From 11586c0cb73d138eaf01c966895e4979454f10b6121d082fa418489424f7faab Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 20 Jul 2018 14:30:45 +0000
Subject: [PATCH] - Update to new upstream release 1.8.0

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=102
---
 iptables-1.6.2.tar.bz2     |   3 --
 iptables-1.6.2.tar.bz2.sig | Bin 543 -> 0 bytes
 iptables-1.8.0.tar.bz2     |   3 ++
 iptables-1.8.0.tar.bz2.sig | Bin 0 -> 590 bytes
 iptables-batch.patch       |  38 +++++++++----------
 iptables.changes           |  10 +++++
 iptables.spec              |  76 ++++++++++---------------------------
 7 files changed, 49 insertions(+), 81 deletions(-)
 delete mode 100644 iptables-1.6.2.tar.bz2
 delete mode 100644 iptables-1.6.2.tar.bz2.sig
 create mode 100644 iptables-1.8.0.tar.bz2
 create mode 100644 iptables-1.8.0.tar.bz2.sig

diff --git a/iptables-1.6.2.tar.bz2 b/iptables-1.6.2.tar.bz2
deleted file mode 100644
index 2d4ae79..0000000
--- a/iptables-1.6.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:55d02dfa46263343a401f297d44190f2a3e5113c8933946f094ed40237053733
-size 639785
diff --git a/iptables-1.6.2.tar.bz2.sig b/iptables-1.6.2.tar.bz2.sig
deleted file mode 100644
index 9e4819d8ab2cb574a00510766f61a1a02daaab20377d335f4f99df3519673405..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 543
zcmV+)0^t3L0vrSY0RjL91p-=hh6(@*2@tDBRiP%*lH|&m5Bv>gHC)c|rt*N>wz=Jg
zPf~^<N4S^{&T(g;(g2Y(OvpPyo#77nm$LR8T^~qhAQBzlde|xPLw2Ofr-p_5ob`b`
zTCOj}%OBwDJpjw6?Vy=4J0dLm>>v_T?y*yh{P>9x8MS7<tk&y>s`f(3p+ik*6mG`7
zW%A7)fbfqqL&1c1eUd*1?zOFuL2e$e0F**c?*yiXJ-p=akdI)L$j1&onBStn<N8g~
zZazieF)0qgj@kOr%)B*+a*6Ev%xgT$7=)+)kCXx9kE%hXdp9E?WmP{Q7^Y6P>d-7y
zN?m$HLu4$BQSR~8EA2YW+cujj4)-Q<Za~qrh~_pw*soJWoO-^xWmpym65rqG?&L*0
zSbNn!mw25m6>~-JU*V>^RGfHur6Hd;ev2Dr6Wft~mKERpv>WPbC1yGMz}P^jXIUYJ
zIGJtF^G@TKsIIDXYYTy~Lai`8rId)fOOo9uQ?}etfJo!!P4o60J}dZ^FdR7m|FYXN
zZ7u?$dUBLA0R+U+?i!!28`b)0TP@xok^*>)tC1G<rhQK7{C;@#<Dt`LZak%1Ljx70
za7ex$OfV@w_Lw50v&Ez2tmcq<XJ87^9FTK6%k2qVL#^BqrRxV>2kWsCcuDl3GNsI?
h!@D_Im^GH&bVaDFcV0Pzjzz%P0+`~8ctE7ze1?tG4R`<m

diff --git a/iptables-1.8.0.tar.bz2 b/iptables-1.8.0.tar.bz2
new file mode 100644
index 0000000..e064c98
--- /dev/null
+++ b/iptables-1.8.0.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c4cbfa187c4296e4bc2e347ebbc21e309def7274773f20f0df0b8feaf7e8de50
+size 677980
diff --git a/iptables-1.8.0.tar.bz2.sig b/iptables-1.8.0.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..652e88617a8426e03040767ed10096ceb81853ed9d13442133e2033a84d5ccbd
GIT binary patch
literal 590
zcmV-U0<ryx0!st{0SEv!79j+{ow5c$9dI<dVN$KDMpdCE(vsu_0$V>F_!k^wZ*paH
zWnpbVZe?_4X>4?5axQOjX8;Nb5UWO2p(fIj<XR#R{yA5N9-C9>6SI`x>n@jn+9ZpF
z|Iz9|n39e`?g-XJha`M8EkAhSiF%s;c?rD@z$}875$!=P-=3SO743tgZsL!KcVa`3
z*7Ej*p))2NYAfd-)SA85;VkV~%QHmB^$Ak*K-S}q>b67;MlQlk<>=BRue}8H^ox?n
zm~NoyFl@j6YL|<>6S9vqUlNk@lsdsi9)1P%`s&RKEUh#l#~{91`x#M`dIfX6cYqJ@
zxlrwW+FB1*1j_YcD?r73E~MmNGyGJzH*0HTMZK)1Sd2a&)lHW5Sw@d&uWTHs@sv+F
z?~`?W={kbv(Vv;M9=VB#qkQ1?=>vm+O#|q!CvQ{h8F+SIn~G(^jmcB?o%TSGVZLej
zjh;TheB2z63QyHd@Q<n7X{Uj}!;;W(X|9)som}V@3Pa0yMK#mW40vcZP|q?yKprM{
zy8ry;@PdBYQ#;u)A=tEF5P-0Ly)J<h9C7Tn(ZI&=Oyb-ND8twdF6nI+`nO-^0nelj
zqmkjB|DFEzj75q#`{dag@IOrlm(N_Av-0?ZpHE@Y&nC43Qpb`I?%tK+Pu{RjZ~Z42
z)w8~eiak@5TQH2AZ6ctf4sbT(Y3~V-h;^z+5^FGWN+-uWq8|)zJAges*o_5l#10h_
cr+w3eO48k8{HEvvJ%2ipf!Lcmi1E|qfiVLm$^ZZW

