From 78b7e3eddf633c29484796c19c029634c65ed80b8df1eda6fa37f16a4cc03f47 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 17 Mar 2017 11:47:06 +0000 Subject: [PATCH 1/5] ipset-6.32 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=58 --- ipset-6.30.tar.bz2 | 3 --- ipset-6.32.tar.bz2 | 3 +++ ipset.changes | 10 ++++++++++ ipset.spec | 6 +++--- 4 files changed, 16 insertions(+), 6 deletions(-) delete mode 100644 ipset-6.30.tar.bz2 create mode 100644 ipset-6.32.tar.bz2 diff --git a/ipset-6.30.tar.bz2 b/ipset-6.30.tar.bz2 deleted file mode 100644 index 0629a64..0000000 --- a/ipset-6.30.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:65bfa43fec3d51a6b4012f3d7e4b93a748df9b71b6cd6c53adbec8083e804a31 -size 544054 diff --git a/ipset-6.32.tar.bz2 b/ipset-6.32.tar.bz2 new file mode 100644 index 0000000..db071b7 --- /dev/null +++ b/ipset-6.32.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d9cbb49a4ae9e32d7808a604f1a37f359f9fc9064c210c4c5f35d629d49fb9fe +size 544635 diff --git a/ipset.changes b/ipset.changes index 7d6939f..271e0c9 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Mar 17 11:45:35 UTC 2017 - jengelh@inai.de + +- Update to new upstream release 6.31 + * ipset: avoid kernel null pointer exception in ipset list:set + * fix bug: sometimes valid entries in hash:* types of sets were + evicted +- Update to new upstream release 6.32 + * fix possible truncated output in ipset output buffer handling + ------------------------------------------------------------------- Thu Oct 20 18:25:24 UTC 2016 - jengelh@inai.de diff --git a/ipset.spec b/ipset.spec index 7dc4532..d8d2c79 100644 --- a/ipset.spec +++ b/ipset.spec @@ -1,7 +1,7 @@ # # spec file for package ipset # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: ipset %define lname libipset3 -Version: 6.30 +Version: 6.32 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 @@ -26,7 +26,7 @@ Group: Productivity/Networking/Security Url: http://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ -Source: ftp://ftp.netfilter.org/pub/ipset/%name-%version.tar.bz2 +Source: http://ipset.netfilter.org/%name-%version.tar.bz2 Source3: %name-preamble Patch1: ipset-destdir.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build From 8c7adcba78b8a0cfda639668b4593202ab8368ca1ddcf4116dfbcf3b1ae644c8 Mon Sep 17 00:00:00 2001 From: Kristyna Streitova Date: Sun, 17 Sep 2017 20:36:16 +0000 Subject: [PATCH 2/5] Accepting request 526907 from home:kstreitova:branches:security:netfilter - fix build for Factory - run spec-cleaner OBS-URL: https://build.opensuse.org/request/show/526907 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=59 --- ipset.changes | 6 ++++ ipset.spec | 82 +++++++++++++++++++++++++-------------------------- 2 files changed, 46 insertions(+), 42 deletions(-) diff --git a/ipset.changes b/ipset.changes index 271e0c9..fbf4f13 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Sep 15 16:44:31 UTC 2017 - kstreitova@suse.com + +- fix build for Factory +- run spec-cleaner + ------------------------------------------------------------------- Fri Mar 17 11:45:35 UTC 2017 - jengelh@inai.de diff --git a/ipset.spec b/ipset.spec index d8d2c79..71fc042 100644 --- a/ipset.spec +++ b/ipset.spec @@ -16,8 +16,15 @@ # -Name: ipset %define lname libipset3 +%if 0%{?suse_version} && 0%{?suse_version} < 1330 +# Factory gets new kernels, old releases don't. +# Always build KMPs for all versions older than Factory. +%define ipset_build_kmp 1 +%else +%define ipset_build_kmp 0 +%endif +Name: ipset Version: 6.32 Release: 0 Summary: Netfilter ipset administration utility @@ -26,28 +33,22 @@ Group: Productivity/Networking/Security Url: http://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ -Source: http://ipset.netfilter.org/%name-%version.tar.bz2 -Source3: %name-preamble +Source: http://ipset.netfilter.org/%{name}-%{version}.tar.bz2 +Source3: %{name}-preamble Patch1: ipset-destdir.diff -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: linux-glibc-devel >= 2.6.24 -BuildRequires: pkg-config >= 0.21 +BuildRequires: pkgconfig >= 0.21 BuildRequires: pkgconfig(libmnl) >= 1 -%if 0%{?suse_version} && 0%{?suse_version} < 1330 -# Factory gets new kernels, old releases don't. -# Always build KMPs for all versions older than Factory. -%define ipset_build_kmp 1 -%endif %if 0%{?ipset_build_kmp} -BuildRequires: %kernel_module_package_buildreqs +BuildRequires: %{kernel_module_package_buildreqs} +BuildRequires: kernel-syms >= 2.6.39 +%kernel_module_package -p %{name}-preamble %if 0%{?suse_version} >= 1320 BuildRequires: kmod-compat %endif -BuildRequires: kernel-syms >= 2.6.39 -%kernel_module_package -p %name-preamble %endif %description @@ -78,11 +79,11 @@ when matching an entry against a set. This package contains a version update to the in-kernel ipset modules. -%package -n %lname +%package -n %{lname} Summary: Userspace library for the in-kernel Netfilter ipset interface Group: System/Libraries -%description -n %lname +%description -n %{lname} IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP @@ -92,7 +93,7 @@ when matching an entry against a set. %package devel Summary: Development files for ipset extensions Group: Development/Libraries/C and C++ -Requires: %lname = %version +Requires: %{lname} = %{version} %description devel IP sets are a framework inside the Linux kernel, which can be @@ -103,59 +104,56 @@ when matching an entry against a set. %prep %setup -q -%patch -P 1 -p1 +%patch1 -p1 %build # build wants to call modinfo at some point -export PATH="$PATH:/usr/sbin" +export PATH="$PATH:%{_prefix}/sbin" autoreconf -fi %if 0%{?ipset_build_kmp} -for flavor in %flavors_to_build; do - cp -a . "../%name-$flavor-%version" - pushd "../%name-$flavor-%version/" +for flavor in %{flavors_to_build}; do + cp -a . "../%{name}-$flavor-%{version}" + pushd "../%{name}-$flavor-%{version}/" # ksource: it just checks for a header %configure --disable-static \ - --with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" \ - --with-ksource="/usr/src/linux" \ - --includedir="%_includedir/%name" + --with-kbuild="%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor" \ + --with-ksource="%{_prefix}/src/linux" \ + --includedir="%{_includedir}/%{name}" make %{?_smp_mflags} all modules popd done %endif %configure --disable-static --with-kmod=no \ - --includedir="%_includedir/%name" + --includedir="%{_includedir}/%{name}" make %{?_smp_mflags} %install -export PATH="$PATH:/usr/sbin" -b="%buildroot" +export PATH="$PATH:%{_prefix}/sbin" +b=%{buildroot} %if 0%{?ipset_build_kmp} -for flavor in %flavors_to_build; do - pushd "../%name-$flavor-%version/" +for flavor in %{flavors_to_build}; do + pushd "../%{name}-$flavor-%{version}/" make %{?_smp_mflags} install modules_install \ DESTDIR="$b" INSTALL_MOD_PATH="$b" V=1 popd; done; %endif make %{?_smp_mflags} install DESTDIR="$b" -find "$b/%_libdir" -type f -name "*.la" -delete +find %{buildroot} -type f -name "*.la" -delete -print -%post -n %lname -p /sbin/ldconfig -%postun -n %lname -p /sbin/ldconfig +%post -n %{lname} -p /sbin/ldconfig +%postun -n %{lname} -p /sbin/ldconfig %files -%defattr(-,root,root) -%_sbindir/ipset -%_mandir/man*/* +%{_sbindir}/ipset +%{_mandir}/man*/* -%files -n %lname -%defattr(-,root,root) -%_libdir/libipset.so.3* +%files -n %{lname} +%{_libdir}/libipset.so.3* %files devel -%defattr(-,root,root) -%_libdir/libipset.so -%_libdir/pkgconfig/libipset.pc -%_includedir/%name/ +%{_libdir}/libipset.so +%{_libdir}/pkgconfig/libipset.pc +%{_includedir}/%{name}/ %changelog From 508415b4cd333885efece8037dcf8bf30b8f190a1cd60b21829e7878bcba961b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 17 Sep 2017 21:03:21 +0000 Subject: [PATCH 3/5] run spec-beautifier instead OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=60 --- ipset.changes | 1 - ipset.spec | 58 +++++++++++++++++++++++++-------------------------- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/ipset.changes b/ipset.changes index fbf4f13..41b6d0f 100644 --- a/ipset.changes +++ b/ipset.changes @@ -2,7 +2,6 @@ Fri Sep 15 16:44:31 UTC 2017 - kstreitova@suse.com - fix