Accepting request 160175 from security:netfilter

license update: GPL-2.0 and Artistic-2.0 GPL version does not have ^or later^ due to inclusion of numerous GPL 2 ^only^ files. Also, aggregation of Artistic-2.0 content (forwarded request 160173 from babelworx) OBS-URL: https://build.opensuse.org/request/show/160175 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=49
2013-03-22 10:19:26 +00:00 · 2013-03-22 10:19:26 +00:00 · e2e614ee76
commit e2e614ee76
parent 0706b2d390 27c04986a6
8 changed files with 207 additions and 28 deletions
--- a/0001-build-also-use-libtool-for-install-stage.patch
+++ b/0001-build-also-use-libtool-for-install-stage.patch
@ -0,0 +1,80 @@
 From 145e3ea1c4c6a8e47a77587d17fcad4df4e2c06f Mon Sep 17 00:00:00 2001
 From: Jan Engelhardt <jengelh@inai.de>
 Date: Thu, 10 Jan 2013 15:54:08 +0100
 Subject: [PATCH] build: also use libtool for install stage
 The just-built library has DT_RPATH entries to be runnable from
 whereever it is. If we just install that, the distro build systems
 will throw warnings like
 	(Open Build Service) ERROR: RPATH
 	"/home/abuild/rpmbuild/BUILD/iptables-1.4.18/libxtables/.libs"
 	on /home/abuild/rpmbuild/BUILDROOT/iptables-1.4.18-0.x86_64/usr/lib64/xtables/libxt_unclean.so
 	is not allowed
 These RPATH entries are indeed undesired for libraries in a system
 location, which is why libtool produces another copy of the library on
 installation. The Makefile however missed using libtool during
 installation (introduced with commit v1.4.17-1-g68e77a2). This patch
 now resolves this.
 Signed-off-by: Jan Engelhardt <jengelh@inai.de>
 ---
 extensions/GNUmakefile.in |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)
 diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
 index 781ac6d..6467f05 100644
 --- a/extensions/GNUmakefile.in
 +++ b/extensions/GNUmakefile.in
@@ -49,6 +49,9 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
 pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_mod})
 pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_mod})
 pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_mod})
 +pfx_lalibs    := $(patsubst %,libxt_%.la,${pfx_build_mod})
 +pf4_lalibs    := $(patsubst %,libipt_%.la,${pf4_build_mod})
 +pf6_lalibs    := $(patsubst %,libip6t_%.la,${pf6_build_mod})
 pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod})
 pf4_solibs    := $(patsubst %,libipt_%.so,${pf4_build_mod})
 pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
@@ -63,8 +66,9 @@ targets_instlink :=
 @ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
 @ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
 @ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
 -@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfx_symlinks} ${pf4_solibs} ${pf6_solibs}
 -@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
 +@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
 +@ENABLE_STATIC_FALSE@ targets_la_install += ${pfx_lalibs} ${pf4_lalibs} ${pf6_lalibs}
 +@ENABLE_STATIC_FALSE@ targets_so_install += ${pfx_solibs}
 @ENABLE_STATIC_FALSE@ targets_instlink += ${pfx_symlinks}
 .SECONDARY:
@@ -73,12 +77,14 @@ targets_instlink :=
 all: ${targets}
 -install: ${targets_install} ${targets_instlink}
 +install: ${targets_la_install} ${targets_so_install} ${targets_instlink}
 	@mkdir -p "${DESTDIR}${xtlibdir}";
 +	../libtool ${AM_LIBTOOL_SILENT} --mode=install install -pm0755 ${targets_la_install} "${DESTDIR}${xtlibdir}/"
 +	rm -f "${DESTDIR}${xtlibdir}"/*.la
 	if test -n "${targets_install}"; then \
 		install -pm0755 ${targets_install} "${DESTDIR}${xtlibdir}/"; \
 		cp -a ${pfx_symlinks} "${DESTDIR}${xtlibdir}/"; \
 -	fi;
 +	fi
 clean:
 	rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
@@ -99,7 +105,7 @@ lib%.so: lib%.la
 	${AM_VERBOSE_NULL} ln -fs .libs/$@ $@
 lib%.la: lib%.lo
 -	${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
 +	${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -avoid-version -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
 lib%.lo: ${srcdir}/lib%.c
 	${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<
 -- 
 1.7.10.4
--- a/0001-build-do-not-dereference-symlinks-on-installation.patch
+++ b/0001-build-do-not-dereference-symlinks-on-installation.patch
@ -0,0 +1,69 @@
 From cbe7c8ef0dabe56bf8a1f7ed27722e85abb0af9f Mon Sep 17 00:00:00 2001
 From: Jan Engelhardt <jengelh@inai.de>
 Date: Thu, 10 Jan 2013 16:02:09 +0100
 Subject: [PATCH] build: do not dereference symlinks on installation
 By using install(1), libxt_NOTRACK.so was inadvertently installed as
 an actual file to /usr/lib/xtables rather than as a symlink. Switch to
 using cp(1).
