From 4eb6a28a22b58c5ceaf02de9ae23c393f323c69657eda3e20d590795d428f552 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 29 May 2011 23:59:50 +0000 Subject: [PATCH] iptables 1.4.11+git5 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=16 --- 71e402b-fix-install-symlinks.diff | 31 +++++++++++++++++++ 874bd762-owner-restore-invert.diff | 31 +++++++++++++++++++ iptables-1.4.10.tar.bz2 | 3 -- iptables-1.4.11.tar.xz | 3 ++ iptables-batch.patch | 49 +++++++++++------------------- iptables.changes | 15 +++++++++ iptables.spec | 22 ++++++++------ 7 files changed, 110 insertions(+), 44 deletions(-) create mode 100644 71e402b-fix-install-symlinks.diff create mode 100644 874bd762-owner-restore-invert.diff delete mode 100644 iptables-1.4.10.tar.bz2 create mode 100644 iptables-1.4.11.tar.xz diff --git a/71e402b-fix-install-symlinks.diff b/71e402b-fix-install-symlinks.diff new file mode 100644 index 0000000..9445df1 --- /dev/null +++ b/71e402b-fix-install-symlinks.diff @@ -0,0 +1,31 @@ +parent 7d91a2accc92d13bb32bf881831e9c9a8b4d7734 (v1.4.11-2-g7d91a2a) +commit 71e402bbb3db7b54571f0e44354fd37706ff90aa +Author: Jan Engelhardt +Date: Mon May 30 01:45:14 2011 +0200 + +build: fix installation of symlinks + +Commit v1.4.11~20 forgot to change the symlink target names to the new +executable name. + +Signed-off-by: Jan Engelhardt +--- + Makefile.am | 6 +++--- + 1 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 13e144e..741729b 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -96,6 +96,6 @@ config.status: extensions/GNUmakefile.in \ + install-exec-hook: + -if test -z "${DESTDIR}"; then /sbin/ldconfig; fi; + ${INSTALL} -dm0755 "${DESTDIR}${bindir}"; +- for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/iptables-multi" "${DESTDIR}${bindir}/$$i"; done; +- for i in ${v4_sbin_links}; do ${LN_S} -f iptables-multi "${DESTDIR}${sbindir}/$$i"; done; +- for i in ${v6_sbin_links}; do ${LN_S} -f ip6tables-multi "${DESTDIR}${sbindir}/$$i"; done; ++ for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done; ++ for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done; ++ for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done; +-- +# Created with git-export-patch diff --git a/874bd762-owner-restore-invert.diff b/874bd762-owner-restore-invert.diff new file mode 100644 index 0000000..9681bdd --- /dev/null +++ b/874bd762-owner-restore-invert.diff @@ -0,0 +1,31 @@ +parent 172e9b15271c276aa1485b4a2fb63928a65b13ae (v1.4.11) +commit 874b76221f74a00520a712ef89b5254a1ed896f8 +Author: Jan Engelhardt +Date: Sun May 29 16:43:25 2011 +0200 + +libxt_owner: restore inversion support + +Signed-off-by: Jan Engelhardt +--- + extensions/libxt_owner.c | 6 ++++-- + 1 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c +index b60f907..d2fdfa9 100644 +--- a/extensions/libxt_owner.c ++++ b/extensions/libxt_owner.c +@@ -125,8 +125,10 @@ static const struct xt_option_entry owner_mt6_opts_v0[] = { + #undef s + + static const struct xt_option_entry owner_mt_opts[] = { +- {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING}, +- {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING}, ++ {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING, ++ .flags = XTOPT_INVERT}, ++ {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING, ++ .flags = XTOPT_INVERT}, + {.name = "socket-exists", .id = O_SOCK_EXISTS, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, + }; +-- +# Created with git-export-patch diff --git a/iptables-1.4.10.tar.bz2 b/iptables-1.4.10.tar.bz2 deleted file mode 100644 index 22b006d..0000000 --- a/iptables-1.4.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7544e437d2222078b15e6cd063b521c6f1ec4dac49e6af9ba3bfece2a6a93445 -size 478007 diff --git a/iptables-1.4.11.tar.xz b/iptables-1.4.11.tar.xz new file mode 100644 index 0000000..d0d9ff1 --- /dev/null +++ b/iptables-1.4.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:10b5e56839b8eb49003d0fa87ed3548783fb169c23d80b6df77d27fca5247c49 +size 409000 diff --git a/iptables-batch.patch b/iptables-batch.patch index 94cd51a..069ad17 100644 --- a/iptables-batch.patch +++ b/iptables-batch.patch @@ -1,46 +1,33 @@ --- - Makefile.am | 12 + + Makefile.am | 10 + iptables-batch.c | 468 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 478 insertions(+), 2 deletions(-) + 2 files changed, 477 insertions(+), 1 deletion(-) -Index: iptables-1.4.7/Makefile.am +Index: iptables-1.4.11/Makefile.am =================================================================== ---- iptables-1.4.7.orig/Makefile.am -+++ iptables-1.4.7/Makefile.am -@@ -54,6 +54,14 @@ endif - ip6tables_multi_LDFLAGS = -rdynamic - ip6tables_multi_LDADD = libiptc/libip6tc.la extensions/libext6.a libxtables.la -lm +--- iptables-1.4.11.orig/Makefile.am ++++ iptables-1.4.11/Makefile.am +@@ -59,7 +59,15 @@ endif + xtables_multi_SOURCES += xshared.c + xtables_multi_LDADD += libxtables.la -lm +-sbin_PROGRAMS = xtables-multi +iptables_batch_SOURCES = iptables-batch.c iptables.c xshared.c -+iptables_batch_LDFLAGS = ${iptables_multi_LDFLAGS} -+iptables_batch_LDADD = ${iptables_multi_LDADD} ++iptables_batch_LDFLAGS = ${xtables_multi_LDFLAGS} ++iptables_batch_LDADD = ${xtables_multi_LDADD} +ip6tables_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c +ip6tables_batch_CFLAGS = ${AM_CFLAGS} -DIP6T -+ip6tables_batch_LDFLAGS = ${ip6tables_multi_LDFLAGS} -+ip6tables_batch_LDADD = ${ip6tables_multi_LDADD} ++ip6tables_batch_LDFLAGS = ${xtables_multi_LDFLAGS} ++ip6tables_batch_LDADD = ${xtables_multi_LDADD} + - sbin_PROGRAMS = ++sbin_PROGRAMS = xtables-multi iptables-batch ip6tables-batch man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \ iptables-xml.8 ip6tables.8 ip6tables-restore.8 \ -@@ -61,12 +69,12 @@ man_MANS = iptables.8 iptables-r - CLEANFILES = iptables.8 ip6tables.8 - - if ENABLE_IPV4 --sbin_PROGRAMS += iptables-multi -+sbin_PROGRAMS += iptables-multi iptables-batch - v4_bin_links = iptables-xml - v4_sbin_links = iptables iptables-restore iptables-save - endif - if ENABLE_IPV6 --sbin_PROGRAMS += ip6tables-multi -+sbin_PROGRAMS += ip6tables-multi ip6tables-batch - v6_sbin_links = ip6tables ip6tables-restore ip6tables-save - endif - -Index: iptables-1.4.7/iptables-batch.c + ip6tables-save.8 +Index: iptables-1.4.11/iptables-batch.c =================================================================== --- /dev/null -+++ iptables-1.4.7/iptables-batch.c ++++ iptables-1.4.11/iptables-batch.c @@ -0,0 +1,468 @@ +/* + * Author: Ludwig Nussel @@ -325,7 +312,7 @@ Index: iptables-1.4.7/iptables-batch.c + } + } +#else -+ ret = do_command(argc, argv, &table, ¤t_table->handle); ++ ret = do_command4(argc, argv, &table, ¤t_table->handle); + + if (!ret) + { diff --git a/iptables.changes b/iptables.changes index 6fbe5f3..8e1bd5b 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Sun May 29 23:56:33 UTC 2011 - jengelh@medozas.de + +- Update to new upstream release 1.4.11 +* stricter option parsing +* support for the current xt_SET target as contained in 2.6.39 +* support for the new xt_devgroup match +* support for the new xt_AUDIT target +* support for a new NFQUEUE bypass option, allowing to bypass the + queue if no userspace listener is present +* a new iptables option "-C" to check for existence of a rules +- Fixes on top +* allow negation of --uid-owner/--gid-owner again +* fix installation of symlinks + ------------------------------------------------------------------- Fri Oct 29 17:56:48 UTC 2010 - jengelh@medozas.de diff --git a/iptables.spec b/iptables.spec index 26a82c9..63921d3 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,5 +1,5 @@ # -# spec file for package iptables (Version 1.4.9.1) +# spec file for package iptables (Version 1.4.10) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -21,17 +21,19 @@ Name: iptables License: GPLv2+ Group: Productivity/Networking/Security -Version: 1.4.10 +Version: 1.4.11 Release: 1 Summary: IP Packet Filter Administration #Git-Web: http://git.netfilter.org/ #Git-Clone: git://git.netfilter.org/iptables -Source: http://netfilter.org/projects/%name/files/%name-%version.tar.bz2 -Patch0: iptables-batch.patch +Source: %name-%version.tar.xz +Patch1: iptables-batch.patch +Patch2: 874bd762-owner-restore-invert.diff +Patch3: 71e402b-fix-install-symlinks.diff Url: http://netfilter.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: pkg-config sgmltool +BuildRequires: pkg-config, sgmltool, xz %description Iptables is used to set up, maintain, and inspect the tables of IP @@ -46,11 +48,13 @@ AutoReqProv: on Requires: %{name} = %{version} %description devel -These libraries are needed to compile programs against libipq. +These libraries are needed to compile +- additional third-party extensions +- programs using libipq %prep %setup -q -%patch -P 0 -p1 +%patch -P 1 -P 2 -P 3 -p1 %build if [ ! -e configure ]; then @@ -69,9 +73,6 @@ install -m0755 iptables-apply $RPM_BUILD_ROOT%{_sbindir}/ install -m0644 iptables-apply.8 $RPM_BUILD_ROOT%{_mandir}/man8/ find "$RPM_BUILD_ROOT" -iname "*.la" -delete -%clean -rm -rf $RPM_BUILD_ROOT - %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -83,6 +84,7 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/iptables* %{_sbindir}/iptables* %{_sbindir}/ip6tables* +%{_sbindir}/xtables* %dir %{_libexecdir}/xtables %{_libexecdir}/xtables/* %{_libdir}/*.so.*