Accepting request 77018 from security:netfilter

- Update to new upstream release 1.4.12
* Include lost match/target descriptions in manpage again
* libxt_LOG: fix ignorance of all but the last flag
* libxt_HL: restore hl-* option names
* libxt_hashlimit: use a more obvious expiry value by default
* libxt_RATEEST: fix find-and-delete of rules with -j RATEEST
* ipv4: restore negation for the -f option
* Reject empty host specifications (e.g. -s "")
* libxt_conntrack: restore network byteordering for ABI v1 & v2
* Documentation updates

OBS-URL: https://build.opensuse.org/request/show/77018
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=33

71e402b-fix-install-symlinks.diff

@@ -1,31 +0,0 @@
-parent 7d91a2accc92d13bb32bf881831e9c9a8b4d7734 (v1.4.11-2-g7d91a2a)
-commit 71e402bbb3db7b54571f0e44354fd37706ff90aa
-Author: Jan Engelhardt <jengelh@medozas.de>
-Date:   Mon May 30 01:45:14 2011 +0200
-
-build: fix installation of symlinks
-
-Commit v1.4.11~20 forgot to change the symlink target names to the new
-executable name.
-
-Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
----
- Makefile.am |    6 +++---
- 1 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 13e144e..741729b 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -96,6 +96,6 @@ config.status: extensions/GNUmakefile.in \
- install-exec-hook:
- 	-if test -z "${DESTDIR}"; then /sbin/ldconfig; fi;
- 	${INSTALL} -dm0755 "${DESTDIR}${bindir}";
--	for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/iptables-multi" "${DESTDIR}${bindir}/$$i"; done;
--	for i in ${v4_sbin_links}; do ${LN_S} -f iptables-multi "${DESTDIR}${sbindir}/$$i"; done;
--	for i in ${v6_sbin_links}; do ${LN_S} -f ip6tables-multi "${DESTDIR}${sbindir}/$$i"; done;
-+	for i in ${v4_bin_links}; do ${LN_S} -f "${sbindir}/xtables-multi" "${DESTDIR}${bindir}/$$i"; done;
-+	for i in ${v4_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
-+	for i in ${v6_sbin_links}; do ${LN_S} -f xtables-multi "${DESTDIR}${sbindir}/$$i"; done;
--- 
-# Created with git-export-patch

874bd762-owner-restore-invert.diff

@@ -1,31 +0,0 @@
-parent 172e9b15271c276aa1485b4a2fb63928a65b13ae (v1.4.11)
-commit 874b76221f74a00520a712ef89b5254a1ed896f8
-Author: Jan Engelhardt <jengelh@medozas.de>
-Date:   Sun May 29 16:43:25 2011 +0200
-
-libxt_owner: restore inversion support
-
-Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
----
- extensions/libxt_owner.c |    6 ++++--
- 1 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
-index b60f907..d2fdfa9 100644
---- a/extensions/libxt_owner.c
-+++ b/extensions/libxt_owner.c
-@@ -125,8 +125,10 @@ static const struct xt_option_entry owner_mt6_opts_v0[] = {
- #undef s
- 
- static const struct xt_option_entry owner_mt_opts[] = {
--	{.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING},
--	{.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING},
-+	{.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING,
-+	 .flags = XTOPT_INVERT},
-+	{.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING,
-+	 .flags = XTOPT_INVERT},
- 	{.name = "socket-exists", .id = O_SOCK_EXISTS, .type = XTTYPE_NONE},
- 	XTOPT_TABLEEND,
- };
--- 
-# Created with git-export-patch

iptables-1.4.11.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:10b5e56839b8eb49003d0fa87ed3548783fb169c23d80b6df77d27fca5247c49
-size 409000

iptables-1.4.12.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b9a98a026e2f9d6795fcb209e61b938adecac05d002dd094b3ed7bf930a2047d
+size 411544

iptables-batch.patch

@@ -1,13 +1,13 @@
 ---
- Makefile.am      |   10 +
+ iptables/Makefile.am      |   10 
- iptables-batch.c |  468 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ iptables/iptables-batch.c |  468 ++++++++++++++++++++++++++++++++++++++++++++++
  2 files changed, 477 insertions(+), 1 deletion(-)
 
