diff --git a/0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch b/0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch deleted file mode 100644 index 76e175b..0000000 --- a/0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Sat, 16 Mar 2013 12:15:30 +0100 -Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP" - -This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6. - -The use of libtool was introduced to resolve linking problems -in NETMAP (IPv6 version), but that resulted in RPATH problems -reported from distributors and warnings spotted by libtool at -linking stage. - -Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and -get rid of libip6tc dependency) fixed the NETMAP issue, let's -roll back to our previous stage. - -A small conflicts in extensions/GNUmakefile.in has been resolved -in this revert. - -Signed-off-by: Pablo Neira Ayuso ---- - extensions/GNUmakefile.in | 18 +++++++----------- - 1 file changed, 7 insertions(+), 11 deletions(-) - -diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in -index 3db6985..1ae7f74 100644 ---- a/extensions/GNUmakefile.in -+++ b/extensions/GNUmakefile.in -@@ -33,7 +33,6 @@ AM_VERBOSE_CXX = @echo " CXX " $@; - AM_VERBOSE_CXXLD = @echo " CXXLD " $@; - AM_VERBOSE_AR = @echo " AR " $@; - AM_VERBOSE_GEN = @echo " GEN " $@; --AM_VERBOSE_NULL = @ - endif - - # -@@ -76,7 +75,7 @@ install: ${targets_install} - if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi; - - clean: -- rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; -+ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; - rm -f .*.d .*.dd; - - distclean: clean -@@ -90,19 +89,16 @@ init%.o: init%.c - # - # Shared libraries - # --lib%.so: lib%.la -- ${AM_VERBOSE_NULL} ln -fs .libs/$@ $@ -+lib%.so: lib%.oo -+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD}; - --lib%.la: lib%.lo -- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir} -- --lib%.lo: ${srcdir}/lib%.c -- ${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $< -+lib%.oo: ${srcdir}/lib%.c -+ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; - - libxt_NOTRACK.so: libxt_CT.so -- ${AM_VERBOSE_GEN} ln -fs $< $@ -+ ln -fs $< $@ - libxt_state.so: libxt_conntrack.so -- ${AM_VERBOSE_GEN} ln -fs $< $@ -+ ln -fs $< $@ - - # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD - xt_RATEEST_LIBADD = -lm --- -1.8.2 - diff --git a/0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch b/0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch deleted file mode 100644 index c095baa..0000000 --- a/0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch +++ /dev/null @@ -1,88 +0,0 @@ -From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Sat, 16 Mar 2013 12:11:07 +0100 -Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of - libip6tc dependency - -This patch changes the NETMAP target extension (IPv6 side) to use -the xtables_ip6mask_to_cidr available in libxtables. - -As a side effect, we get rid of the libip6tc dependency. - -Signed-off-by: Pablo Neira Ayuso ---- - extensions/GNUmakefile.in | 1 - - extensions/libip6t_NETMAP.c | 2 +- - include/libiptc/libip6tc.h | 3 --- - iptables/ip6tables.c | 2 +- - libiptc/libip6tc.c | 2 +- - 5 files changed, 3 insertions(+), 7 deletions(-) - -diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in -index adad4d6..3db6985 100644 ---- a/extensions/GNUmakefile.in -+++ b/extensions/GNUmakefile.in -@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so - ${AM_VERBOSE_GEN} ln -fs $< $@ - - # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD --ip6t_NETMAP_LIBADD = ../libiptc/libip6tc.la - xt_RATEEST_LIBADD = -lm - xt_statistic_LIBADD = -lm - -diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c -index d14dece..a4df70e 100644 ---- a/extensions/libip6t_NETMAP.c -+++ b/extensions/libip6t_NETMAP.c -@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target, - printf("%s", xtables_ip6addr_to_numeric(&a)); - for (i = 0; i < 4; i++) - a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]); -- bits = ipv6_prefix_length(&a); -+ bits = xtables_ip6mask_to_cidr(&a); - if (bits < 0) - printf("/%s", xtables_ip6addr_to_numeric(&a)); - else -diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h -index c656bc4..9aed80a 100644 ---- a/include/libiptc/libip6tc.h -+++ b/include/libiptc/libip6tc.h -@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void); - /* Translates errno numbers into more human-readable form than strerror. */ - const char *ip6tc_strerror(int err); - --/* Return prefix length, or -1 if not contiguous */ --int ipv6_prefix_length(const struct in6_addr *a); -- - extern void dump_entries6(struct xtc_handle *const); - - extern const struct xtc_ops