting for kernels without autoloading
* use <linux/types.h>
* Fix make/compile error for iptables-1.4.0rc1
* Fix for --random option in DNAT and REDIRECT
* Document xt_statistic
* sctp: fix - mistake to pass a pointer where array is required
* Fix connlimit output for inverted --connlimit-above:
! > is <=, not <
* Add NFLOG manpage
* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
* fix check_inverse() call
- removed obsolete patch:
* strict-aliasing-fix.diff (included in update)
* Tue Jul 31 2007 - prusnak@suse.cz
- removed sed scripts in %%prep section from last update
* not needed anymore
* Thu Jul 26 2007 - prusnak@suse.cz
- updated to 1.3.8
* Fix build error of conntrack match
* Remove whitespace in ip6tables.c
* `-p all' and `-p 0' should be allowed in ip6tables
* hashlimit doc update
* add --random option to DNAT and REDIRECT
* Makefile uses POSIX conform directory check
* Fix missing newlines in iptables-save/restore output
* Update quota manpage for SMP
* Output for unspecified proto is `all' instead of `0'
* Fix iptables-save with --random option
* Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs
* Remove libnsl from LDLIBS
* Fix problem with iptables-restore and quotes
* Remove unnecessary includes
* Fix --modprobe parameter
* ip6tables-restore should output error of modprobe after failed to load
* Add random option to SNAT
* Fix missing space in error message
* Fixes for manpages of tcp, udp, and icmp{,6}
* Add ip6tables mh extension
* Fix tcpmss manpage
* Add ip6tables TCPMSS extension
* Add UDPLITE multiport support
* Fix missing space in ruleset listing
* Remove extensions for unmaintained/obsolete patchlets
* Fix greedy debug grep
* Fix type in manpage
* Fix compile/install error for iptables-xml with DO_MULTI=1
- dropped obsolete patches:
* newlines.diff (included in update)
* shlibs.diff (done by sed in %%prep section)
* extensions.diff
* Wed May 09 2007 - prusnak@suse.cz
- added newlines to error messages (newlines.diff) [#271847]
* Tue Mar 13 2007 - prusnak@suse.cz
- added initial setting of KERNEL_DIR variable in %%install section of spec file
* Tue Jan 09 2007 - prusnak@suse.cz
- added experimental tools and extensions (removed by last update)
* Wed Jan 03 2007 - prusnak@suse.cz
- updated to 1.3.7
* Add revision support for ip6tables
* Add port range support for ip6tables multiport match
* Add sctp match extension for ip6tables
* Add iptables-xml tool
* Add hashlimit support for ip6tables (needs kernel > 2.6.19)
* Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)
* Bugfixes
- updated debian-docs and moved into tar.bz2
* Thu Nov 16 2006 - mjancar@suse.cz
- allow setting KERNEL_DIR on commandline for build (#220851)
* Tue Oct 17 2006 - anosek@suse.cz
- updated to version 1.3.6
* Support multiple matches of the same type within a single rule
* DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)
* SELinux SECMARK target (needs kernel >= 2.6.18)
* SELinux CONNSECMARK target (needs kernel >= 2.6.18)
* Add support for statistic match (needs kernel >= 2.6.18)
* Optionally read realm values from /etc/iproute2/rt_realms
* Bugfixes
* Wed Feb 01 2006 - lnussel@suse.de
- updated to version 1.3.5
* supports ip6tables state and conntrack \o/ (#145758)
* Fri Jan 27 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 24 2006 - schwab@suse.de
- Fix building of shared libraries.
* Tue Jan 17 2006 - postadal@suse.cz
- updated policy extension from upstream (policy-1.3.4.patch)
* ported for changes in kernel
* Tue Nov 15 2005 - postadal@suse.cz
- updated to version 1.3.4
- added RPM_OPT_FLAGS to CFLAGS
- fixed strict aliasing (strict-aliasing-fix.patch)
* Mon Aug 01 2005 - lnussel@suse.de
- add iptables-batch and ip6tables-batch
* Mon Aug 01 2005 - postadal@suse.cz
- updated to version 1.3.3
* Wed Jul 27 2005 - postadal@suse.cz
- updated to version 1.3.2
* Wed Mar 09 2005 - postadal@suse.cz
- updated to version 1.3.1 (bug fixes)
* Thu Feb 17 2005 - postadal@suse.cz
- updated to version 1.3.0
- removed obsoleted patch modules-secfix
* Tue Nov 02 2004 - postadal@suse.cz
- fixed uninitialised variable [#47850] - CAN-2004-0986
* Tue Aug 17 2004 - mludvig@suse.cz
- Fixed mode for extensions/.policy-test6
* Thu Aug 05 2004 - mludvig@suse.cz
- Added IPv6 support to the 'policy' match.
* Wed Aug 04 2004 - postadal@suse.cz
- updated to version 1.2.11
- removed obsoleted patch clusterip
* Sat Apr 24 2004 - lmb@suse.de
- Add support for Cluster IP functionality.
* Wed Apr 21 2004 - mludvig@suse.cz
- Added module for IPv6 conntrack from USAGI.
* Wed Mar 24 2004 - mludvig@suse.cz
- Added policy module from patch-o-matic
* Fri Feb 06 2004 - postadal@suse.cz
- updated to version 1.2.9.
* Sat Jan 10 2004 - adrian@suse.de
- add %%defattr
* Wed Jul 23 2003 - postadal@suse.cz
- updated to 1.2.8
* Tue Apr 08 2003 - schwab@suse.de
- Prefer sanitized kernel headers.
* Thu Sep 05 2002 - postadal@suse.cz
- updated to bugfixed 1.2.7a version
* Wed Aug 28 2002 - postadal@suse.cz
- added Requires %%{name} = %%{version} to devel package
* Thu Aug 08 2002 - nadvornik@suse.cz
- updated to 1.2.7
* Wed Mar 27 2002 - postadal@suse.cz
- revert to compile it with kernel headers (#15448)
* Fri Feb 01 2002 - nadvornik@suse.cz
- compiled with kernel headers from glibc
* Tue Jan 15 2002 - nadvornik@suse.cz
- update to 1.2.5
* Wed Nov 14 2001 - nadvornik@suse.cz
- updated to 1.2.4 [bug #12104]
- fixed problems with iptables-save/restore
- iptables-1.2.4.debian.diff.bz2 contains documentation only,
Makefile changes moved to separate patch
* Sat Sep 22 2001 - garloff@suse.de
- Fix ipt_string support (compile fix).
* Tue Jul 17 2001 - garloff@suse.de
- Update to iptables-1.2.2
- Appply debian patch: mostly docu stuff
- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM
.spec file to compile and install ip(6)tables-save/restore apps.
* Fri Apr 06 2001 - kukuk@suse.de
- changed neededforbuild from lx_suse to kernel-source
* Tue Mar 27 2001 - lmuelle@suse.de
- update to 1.2.1a
- add devel package with libipq stuff
- minor spec file cleanup
* Sun Jan 28 2001 - olh@suse.de
- update to 1.2, needed for ppc and sparc
* Tue Dec 19 2000 - nadvornik@suse.cz
- compiled with lx_suse
* Tue Oct 17 2000 - nadvornik@suse.cz
- update to 1.1.2
* Fri Sep 22 2000 - ro@suse.de
- up to 1.1.1
* Fri Jun 09 2000 - ro@suse.de
- fixed neededforbuild
* Wed Jun 07 2000 - nadvornik@suse.cz
- new package 1.1.0