literal 0
HcmV?d00001

diff --git a/iptables-batch.patch b/iptables-batch.patch
index 24c8c7e..0533a27 100644
--- a/iptables-batch.patch
+++ b/iptables-batch.patch
@@ -3,31 +3,27 @@
  iptables/iptables-batch.c |  468 ++++++++++++++++++++++++++++++++++++++++++++++
  2 files changed, 477 insertions(+)
 
-Index: iptables/iptables/Makefile.am
+Index: iptables-1.8.0/iptables/Makefile.am
 ===================================================================
---- iptables.orig/iptables/Makefile.am
-+++ iptables/iptables/Makefile.am
-@@ -48,7 +48,16 @@ xtables_compat_multi_SOURCES += xshared.
- xtables_compat_multi_LDADD   += ../libxtables/libxtables.la -lm
- endif
- 
-+iptables_batch_SOURCES    = iptables-batch.c iptables.c xshared.c
-+iptables_batch_LDFLAGS    = ${xtables_multi_LDFLAGS}
-+iptables_batch_LDADD      = ${xtables_multi_LDADD}
-+ip6tables_batch_SOURCES   = iptables-batch.c ip6tables.c xshared.c
-+ip6tables_batch_CFLAGS    = ${AM_CFLAGS} -DIP6T
-+ip6tables_batch_LDFLAGS   = ${xtables_multi_LDFLAGS}
-+ip6tables_batch_LDADD     = ${xtables_multi_LDADD}
+--- iptables-1.8.0.orig/iptables/Makefile.am
++++ iptables-1.8.0/iptables/Makefile.am
+@@ -98,3 +98,12 @@ install-exec-hook:
+ 	for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
+ 	for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
+ 	for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done;
 +
- sbin_PROGRAMS    = xtables-multi
-+sbin_PROGRAMS   += iptables-batch ip6tables-batch
- if ENABLE_NFTABLES
- sbin_PROGRAMS	+= xtables-compat-multi
- endif
-Index: iptables/iptables/iptables-batch.c
++iptables_legacy_batch_SOURCES  = iptables-batch.c iptables.c xshared.c
++iptables_legacy_batch_LDFLAGS  = ${xtables_legacy_multi_LDFLAGS}
++iptables_legacy_batch_LDADD    = ${xtables_legacy_multi_LDADD}
++ip6tables_legacy_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c
++ip6tables_legacy_batch_CFLAGS  = ${AM_CFLAGS} -DIP6T
++ip6tables_legacy_batch_LDFLAGS = ${xtables_legacy_multi_LDFLAGS}
++ip6tables_legacy_batch_LDADD   = ${xtables_legacy_multi_LDADD}
++sbin_PROGRAMS += iptables-legacy-batch ip6tables-legacy-batch
+Index: iptables-1.8.0/iptables/iptables-batch.c
 ===================================================================
 --- /dev/null
-+++ iptables/iptables/iptables-batch.c
++++ iptables-1.8.0/iptables/iptables-batch.c
 @@ -0,0 +1,468 @@
 +/*
 + * Author: Ludwig Nussel <ludwig.nussel@suse.de>
diff --git a/iptables.changes b/iptables.changes
index c2460c6..cceac44 100644
--- a/iptables.changes
+++ b/iptables.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jul  9 09:38:13 UTC 2018 - jengelh@inai.de
+
+- Update to new upstream release 1.8.0
+  * The ipv6 "srh" match can now match previous/next/last sid
+  * CONNMARK target now supports bit-shifting for restore,set
+    and save-mark.
+  * DNAT now supports shifted portmap ranges.
+  * iptables now comes in two backends: legacy and nft.
+
 -------------------------------------------------------------------
 Thu May 24 16:38:53 CEST 2018 - kukuk@suse.de
 
diff --git a/iptables.spec b/iptables.spec
index 2b9154e..755b100 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -17,7 +17,7 @@
 
