From 7501db81738e5b72b31e5b4ec7bc08a52835e259ec2eef66bb1e5cacbefb2e03 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 8 Oct 2012 13:30:00 +0000 Subject: [PATCH 1/3] iptables-1.4.16.2 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=56 --- iptables-1.4.15.tar.bz2 | 3 --- iptables-1.4.15.tar.bz2.sig | Bin 543 -> 0 bytes iptables-1.4.16.2.tar.bz2 | 3 +++ iptables-1.4.16.2.tar.bz2.sig | Bin 0 -> 543 bytes iptables-batch.patch | 12 ++++++------ iptables.changes | 9 +++++++++ iptables.spec | 13 +++++++------ 7 files changed, 25 insertions(+), 15 deletions(-) delete mode 100644 iptables-1.4.15.tar.bz2 delete mode 100644 iptables-1.4.15.tar.bz2.sig create mode 100644 iptables-1.4.16.2.tar.bz2 create mode 100644 iptables-1.4.16.2.tar.bz2.sig diff --git a/iptables-1.4.15.tar.bz2 b/iptables-1.4.15.tar.bz2 deleted file mode 100644 index 1e3e6c2..0000000 --- a/iptables-1.4.15.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:867c144e60075e7bebe6fcecf0b65169d5e2d1fa5ceec2ebd9780cd5026123ea -size 514830 diff --git a/iptables-1.4.15.tar.bz2.sig b/iptables-1.4.15.tar.bz2.sig deleted file mode 100644 index 0075ad8e09e79b2755c87ec572db207789538f0d59f0bd5f49574fe7032fc890..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p-hPw^0BJ2@s?aABnqPSj;U?5CDmUUW)+Z^U7dZggbog z&`@_IH2JP1zj2{k{>{TX15V{+`X3))ED1>KXUjUyE%Gsd5040hVYv42{JPI!o0f_IipmK*11<(D>151F3S4{r)(~a_Mv=SzlCb<4M=c5QCK9 zlYZ-6`X@bnA5qWy3BELXzbQzJeczyMV(4=!Osz4ovq~^_s|;@30&OwD+!X!zB|*_z zmz11p!W>~ls{O1Ya`+L_xqF3)p^7EdIjcE!mnYH|damhh0eM<6ty_zNn{}xh=TEyy z(L)h%sUdcH=Ns|N|M9Sr(AQ(RIbXK1tH3@t-(KI->S*2DJbRga-@pIGa_GECsGXxV z4yH44J5tL-zc+D} zGdS&ykg8$?jP0nyMQzG@1iro7vDvbV!p%4TnGShO@GgJUOU&6f)q9> z)gR|e7bE2TIz4>zn0b@%YdwB$RFGEF-x_%Oe%tuTsdmEe@2U~#+Zsc@Dkle@Zey?8 zSiKfdJ$$$?C4KN4%{%~q3ENv1c|>WlSKN77@)CkXLQS1!fUWs-2Z-ug192!dw_Kf2 z$fQzZ4=i9qAn1ko{Mp9K0>8xx#dKp}D^J?a`|ZGUKR|r0o`F>E?Ob09+;onxe$sPV=CpAp{1^+gddOk<$e!dKZfP(AEYf}X3lyRX_}o}=O=kK%3-=Wu3wMnB`Iac27wHPOO3 z9-U?_?vc%EWoy#eJl7s!?TqU}6eapUBQ?-}?zkku&Qa0zN-Lul? zNyyG;AR+Ezxy; diff --git a/iptables.changes b/iptables.changes index 96d1469..ffeb50b 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Oct 8 12:42:37 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 1.4.16.2 +* This release includes aliasing support which translates command + lines using obsolete extensions into new ones. The option parser + now flags illegal negative numbers in some more extensions. + A division by zero was resolved in libxt_limit as well. + ------------------------------------------------------------------- Tue Jul 31 12:08:07 UTC 2012 - jengelh@inai.de diff --git a/iptables.spec b/iptables.spec index 3d3c13e..83f9275 100644 --- a/iptables.spec +++ b/iptables.spec @@ -19,19 +19,19 @@ Name: iptables %define lname_ipq libipq0 %define lname_iptc libiptc0 -%define lname_xt libxtables7 -Version: 1.4.15 +%define lname_xt libxtables9 +Version: 1.4.16.2 Release: 0 Summary: IP Packet Filter Administration utilities