diff --git a/0001-build-also-use-libtool-for-install-stage.patch b/0001-build-also-use-libtool-for-install-stage.patch new file mode 100644 index 0000000..7cf87e1 --- /dev/null +++ b/0001-build-also-use-libtool-for-install-stage.patch @@ -0,0 +1,80 @@ +From 145e3ea1c4c6a8e47a77587d17fcad4df4e2c06f Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Thu, 10 Jan 2013 15:54:08 +0100 +Subject: [PATCH] build: also use libtool for install stage + +The just-built library has DT_RPATH entries to be runnable from +whereever it is. If we just install that, the distro build systems +will throw warnings like + + (Open Build Service) ERROR: RPATH + "/home/abuild/rpmbuild/BUILD/iptables-1.4.18/libxtables/.libs" + on /home/abuild/rpmbuild/BUILDROOT/iptables-1.4.18-0.x86_64/usr/lib64/xtables/libxt_unclean.so + is not allowed + +These RPATH entries are indeed undesired for libraries in a system +location, which is why libtool produces another copy of the library on +installation. The Makefile however missed using libtool during +installation (introduced with commit v1.4.17-1-g68e77a2). This patch +now resolves this. + +Signed-off-by: Jan Engelhardt +--- + extensions/GNUmakefile.in | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index 781ac6d..6467f05 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -49,6 +49,9 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) + pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod}) + pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod}) + pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod}) ++pfx_lalibs := $(patsubst %,libxt_%.la,${pfx_build_mod}) ++pf4_lalibs := $(patsubst %,libipt_%.la,${pf4_build_mod}) ++pf6_lalibs := $(patsubst %,libip6t_%.la,${pf6_build_mod}) + pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod}) + pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod}) + pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) +@@ -63,8 +66,9 @@ targets_instlink := + @ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs} + @ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs} + @ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs} +-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfx_symlinks} ${pf4_solibs} ${pf6_solibs} +-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} ++@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} ++@ENABLE_STATIC_FALSE@ targets_la_install += ${pfx_lalibs} ${pf4_lalibs} ${pf6_lalibs} ++@ENABLE_STATIC_FALSE@ targets_so_install += ${pfx_solibs} + @ENABLE_STATIC_FALSE@ targets_instlink += ${pfx_symlinks} + + .SECONDARY: +@@ -73,12 +77,14 @@ targets_instlink := + + all: ${targets} + +-install: ${targets_install} ${targets_instlink} ++install: ${targets_la_install} ${targets_so_install} ${targets_instlink} + @mkdir -p "${DESTDIR}${xtlibdir}"; ++ ../libtool ${AM_LIBTOOL_SILENT} --mode=install install -pm0755 ${targets_la_install} "${DESTDIR}${xtlibdir}/" ++ rm -f "${DESTDIR}${xtlibdir}"/*.la + if test -n "${targets_install}"; then \ + install -pm0755 ${targets_install} "${DESTDIR}${xtlibdir}/"; \ + cp -a ${pfx_symlinks} "${DESTDIR}${xtlibdir}/"; \ +- fi; ++ fi + + clean: + rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; +@@ -99,7 +105,7 @@ lib%.so: lib%.la + ${AM_VERBOSE_NULL} ln -fs .libs/$@ $@ + + lib%.la: lib%.lo +- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir} ++ ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -avoid-version -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir} + + lib%.lo: ${srcdir}/lib%.c + ${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $< +-- +1.7.10.4 + diff --git a/0001-build-do-not-dereference-symlinks-on-installation.patch b/0001-build-do-not-dereference-symlinks-on-installation.patch new file mode 100644 index 0000000..a7893a0 --- /dev/null +++ b/0001-build-do-not-dereference-symlinks-on-installation.patch @@ -0,0 +1,69 @@ +From cbe7c8ef0dabe56bf8a1f7ed27722e85abb0af9f Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Thu, 10 Jan 2013 16:02:09 +0100 +Subject: [PATCH] build: do not dereference symlinks on installation + +By using install(1), libxt_NOTRACK.so