 
 Name:           iptables
-Version:        1.6.2
+Version:        1.8.0
 Release:        0
 Summary:        IP packet filter administration utilities
 License:        GPL-2.0-only AND Artistic-2.0
@@ -32,14 +32,9 @@ Patch4:         iptables-apply-mktemp-fix.patch
 Patch5:         iptables-batch-lock.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-%if 0%{?fedora_version} || 0%{?centos_version}
-BuildRequires:  sgml-common
-%endif
-%if 0%{?suse_version}
-BuildRequires:  fdupes
-%endif
 #git#BuildRequires:  autoconf, automake >= 1.10
 BuildRequires:  bison
+BuildRequires:  fdupes
 BuildRequires:  flex >= 2.5.33
 BuildRequires:  libtool
 BuildRequires:  pkg-config >= 0.21
@@ -48,24 +43,13 @@ BuildRequires:  pkgconfig(libmnl) >= 1.0
 BuildRequires:  pkgconfig(libnetfilter_conntrack) >= 1.0.4
 BuildRequires:  pkgconfig(libnfnetlink) >= 1.0.0
 BuildRequires:  pkgconfig(libnftnl) >= 1.0.5
+Requires:       iptables-default-backend
+Requires:       netcfg >= 11.6
 Requires:       xtables-plugins = %version-%release
 
 %description
 iptables is used to set up, maintain, and inspect the rule tables of
-the classic "ip6_tables" and "ip_tables" packet filters in the Linux
-kernel.
-
-%package nft
-Summary:        nft packet filter administration utilties in the style of Xtables
-Group:          Productivity/Networking/Security
-Requires:       netcfg >= 11.6
-Requires:       xtables-plugins = %version-%release
-
-%description nft
-The programs shipped in this subpackage behave like iptables on the
-command line, but instead edits the rules of the nft packet filter in
-the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit
-the features.
+the various Netfilter packet filter engines inside the Linux kernel.
 
 %package -n xtables-plugins
 Summary:        Match and target extension plugins for iptables
@@ -147,22 +131,24 @@ xtables --variable=xtlibdir).
 
 %build
 # We have the iptables-batch patch, so always regenerate.
-if true || [ ! -e configure ]; then
-	./autogen.sh
-fi
+./autogen.sh
 # bnc#561793 - do not include unclean module in iptables manpage
 rm -f extensions/libipt_unclean.man
 # includedir is overriden on purpose to detect projects that
 # fail to include libxtables_CFLAGS
 %configure --includedir="%_includedir/%name" --enable-libipq
-make %{?_smp_mflags}
+make %{?_smp_mflags} V=
 
 %install
-make DESTDIR=%buildroot install
+%make_install
+b="%buildroot"
 # iptables-apply is not installed by upstream Makefile
-install -m0755 iptables/iptables-apply %buildroot%_sbindir/
-install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
-rm -f "%buildroot/%_libdir"/*.la
+install -m0755 iptables/iptables-apply "$b/%_sbindir/"
+install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
+rm -f "$b/%_libdir"/*.la
+rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
+mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft"
+mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
 %if 0%{?suse_version}
 %fdupes %buildroot/%_prefix
 %endif
@@ -175,42 +161,22 @@ rm -f "%buildroot/%_libdir"/*.la
 %postun -n libxtables12 -p /sbin/ldconfig
 
 %files
-%defattr(-,root,root)
 %license COPYING
-%doc %_mandir/man1/ip*
-%doc %_mandir/man8/ip*
-%_bindir/iptables-xml
-%_sbindir/iptables
-%_sbindir/iptables-apply
-%_sbindir/iptables-batch
-%_sbindir/iptables-restore
-%_sbindir/iptables-save
-%_sbindir/ip6tables
-%_sbindir/ip6tables-batch
-%_sbindir/ip6tables-restore
-%_sbindir/ip6tables-save
-%_sbindir/xtables-multi
-
-%files nft
-%defattr(-,root,root)
-# is provided by netcfg
-%exclude %_sysconfdir/ethertypes
-%_sbindir/*-compat*
-%_sbindir/*-translate*
+%_bindir/*tables*
+%_sbindir/*tables*
+%_mandir/man1/*tables*
+%_mandir/man8/*tables*
 
 %files -n xtables-plugins
-%defattr(-,root,root)
 %_libdir/xtables/
 %_sbindir/nfnl_osf
 %_mandir/man8/nfnl_osf.8*
 %_datadir/xtables/
 
 %files -n libipq0
-%defattr(-,root,root)
 %_libdir/libipq.so.0*
 
 %files -n libipq-devel
-%defattr(-,root,root)
 %doc %_mandir/man3/libipq*
 %doc %_mandir/man3/ipq*
 %dir %_includedir/%name/
@@ -219,24 +185,20 @@ rm -f "%buildroot/%_libdir"/*.la
 %_libdir/pkgconfig/libipq.pc
 
 %files -n libiptc0
-%defattr(-,root,root)
 %_libdir/libiptc.so.0*
 %_libdir/libip4tc.so.0*
 %_libdir/libip6tc.so.0*
 
 %files -n libiptc-devel
-%defattr(-,root,root)
 %dir %_includedir/%name/
 %_includedir/%name/libiptc*
 %_libdir/libip*tc.so
 %_libdir/pkgconfig/libip*tc.pc
 
 %files -n libxtables12
-%defattr(-,root,root)
 %_libdir/libxtables.so.12*
 
 %files -n libxtables-devel
-%defattr(-,root,root)
 %dir %_includedir/%name/
 %_includedir/%name/xtables.h
 %_includedir/%name/xtables-version.h