build for Factory -- run spec-cleaner ------------------------------------------------------------------- Fri Mar 17 11:45:35 UTC 2017 - jengelh@inai.de diff --git a/ipset.spec b/ipset.spec index 71fc042..2b41d65 100644 --- a/ipset.spec +++ b/ipset.spec @@ -33,8 +33,8 @@ Group: Productivity/Networking/Security Url: http://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ -Source: http://ipset.netfilter.org/%{name}-%{version}.tar.bz2 -Source3: %{name}-preamble +Source: http://ipset.netfilter.org/%name-%version.tar.bz2 +Source3: %name-preamble Patch1: ipset-destdir.diff BuildRequires: autoconf BuildRequires: automake @@ -43,9 +43,9 @@ BuildRequires: linux-glibc-devel >= 2.6.24 BuildRequires: pkgconfig >= 0.21 BuildRequires: pkgconfig(libmnl) >= 1 %if 0%{?ipset_build_kmp} -BuildRequires: %{kernel_module_package_buildreqs} +BuildRequires: %kernel_module_package_buildreqs BuildRequires: kernel-syms >= 2.6.39 -%kernel_module_package -p %{name}-preamble +%kernel_module_package -p %name-preamble %if 0%{?suse_version} >= 1320 BuildRequires: kmod-compat %endif @@ -79,11 +79,11 @@ when matching an entry against a set. This package contains a version update to the in-kernel ipset modules. -%package -n %{lname} +%package -n %lname Summary: Userspace library for the in-kernel Netfilter ipset interface Group: System/Libraries -%description -n %{lname} +%description -n %lname IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP @@ -93,7 +93,7 @@ when matching an entry against a set. %package devel Summary: Development files for ipset extensions Group: Development/Libraries/C and C++ -Requires: %{lname} = %{version} +Requires: %lname = %version %description devel IP sets are a framework inside the Linux kernel, which can be @@ -108,52 +108,52 @@ when matching an entry against a set. %build # build wants to call modinfo at some point -export PATH="$PATH:%{_prefix}/sbin" +export PATH="$PATH:%_prefix/sbin" autoreconf -fi %if 0%{?ipset_build_kmp} -for flavor in %{flavors_to_build}; do - cp -a . "../%{name}-$flavor-%{version}" - pushd "../%{name}-$flavor-%{version}/" +for flavor in %flavors_to_build; do + cp -a . "../%name-$flavor-%version" + pushd "../%name-$flavor-%version/" # ksource: it just checks for a header %configure --disable-static \ - --with-kbuild="%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor" \ - --with-ksource="%{_prefix}/src/linux" \ - --includedir="%{_includedir}/%{name}" + --with-kbuild="%_prefix/src/linux-obj/%_target_cpu/$flavor" \ + --with-ksource="%_prefix/src/linux" \ + --includedir="%_includedir/%name" make %{?_smp_mflags} all modules popd done %endif %configure --disable-static --with-kmod=no \ - --includedir="%{_includedir}/%{name}" + --includedir="%_includedir/%name" make %{?_smp_mflags} %install -export PATH="$PATH:%{_prefix}/sbin" -b=%{buildroot} +export PATH="$PATH:%_prefix/sbin" +b=%buildroot %if 0%{?ipset_build_kmp} -for flavor in %{flavors_to_build}; do - pushd "../%{name}-$flavor-%{version}/" +for flavor in %flavors_to_build; do + pushd "../%name-$flavor-%version/" make %{?_smp_mflags} install modules_install \ DESTDIR="$b" INSTALL_MOD_PATH="$b" V=1 popd; done; %endif make %{?_smp_mflags} install DESTDIR="$b" -find %{buildroot} -type f -name "*.la" -delete -print +find %buildroot -type f -name "*.la" -delete -print -%post -n %{lname} -p /sbin/ldconfig -%postun -n %{lname} -p /sbin/ldconfig +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig %files -%{_sbindir}/ipset -%{_mandir}/man*/* +%_sbindir/ipset +%_mandir/man*/* -%files -n %{lname} -%{_libdir}/libipset.so.3* +%files -n %lname +%_libdir/libipset.so.3* %files devel -%{_libdir}/libipset.so -%{_libdir}/pkgconfig/libipset.pc -%{_includedir}/%{name}/ +%_libdir/libipset.so +%_libdir/pkgconfig/libipset.pc +%_includedir/%name/ %changelog From 26f0958ce8272098237285508d3b14d9fb21c6f7c94c860e6b1f6eea41c461b9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 17 Sep 2017 21:05:05 +0000 Subject: [PATCH 4/5] revert more supposed cleaning OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=61 --- ipset.