License: GPL-2.0+ Group: Productivity/Networking/Security Url: http://netfilter.org/ -#DL-URL: ftp://ftp.netfilter.org/pub/iptables/ #Git-Web: http://git.netfilter.org/ #Git-Clone: git://git.netfilter.org/iptables -Source: ftp://ftp.netfilter.org/pub/iptables/%name-%version.tar.bz2 -Source2: ftp://ftp.netfilter.org/pub/iptables/%name-%version.tar.bz2.sig +#DL-URL: http://netfilter.org/projects/iptables/files/ +Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 +Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig Patch1: iptables-batch.patch Patch2: iptables-apply-mktemp-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -215,12 +215,13 @@ rm -f "%buildroot/%_libdir"/*.la; %files -n %lname_xt %defattr(-,root,root) -%_libdir/libxtables.so.7* +%_libdir/libxtables.so.9* %files -n libxtables-devel %defattr(-,root,root) %dir %_includedir/%name-%version %_includedir/%name-%version/xtables.h +%_includedir/%name-%version/xtables-version.h %_libdir/libxtables.so %_libdir/pkgconfig/xtables.pc From 19464ae5294a99e166e1b53f2fcb51a0e8df8a9d0d40078143c11bbabdf7d310 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 9 Oct 2012 01:11:41 +0000 Subject: [PATCH 2/3] RHEL5 workarounds OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=57 --- iptables.spec | 4 +-- rhel5-libxt_limit.diff | 56 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 rhel5-libxt_limit.diff diff --git a/iptables.spec b/iptables.spec index 83f9275..1aab935 100644 --- a/iptables.spec +++ b/iptables.spec @@ -34,6 +34,7 @@ Source: http://netfilter.org/projects/iptables/files/%name-%version.tar. Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig Patch1: iptables-batch.patch Patch2: iptables-apply-mktemp-fix.patch +Patch3: rhel5-libxt_limit.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} BuildRequires: sgmltool @@ -138,8 +139,7 @@ xtables --variable=xtlibdir). tar -xf "%{S:0}" --use=bzip2; %setup -DTq %endif -%patch -P 1 -p1 -%patch2 -p1 +%patch -P 1 -P 2 -P 3 -p1 %build if [ ! -e configure ]; then diff --git a/rhel5-libxt_limit.diff b/rhel5-libxt_limit.diff new file mode 100644 index 0000000..2699f0d --- /dev/null +++ b/rhel5-libxt_limit.diff @@ -0,0 +1,56 @@ +From f525886fc628341809e9139f87eab92f3f6f31da Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Tue, 9 Oct 2012 00:14:17 +0200 +Subject: [PATCH] build: resolve compile abort in libxt_limit on RHEL5 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + libxt_limit.c: In function 'print_rate': + libxt_limit.c:124: error: 'INFINITY' undeclared (first use in + this function) + +The default mode of glibc-2.15's sets +"-D_POSIX_C_SOURCE=200809L", and therefore "-D_ISOC99_SOURCE". However, +on þe olde RHEL 5's glibc-2.5, it only has "-D_POSIX_C_SOURCE=200112L". + +Explicitly draw in the definition of INFINITY by always defining +_ISOC99_SOURCE. By doing this, we are moving off of the default set, so +_BSD_SOURCE also needs to be explicitly set to get at