SHA256
1
0
forked from pool/ipset

Accepting request 103455 from security:netfilter

- Update to new upstream release 6.11
* libipset is now complete; ipset is just a frontend
* Log warning when a hash type of set gets full
* Exceptions support added to hash:*net* types
* hash:net,iface timeout bug fixed
* Support hostnames and service names with dash

OBS-URL: https://build.opensuse.org/request/show/103455
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ipset?expand=0&rev=2
This commit is contained in:
Stephan Kulow 2012-02-10 16:14:27 +00:00 committed by Git OBS Bridge
commit 7425c7bbe0
7 changed files with 102 additions and 48 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:068bd00b9f94da5cc5718c4ac5ba6e0c3d71016ba6fba8471f04111a23c49d4d
size 118932

3
ipset-6.11.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9491ce236d04d21dff120657081c9685f6fb83e9f3f183320180b24640bae508
size 314464

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Fri Jan 20 17:27:01 UTC 2012 - jengelh@medozas.de
- Update to new upstream release 6.11
* libipset is now complete; ipset is just a frontend
* Log warning when a hash type of set gets full
* Exceptions support added to hash:*net* types
* hash:net,iface timeout bug fixed
* Support hostnames and service names with dash
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Jan 1 03:17:39 UTC 2012 - jengelh@medozas.de Sun Jan 1 03:17:39 UTC 2012 - jengelh@medozas.de

View File

@ -1,7 +1,7 @@
# #
# spec file for package ipset # spec file for package ipset
# #
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -15,28 +15,31 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via http://bugs.opensuse.org/
# #
Name: ipset Name: ipset
%define lname libipset1 %define lname libipset2
Version: 6.10+git9 Version: 6.11
Release: 0 Release: 0
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Summary: Netfilter ipset administration utility Summary: Netfilter ipset administration utility
License: GPL-2.0 License: GPL-2.0
URL: http://ipset.netfilter.org/ Url: http://ipset.netfilter.org/
#Git-Clone: git://git.netfilter.org/ipset #Git-Clone: git://git.netfilter.org/ipset
#Git-Web: http://git.netfilter.org/ #Git-Web: http://git.netfilter.org/
Source: %name-%version.tar.xz Source: %name-%version.tar.xz
Source3: %name-preamble Source3: %name-preamble
Patch1: no-static.diff Patch1: no-static.diff
Patch2: kernel-3_3.diff Patch2: kernel-3_3.diff
Patch3: linux-export.h.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf, automake, libtool BuildRequires: autoconf automake libtool
BuildRequires: pkgconfig >= 0.23, pkgconfig(libmnl) >= 1, xz BuildRequires: pkgconfig >= 0.21 pkgconfig(libmnl) >= 1 xz
%if 0%{?suse_version} %if 0%{?suse_version}
BuildRequires: %kernel_module_package_buildreqs BuildRequires: %kernel_module_package_buildreqs
BuildRequires: kernel-syms >= 2.6.39 BuildRequires: kernel-syms >= 2.6.39
Recommends: %name-kmp Recommends: %name-kmp
%endif %endif
@ -71,8 +74,8 @@ when matching an entry against a set.
This package contains a version update to the in-kernel ipset modules. This package contains a version update to the in-kernel ipset modules.
%package -n %lname %package -n %lname
Summary: Userspace library for the in-kernel Netfilter ipset interface Summary: Userspace library for the in-kernel Netfilter ipset interface
Group: System/Libraries Group: System/Libraries
%description -n %lname %description -n %lname
IP sets are a framework inside the Linux kernel, which can be IP sets are a framework inside the Linux kernel, which can be
@ -82,9 +85,9 @@ addresses with MAC addresses in a way, which ensures lightning speed
when matching an entry against a set. when matching an entry against a set.
%package devel %package devel
Summary: Development files for ipset extensions Summary: Development files for ipset extensions
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: %lname = %version Requires: %lname = %version
%description devel %description devel
IP sets are a framework inside the Linux kernel, which can be IP sets are a framework inside the Linux kernel, which can be
@ -95,12 +98,13 @@ when matching an entry against a set.
%prep %prep
%setup -q %setup -q
%patch -P 1 -P 2 -p1 %patch -P 1 -P 2 -P 3 -p1
%build %build
if [ ! -e configure ]; then ./autogen.sh; # got patches
./autogen.sh; #if [ ! -e configure ]; then
fi; # ./autogen.sh;
#fi;
pushd ../; pushd ../;
for flavor in %flavors_to_build; do for flavor in %flavors_to_build; do
cp -a "%name-%version" "%name-$flavor-%version"; cp -a "%name-%version" "%name-$flavor-%version";
@ -135,7 +139,7 @@ rm -f "$b/%_libdir"/*.la;
%files -n %lname %files -n %lname
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libipset.so.1* %_libdir/libipset.so.2*
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)

