diff --git a/iptables.changes b/iptables.changes index d6ef4ff..45ce41d 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,7 @@ +Wed Jul 15 17:53:13 CEST 2009 - kay.sievers@novell.com + +- fix libdir/libexecdir on 64bit installation + ------------------------------------------------------------------- Wed Jun 17 17:23:48 CEST 2009 - puzel@novell.com diff --git a/iptables.spec b/iptables.spec index 60b0e56..06c50c8 100644 --- a/iptables.spec +++ b/iptables.spec @@ -22,7 +22,7 @@ Name: iptables License: GPL v2 or later Group: Productivity/Networking/Security Version: 1.4.4 -Release: 2 +Release: 3 Summary: IP Packet Filter Administration Source0: %{name}-%{version}.tar.bz2 # http://netfilter.org/documentation/index.html#documentation-howto @@ -66,7 +66,8 @@ Authors: %build autoreconf -f -i %configure \ - --enable-libipq + --enable-libipq \ + --libexecdir=%{_libdir} make %{?jobs:-j%jobs} # build howtos cd howtos @@ -108,297 +109,3 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/libiptc.pc %changelog -* Wed Jun 17 2009 puzel@novell.com -- install iptables-apply -* Wed Jun 17 2009 puzel@suse.cz -- update to iptables-1.4.4 - * support for the new features in the 2.6.30 kernel, namely the - cluster match and persistent multi-range NAT mappings - * support for the ipset set match and target - * various minor fixes and cleanups - * documentation updates -* Mon May 11 2009 puzel@suse.cz -- make explicit 'commit' in iptables-batch do nothing (bnc#500990) -* Tue Apr 21 2009 puzel@suse.cz -- update to 1.4.3.2 - - numerous documentation updates and bugfixes - - set of changes to move some of the iptables functionality to a shared - library for tc and m_ipt - - make libiptc available as shared library (closes bnc#487629) - - IPv6 support for the recent match - - TPROXY support - - SCTP/DCCP NAT support -- INCOMPATIBILITY: This release starts enforcing the deprecation of NAT - filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will - cause an error instead of a warning from now on. -- rework iptables-batch.patch (libiptc interface has changed) -- update howtos -* Fri Jan 16 2009 prusnak@suse.cz -- updated to 1.4.2 - * remove dependency on libiptc headers - * fix segmentation fault with -tanything - * warn about use of DROP in nat table - * do allow --rttl for --update - * run ldconfig on `make install` - * fix invalid iptables-save output - * fix hashlimit output -* Wed Sep 10 2008 prusnak@suse.cz -- updated to 1.4.2-rc1 - * libxt_TOS: make sure --set-tos value/mask is recognized - * libiptc: fix scalability performance issue during initial ruleset parsing - * xt_string: string extension case insensitive matching - * ip6tables: add --goto support -* Wed Sep 10 2008 prusnak@suse.cz -- updated to 1.4.1.1 - * iptables: fix printing of line numbers with --line-numbers arg - * ip6tables: fix printing of ipv6 network masks - * build: fix `make install` when --disable-shared is used - * iprange: kernel flags were not set -* Wed Sep 10 2008 prusnak@suse.cz -- updated to 1.4.1 - * iptables: use C99 lists for struct options - * Make iptables-restore usable over a pipe - * Add support for --set-counters to iptables -P - * iptables --list-rules command - * iptables --list chain rulenum - * Make --set-counters (-c) accept comma separated counters - * libxt_iprange: Fix IP validation logic - * fix ip6tables dest address printing - * Converts the iptables build infrastructure to autotools. - * Introduce strtonum(), which works like string_to_number(), but passes - * print warning when dlopen fails - * libxt_owner: UID/GID range support - * Fix compilation of iptables-static build - * xtables.h: move non-exported parts to internal.h - * Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR - * manpages: fix broken markup (missing close tags) - * manpages: update to reflect fine-grained control - * configure: split --enable-libipq from --enable-devel - * Add all necessary header files - compilation fix for various cases - * Install libiptc header files because xtables.h depends on it - * Implement AF_UNSPEC as a wildcard for extensions - * Combine ipt and ip6t manpages - * Resolve warnings on 64-bit compile - * Wrap dlopen code into NO_SHARED_LIBS - * Remove support for compilation of conditional extensions - * Resolve libipt_set warnings - * Update documentation about building the package - * configure.ac: AC_SUBST must be separate - * Dynamically create xtables.h.in with version - * configure.ac: remove