forked from jengelh/iptables
- Update to new upstream release 1.8.3
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=130
This commit is contained in:
parent
0be2487f57
commit
b743329ed5
@ -1,36 +0,0 @@
|
|||||||
From 2908eda10bf9fc81119d4f3ad672c67918ab5955 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Baruch Siach <baruch@tkos.co.il>
|
|
||||||
Date: Sun, 2 Dec 2018 18:56:34 +0200
|
|
||||||
Subject: [PATCH] include: extend the headers conflict workaround to in6.h
|
|
||||||
|
|
||||||
Commit 8d9d7e4b9ef ("include: fix build with kernel headers before 4.2")
|
|
||||||
introduced a kernel/user headers conflict workaround that allows build
|
|
||||||
of iptables with kernel headers older than 4.2. This minor extension
|
|
||||||
allows build with kernel headers older than 3.12, which is the version
|
|
||||||
that introduced explicit IP headers synchronization.
|
|
||||||
|
|
||||||
Fixes: 8d9d7e4b9ef4 ("include: fix build with kernel headers before 4.2")
|
|
||||||
Cc: Florian Westphal <fw@strlen.de>
|
|
||||||
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
|
||||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
||||||
---
|
|
||||||
include/linux/netfilter.h | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
|
|
||||||
index bacf8cd9..042d8b14 100644
|
|
||||||
--- a/include/linux/netfilter.h
|
|
||||||
+++ b/include/linux/netfilter.h
|
|
||||||
@@ -5,8 +5,8 @@
|
|
||||||
|
|
||||||
#ifndef _NETINET_IN_H
|
|
||||||
#include <linux/in.h>
|
|
||||||
-#endif
|
|
||||||
#include <linux/in6.h>
|
|
||||||
+#endif
|
|
||||||
#include <limits.h>
|
|
||||||
|
|
||||||
/* Responses from hook functions. */
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,52 +0,0 @@
|
|||||||
From 8d9d7e4b9ef4c6e6abab2cf35c747d7ca36824bd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Baruch Siach <baruch@tkos.co.il>
|
|
||||||
Date: Fri, 16 Nov 2018 09:30:33 +0200
|
|
||||||
Subject: [PATCH] include: fix build with kernel headers before 4.2
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Commit 672accf1530 (include: update kernel netfilter header files)
|
|
||||||
updated linux/netfilter.h and brought with it the update from kernel
|
|
||||||
commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h
|
|
||||||
from netns headers). This triggers conflict of headers that is fixed in
|
|
||||||
kernel commit 279c6c7fa64f (api: fix compatibility of linux/in.h with
|
|
||||||
netinet/in.h) included in kernel version 4.2. For earlier kernel headers
|
|
||||||
we need a workaround that prevents the headers conflict.
|
|
||||||
|
|
||||||
Fixes the following build failure:
|
|
||||||
|
|
||||||
In file included from .../sysroot/usr/include/netinet/ip.h:25:0,
|
|
||||||
from ../include/libiptc/ipt_kernel_headers.h:8,
|
|
||||||
from ../include/libiptc/libiptc.h:6,
|
|
||||||
from libip4tc.c:29:
|
|
||||||
.../sysroot/usr/include/linux/in.h:26:3: error: redeclaration of enumerator ‘IPPROTO_IP’
|
|
||||||
IPPROTO_IP = 0, /* Dummy protocol for TCP */
|
|
||||||
^
|
|
||||||
.../sysroot/usr/include/netinet/in.h:33:5: note: previous definition of ‘IPPROTO_IP’ was here
|
|
||||||
IPPROTO_IP = 0, /* Dummy protocol for TCP. */
|
|
||||||
^~~~~~~~~~
|
|
||||||
|
|
||||||
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
|
||||||
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
||||||
---
|
|
||||||
include/linux/netfilter.h | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
|
|
||||||
index c3f087ac..bacf8cd9 100644
|
|
||||||
--- a/include/linux/netfilter.h
|
|
||||||
+++ b/include/linux/netfilter.h
|
|
||||||
@@ -3,7 +3,9 @@
|
|
||||||
|
|
||||||
#include <linux/types.h>
|
|
||||||
|
|
||||||
+#ifndef _NETINET_IN_H
|
|
||||||
#include <linux/in.h>
|
|
||||||
+#endif
|
|
||||||
#include <linux/in6.h>
|
|
||||||
#include <limits.h>
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:a3778b50ed1a3256f9ca975de82c2204e508001fc2471238c8c97f3d1c4c12af
|
|
||||||
size 679858
|
|
Binary file not shown.