View File

@ -3,18 +3,18 @@ commit b2d4e4b4e6c48dc0d53eeab3b52ce56f01a29397
Author: Jan Engelhardt <jengelh@medozas.de> Author: Jan Engelhardt <jengelh@medozas.de>
Date: Sat Dec 31 02:22:10 2011 +0100 Date: Sat Dec 31 02:22:10 2011 +0100
kernel 3.2 support kernel 3.3 support
--- ---
kernel/net/netfilter/ipset/ip_set_getport.c | 6 ++++++ kernel/net/netfilter/ipset/ip_set_getport.c | 6 ++++++
kernel/net/netfilter/ipset/ip_set_hash_ip.c | 2 +- kernel/net/netfilter/ipset/ip_set_hash_ip.c | 2 +-
kernel/net/netfilter/ipset/ip_set_hash_net.c | 2 +- kernel/net/netfilter/ipset/ip_set_hash_net.c | 2 +-
3 files changed, 8 insertions(+), 2 deletions(-) 3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.c
index 58ca4e1..836855f 100644 ===================================================================
--- a/kernel/net/netfilter/ipset/ip_set_getport.c --- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_getport.c
+++ b/kernel/net/netfilter/ipset/ip_set_getport.c +++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.c
@@ -12,6 +12,7 @@ @@ -16,6 +16,7 @@
#include <linux/icmp.h> #include <linux/icmp.h>
#include <linux/icmpv6.h> #include <linux/icmpv6.h>
#include <linux/sctp.h> #include <linux/sctp.h>
@ -22,7 +22,7 @@ index 58ca4e1..836855f 100644
#include <linux/netfilter_ipv6/ip6_tables.h> #include <linux/netfilter_ipv6/ip6_tables.h>
#include <net/ip.h> #include <net/ip.h>
#include <net/ipv6.h> #include <net/ipv6.h>
@@ -115,9 +116,14 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src, @@ -119,9 +120,14 @@ ip_set_get_ip6_port(const struct sk_buff
{ {
int protoff; int protoff;
u8 nexthdr; u8 nexthdr;
@ -37,11 +37,11 @@ index 58ca4e1..836855f 100644
if (protoff < 0) if (protoff < 0)
return false; return false;
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_ip.c
index 14a8628..5139dea 100644 ===================================================================
--- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c --- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c +++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_ip.c
@@ -241,7 +241,7 @@ hash_ip6_data_isnull(const struct hash_ip6_elem *elem) @@ -241,7 +241,7 @@ hash_ip6_data_isnull(const struct hash_i
static inline void static inline void
hash_ip6_data_copy(struct hash_ip6_elem *dst, const struct hash_ip6_elem *src) hash_ip6_data_copy(struct hash_ip6_elem *dst, const struct hash_ip6_elem *src)
{ {
@ -50,18 +50,16 @@ index 14a8628..5139dea 100644
} }
static inline void static inline void
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_net.c
index 48e35ba..5a4457a 100644 ===================================================================
--- a/kernel/net/netfilter/ipset/ip_set_hash_net.c --- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_hash_net.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c +++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_net.c
@@ -267,7 +267,7 @@ static inline void @@ -295,7 +295,7 @@ static inline void
hash_net6_data_copy(struct hash_net6_elem *dst, hash_net6_data_copy(struct hash_net6_elem *dst,
const struct hash_net6_elem *src) const struct hash_net6_elem *src)
{ {
- ipv6_addr_copy(&dst->ip.in6, &src->ip.in6); - ipv6_addr_copy(&dst->ip.in6, &src->ip.in6);
+ dst->ip.in6 = src->ip.in6; + dst->ip.in6 = src->ip.in6;
dst->cidr = src->cidr; dst->cidr = src->cidr;
dst->nomatch = src->nomatch;
} }
--
# Created with git-export-patch

41
linux-export.h.diff Normal file
View File

@ -0,0 +1,41 @@
parent fe8800c8ad505196d4cde9fca21d868751760c9f (v6.11)
commit 94daadfc825c504dcb9bd510b895c6c673229b60
Author: Henry Culver <henry@culcon.com>
Date: Fri Jan 20 13:40:55 2012 +0100
Fix the inclusion of linux/export.h
The tests for inclusion of linux/export.h in
ipset-6.11:kernel/net/netfilter/ipset/{ip_set_getport.c,pfxlen.c} are
incorrect, linux/export.h did not go in until 3.2.0.
---
kernel/net/netfilter/ipset/ip_set_getport.c | 2 +-
kernel/net/netfilter/ipset/pfxlen.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c
index 0f77a53..a66c67b 100644
--- a/kernel/net/netfilter/ipset/ip_set_getport.c
+++ b/kernel/net/netfilter/ipset/ip_set_getport.c
@@ -8,7 +8,7 @@
/* Get Layer-4 data from the packets */
#include <linux/version.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0)
#include <linux/export.h>
#endif
#include <linux/ip.h>
diff --git a/kernel/net/netfilter/ipset/pfxlen.c b/kernel/net/netfilter/ipset/pfxlen.c
index c5191c7..56ca480 100644
--- a/kernel/net/netfilter/ipset/pfxlen.c
+++ b/kernel/net/netfilter/ipset/pfxlen.c
@@ -1,5 +1,5 @@
#include <linux/version.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0)
#include <linux/export.h>
#endif
#include <linux/netfilter/ipset/pfxlen.h>
--
# Created with git-export-patch

View File

@ -2,13 +2,13 @@
src/Makefile.am | 1 - src/Makefile.am | 1 -
1 file changed, 1 deletion(-) 1 file changed, 1 deletion(-)
Index: ipset-6.10+git9/src/Makefile.am Index: ipset-6.11/src/Makefile.am
=================================================================== ===================================================================
--- ipset-6.10+git9.orig/src/Makefile.am --- ipset-6.11.orig/src/Makefile.am
+++ ipset-6.10+git9/src/Makefile.am +++ ipset-6.11/src/Makefile.am
@@ -15,7 +15,6 @@ ipset_SOURCES = ipset.c \ @@ -3,7 +3,6 @@ include $(top_srcdir)/Make_global.am
ipset_list_set.c \ sbin_PROGRAMS = ipset
ui.c ipset_SOURCES = ipset.c ui.c
ipset_LDADD = ../lib/libipset.la ipset_LDADD = ../lib/libipset.la
-AM_LDFLAGS = -static -AM_LDFLAGS = -static