diff --git a/ipset-6.27.tar.bz2 b/ipset-6.27.tar.bz2 deleted file mode 100644 index 240ea4d..0000000 --- a/ipset-6.27.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:724897a80395534466142c3542184e5a480a5046140ca2a7d9097690b931b235 -size 532887 diff --git a/ipset-6.29.tar.bz2 b/ipset-6.29.tar.bz2 new file mode 100644 index 0000000..66d82a0 --- /dev/null +++ b/ipset-6.29.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6af58b21c8b475b1058e02529ea9f15b4b727dbc13dc9cbddf89941b0103880e +size 542735 diff --git a/ipset-destdir.diff b/ipset-destdir.diff new file mode 100644 index 0000000..c15f3eb --- /dev/null +++ b/ipset-destdir.diff @@ -0,0 +1,31 @@ +From: Jan Engelhardt +Date: 2016-03-17 01:13:03.340741300 +0100 + +Skip these two steps from Makefile.am altogether. + +1. If $INSTALL_MOD_PATH/lib/modules/uname_r is missing, no depmod + files will be created at all (by depmod as invoked by the kernel's + modules_install target). + +2. Therefore, modinfo -b will error out because it cannot find + $INSTALL_MOD_PATH/lib/modules/uname-r/modules.order. + +3. lsmod fails because /proc and /sys are not mounted. + +--- + Makefile.am | 2 -- + 1 file changed, 2 deletions(-) + +Index: ipset-6.29/Makefile.am +=================================================================== +--- ipset-6.29.orig/Makefile.am ++++ ipset-6.29/Makefile.am +@@ -72,8 +72,6 @@ modules_install: + if WITH_KMOD + ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net \ + KDIR=$$PWD/kernel modules_install +- @modinfo -b ${INSTALL_MOD_PATH} ip_set_hash_ip | ${GREP} /extra/ >/dev/null || echo "$$DEPMOD_WARNING" +- @lsmod | ${GREP} '^ip_set' >/dev/null && echo "$$MODULE_WARNING" + else + @echo Skipping kernel modules due to --with-kmod=no + endif diff --git a/ipset-preamble b/ipset-preamble new file mode 100644 index 0000000..0be4ca1 --- /dev/null +++ b/ipset-preamble @@ -0,0 +1,3 @@ +Enhances: kernel-%1 +Requires: kernel-%1 +Supplements: packageand(kernel-%1:ipset) diff --git a/ipset.changes b/ipset.changes index fff515d..6d89d2d 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Wed Mar 16 23:25:41 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 6.29 +* Fix race condition in ipset save, swap and delete + +------------------------------------------------------------------- +Sat Mar 12 21:40:08 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 6.28 +* Test added to check 0.0.0.0/0,iface to be matched in + hash:net,iface type +* Check IPSET_ATTR_ETHER netlink attribute length +* Fix set:list type crash when flush/dump set in parallel +* Allow a 0 netmask with hash_netiface type +- Restore unreviewed deletion of KMP production, + undo spec-cleaner refucktoring +- Add ipset-destdir.diff + ------------------------------------------------------------------- Mon Jan 18 15:42:54 UTC 2016 - kstreitova@suse.com diff --git a/ipset.spec b/ipset.spec index fb451e4..c1feb55 100644 --- a/ipset.spec +++ b/ipset.spec @@ -16,9 +16,9 @@ # -%define lname libipset3 Name: ipset -Version: 6.27 +%define lname libipset3 +Version: 6.29 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 @@ -26,14 +26,29 @@ Group: Productivity/Networking/Security Url: http://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ -Source: ftp://ftp.netfilter.org/pub/ipset/%{name}-%{version}.tar.bz2 +Source: ftp://ftp.netfilter.org/pub/ipset/%name-%version.tar.bz2 +Source3: %name-preamble +Patch1: ipset-destdir.