IFNAMSIZ that is +used in xt_hashlimit.h. + +Signed-off-by: Jan Engelhardt +--- + extensions/libxt_hashlimit.c | 2 ++ + extensions/libxt_limit.c | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c +index 831345b..c5b8d77 100644 +--- a/extensions/libxt_hashlimit.c ++++ b/extensions/libxt_hashlimit.c +@@ -10,6 +10,8 @@ + * + * Error corections by nmalykh@bilim.com (22.01.2005) + */ ++#define _BSD_SOURCE 1 ++#define _ISOC99_SOURCE 1 + #include + #include + #include +diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c +index 023500c..f75ef2f 100644 +--- a/extensions/libxt_limit.c ++++ b/extensions/libxt_limit.c +@@ -3,6 +3,8 @@ + * Jérôme de Vivie + * Hervé Eychenne + */ ++#define _BSD_SOURCE 1 ++#define _ISOC99_SOURCE 1 + #include + #include + #include +-- +1.7.10.4 + From a739a7199dfa6d7a6a691ea1c5c946814dde9745cfef702b64fe24b686a8af7d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 26 Oct 2012 00:52:14 +0000 Subject: [PATCH 3/3] iptables-1.4.16.3 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=58 --- iptables-1.4.16.2.tar.bz2 | 3 -- iptables-1.4.16.2.tar.bz2.sig | Bin 543 -> 0 bytes iptables-1.4.16.3.tar.bz2 | 3 ++ iptables-1.4.16.3.tar.bz2.sig | Bin 0 -> 543 bytes iptables.changes | 2 +- iptables.spec | 5 ++- rhel5-libxt_limit.diff | 56 ---------------------------------- 7 files changed, 6 insertions(+), 63 deletions(-) delete mode 100644 iptables-1.4.16.2.tar.bz2 delete mode 100644 iptables-1.4.16.2.tar.bz2.sig create mode 100644 iptables-1.4.16.3.tar.bz2 create mode 100644 iptables-1.4.16.3.tar.bz2.sig delete mode 100644 rhel5-libxt_limit.diff diff --git a/iptables-1.4.16.2.tar.bz2 b/iptables-1.4.16.2.tar.bz2 deleted file mode 100644 index 0ea38cf..0000000 --- a/iptables-1.4.16.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4468ce7e1d68349a8e30f26110eb7969dbfdbf497d6c53758883123b3f2d6f6e -size 536755 diff --git a/iptables-1.4.16.2.tar.bz2.sig b/iptables-1.4.16.2.tar.bz2.sig deleted file mode 100644 index 15469c73036fba7cbbfbf72760d30795f07c7735e863e84e79610ab76bb81ecd..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p-iVidX;&2@s?aABnqPSj;2e5Bvy&xeU=+H!ARUxd_h> zGdS&ykg8$?jP0nyMQzG@1iro7vDvbV!p%4TnGShO@GgJUOU&6f)q9> z)gR|e7bE2TIz4>zn0b@%YdwB$RFGEF-x_%Oe%tuTsdmEe@2U~#+Zsc@Dkle@Zey?8 zSiKfdJ$$$?C4KN4%{%~q3ENv1c|>WlSKN77@)CkXLQS1!fUWs-2Z-ug192!dw_Kf2 z$fQzZ4=i9qAn1ko{Mp9K0>8xx#dKp}D^J?a`|ZGUKR|r0o`F>E?Ob09+;onxe$sPV=CpAp{1^+gddOk<$e!dKZfP(AEYf}X3lyRX_}o}=O=kK%3-=Wu3wMnB`Iac27wHPOO3 z9-U?_?vc%EWoy#eJl7s!?TqU}6eapUBQ?-}?zkku&Qa0zN-Lul? zNyyG;AR+Ezxy;jjA9xg^9-Pl^YqB}-bPKUT<>QB}GZPd$$Odt`! z$zrpkC?B@j&jwxeXibMg*!Jb4kU|E#9nfjTeM=XXcytVk*uo%^Gfvsd_&miOPar;^ znpQBhY3;Yjzuy@@^;zYZ?zNj#2171fXNrAttyLGU?qWpO9i|;01jiG2ALXxJ+VceW z5}6EfO(UH0AuoAG`ds0-UfZ%dVY=6=Ut~Q__(E&WD$t0`*&`q#67Zu|GMDNG4cUBs zC)sRHRSSw%H)J5NY2ytzk&u-M`9Amc;T_| h?VrT4oVdCWa(Os)*K?A{{U{1u7J$b;5T)Mge$Oqg1f2i? literal 0 HcmV?d00001 diff --git a/iptables.changes b/iptables.changes index ffeb50b..8dcdb48 