diff --git a/iptables-1.6.2.tar.bz2 b/iptables-1.6.2.tar.bz2 deleted file mode 100644 index 2d4ae79..0000000 --- a/iptables-1.6.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:55d02dfa46263343a401f297d44190f2a3e5113c8933946f094ed40237053733 -size 639785 diff --git a/iptables-1.6.2.tar.bz2.sig b/iptables-1.6.2.tar.bz2.sig deleted file mode 100644 index 9e4819d..0000000 Binary files a/iptables-1.6.2.tar.bz2.sig and /dev/null differ diff --git a/iptables-1.8.0.tar.bz2 b/iptables-1.8.0.tar.bz2 new file mode 100644 index 0000000..e064c98 --- /dev/null +++ b/iptables-1.8.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c4cbfa187c4296e4bc2e347ebbc21e309def7274773f20f0df0b8feaf7e8de50 +size 677980 diff --git a/iptables-1.8.0.tar.bz2.sig b/iptables-1.8.0.tar.bz2.sig new file mode 100644 index 0000000..652e886 Binary files /dev/null and b/iptables-1.8.0.tar.bz2.sig differ diff --git a/iptables-batch.patch b/iptables-batch.patch index 24c8c7e..0533a27 100644 --- a/iptables-batch.patch +++ b/iptables-batch.patch @@ -3,31 +3,27 @@ iptables/iptables-batch.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 477 insertions(+) -Index: iptables/iptables/Makefile.am +Index: iptables-1.8.0/iptables/Makefile.am =================================================================== ---- iptables.orig/iptables/Makefile.am -+++ iptables/iptables/Makefile.am -@@ -48,7 +48,16 @@ xtables_compat_multi_SOURCES += xshared. - xtables_compat_multi_LDADD += ../libxtables/libxtables.la -lm - endif - -+iptables_batch_SOURCES = iptables-batch.c iptables.c xshared.c -+iptables_batch_LDFLAGS = ${xtables_multi_LDFLAGS} -+iptables_batch_LDADD = ${xtables_multi_LDADD} -+ip6tables_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c -+ip6tables_batch_CFLAGS = ${AM_CFLAGS} -DIP6T -+ip6tables_batch_LDFLAGS = ${xtables_multi_LDFLAGS} -+ip6tables_batch_LDADD = ${xtables_multi_LDADD} +--- iptables-1.8.0.orig/iptables/Makefile.am ++++ iptables-1.8.0/iptables/Makefile.am +@@ -98,3 +98,12 @@ install-exec-hook: + for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done; + for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done; + for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done; + - sbin_PROGRAMS = xtables-multi -+sbin_PROGRAMS += iptables-batch ip6tables-batch - if ENABLE_NFTABLES - sbin_PROGRAMS += xtables-compat-multi - endif -Index: iptables/iptables/iptables-batch.c ++iptables_legacy_batch_SOURCES = iptables-batch.c iptables.c xshared.c ++iptables_legacy_batch_LDFLAGS = ${xtables_legacy_multi_LDFLAGS} ++iptables_legacy_batch_LDADD = ${xtables_legacy_multi_LDADD} ++ip6tables_legacy_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c ++ip6tables_legacy_batch_CFLAGS = ${AM_CFLAGS} -DIP6T ++ip6tables_legacy_batch_LDFLAGS = ${xtables_legacy_multi_LDFLAGS} ++ip6tables_legacy_batch_LDADD = ${xtables_legacy_multi_LDADD} ++sbin_PROGRAMS += iptables-legacy-batch ip6tables-legacy-batch +Index: iptables-1.8.0/iptables/iptables-batch.c =================================================================== --- /dev/null -+++ iptables/iptables/iptables-batch.c ++++ iptables-1.8.0/iptables/iptables-batch.c @@ -0,0 +1,468 @@ +/* + * Author: Ludwig Nussel diff --git a/iptables.changes b/iptables.changes index c2460c6..cceac44 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Jul 9 09:38:13 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 1.8.0 + * The ipv6 "srh" match can now match previous/next/last sid + * CONNMARK target now supports bit-shifting for restore,set + and save-mark. + * DNAT now supports shifted portmap ranges. + * iptables now comes in two backends: legacy and nft. + ------------------------------------------------------------------- Thu May 24 16:38:53 CEST 2018 - kukuk@suse.de diff --git a/iptables.spec b/iptables.spec index 2b9154e..755b100 100644 --- a/iptables.spec +++ b/iptables.spec @@ -17,7 +17,7 @@ Name: iptables -Version: 1.6.2 +Version: 1.8.0 Release: 0 Summary: IP packet filter administration utilities License: GPL-2.0-only AND Artistic-2.0 @@ -32,14 +32,9 @@ Patch4: iptables-apply-mktemp-fix.patch Patch5: iptables-batch-lock.