forked from jengelh/iptables
iptables-1.4.19.1
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=74
This commit is contained in:
parent
4fccb45841
commit
dcf172f95e
@ -1,74 +0,0 @@
|
|||||||
From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
||||||
Date: Sat, 16 Mar 2013 12:15:30 +0100
|
|
||||||
Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP"
|
|
||||||
|
|
||||||
This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6.
|
|
||||||
|
|
||||||
The use of libtool was introduced to resolve linking problems
|
|
||||||
in NETMAP (IPv6 version), but that resulted in RPATH problems
|
|
||||||
reported from distributors and warnings spotted by libtool at
|
|
||||||
linking stage.
|
|
||||||
|
|
||||||
Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and
|
|
||||||
get rid of libip6tc dependency) fixed the NETMAP issue, let's
|
|
||||||
roll back to our previous stage.
|
|
||||||
|
|
||||||
A small conflicts in extensions/GNUmakefile.in has been resolved
|
|
||||||
in this revert.
|
|
||||||
|
|
||||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
||||||
---
|
|
||||||
extensions/GNUmakefile.in | 18 +++++++-----------
|
|
||||||
1 file changed, 7 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
|
|
||||||
index 3db6985..1ae7f74 100644
|
|
||||||
--- a/extensions/GNUmakefile.in
|
|
||||||
+++ b/extensions/GNUmakefile.in
|
|
||||||
@@ -33,7 +33,6 @@ AM_VERBOSE_CXX = @echo " CXX " $@;
|
|
||||||
AM_VERBOSE_CXXLD = @echo " CXXLD " $@;
|
|
||||||
AM_VERBOSE_AR = @echo " AR " $@;
|
|
||||||
AM_VERBOSE_GEN = @echo " GEN " $@;
|
|
||||||
-AM_VERBOSE_NULL = @
|
|
||||||
endif
|
|
||||||
|
|
||||||
#
|
|
||||||
@@ -76,7 +75,7 @@ install: ${targets_install}
|
|
||||||
if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
|
|
||||||
|
|
||||||
clean:
|
|
||||||
- rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
|
|
||||||
+ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
|
|
||||||
rm -f .*.d .*.dd;
|
|
||||||
|
|
||||||
distclean: clean
|
|
||||||
@@ -90,19 +89,16 @@ init%.o: init%.c
|
|
||||||
#
|
|
||||||
# Shared libraries
|
|
||||||
#
|
|
||||||
-lib%.so: lib%.la
|
|
||||||
- ${AM_VERBOSE_NULL} ln -fs .libs/$@ $@
|
|
||||||
+lib%.so: lib%.oo
|
|
||||||
+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD};
|
|
||||||
|
|
||||||
-lib%.la: lib%.lo
|
|
||||||
- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
|
|
||||||
-
|
|
||||||
-lib%.lo: ${srcdir}/lib%.c
|
|
||||||
- ${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<
|
|
||||||
+lib%.oo: ${srcdir}/lib%.c
|
|
||||||
+ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
|
|
||||||
|
|
||||||
libxt_NOTRACK.so: libxt_CT.so
|
|
||||||
- ${AM_VERBOSE_GEN} ln -fs $< $@
|
|
||||||
+ ln -fs $< $@
|
|
||||||
libxt_state.so: libxt_conntrack.so
|
|
||||||
- ${AM_VERBOSE_GEN} ln -fs $< $@
|
|
||||||
+ ln -fs $< $@
|
|
||||||
|
|
||||||
# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
|
|
||||||
xt_RATEEST_LIBADD = -lm
|
|
||||||
--
|
|
||||||
1.8.2
|
|
||||||
|
|
@ -1,88 +0,0 @@
|
|||||||
From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
||||||
Date: Sat, 16 Mar 2013 12:11:07 +0100
|
|
||||||
Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of
|
|
||||||
libip6tc dependency
|
|
||||||
|
|
||||||
This patch changes the NETMAP target extension (IPv6 side) to use
|
|
||||||
the xtables_ip6mask_to_cidr available in libxtables.
|
|
||||||
|
|
||||||
As a side effect, we get rid of the libip6tc dependency.