3
iptables-1.8.3.tar.bz2
Normal file
3
iptables-1.8.3.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80
|
||||||
|
size 716257
|
BIN
iptables-1.8.3.tar.bz2.sig
Normal file
BIN
iptables-1.8.3.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,3 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 28 08:37:39 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to new upstream release 1.8.3
|
||||||
|
* ebtables: Fix rule listing with counters
|
||||||
|
* ebtables-nft: Support user-defined chain policies
|
||||||
|
- Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch
|
||||||
|
0001-include-fix-build-with-kernel-headers-before-4.2.patch
|
||||||
|
(upstreamed)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 22 16:15:28 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
Wed May 22 16:15:28 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: iptables
|
Name: iptables
|
||||||
Version: 1.8.2
|
Version: 1.8.3
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: IP packet filter administration utilities
|
Summary: IP packet filter administration utilities
|
||||||
License: GPL-2.0-only AND Artistic-2.0
|
License: GPL-2.0-only AND Artistic-2.0
|
||||||
@ -27,8 +27,6 @@ URL: https://netfilter.org/projects/iptables/
|
|||||||
Source: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
|
Source: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
|
||||||
Source2: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
|
Source2: https://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
|
||||||
Source3: %name.keyring
|
Source3: %name.keyring
|
||||||
Patch1: 0001-include-fix-build-with-kernel-headers-before-4.2.patch
|
|
||||||
Patch2: 0001-include-extend-the-headers-conflict-workaround-to-in.patch
|
|
||||||
Patch3: iptables-batch.patch
|
Patch3: iptables-batch.patch
|
||||||
Patch4: iptables-apply-mktemp-fix.patch
|
Patch4: iptables-apply-mktemp-fix.patch
|
||||||
Patch5: iptables-batch-lock.patch
|
Patch5: iptables-batch-lock.patch
|
||||||
@ -45,7 +43,7 @@ BuildRequires: xz
|
|||||||
BuildRequires: pkgconfig(libmnl) >= 1.0
|
BuildRequires: pkgconfig(libmnl) >= 1.0
|
||||||
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
|
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
|
||||||
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
|
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
|
||||||
BuildRequires: pkgconfig(libnftnl) >= 1.1.1
|
BuildRequires: pkgconfig(libnftnl) >= 1.1.3
|
||||||
Requires: netcfg >= 11.6
|
Requires: netcfg >= 11.6
|
||||||
Requires: xtables-plugins = %version-%release
|
Requires: xtables-plugins = %version-%release
|
||||||
Requires(post): update-alternatives
|
Requires(post): update-alternatives
|
||||||
@ -103,18 +101,29 @@ be modified in userspace prior to reinjection back into the kernel.
|
|||||||
|
|
||||||
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
|
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
|
||||||
|
|
||||||
%package -n libiptc0
|
%package -n libip4tc2
|
||||||
Summary: Library for the ip_tables low-level ruleset generation and parsing
|
Summary: Library for the ip_tables low-level ruleset generation and parsing (IPv4)
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
|
|
||||||
%description -n libiptc0
|
%description -n libip4tc2
|
||||||
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
|
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
|
||||||
construct, and load rulesets into the kernel.
|
construct, and load rulesets into the kernel.
|
||||||
|
This package contains the iptc IPv4 API.
|
||||||
|
|
||||||
|
%package -n libip6tc2
|
||||||
|
Summary: Library for the ip_tables low-level ruleset generation and parsing (IPv6)
|
||||||
|
Group: System/Libraries
|
||||||
|
|
||||||
|
%description -n libip6tc2
|
||||||
|
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
|
||||||
|
construct, and load rulesets into the kernel.
|
||||||
|
This package contains the iptc IPv6 API.
|
||||||
|
|
||||||
%package -n libiptc-devel
|
%package -n libiptc-devel
|
||||||
Summary: Development files for libiptc, a packet filter ruleset library
|
Summary: Development files for libiptc, a packet filter ruleset library
|
||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
Requires: libiptc0 = %version
|
Requires: libip4tc2 = %version
|
||||||
|
Requires: libip6tc2 = %version
|
||||||
|
|
||||||
%description -n libiptc-devel
|
%description -n libiptc-devel
|
||||||
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
|
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
|
||||||
@ -158,6 +167,8 @@ make %{?_smp_mflags} V=1
|
|||||||
%install
|
%install
|
||||||
%make_install
|
%make_install
|
||||||
b="%buildroot"
|
b="%buildroot"
|
||||||
|
# no contents and is unused; proposed for removal upstream
|
||||||
|
rm -f "$b/%_libdir/"libiptc.so*
|
||||||
# iptables-apply is not installed by upstream Makefile
|
# iptables-apply is not installed by upstream Makefile
|
||||||
install -m0755 iptables/iptables-apply "$b/%_sbindir/"
|
install -m0755 iptables/iptables-apply "$b/%_sbindir/"
|
||||||
install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
|
install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
|
||||||
@ -211,8 +222,10 @@ fi
|
|||||||
|
|
||||||
%post -n libipq0 -p /sbin/ldconfig
|
%post -n libipq0 -p /sbin/ldconfig
|
||||||
%postun -n libipq0 -p /sbin/ldconfig
|
%postun -n libipq0 -p /sbin/ldconfig
|
||||||
%post -n libiptc0 -p /sbin/ldconfig
|
%post -n libip4tc2 -p /sbin/ldconfig
|
||||||
%postun -n libiptc0 -p /sbin/ldconfig
|
%postun -n libip4tc2 -p /sbin/ldconfig
|
||||||
|
%post -n libip6tc2 -p /sbin/ldconfig
|
||||||
|
%postun -n libip6tc2 -p /sbin/ldconfig
|
||||||
%post -n libxtables12 -p /sbin/ldconfig
|
%post -n libxtables12 -p /sbin/ldconfig
|
||||||
%postun -n libxtables12 -p /sbin/ldconfig
|
%postun -n libxtables12 -p /sbin/ldconfig
|
||||||
|
|
||||||
@ -288,10 +301,11 @@ fi
|
|||||||
%_libdir/libipq.so
|
%_libdir/libipq.so
|
||||||
%_libdir/pkgconfig/libipq.pc
|
%_libdir/pkgconfig/libipq.pc
|
||||||
|
|
||||||
%files -n libiptc0
|
%files -n libip4tc2
|
||||||
%_libdir/libiptc.so.0*
|
%_libdir/libip4tc.so.2*
|
||||||
%_libdir/libip4tc.so.0*
|
|
||||||
%_libdir/libip6tc.so.0*
|
%files -n libip6tc2
|
||||||
|
%_libdir/libip6tc.so.2*
|
||||||
|
|
||||||
%files -n libiptc-devel
|
%files -n libiptc-devel
|
||||||
%dir %_includedir/%name/
|
%dir %_includedir/%name/
|
||||||
|
Loading…
Reference in New Issue
Block a user