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ipset.spec b/ipset.spec index 2b41d65..bc6504d 100644 --- a/ipset.spec +++ b/ipset.spec @@ -104,11 +104,11 @@ when matching an entry against a set. %prep %setup -q -%patch1 -p1 +%patch -P 1 -p1 %build # build wants to call modinfo at some point -export PATH="$PATH:%_prefix/sbin" +export PATH="$PATH:%_sbindir" autoreconf -fi %if 0%{?ipset_build_kmp} for flavor in %flavors_to_build; do @@ -128,7 +128,7 @@ done make %{?_smp_mflags} %install -export PATH="$PATH:%_prefix/sbin" +export PATH="$PATH:%_sbindir" b=%buildroot %if 0%{?ipset_build_kmp} for flavor in %flavors_to_build; do @@ -139,7 +139,7 @@ for flavor in %flavors_to_build; do done; %endif make %{?_smp_mflags} install DESTDIR="$b" -find %buildroot -type f -name "*.la" -delete -print +find "$b/%_libdir/" -type f -name "*.la" -delete -print %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig From f2032660b597eb046c6bb11633dbcb76119853b99c1a2644ac3de22025772192 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 17 Sep 2017 21:24:03 +0000 Subject: [PATCH 5/5] ipset-6.33 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=62 --- ipset-6.32.tar.bz2 | 3 --- ipset-6.33-export-func.diff | 28 ++++++++++++++++++++++++++++ ipset-6.33.tar.bz2 | 3 +++ ipset.changes | 7 +++++++ ipset.spec | 5 +++-- 5 files changed, 41 insertions(+), 5 deletions(-) delete mode 100644 ipset-6.32.tar.bz2 create mode 100644 ipset-6.33-export-func.diff create mode 100644 ipset-6.33.tar.bz2 diff --git a/ipset-6.32.tar.bz2 b/ipset-6.32.tar.bz2 deleted file mode 100644 index db071b7..0000000 --- a/ipset-6.32.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d9cbb49a4ae9e32d7808a604f1a37f359f9fc9064c210c4c5f35d629d49fb9fe -size 544635 diff --git a/ipset-6.33-export-func.diff b/ipset-6.33-export-func.diff new file mode 100644 index 0000000..e75af16 --- /dev/null +++ b/ipset-6.33-export-func.diff @@ -0,0 +1,28 @@ +From 4fc1ac6a4016c1e09cc393dfedb7eb4e9678efd3 Mon Sep 17 00:00:00 2001 +From: Jozsef Kadlecsik +Date: Thu, 14 Sep 2017 19:29:55 +0200 +Subject: [PATCH] New function added in commit 54802b2c is missing from + libipset.map The patch title was "Report if the option is supported by a + newer kernel release" + +Fixes bugzilla id #1182, reported by irherder@gmail.com. +--- + lib/libipset.map | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/lib/libipset.map b/lib/libipset.map +index d35e299..df632f2 100644 +--- a/lib/libipset.map ++++ b/lib/libipset.map +@@ -158,3 +158,8 @@ global: + ipset_parse_tcp_udp_port; + ipset_parse_uint16; + } LIBIPSET_4.3; ++ ++LIBIPSET_4.5 { ++global: ++ ipset_type_higher_rev; ++} LIBIPSET_4.4; +-- +2.14.1 + diff --git a/ipset-6.33.tar.bz2 b/ipset-6.33.tar.bz2 new file mode 100644 index 0000000..67d7bd2 --- /dev/null +++ b/ipset-6.33.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f7b1d886eff32acc97f948871f966f7a53b72440057d4c013c22377b57ea3602 +size 546786 diff --git a/ipset.changes b/ipset.changes index 41b6d0f..a6e4684 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sun Sep 17 21:19:30 UTC 2017 - jengelh@inai.de + +- Update to new upstream release 6.33 + * Report if the option is supported by a newer kernel release +- Add ipset-6.33-export-func.diff + ------------------------------------------------------------------- Fri Sep 15 16:44:31 UTC 2017 - kstreitova@suse.com diff --git a/ipset.spec b/ipset.spec index bc6504d..7da48a0 100644 --- a/ipset.spec +++ b/ipset.spec @@ -25,7 +25,7 @@ %define ipset_build_kmp 0 %endif Name: ipset -Version: 6.32 +Version: 6.33 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 @@ -36,6 +36,7 @@ Url: http://ipset.netfilter.org/ Source: http://ipset.netfilter.org/%name-%version.tar.bz2 Source3: %name-preamble Patch1: ipset-destdir.diff +Patch2: ipset-6.33-export-func.diff BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -104,7 +105,7 @@ when matching an entry against a set. %prep %setup -q -%patch -P 1 -p1 +%patch -P 1 -P 2 -p1 %build # build wants to call modinfo at some point