 Signed-off-by: Jan Engelhardt <jengelh@inai.de>
 ---
 extensions/GNUmakefile.in |   15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
 diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
 index adad4d6..781ac6d 100644
 --- a/extensions/GNUmakefile.in
 +++ b/extensions/GNUmakefile.in
@@ -40,7 +40,7 @@ endif
 #	Wildcard module list
 #
 pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
 -pfx_symlinks  := NOTRACK state
 +pfx_symlinks  := libxt_NOTRACK.so libxt_state.so
 @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
 @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
 pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
@@ -49,7 +49,7 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
 pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_mod})
 pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_mod})
 pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_mod})
 -pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
 +pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod})
 pf4_solibs    := $(patsubst %,libipt_%.so,${pf4_build_mod})
 pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
@@ -59,11 +59,13 @@ pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
 #
 targets := libext.a libext4.a libext6.a matches.man targets.man
 targets_install :=
 +targets_instlink :=
 @ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
 @ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
 @ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
 -@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
 +@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfx_symlinks} ${pf4_solibs} ${pf6_solibs}
 @ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
 +@ENABLE_STATIC_FALSE@ targets_instlink += ${pfx_symlinks}
 .SECONDARY:
@@ -71,9 +73,12 @@ targets_install :=
 all: ${targets}
 -install: ${targets_install}
 +install: ${targets_install} ${targets_instlink}
 	@mkdir -p "${DESTDIR}${xtlibdir}";
 -	if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
 +	if test -n "${targets_install}"; then \
 +		install -pm0755 ${targets_install} "${DESTDIR}${xtlibdir}/"; \
 +		cp -a ${pfx_symlinks} "${DESTDIR}${xtlibdir}/"; \
 +	fi;
 clean:
 	rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
 -- 
 1.7.10.4
--- a/iptables-1.4.16.3.tar.bz2
+++ b/iptables-1.4.16.3.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:643ccf34099d53d5b839e1d889c05627745a51ec122648e76a9fcec3a8a9ec79
 size 536872
--- a/iptables-1.4.16.3.tar.bz2.sig
+++ b/iptables-1.4.16.3.tar.bz2.sig
--- a/iptables-1.4.18.tar.bz2
+++ b/iptables-1.4.18.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c
 size 542308
--- a/iptables-1.4.18.tar.bz2.sig
+++ b/iptables-1.4.18.tar.bz2.sig
--- a/iptables.changes
+++ b/iptables.changes
@ -1,3 +1,28 @@
 -------------------------------------------------------------------
 Wed Mar 20 08:22:20 UTC 2013 - cfarrell@suse.com
 - license update: GPL-2.0 and Artistic-2.0
  GPL version does not have ^or later^ due to inclusion of numerous GPL 2
  ^only^ files. Also, aggregation of Artistic-2.0 content
 -------------------------------------------------------------------
 Mon Mar  4 21:42:12 UTC 2013 - jengelh@inai.de
 - Update to new upstream release 1.4.18
 * documentation updates
 - Create subpackage xtables-plugins, to aid packaging of xtadm
 - Add 0001-build-do-not-dereference-symlinks-on-installation.patch
  as a prerequisite for:
 - Add 0001-build-also-use-libtool-for-install-stage.patch
  to kill of undesired DT_RPATH entries
 -------------------------------------------------------------------
 Tue Dec 25 22:47:56 UTC 2012 - jengelh@inai.de
 - Update to new upstream release 1.4.17
 * libxt_time: add support to ignore day transition
 * libxt_statistic: fix save output
 -------------------------------------------------------------------
 Wed Nov 28 17:07:29 CET 2012 - sbrabec@suse.cz
--- a/iptables.spec
+++ b/iptables.spec
@ -1,7 +1,7 @@
 #
 # spec file for package iptables
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -19,22 +19,25 @@