ip6tc_ops; -diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c -index 4cfbea3..7d02cc1 100644 ---- a/iptables/ip6tables.c -+++ b/iptables/ip6tables.c -@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip, - const struct in6_addr *mask, int invert) - { - char buf[51]; -- int l = ipv6_prefix_length(mask); -+ int l = xtables_ip6mask_to_cidr(mask); - - if (l == 0 && !invert) - return; -diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c -index 7128e1c..ca01bcb 100644 ---- a/libiptc/libip6tc.c -+++ b/libiptc/libip6tc.c -@@ -113,7 +113,7 @@ typedef unsigned int socklen_t; - #define BIT6(a, l) \ - ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1) - --int -+static int - ipv6_prefix_length(const struct in6_addr *a) - { - int l, i; --- -1.8.2 - diff --git a/iptables-1.4.18.tar.bz2 b/iptables-1.4.18.tar.bz2 deleted file mode 100644 index 565c95c..0000000 --- a/iptables-1.4.18.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c -size 542308 diff --git a/iptables-1.4.18.tar.bz2.sig b/iptables-1.4.18.tar.bz2.sig deleted file mode 100644 index 9678552..0000000 Binary files a/iptables-1.4.18.tar.bz2.sig and /dev/null differ diff --git a/iptables-1.4.19.1.tar.bz2 b/iptables-1.4.19.1.tar.bz2 new file mode 100644 index 0000000..fca0977 --- /dev/null +++ b/iptables-1.4.19.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dd51d3b942758a462afc7c8495930d25c93058e5319303247375183ad50164d2 +size 543785 diff --git a/iptables-1.4.19.1.tar.bz2.sig b/iptables-1.4.19.1.tar.bz2.sig new file mode 100644 index 0000000..e181708 Binary files /dev/null and b/iptables-1.4.19.1.tar.bz2.sig differ diff --git a/iptables.changes b/iptables.changes index 4c9e7fa..3537684 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri May 31 20:00:39 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 1.4.19.1 +* New connlabel and bpf matches +- Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch, + 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch + (are upstream) + ------------------------------------------------------------------- Mon Apr 15 06:19:21 UTC 2013 - jengelh@inai.de diff --git a/iptables.spec b/iptables.spec index 3e3e197..45d2696 100644 --- a/iptables.spec +++ b/iptables.spec @@ -20,7 +20,7 @@ Name: iptables %define lname_ipq libipq0 %define lname_iptc libiptc0 %define lname_xt libxtables10 -Version: 1.4.18 +Version: 1.4.19.1 Release: 0 Summary: IP Packet Filter Administration utilities License: GPL-2.0 and Artistic-2.0 @@ -34,8 +34,6 @@ Url: http://netfilter.org/projects/iptables/ Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig Source3: %name.keyring -Patch1: 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch -Patch2: 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch Patch3: iptables-batch.patch Patch4: iptables-apply-mktemp-fix.patch @@ -148,7 +146,7 @@ xtables --variable=xtlibdir). %prep %{?gpg_verify: %gpg_verify %{S:2}} %setup -q -%patch -P 1 -P 2 -P 3 -P 4 -p1 +%patch -P 3 -P 4 -p1 %build # We have the iptables-batch patch, so always regenerate. @@ -159,7 +157,7 @@ fi rm -f extensions/libipt_unclean.man # includedir is overriden on purpose to detect projects that # fail to include libxtables_CFLAGS -%configure --includedir=%_includedir/%name-%version --enable-libipq +%configure --includedir="%_includedir/pkg/%name" --enable-libipq make %{?_smp_mflags} %install @@ -201,9 +199,11 @@ rm -f "%buildroot/%_libdir"/*.la; %files -n xtables-plugins %defattr(-,root,root) -%_libdir/xtables +%dir %_sysconfdir/xtables/ +%config %_sysconfdir/xtables/*.conf +%_libdir/xtables/ %_sbindir/nfnl_osf -%_datadir/xtables +%_datadir/xtables/ %files -n %lname_ipq %defattr(-,root,root) @@ -213,8 +213,8 @@ rm -f "%buildroot/%_libdir"/*.la; %defattr(-,root,root) %doc %_mandir/man3/libipq* %doc %_mandir/man3/ipq* -%dir %_includedir/%name-%version -%_includedir/%name-%version/libipq* +%dir %_includedir/pkg/%name/ +%_includedir/pkg/%name/libipq* %_libdir/libipq.so %_libdir/pkgconfig/libipq.pc @@ -226,8 +226,9 @@ rm -f "%buildroot/%_libdir"/*.la; %files -n libiptc-devel %defattr(-,root,root) -%dir %_includedir/%name-%version -%_includedir/%name-%version/libiptc* +%dir %_includedir/pkg/ +%dir %_includedir/pkg/%name/ +%_includedir/pkg/%name/libiptc* %_libdir/libip*tc.so %_libdir/pkgconfig/libip*tc.pc @@ -237,9 +238,10 @@ rm -f "%buildroot/%_libdir"/*.la; %files -n libxtables-devel %defattr(-,root,root) -%dir %_includedir/%name-%version -%_includedir/%name-%version/xtables.h -%_includedir/%name-%version/xtables-version.h +%dir %_includedir/pkg/ +%dir %_includedir/pkg/%name/ +%_includedir/pkg/%name/xtables.h +%_includedir/pkg/%name/xtables-version.h %_libdir/libxtables.so %_libdir/pkgconfig/xtables.pc