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?fedora_version} || 0%{?centos_version} -BuildRequires: sgml-common -%endif -%if 0%{?suse_version} -BuildRequires: fdupes -%endif #git#BuildRequires: autoconf, automake >= 1.10 BuildRequires: bison +BuildRequires: fdupes BuildRequires: flex >= 2.5.33 BuildRequires: libtool BuildRequires: pkg-config >= 0.21 @@ -48,24 +43,13 @@ BuildRequires: pkgconfig(libmnl) >= 1.0 BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 BuildRequires: pkgconfig(libnftnl) >= 1.0.5 +Requires: iptables-default-backend +Requires: netcfg >= 11.6 Requires: xtables-plugins = %version-%release %description iptables is used to set up, maintain, and inspect the rule tables of -the classic "ip6_tables" and "ip_tables" packet filters in the Linux -kernel. - -%package nft -Summary: nft packet filter administration utilties in the style of Xtables -Group: Productivity/Networking/Security -Requires: netcfg >= 11.6 -Requires: xtables-plugins = %version-%release - -%description nft -The programs shipped in this subpackage behave like iptables on the -command line, but instead edits the rules of the nft packet filter in -the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit -the features. +the various Netfilter packet filter engines inside the Linux kernel. %package -n xtables-plugins Summary: Match and target extension plugins for iptables @@ -147,22 +131,24 @@ xtables --variable=xtlibdir). %build # We have the iptables-batch patch, so always regenerate. -if true || [ ! -e configure ]; then - ./autogen.sh -fi +./autogen.sh # bnc#561793 - do not include unclean module in iptables manpage rm -f extensions/libipt_unclean.man # includedir is overriden on purpose to detect projects that # fail to include libxtables_CFLAGS %configure --includedir="%_includedir/%name" --enable-libipq -make %{?_smp_mflags} +make %{?_smp_mflags} V= %install -make DESTDIR=%buildroot install +%make_install +b="%buildroot" # iptables-apply is not installed by upstream Makefile -install -m0755 iptables/iptables-apply %buildroot%_sbindir/ -install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/ -rm -f "%buildroot/%_libdir"/*.la +install -m0755 iptables/iptables-apply "$b/%_sbindir/" +install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/" +rm -f "$b/%_libdir"/*.la +rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg +mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft" +mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft" %if 0%{?suse_version} %fdupes %buildroot/%_prefix %endif @@ -175,42 +161,22 @@ rm -f "%buildroot/%_libdir"/*.la %postun -n libxtables12 -p /sbin/ldconfig %files -%defattr(-,root,root) %license COPYING -%doc %_mandir/man1/ip* -%doc %_mandir/man8/ip* -%_bindir/iptables-xml -%_sbindir/iptables -%_sbindir/iptables-apply -%_sbindir/iptables-batch -%_sbindir/iptables-restore -%_sbindir/iptables-save -%_sbindir/ip6tables -%_sbindir/ip6tables-batch -%_sbindir/ip6tables-restore -%_sbindir/ip6tables-save -%_sbindir/xtables-multi - -%files nft -%defattr(-,root,root) -# is provided by netcfg -%exclude %_sysconfdir/ethertypes -%_sbindir/*-compat* -%_sbindir/*-translate* +%_bindir/*tables* +%_sbindir/*tables* +%_mandir/man1/*tables* +%_mandir/man8/*tables* %files -n xtables-plugins -%defattr(-,root,root) %_libdir/xtables/ %_sbindir/nfnl_osf %_mandir/man8/nfnl_osf.8* %_datadir/xtables/ %files -n libipq0 -%defattr(-,root,root) %_libdir/libipq.so.0* %files -n libipq-devel -%defattr(-,root,root) %doc %_mandir/man3/libipq* %doc %_mandir/man3/ipq* %dir %_includedir/%name/ @@ -219,24 +185,20 @@ rm -f "%buildroot/%_libdir"/*.la %_libdir/pkgconfig/libipq.pc %files -n libiptc0 -%defattr(-,root,root) %_libdir/libiptc.so.0* %_libdir/libip4tc.so.0* %_libdir/libip6tc.so.0* %files -n libiptc-devel -%defattr(-,root,root) %dir %_includedir/%name/ %_includedir/%name/libiptc* %_libdir/libip*tc.so %_libdir/pkgconfig/libip*tc.pc %files -n libxtables12 -%defattr(-,root,root) %_libdir/libxtables.so.12* %files -n libxtables-devel -%defattr(-,root,root) %dir %_includedir/%name/ %_includedir/%name/xtables.h %_includedir/%name/xtables-version.h