|
|
||||||
|
|
||||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
||||||
---
|
|
||||||
extensions/GNUmakefile.in | 1 -
|
|
||||||
extensions/libip6t_NETMAP.c | 2 +-
|
|
||||||
include/libiptc/libip6tc.h | 3 ---
|
|
||||||
iptables/ip6tables.c | 2 +-
|
|
||||||
libiptc/libip6tc.c | 2 +-
|
|
||||||
5 files changed, 3 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
|
|
||||||
index adad4d6..3db6985 100644
|
|
||||||
--- a/extensions/GNUmakefile.in
|
|
||||||
+++ b/extensions/GNUmakefile.in
|
|
||||||
@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so
|
|
||||||
${AM_VERBOSE_GEN} ln -fs $< $@
|
|
||||||
|
|
||||||
# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
|
|
||||||
-ip6t_NETMAP_LIBADD = ../libiptc/libip6tc.la
|
|
||||||
xt_RATEEST_LIBADD = -lm
|
|
||||||
xt_statistic_LIBADD = -lm
|
|
||||||
|
|
||||||
diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c
|
|
||||||
index d14dece..a4df70e 100644
|
|
||||||
--- a/extensions/libip6t_NETMAP.c
|
|
||||||
+++ b/extensions/libip6t_NETMAP.c
|
|
||||||
@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
|
|
||||||
printf("%s", xtables_ip6addr_to_numeric(&a));
|
|
||||||
for (i = 0; i < 4; i++)
|
|
||||||
a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]);
|
|
||||||
- bits = ipv6_prefix_length(&a);
|
|
||||||
+ bits = xtables_ip6mask_to_cidr(&a);
|
|
||||||
if (bits < 0)
|
|
||||||
printf("/%s", xtables_ip6addr_to_numeric(&a));
|
|
||||||
else
|
|
||||||
diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
|
|
||||||
index c656bc4..9aed80a 100644
|
|
||||||
--- a/include/libiptc/libip6tc.h
|
|
||||||
+++ b/include/libiptc/libip6tc.h
|
|
||||||
@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void);
|
|
||||||
/* Translates errno numbers into more human-readable form than strerror. */
|
|
||||||
const char *ip6tc_strerror(int err);
|
|
||||||
|
|
||||||
-/* Return prefix length, or -1 if not contiguous */
|
|
||||||
-int ipv6_prefix_length(const struct in6_addr *a);
|
|
||||||
-
|
|
||||||
extern void dump_entries6(struct xtc_handle *const);
|
|
||||||
|
|
||||||
extern const struct xtc_ops ip6tc_ops;
|
|
||||||
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
|
|
||||||
index 4cfbea3..7d02cc1 100644
|
|
||||||
--- a/iptables/ip6tables.c
|
|
||||||
+++ b/iptables/ip6tables.c
|
|
||||||
@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
|
|
||||||
const struct in6_addr *mask, int invert)
|
|
||||||
{
|
|
||||||
char buf[51];
|
|
||||||
- int l = ipv6_prefix_length(mask);
|
|
||||||
+ int l = xtables_ip6mask_to_cidr(mask);
|
|
||||||
|
|
||||||
if (l == 0 && !invert)
|
|
||||||
return;
|
|
||||||
diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
|
|
||||||
index 7128e1c..ca01bcb 100644
|
|
||||||
--- a/libiptc/libip6tc.c
|
|
||||||
+++ b/libiptc/libip6tc.c
|
|
||||||
@@ -113,7 +113,7 @@ typedef unsigned int socklen_t;
|
|
||||||
#define BIT6(a, l) \
|
|
||||||
((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1)
|
|
||||||
|
|
||||||
-int
|
|
||||||
+static int
|
|
||||||
ipv6_prefix_length(const struct in6_addr *a)
|
|
||||||
{
|
|
||||||
int l, i;
|
|
||||||
--
|
|
||||||
1.8.2
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c
|
|
||||||
size 542308
|
|
Binary file not shown.
3
iptables-1.4.19.1.tar.bz2
Normal file
3
iptables-1.4.19.1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:dd51d3b942758a462afc7c8495930d25c93058e5319303247375183ad50164d2
|
||||||
|
size 543785
|
BIN
iptables-1.4.19.1.tar.bz2.sig
Normal file
BIN
iptables-1.4.19.1.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 31 20:00:39 UTC 2013 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 1.4.19.1
|
||||||
|
* New connlabel and bpf matches
|
||||||
|
- Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch,
|
||||||
|
0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
|
||||||
|
(are upstream)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 15 06:19:21 UTC 2013 - jengelh@inai.de
|
Mon Apr 15 06:19:21 UTC 2013 - jengelh@inai.de
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ Name: iptables
|
|||||||
%define lname_ipq libipq0
|
%define lname_ipq libipq0
|
||||||
%define lname_iptc libiptc0
|
%define lname_iptc libiptc0
|
||||||
%define lname_xt libxtables10
|
%define lname_xt libxtables10
|
||||||
Version: 1.4.18
|
Version: 1.4.19.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: IP Packet Filter Administration utilities
|
Summary: IP Packet Filter Administration utilities
|
||||||
License: GPL-2.0 and Artistic-2.0
|
License: GPL-2.0 and Artistic-2.0
|
||||||
@ -34,8 +34,6 @@ Url: http://netfilter.org/projects/iptables/
|
|||||||
Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
|
Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
|
||||||
Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
|
Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
|
||||||
Source3: %name.keyring
|
Source3: %name.keyring
|
||||||
Patch1: 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
|
|
||||||
Patch2: 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
|
|
||||||
Patch3: iptables-batch.patch
|
Patch3: iptables-batch.patch
|
||||||
Patch4: iptables-apply-mktemp-fix.patch
|
Patch4: iptables-apply-mktemp-fix.patch
|
||||||
|
|
||||||
@ -148,7 +146,7 @@ xtables --variable=xtlibdir).