-Index: iptables-1.4.11/Makefile.am
+Index: iptables/iptables/Makefile.am
 ===================================================================
---- iptables-1.4.11.orig/Makefile.am
+--- iptables.orig/iptables/Makefile.am
-+++ iptables-1.4.11/Makefile.am
++++ iptables/iptables/Makefile.am
-@@ -59,7 +59,15 @@ endif
+@@ -36,7 +36,15 @@ endif
  xtables_multi_SOURCES += xshared.c
  xtables_multi_LDADD   += libxtables.la -lm
  
@@ -22,12 +22,12 @@ Index: iptables-1.4.11/Makefile.am
 +
 +sbin_PROGRAMS    = xtables-multi iptables-batch ip6tables-batch
  man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
-                    iptables-xml.8 ip6tables.8 ip6tables-restore.8 \
+                    iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
                     ip6tables-save.8
-Index: iptables-1.4.11/iptables-batch.c
+Index: iptables/iptables/iptables-batch.c
 ===================================================================
 --- /dev/null
-+++ iptables-1.4.11/iptables-batch.c
++++ iptables/iptables/iptables-batch.c
 @@ -0,0 +1,468 @@
 +/*
 + * Author: Ludwig Nussel <ludwig.nussel@suse.de>

iptables.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Fri Jul 22 13:12:50 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.12
+* Include lost match/target descriptions in manpage again
+* libxt_LOG: fix ignorance of all but the last flag
+* libxt_HL: restore hl-* option names
+* libxt_hashlimit: use a more obvious expiry value by default
+* libxt_RATEEST: fix find-and-delete of rules with -j RATEEST
+* ipv4: restore negation for the -f option
+* Reject empty host specifications (e.g. -s "")
+* libxt_conntrack: restore network byteordering for ABI v1 & v2
+* Documentation updates
+
+-------------------------------------------------------------------
+Wed Jun  8 10:20:57 UTC 2011 - jengelh@medozas.de
+
+- Update to snapshot 1.4.11+git16
+* libxt_owner: restore inversion support
+* option: fix ignored negation before implicit extension loading
+* build: fix installation of symlinks
+* build: fix absence of xml translator in IPv6-only builds
+- Drop merged patches
+
 -------------------------------------------------------------------
 Sun May 29 23:56:33 UTC 2011 - jengelh@medozas.de
 

iptables.spec

@@ -21,19 +21,18 @@
 Name:           iptables
 License:        GPLv2+
 Group:          Productivity/Networking/Security
-Version:        1.4.11
+Version:        1.4.12
 Release:        1
 Summary:        IP Packet Filter Administration
 
+#DL-URL:	ftp://ftp.netfilter.org/pub/iptables/
 #Git-Web:	http://git.netfilter.org/
 #Git-Clone:	git://git.netfilter.org/iptables
 Source:         %name-%version.tar.xz
 Patch1:         iptables-batch.patch
-Patch2:         874bd762-owner-restore-invert.diff
+URL:            http://netfilter.org/
-Patch3:         71e402b-fix-install-symlinks.diff
+BuildRoot:      %_tmppath/%name-%version-build
-Url:            http://netfilter.org/
+BuildRequires:  pkg-config, sgmltool, xz
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  pkg-config sgmltool xz
 
 %description
 Iptables is used to set up, maintain, and inspect the tables of IP
@@ -54,7 +53,7 @@ These libraries are needed to compile
 
 %prep
 %setup -q
-%patch -P 1 -P 2 -P 3 -p1
+%patch -P 1 -p1
 
 %build
 if [ ! -e configure ]; then
@@ -69,8 +68,8 @@ make %{?_smp_mflags}
 %install
 make DESTDIR=%buildroot install
 # iptables-apply is not installed by upstream Makefile
-install -m0755 iptables-apply %buildroot%_sbindir/
+install -m0755 iptables/iptables-apply %buildroot%_sbindir/
-install -m0644 iptables-apply.8 %buildroot%_mandir/man8/
+install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
 find "%buildroot" -iname "*.la" -delete
 
 %post -p /sbin/ldconfig
@@ -80,13 +79,13 @@ find "%buildroot" -iname "*.la" -delete
 %files
 %defattr(-,root,root)
 %doc COPYING INCOMPATIBILITIES
+%doc %_mandir/man1/*
 %doc %_mandir/man8/*
 %_bindir/iptables*
 %_sbindir/iptables*
 %_sbindir/ip6tables*
 %_sbindir/xtables*
-%dir %_libexecdir/xtables
+%_libdir/xtables
-%_libexecdir/xtables/*
 %_libdir/*.so.*
 
 %files devel