already-defined variables - * Remove old functions, constants - * Makefile.am: use PACKAGE_TARNAME - * iptables out-of-tree build directory - * Introduce a counter for number of user defined chains. - * Solving scalability issue: for chain list "name" searching. - * REDIRECT: Allow symbolic port in REDIRECT --to-port - * Fix iptables-save output of libxt_owner match - * allow empty strings in argument parser - * Fix define value of SCTP chunk type. - * cleanup several code wraparounds - * Add RATEEST target extension - * Add rateest match extension - * Properly initialize revision for ip6tables targets - * Resync header files with kernel - * libiptc: move variable definitions to head of function - * Fix CONNMARK mask initialisation - * iptables-save:remove unnecessary code. - * Don't assume /bin/sh is bash - * Add xtables version defines. - * Use s6_addr32 to access bits in int6_addr instead of incompatible name -* Tue Jan 08 2008 prusnak@suse.cz -- updated to 1.4.0: - * Add support for generic xtables infrastructure (improved IPv6 support!) - * Deletes empty ->final_check() functions - * Fix sparse warnings: non-C99 array declaration, incorrect function prototypes - * Remove last vestiges of NFC - * Make @msg argument a const char *, just like printf - * Makes it possible to omit extra_opts of matches/targets if unnecessary - * Fix "iptables getsockopt failed strangely" when querying revisions - for non-existant matches and targets - * Introduces DEST_IPT_LIBDIR in Makefile - * Change default KERNEL_DIR location and add KBUILD_OUTPUT - * Removes obsolete KERNEL_64_USERSPACE_32 definitions - * Fix unused function warning - * Don't use dlfcn.h if NO_SHARED_LIBS is defined - * Fix showing help text for matches/targets with revision as user - * Print warnings to stderr - * Fix sscanf type errors - * Always print mask in iptables-save - * Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names - * Adds --table to iptables-restore - * Make DO_MULTI=1 work for ip6tables* binaries - * Add ip6tables-{save,restore} to non-experimental target, - fix strict aliasing warnings - * Introducing libxt_*.man files. Sorted matches and modules - * Install ip6tables-{save,restore} manpages - * Performance optimization in sorting chain during pull-out - * Fix sockfd use accounting for kernels without autoloading - * use - * Fix make/compile error for iptables-1.4.0rc1 - * Fix for --random option in DNAT and REDIRECT - * Document xt_statistic - * sctp: fix - mistake to pass a pointer where array is required - * Fix connlimit output for inverted --connlimit-above: - ! > is <=, not < - * Add NFLOG manpage - * Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8 - * Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man - * Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8 - * fix check_inverse() call -- removed obsolete patch: - * strict-aliasing-fix.diff (included in update) -* Tue Jul 31 2007 prusnak@suse.cz -- removed sed scripts in %%prep section from last update - * not needed anymore -* Thu Jul 26 2007 prusnak@suse.cz -- updated to 1.3.8 - * Fix build error of conntrack match - * Remove whitespace in ip6tables.c - * `-p all' and `-p 0' should be allowed in ip6tables - * hashlimit doc update - * add --random option to DNAT and REDIRECT - * Makefile uses POSIX conform directory check - * Fix missing newlines in iptables-save/restore output - * Update quota manpage for SMP - * Output for unspecified proto is `all' instead of `0' - * Fix iptables-save with --random option - * Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs - * Remove libnsl from LDLIBS - * Fix problem with iptables-restore and quotes - * Remove unnecessary includes - * Fix --modprobe parameter - * ip6tables-restore should output error of modprobe after failed to load - * Add random option to SNAT - * Fix missing space in error message - * Fixes for manpages of tcp, udp, and icmp{,6} - * Add ip6tables mh extension - * Fix tcpmss manpage - * Add ip6tables TCPMSS extension - * Add UDPLITE multiport support - * Fix missing space in ruleset listing - * Remove extensions for unmaintained/obsolete patchlets - * Fix greedy debug grep - * Fix type in manpage - * Fix compile/install error for iptables-xml with DO_MULTI=1 -- dropped obsolete patches: - * newlines.diff (included in update) - * shlibs.diff (done by sed in %%prep section) - * extensions.diff -* Wed May 09 2007 prusnak@suse.cz -- added newlines to error messages (newlines.diff) [#271847] -* Tue Mar 13 2007 prusnak@suse.cz -- added initial setting of KERNEL_DIR variable in %%install section of spec file -* Tue Jan 09 2007 prusnak@suse.cz -- added experimental tools and extensions (removed by last update) -* Wed Jan 03 2007 prusnak@suse.cz -- updated to 1.3.7 - * Add revision support for ip6tables - * Add port range support for ip6tables multiport match - * Add sctp match extension for ip6tables - * Add iptables-xml tool - * Add hashlimit support for ip6tables (needs kernel > 2.6.19) - * Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19) - * Bugfixes -- updated debian-docs and moved into tar.bz2 -* Thu Nov 16 2006 mjancar@suse.cz -- allow setting KERNEL_DIR on commandline for build (#220851) -* Tue Oct 17 2006 anosek@suse.cz -- updated to version 1.3.6 - * Support multiple matches of the same type within a single rule - * DCCP/SCTP support for multiport match (needs kernel >= 2.6.18) - * SELinux SECMARK target (needs kernel >= 2.6.18) - * SELinux CONNSECMARK target (needs kernel >= 2.6.18) - * Add support for statistic match (needs kernel >= 2.6.18) - * Optionally read realm values from /etc/iproute2/rt_realms - * Bugfixes -* Wed Feb 01 2006 lnussel@suse.de -- updated to version 1.3.5 - * supports ip6tables state and conntrack \o/ (#145758) -* Fri Jan 27 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Tue Jan 24 2006 schwab@suse.de -- Fix building of shared libraries. -* Tue Jan 17 2006 postadal@suse.cz -- updated policy extension from upstream (policy-1.3.4.patch) - * ported for changes in kernel -* Tue Nov 15 2005 postadal@suse.cz -- updated to version 1.3.4 -- added RPM_OPT_FLAGS to CFLAGS -- fixed strict aliasing (strict-aliasing-fix.patch) -* Mon Aug 01 2005 lnussel@suse.de -- add iptables-batch and ip6tables-batch -* Mon Aug 01 2005 postadal@suse.cz -- updated to version 1.3.3 -* Wed Jul 27 2005 postadal@suse.cz -- updated to version 1.3.2 -* Wed Mar 09 2005 postadal@suse.cz -- updated to version 1.3.1 (bug fixes) -* Thu Feb 17 2005 postadal@suse.cz -- updated to version 1.3.0 -- removed obsoleted patch modules-secfix -* Tue Nov 02 2004 postadal@suse.cz -- fixed uninitialised variable [#47850] - CAN-2004-0986 -* Tue Aug 17 2004 mludvig@suse.cz -- Fixed mode for extensions/.policy-test6 -* Thu Aug 05 2004 mludvig@suse.cz -- Added IPv6 support to the 'policy' match. -* Wed Aug 04 2004 postadal@suse.cz -- updated to version 1.2.11 -- removed obsoleted patch clusterip -* Sat Apr 24 2004 lmb@suse.de -- Add support for Cluster IP functionality. -* Wed Apr 21 2004 mludvig@suse.cz -- Added module for IPv6 conntrack from USAGI. -* Wed Mar 24 2004 mludvig@suse.cz -- Added policy module from patch-o-matic -* Fri Feb 06 2004 postadal@suse.cz -- updated to version 1.2.9. -* Sat Jan 10 2004 adrian@suse.de -- add %%defattr -* Wed Jul 23 2003 postadal@suse.cz -- updated to 1.2.8 -* Tue Apr 08 2003 schwab@suse.de -- Prefer sanitized kernel headers. -* Thu Sep 05 2002 postadal@suse.cz -- updated to bugfixed 1.2.7a version -* Wed Aug 28 2002 postadal@suse.cz -- added Requires %%{name} = %%{version} to devel package -* Thu Aug 08 2002 nadvornik@suse.cz -- updated to 1.2.7 -* Wed Mar 27 2002 postadal@suse.cz -- revert to compile it with kernel headers (#15448) -* Fri Feb 01 2002 nadvornik@suse.cz -- compiled with kernel headers from glibc -* Tue Jan 15 2002 nadvornik@suse.cz -- update to 1.2.5 -* Wed Nov 14 2001 nadvornik@suse.cz -- updated to 1.2.4 [bug #12104] - - fixed problems with iptables-save/restore -- iptables-1.2.4.debian.diff.bz2 contains documentation only, - Makefile changes moved to separate patch -* Sat Sep 22 2001 garloff@suse.de -- Fix ipt_string support (compile fix). -* Tue Jul 17 2001 garloff@suse.de -- Update to iptables-1.2.2 -- Appply debian patch: mostly docu stuff -- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM - .spec file to compile and install ip(6)tables-save/restore apps. -* Fri Apr 06 2001 kukuk@suse.de -- changed neededforbuild from lx_suse to kernel-source -* Tue Mar 27 2001 lmuelle@suse.de -- update to 1.2.1a -- add devel package with libipq stuff -- minor spec file cleanup -* Sun Jan 28 2001 olh@suse.de -- update to 1.2, needed for ppc and sparc -* Tue Dec 19 2000 nadvornik@suse.cz -- compiled with lx_suse -* Tue Oct 17 2000 nadvornik@suse.cz -- update to 1.1.2 -* Fri Sep 22 2000 ro@suse.de -- up to 1.1.1 -* Fri Jun 09 2000 ro@suse.de -- fixed neededforbuild -* Wed Jun 07 2000 nadvornik@suse.cz -- new package 1.1.0