|
|||||||
%prep
|
%prep
|
||||||
%{?gpg_verify: %gpg_verify %{S:2}}
|
%{?gpg_verify: %gpg_verify %{S:2}}
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -P 1 -P 2 -P 3 -P 4 -p1
|
%patch -P 3 -P 4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# We have the iptables-batch patch, so always regenerate.
|
# We have the iptables-batch patch, so always regenerate.
|
||||||
@ -159,7 +157,7 @@ fi
|
|||||||
rm -f extensions/libipt_unclean.man
|
rm -f extensions/libipt_unclean.man
|
||||||
# includedir is overriden on purpose to detect projects that
|
# includedir is overriden on purpose to detect projects that
|
||||||
# fail to include libxtables_CFLAGS
|
# fail to include libxtables_CFLAGS
|
||||||
%configure --includedir=%_includedir/%name-%version --enable-libipq
|
%configure --includedir="%_includedir/pkg/%name" --enable-libipq
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
@ -201,9 +199,11 @@ rm -f "%buildroot/%_libdir"/*.la;
|
|||||||
|
|
||||||
%files -n xtables-plugins
|
%files -n xtables-plugins
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%_libdir/xtables
|
%dir %_sysconfdir/xtables/
|
||||||
|
%config %_sysconfdir/xtables/*.conf
|
||||||
|
%_libdir/xtables/
|
||||||
%_sbindir/nfnl_osf
|
%_sbindir/nfnl_osf
|
||||||
%_datadir/xtables
|
%_datadir/xtables/
|
||||||
|
|
||||||
%files -n %lname_ipq
|
%files -n %lname_ipq
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
@ -213,8 +213,8 @@ rm -f "%buildroot/%_libdir"/*.la;
|
|||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%doc %_mandir/man3/libipq*
|
%doc %_mandir/man3/libipq*
|
||||||
%doc %_mandir/man3/ipq*
|
%doc %_mandir/man3/ipq*
|
||||||
%dir %_includedir/%name-%version
|
%dir %_includedir/pkg/%name/
|
||||||
%_includedir/%name-%version/libipq*
|
%_includedir/pkg/%name/libipq*
|
||||||
%_libdir/libipq.so
|
%_libdir/libipq.so
|
||||||
%_libdir/pkgconfig/libipq.pc
|
%_libdir/pkgconfig/libipq.pc
|
||||||
|
|
||||||
@ -226,8 +226,9 @@ rm -f "%buildroot/%_libdir"/*.la;
|
|||||||
|
|
||||||
%files -n libiptc-devel
|
%files -n libiptc-devel
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%dir %_includedir/%name-%version
|
%dir %_includedir/pkg/
|
||||||
%_includedir/%name-%version/libiptc*
|
%dir %_includedir/pkg/%name/
|
||||||
|
%_includedir/pkg/%name/libiptc*
|
||||||
%_libdir/libip*tc.so
|
%_libdir/libip*tc.so
|
||||||
%_libdir/pkgconfig/libip*tc.pc
|
%_libdir/pkgconfig/libip*tc.pc
|
||||||
|
|
||||||
@ -237,9 +238,10 @@ rm -f "%buildroot/%_libdir"/*.la;
|
|||||||
|
|
||||||
%files -n libxtables-devel
|
%files -n libxtables-devel
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%dir %_includedir/%name-%version
|
%dir %_includedir/pkg/
|
||||||
%_includedir/%name-%version/xtables.h
|
%dir %_includedir/pkg/%name/
|
||||||
%_includedir/%name-%version/xtables-version.h
|
%_includedir/pkg/%name/xtables.h
|
||||||
|
%_includedir/pkg/%name/xtables-version.h
|
||||||
%_libdir/libxtables.so
|
%_libdir/libxtables.so
|
||||||
%_libdir/pkgconfig/xtables.pc
|
%_libdir/pkgconfig/xtables.pc
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user