was inadvertently installed as +an actual file to /usr/lib/xtables rather than as a symlink. Switch to +using cp(1). + +Signed-off-by: Jan Engelhardt +--- + extensions/GNUmakefile.in | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index adad4d6..781ac6d 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -40,7 +40,7 @@ endif + # Wildcard module list + # + pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c))) +-pfx_symlinks := NOTRACK state ++pfx_symlinks := libxt_NOTRACK.so libxt_state.so + @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c))) + @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c))) + pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) +@@ -49,7 +49,7 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) + pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod}) + pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod}) + pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod}) +-pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks}) ++pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod}) + pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod}) + pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) + +@@ -59,11 +59,13 @@ pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) + # + targets := libext.a libext4.a libext6.a matches.man targets.man + targets_install := ++targets_instlink := + @ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs} + @ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs} + @ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs} +-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} ++@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfx_symlinks} ${pf4_solibs} ${pf6_solibs} + @ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} ++@ENABLE_STATIC_FALSE@ targets_instlink += ${pfx_symlinks} + + .SECONDARY: + +@@ -71,9 +73,12 @@ targets_install := + + all: ${targets} + +-install: ${targets_install} ++install: ${targets_install} ${targets_instlink} + @mkdir -p "${DESTDIR}${xtlibdir}"; +- if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi; ++ if test -n "${targets_install}"; then \ ++ install -pm0755 ${targets_install} "${DESTDIR}${xtlibdir}/"; \ ++ cp -a ${pfx_symlinks} "${DESTDIR}${xtlibdir}/"; \ ++ fi; + + clean: + rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; +-- +1.7.10.4 + diff --git a/iptables-1.4.16.3.tar.bz2 b/iptables-1.4.16.3.tar.bz2 deleted file mode 100644 index 09df979..0000000 --- a/iptables-1.4.16.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:643ccf34099d53d5b839e1d889c05627745a51ec122648e76a9fcec3a8a9ec79 -size 536872 diff --git a/iptables-1.4.16.3.tar.bz2.sig b/iptables-1.4.16.3.tar.bz2.sig deleted file mode 100644 index 1ea44ba..0000000 Binary files a/iptables-1.4.16.3.tar.bz2.sig and /dev/null differ diff --git a/iptables-1.4.18.tar.bz2 b/iptables-1.4.18.tar.bz2 new file mode 100644 index 0000000..565c95c --- /dev/null +++ b/iptables-1.4.18.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c +size 542308 diff --git a/iptables-1.4.18.tar.bz2.sig b/iptables-1.4.18.tar.bz2.sig new file mode 100644 index 0000000..9678552 Binary files /dev/null and b/iptables-1.4.18.tar.bz2.sig differ diff --git a/iptables.changes b/iptables.changes index 3f46a9e..d192114 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Wed Mar 20 08:22:20 UTC 2013 - cfarrell@suse.com + +- license update: GPL-2.0 and Artistic-2.0 + GPL version does not have ^or later^ due to inclusion of numerous GPL 2 + ^only^ files. Also, aggregation of Artistic-2.0 content + +------------------------------------------------------------------- +Mon Mar 4 21:42:12 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 1.4.18 +* documentation updates +- Create subpackage xtables-plugins, to aid packaging of xtadm +- Add 0001-build-do-not-dereference-symlinks-on-installation.patch + as a prerequisite for: +- Add 0001-build-also-use-libtool-for-install-stage.patch + to kill of undesired DT_RPATH entries + +------------------------------------------------------------------- +Tue Dec 25 22:47:56 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 