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Mon Oct 8 12:42:37 UTC 2012 - jengelh@inai.de -- Update to new upstream release 1.4.16.2 +- Update to new upstream release 1.4.16.3 * This release includes aliasing support which translates command lines using obsolete extensions into new ones. The option parser now flags illegal negative numbers in some more extensions. diff --git a/iptables.spec b/iptables.spec index 1aab935..27ba3ce 100644 --- a/iptables.spec +++ b/iptables.spec @@ -20,7 +20,7 @@ Name: iptables %define lname_ipq libipq0 %define lname_iptc libiptc0 %define lname_xt libxtables9 -Version: 1.4.16.2 +Version: 1.4.16.3 Release: 0 Summary: IP Packet Filter Administration utilities License: GPL-2.0+ @@ -34,7 +34,6 @@ Source: http://netfilter.org/projects/iptables/files/%name-%version.tar. Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig Patch1: iptables-batch.patch Patch2: iptables-apply-mktemp-fix.patch -Patch3: rhel5-libxt_limit.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} BuildRequires: sgmltool @@ -139,7 +138,7 @@ xtables --variable=xtlibdir). tar -xf "%{S:0}" --use=bzip2; %setup -DTq %endif -%patch -P 1 -P 2 -P 3 -p1 +%patch -P 1 -P 2 -p1 %build if [ ! -e configure ]; then diff --git a/rhel5-libxt_limit.diff b/rhel5-libxt_limit.diff deleted file mode 100644 index 2699f0d..0000000 --- a/rhel5-libxt_limit.diff +++ /dev/null @@ -1,56 +0,0 @@ -From f525886fc628341809e9139f87eab92f3f6f31da Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Tue, 9 Oct 2012 00:14:17 +0200 -Subject: [PATCH] build: resolve compile abort in libxt_limit on RHEL5 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - - libxt_limit.c: In function 'print_rate': - libxt_limit.c:124: error: 'INFINITY' undeclared (first use in - this function) - -The default mode of glibc-2.15's sets -"-D_POSIX_C_SOURCE=200809L", and therefore "-D_ISOC99_SOURCE". However, -on þe olde RHEL 5's glibc-2.5, it only has "-D_POSIX_C_SOURCE=200112L". - -Explicitly draw in the definition of INFINITY by always defining -_ISOC99_SOURCE. By doing this, we are moving off of the default set, so -_BSD_SOURCE also needs to be explicitly set to get at IFNAMSIZ that is -used in xt_hashlimit.h. - -Signed-off-by: Jan Engelhardt ---- - extensions/libxt_hashlimit.c | 2 ++ - extensions/libxt_limit.c | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c -index 831345b..c5b8d77 100644 ---- a/extensions/libxt_hashlimit.c -+++ b/extensions/libxt_hashlimit.c -@@ -10,6 +10,8 @@ - * - * Error corections by nmalykh@bilim.com (22.01.2005) - */ -+#define _BSD_SOURCE 1 -+#define _ISOC99_SOURCE 1 - #include - #include - #include -diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c -index 023500c..f75ef2f 100644 ---- a/extensions/libxt_limit.c -+++ b/extensions/libxt_limit.c -@@ -3,6 +3,8 @@ - * Jérôme de Vivie - * Hervé Eychenne - */ -+#define _BSD_SOURCE 1 -+#define _ISOC99_SOURCE 1 - #include - #include - #include --- -1.7.10.4 -