diff --git a/0001-include-extend-the-headers-conflict-workaround-to-in.patch b/0001-include-extend-the-headers-conflict-workaround-to-in.patch deleted file mode 100644 index ba80d79..0000000 --- a/0001-include-extend-the-headers-conflict-workaround-to-in.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 2908eda10bf9fc81119d4f3ad672c67918ab5955 Mon Sep 17 00:00:00 2001 -From: Baruch Siach -Date: Sun, 2 Dec 2018 18:56:34 +0200 -Subject: [PATCH] include: extend the headers conflict workaround to in6.h - -Commit 8d9d7e4b9ef ("include: fix build with kernel headers before 4.2") -introduced a kernel/user headers conflict workaround that allows build -of iptables with kernel headers older than 4.2. This minor extension -allows build with kernel headers older than 3.12, which is the version -that introduced explicit IP headers synchronization. - -Fixes: 8d9d7e4b9ef4 ("include: fix build with kernel headers before 4.2") -Cc: Florian Westphal -Signed-off-by: Baruch Siach -Signed-off-by: Pablo Neira Ayuso ---- - include/linux/netfilter.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h -index bacf8cd9..042d8b14 100644 ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -5,8 +5,8 @@ - - #ifndef _NETINET_IN_H - #include --#endif - #include -+#endif - #include - - /* Responses from hook functions. */ --- -2.21.0 - diff --git a/0001-include-fix-build-with-kernel-headers-before-4.2.patch b/0001-include-fix-build-with-kernel-headers-before-4.2.patch deleted file mode 100644 index 13bc73d..0000000 --- a/0001-include-fix-build-with-kernel-headers-before-4.2.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 8d9d7e4b9ef4c6e6abab2cf35c747d7ca36824bd Mon Sep 17 00:00:00 2001 -From: Baruch Siach -Date: Fri, 16 Nov 2018 09:30:33 +0200 -Subject: [PATCH] include: fix build with kernel headers before 4.2 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Commit 672accf1530 (include: update kernel netfilter header files) -updated linux/netfilter.h and brought with it the update from kernel -commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h -from netns headers). This triggers conflict of headers that is fixed in -kernel commit 279c6c7fa64f (api: fix compatibility of linux/in.h with -netinet/in.h) included in kernel version 4.2. For earlier kernel headers -we need a workaround that prevents the headers conflict. - -Fixes the following build failure: - -In file included from .../sysroot/usr/include/netinet/ip.h:25:0, - from ../include/libiptc/ipt_kernel_headers.h:8, - from ../include/libiptc/libiptc.h:6, - from libip4tc.c:29: -.../sysroot/usr/include/linux/in.h:26:3: error: redeclaration of enumerator ‘IPPROTO_IP’ - IPPROTO_IP = 0, /* Dummy protocol for TCP */ - ^ -.../sysroot/usr/include/netinet/in.h:33:5: note: previous definition of ‘IPPROTO_IP’ was here - IPPROTO_IP = 0, /* Dummy protocol for TCP. */ - ^~~~~~~~~~ - -Signed-off-by: Baruch Siach -Signed-off-by: Florian Westphal ---- - include/linux/netfilter.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h -index c3f087ac..bacf8cd9 100644 ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -3,7 +3,9 @@ - - #include - -+#ifndef _NETINET_IN_H - #include -+#endif - #include - #include - --- -2.21.0 - diff --git a/iptables-1.8.2.tar.bz2 b/iptables-1.8.2.tar.bz2 deleted file mode 100644 index 120cf0c..0000000 --- a/iptables-1.8.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3778b50ed1a3256f9ca975de82c2204e508001fc2471238c8c97f3d1c4c12af -size 679858 diff --git a/iptables-1.8.2.tar.bz2.sig b/iptables-1.8.2.tar.bz2.sig deleted file mode 100644 index ef08f9d..0000000 Binary files a/iptables-1.8.2.tar.bz2.sig and /dev/null differ diff --git a/iptables-1.8.3.tar.bz2 b/iptables-1.8.3.tar.bz2 new file mode 100644 index 0000000..9fc86e2 --- /dev/null +++ b/iptables-1.8.