 Name:           iptables
 %define lname_ipq	libipq0
 %define lname_iptc	libiptc0
-%define lname_xt	libxtables9
+%define lname_xt	libxtables10
-Version:        1.4.16.3
+Version:        1.4.18
 Release:        0
 Summary:        IP Packet Filter Administration utilities
-License:        GPL-2.0+
+License:        GPL-2.0 and Artistic-2.0
 Group:          Productivity/Networking/Security
 Url:            http://netfilter.org/projects/iptables/
-Url:            http://netfilter.org/
+#Freecode-URL:	http://freecode.com/projects/iptables/
 #Git-Web:	http://git.netfilter.org/
 #Git-Clone:	git://git.netfilter.org/iptables
 #DL-URL:	http://netfilter.org/projects/iptables/files/
 Source:         http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
 Source2:        http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
 Source3:        %name.keyring
-Patch1:         iptables-batch.patch
+Patch1:         0001-build-do-not-dereference-symlinks-on-installation.patch
-Patch2:         iptables-apply-mktemp-fix.patch
+Patch2:         0001-build-also-use-libtool-for-install-stage.patch
 Patch3:         iptables-batch.patch
 Patch4:         iptables-apply-mktemp-fix.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version}
@ -61,11 +64,20 @@ BuildRequires:  libnfnetlink-devel >= 1.0.0
 %if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version}
 BuildRequires:  libnfnetlink-devel >= 1.0.0
 %endif
 Requires:       xtables-plugins = %version
 %description
 iptables is used to set up, maintain, and inspect the tables of IP
 packet filter rules in the Linux kernel. This version requires kernel
-2.4.0 or newer.
+3.0 or newer.
 %package -n xtables-plugins
 Summary:        Match and Target Extension plugins for iptables
 Group:          Productivity/Networking/Security
 Conflicts:      iptables < 1.4.18
 %description -n xtables-plugins
 Match and Target Extension plugins for iptables.
 %package -n %lname_ipq
 Summary:        Library to interface with the (old) ip_queue kernel mechanism
@ -106,9 +118,6 @@ construct, and load new rulesets into the kernel.
 Summary:        Development files for libiptc, a packet filter ruleset library
 Group:          Development/Libraries/C and C++
 Requires:       %lname_iptc = %version
 # NOT adding Obsoletes/Provides: iptables-devel, because that one has
 # been split into _two_ new pkgs (libxtables-devel, libiptc-devel).
 # NOTE: Please use pkgconfig(...) symbols for BuildRequires.
 %description -n libiptc-devel
 libiptc ("iptables cache") is used to retrieve from the kernel, parse,
@ -137,16 +146,9 @@ Link your extension (iptables plugins) with $(pkg-config xtables
 xtables --variable=xtlibdir).
 %prep
-%if 0%{?gpg_verify:1}
+%{?gpg_verify: %gpg_verify %{S:2}}
 %gpg_verify %{S:2}
 %endif
 %if 0%{?__xz:1}
 %setup -q
-%else
+%patch -P 1 -P 2 -P 3 -P 4 -p1
 tar -xf "%{S:0}" --use=bzip2;
 %setup -DTq
 %endif
 %patch -P 1 -P 2 -p1
 %build
 # We have the iptables-batch patch, so always regenerate.
@ -167,7 +169,7 @@ install -m0755 iptables/iptables-apply %buildroot%_sbindir/
 install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
 rm -f "%buildroot/%_libdir"/*.la;
 %if 0%{?suse_version}
-%fdupes %buildroot
+%fdupes %buildroot/%_prefix
 %endif
 %post   -n %lname_ipq -p /sbin/ldconfig
@ -180,8 +182,8 @@ rm -f "%buildroot/%_libdir"/*.la;
 %files
 %defattr(-,root,root)
 %doc COPYING
-%doc %_mandir/man1/*
+%doc %_mandir/man1/ip*
-%doc %_mandir/man8/*
+%doc %_mandir/man8/ip*
 %_bindir/iptables-xml
 %_sbindir/iptables
 %_sbindir/iptables-apply
@ -193,8 +195,11 @@ rm -f "%buildroot/%_libdir"/*.la;
 %_sbindir/ip6tables-restore
 %_sbindir/ip6tables-save
 %_sbindir/xtables-multi
-%_sbindir/nfnl_osf
+
 %files -n xtables-plugins
 %defattr(-,root,root)
 %_libdir/xtables
 %_sbindir/nfnl_osf
 %_datadir/xtables
 %files -n %lname_ipq
@ -225,7 +230,7 @@ rm -f "%buildroot/%_libdir"/*.la;
 %files -n %lname_xt
 %defattr(-,root,root)
-%_libdir/libxtables.so.9*
+%_libdir/libxtables.so.10*
 %files -n libxtables-devel
 %defattr(-,root,root)