1.4.17 +* libxt_time: add support to ignore day transition +* libxt_statistic: fix save output + ------------------------------------------------------------------- Wed Nov 28 17:07:29 CET 2012 - sbrabec@suse.cz diff --git a/iptables.spec b/iptables.spec index a3f979f..25d7ff2 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,7 +1,7 @@ # # spec file for package iptables # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,22 +19,25 @@ Name: iptables %define lname_ipq libipq0 %define lname_iptc libiptc0 -%define lname_xt libxtables9 -Version: 1.4.16.3 +%define lname_xt libxtables10 +Version: 1.4.18 Release: 0 Summary: IP Packet Filter Administration utilities -License: GPL-2.0+ +License: GPL-2.0 and Artistic-2.0 Group: Productivity/Networking/Security +Url: http://netfilter.org/projects/iptables/ -Url: http://netfilter.org/ +#Freecode-URL: http://freecode.com/projects/iptables/ #Git-Web: http://git.netfilter.org/ #Git-Clone: git://git.netfilter.org/iptables #DL-URL: http://netfilter.org/projects/iptables/files/ Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig Source3: %name.keyring -Patch1: iptables-batch.patch -Patch2: iptables-apply-mktemp-fix.patch +Patch1: 0001-build-do-not-dereference-symlinks-on-installation.patch +Patch2: 0001-build-also-use-libtool-for-install-stage.patch +Patch3: iptables-batch.patch +Patch4: iptables-apply-mktemp-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} @@ -61,11 +64,20 @@ BuildRequires: libnfnetlink-devel >= 1.0.0 %if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version} BuildRequires: libnfnetlink-devel >= 1.0.0 %endif +Requires: xtables-plugins = %version %description iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. This version requires kernel -2.4.0 or newer. +3.0 or newer. + +%package -n xtables-plugins +Summary: Match and Target Extension plugins for iptables +Group: Productivity/Networking/Security +Conflicts: iptables < 1.4.18 + +%description -n xtables-plugins +Match and Target Extension plugins for iptables. %package -n %lname_ipq Summary: Library to interface with the (old) ip_queue kernel mechanism @@ -106,9 +118,6 @@ construct, and load new rulesets into the kernel. Summary: Development files for libiptc, a packet filter ruleset library Group: Development/Libraries/C and C++ Requires: %lname_iptc = %version -# NOT adding Obsoletes/Provides: iptables-devel, because that one has -# been split into _two_ new pkgs (libxtables-devel, libiptc-devel). -# NOTE: Please use pkgconfig(...) symbols for BuildRequires. %description -n libiptc-devel libiptc ("iptables cache") is used to retrieve from the kernel, parse, @@ -137,16 +146,9 @@ Link your extension (iptables plugins) with $(pkg-config xtables xtables --variable=xtlibdir). %prep -%if 0%{?gpg_verify:1} -%gpg_verify %{S:2} -%endif -%if 0%{?__xz:1} +%{?gpg_verify: %gpg_verify %{S:2}} %setup -q -%else -tar -xf "%{S:0}" --use=bzip2; -%setup -DTq -%endif -%patch -P 1 -P 2 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -p1 %build # We have the iptables-batch patch, so always regenerate. @@ -167,7 +169,7 @@ install -m0755 iptables/iptables-apply %buildroot%_sbindir/ install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/ rm -f "%buildroot/%_libdir"/*.la; %if 0%{?suse_version} -%fdupes %buildroot +%fdupes %buildroot/%_prefix %endif %post -n %lname_ipq -p /sbin/ldconfig @@ -180,8 +182,8 @@ rm -f "%buildroot/%_libdir"/*.la; %files %defattr(-,root,root) %doc COPYING -%doc %_mandir/man1/* -%doc %_mandir/man8/* +%doc %_mandir/man1/ip* +%doc %_mandir/man8/ip* %_bindir/iptables-xml %_sbindir/iptables %_sbindir/iptables-apply @@ -193,8 +195,11 @@ rm -f "%buildroot/%_libdir"/*.la; %_sbindir/ip6tables-restore %_sbindir/ip6tables-save %_sbindir/xtables-multi -%_sbindir/nfnl_osf + +%files -n xtables-plugins +%defattr(-,root,root) %_libdir/xtables +%_sbindir/nfnl_osf %_datadir/xtables %files -n %lname_ipq @@ -225,7 +230,7 @@ rm -f "%buildroot/%_libdir"/*.la; %files -n %lname_xt %defattr(-,root,root) -%_libdir/libxtables.so.9* +%_libdir/libxtables.so.10* %files -n libxtables-devel %defattr(-,root,root)