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80 +size 716257 diff --git a/iptables-1.8.3.tar.bz2.sig b/iptables-1.8.3.tar.bz2.sig new file mode 100644 index 0000000..e9ef737 Binary files /dev/null and b/iptables-1.8.3.tar.bz2.sig differ diff --git a/iptables.changes b/iptables.changes index 20d223d..534d114 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue May 28 08:37:39 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 1.8.3 + * ebtables: Fix rule listing with counters + * ebtables-nft: Support user-defined chain policies +- Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch + 0001-include-fix-build-with-kernel-headers-before-4.2.patch + (upstreamed) + ------------------------------------------------------------------- Wed May 22 16:15:28 UTC 2019 - Jan Engelhardt diff --git a/iptables.spec b/iptables.spec index 9170767..ae3ce0c 100644 --- a/iptables.spec +++ b/iptables.spec @@ -17,7 +17,7 @@ Name: iptables -Version: 1.8.2 +Version: 1.8.3 Release: 0 Summary: IP packet filter administration utilities License: GPL-2.0-only AND Artistic-2.0 @@ -27,8 +27,6 @@ URL: https://netfilter.org/projects/iptables/ Source: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 Source2: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig Source3: %name.keyring -Patch1: 0001-include-fix-build-with-kernel-headers-before-4.2.patch -Patch2: 0001-include-extend-the-headers-conflict-workaround-to-in.patch Patch3: iptables-batch.patch Patch4: iptables-apply-mktemp-fix.patch Patch5: iptables-batch-lock.patch @@ -45,7 +43,7 @@ BuildRequires: xz BuildRequires: pkgconfig(libmnl) >= 1.0 BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 -BuildRequires: pkgconfig(libnftnl) >= 1.1.1 +BuildRequires: pkgconfig(libnftnl) >= 1.1.3 Requires: netcfg >= 11.6 Requires: xtables-plugins = %version-%release Requires(post): update-alternatives @@ -103,18 +101,29 @@ be modified in userspace prior to reinjection back into the kernel. ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! -%package -n libiptc0 -Summary: Library for the ip_tables low-level ruleset generation and parsing +%package -n libip4tc2 +Summary: Library for the ip_tables low-level ruleset generation and parsing (IPv4) Group: System/Libraries -%description -n libiptc0 +%description -n libip4tc2 libiptc ("iptables cache") is used to retrieve from the kernel, parse, construct, and load rulesets into the kernel. +This package contains the iptc IPv4 API. + +%package -n libip6tc2 +Summary: Library for the ip_tables low-level ruleset generation and parsing (IPv6) +Group: System/Libraries + +%description -n libip6tc2 +libiptc ("iptables cache") is used to retrieve from the kernel, parse, +construct, and load rulesets into the kernel. +This package contains the iptc IPv6 API. %package -n libiptc-devel Summary: Development files for libiptc, a packet filter ruleset library Group: Development/Libraries/C and C++ -Requires: libiptc0 = %version +Requires: libip4tc2 = %version +Requires: libip6tc2 = %version %description -n libiptc-devel libiptc ("iptables cache") is used to retrieve from the kernel, parse, @@ -158,6 +167,8 @@ make %{?_smp_mflags} V=1 %install %make_install b="%buildroot" +# no contents and is unused; proposed for removal upstream +rm -f "$b/%_libdir/"libiptc.so* # iptables-apply is not installed by upstream Makefile install -m0755 iptables/iptables-apply "$b/%_sbindir/" install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/" @@ -211,8 +222,10 @@ fi %post -n libipq0 -p /sbin/ldconfig %postun -n libipq0 -p /sbin/ldconfig -%post -n libiptc0 -p /sbin/ldconfig -%postun -n libiptc0 -p /sbin/ldconfig +%post -n libip4tc2 -p /sbin/ldconfig +%postun -n libip4tc2 -p /sbin/ldconfig +%post -n libip6tc2 -p /sbin/ldconfig +%postun -n libip6tc2 -p /sbin/ldconfig %post -n libxtables12 -p /sbin/ldconfig %postun -n libxtables12 -p /sbin/ldconfig @@ -288,10 +301,11 @@ fi %_libdir/libipq.so %_libdir/pkgconfig/libipq.pc -%files -n libiptc0 -%_libdir/libiptc.so.0* -%_libdir/libip4tc.so.0* -%_libdir/libip6tc.so.0* +%files -n libip4tc2 +%_libdir/libip4tc.so.2* + +%files -n libip6tc2 +%_libdir/libip6tc.so.2* %files -n libiptc-devel %dir %_includedir/%name/