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: linux-glibc-devel >= 2.6.24 -BuildRequires: pkgconfig >= 0.21 +BuildRequires: pkg-config >= 0.21 BuildRequires: pkgconfig(libmnl) >= 1 -BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} && 0%{?suse_version} < 1330 +# Factory gets new kernels, old releases don't. +# Always build KMPs for all versions older than Factory. +%define ipset_build_kmp 1 +%endif +%if 0%{?ipset_build_kmp} +BuildRequires: %kernel_module_package_buildreqs +%if 0%{?suse_version} >= 1320 +BuildRequires: kmod-compat +%endif +BuildRequires: kernel-syms >= 2.6.39 +%kernel_module_package -p %name-preamble +%endif %description IP sets are a framework inside the Linux kernel, which can be @@ -50,11 +65,24 @@ ipset can: * express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets -%package -n %{lname} +%package KMP +Summary: Netfilter ipset kernel modules +Group: System/Kernel + +%description KMP +IP sets are a framework inside the Linux kernel, which can be +administered by the ipset utility. Depending on the type, currently +an IP set may store IP addresses, (TCP/UDP) port numbers or IP +addresses with MAC addresses in a way, which ensures lightning speed +when matching an entry against a set. + +This package contains a version update to the in-kernel ipset modules. + +%package -n %lname Summary: Userspace library for the in-kernel Netfilter ipset interface Group: System/Libraries -%description -n %{lname} +%description -n %lname IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP @@ -64,7 +92,7 @@ when matching an entry against a set. %package devel Summary: Development files for ipset extensions Group: Development/Libraries/C and C++ -Requires: %{lname} = %{version} +Requires: %lname = %version %description devel IP sets are a framework inside the Linux kernel, which can be @@ -75,34 +103,59 @@ when matching an entry against a set. %prep %setup -q +%patch -P 1 -p1 %build -%configure --disable-static \ - --with-kmod=no \ - --includedir="%{_includedir}/pkg/%{name}" -make %{?_smp_mflags}; +# build wants to call modinfo at some point +export PATH="$PATH:/usr/sbin" +autoreconf -fi +%if 0%{?ipset_build_kmp} +for flavor in %flavors_to_build; do + cp -a . "../%name-$flavor-%version" + pushd "../%name-$flavor-%version/" + # ksource: it just checks for a header + %configure --disable-static \ + --with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" \ + --with-ksource="/usr/src/linux" \ + --includedir="%_includedir/%name" + make %{?_smp_mflags} all modules + popd +done +%endif +%configure --disable-static --with-kmod=no \ + --includedir="%_includedir/%name" +make %{?_smp_mflags} %install -make %{?_smp_mflags} install DESTDIR="%{buildroot}"; -find %{buildroot} -type f -name "*.la" -delete -print +export PATH="$PATH:/usr/sbin" +b="%buildroot" +%if 0%{?ipset_build_kmp} +for flavor in %flavors_to_build; do + pushd "../%name-$flavor-%version/" + make %{?_smp_mflags} install modules_install \ + DESTDIR="$b" INSTALL_MOD_PATH="$b" V=1 + popd; +done; +%endif +make %{?_smp_mflags} install DESTDIR="$b" +find "$b/%_libdir" -type f -name "*.la" -delete -%post -n %{lname} -p /sbin/ldconfig - -%postun -n %{lname} -p /sbin/ldconfig +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig %files %defattr(-,root,root) -%{_sbindir}/ipset -%{_mandir}/man*/* +%_sbindir/ipset +%_mandir/man*/* -%files -n %{lname} +%files -n %lname %defattr(-,root,root) -%{_libdir}/libipset.so.3* +%_libdir/libipset.so.3* %files devel %defattr(-,root,root) -%{_libdir}/libipset.so -%{_libdir}/pkgconfig/libipset.pc -%{_includedir}/pkg/ +%_libdir/libipset.so +%_libdir/pkgconfig/libipset.pc +%_includedir/%name/ %changelog