diff --git a/iptables-1.3.8-makefile.diff b/iptables-1.3.8-makefile.diff deleted file mode 100644 index 8df6910..0000000 --- a/iptables-1.3.8-makefile.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile -+++ Makefile -@@ -37,7 +37,7 @@ - endif - - COPT_FLAGS:=-O2 --CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG -+CFLAGS += $(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG - - ifdef NO_SHARED_LIBS - CFLAGS += -DNO_SHARED_LIBS=1 diff --git a/iptables-1.3.8-strict-aliasing-fix.diff b/iptables-1.3.8-strict-aliasing-fix.diff deleted file mode 100644 index f72412f..0000000 --- a/iptables-1.3.8-strict-aliasing-fix.diff +++ /dev/null @@ -1,81 +0,0 @@ ---- ip6tables-restore.c -+++ ip6tables-restore.c -@@ -76,7 +76,9 @@ - - int parse_counters(char *string, struct ip6t_counters *ctr) - { -- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2); -+ u_int64_t *p_pcnt = &ctr->pcnt; -+ u_int64_t *p_bcnt = &ctr->bcnt; -+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2); - } - - /* global new argv and argc */ ---- ip6tables.c -+++ ip6tables.c -@@ -1874,5 +1874,6 @@ - char *protocol = NULL; - int proto_used = 0; -+ u_int64_t *p_cnt; - - memset(&fw, 0, sizeof(fw)); - -@@ -2185,13 +2186,15 @@ - exit_error(PARAMETER_PROBLEM, - "-%c requires packet and byte counter", - opt2char(OPT_COUNTERS)); -- -- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1) -+ -+ p_cnt = &fw.counters.pcnt; -+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1) - exit_error(PARAMETER_PROBLEM, - "-%c packet counter not numeric", - opt2char(OPT_COUNTERS)); - -- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1) -+ p_cnt = &fw.counters.bcnt; -+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1) - exit_error(PARAMETER_PROBLEM, - "-%c byte counter not numeric", - opt2char(OPT_COUNTERS)); ---- iptables-restore.c -+++ iptables-restore.c -@@ -73,7 +73,9 @@ - - int parse_counters(char *string, struct ipt_counters *ctr) - { -- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2); -+ u_int64_t *p_pcnt = &ctr->pcnt; -+ u_int64_t *p_bcnt = &ctr->bcnt; -+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2); - } - - /* global new argv and argc */ ---- iptables.c -+++ iptables.c -@@ -1956,6 +1956,7 @@ - char *protocol = NULL; - int proto_used = 0; -+ u_int64_t *p_cnt; - - memset(&fw, 0, sizeof(fw)); - - /* re-set optind to 0 in case do_command gets called -@@ -2279,12 +2279,14 @@ - "-%c requires packet and byte counter", - opt2char(OPT_COUNTERS)); - -- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1) -+ p_cnt = &fw.counters.pcnt; -+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1) - exit_error(PARAMETER_PROBLEM, - "-%c packet counter not numeric", - opt2char(OPT_COUNTERS)); - -- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1) -+ p_cnt = &fw.counters.bcnt; -+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1) - exit_error(PARAMETER_PROBLEM, - "-%c byte counter not numeric", - opt2char(OPT_COUNTERS)); diff --git a/iptables-1.3.8.tar.bz2 b/iptables-1.3.8.tar.bz2 deleted file mode 100644 index 0c58608..0000000 --- a/iptables-1.3.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c5c8a091ed9a1fa2dab86b4d87719064b50c202e8503046f50f299a361e6211c -size 172584 diff --git a/iptables-1.3.8-batch.diff b/iptables-1.4.0-batch.diff similarity index 97% rename from iptables-1.3.8-batch.diff rename to iptables-1.4.0-batch.diff index 27c06eb..97a5137 100644 --- a/iptables-1.3.8-batch.diff +++ b/iptables-1.4.0-batch.diff @@ -1,4 +1,19 @@ ---- /dev/null +--- Makefile ++++ Makefile +@@ -107,6 +107,12 @@ + $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) + endif + ++iptables-batch: iptables-batch.c iptables.o xtables.o $(STATIC_LIBS) libiptc/libiptc.a ++ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) ++ ++ip6tables-batch: iptables-batch.c ip6tables.o xtables.o $(STATIC6_LIBS) libiptc/libiptc.a ++ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) ++ + $(DESTDIR)$(BINDIR)/iptables: iptables + @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) + cp $< $@ +--- iptables-batch.c +++ iptables-batch.c @@ -0,0 +1,454 @@ +/* @@ -455,18 +470,3 @@ + + exit(!ret); +} ---- Makefile -+++ Makefile -@@ -136,6 +136,12 @@ iptables: iptables-standalone.c iptables - $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) - endif - -+iptables-batch: iptables-batch.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a -+ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) -+ -+ip6tables-batch: iptables-batch.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a -+ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS) -+ - $(DESTDIR)$(BINDIR)/iptables: iptables - @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) - cp $< $@ diff --git a/iptables-1.3.8-debian-docs.tar.bz2 b/iptables-1.4.0-debian-docs.tar.bz2 similarity index 100% rename from iptables-1.3.8-debian-docs.tar.bz2 rename to iptables-1.4.0-debian-docs.tar.bz2 diff --git a/iptables-1.4.0-makefile.diff b/iptables-1.4.0-makefile.diff new file mode 100644 index 0000000..3c47dff --- /dev/null +++ b/iptables-1.4.0-makefile.diff @@ -0,0 +1,29 @@ +--- Makefile ++++ Makefile +@@ -11,15 +11,9 @@ + # Standard part of Makefile for topdir. + TOPLEVEL_INCLUDED=YES + +-# For recent kernels we only need the source in KERNEL_DIR to build. Older +-# kernels have a bug, where linux/netfilter_ipv4.h includes linux/config.h, +-# which includes linux/autoconf.h, which is placed into KBUILD_OUTPUT. + ifndef KERNEL_DIR + KERNEL_DIR="/lib/modules/$(shell uname -r)/source" + endif +-ifndef KBUILD_OUTPUT +-KBUILD_OUTPUT="/lib/modules/$(shell uname -r)/build" +-endif + IPTABLES_VERSION:=1.4.0 + OLD_IPTABLES_VERSION:=1.4.0rc1 + +@@ -42,8 +36,8 @@ + DO_SELINUX=0 + endif + +-COPT_FLAGS:=-O2 +-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KBUILD_OUTPUT)/include -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG ++COPT_FLAGS:=$(CFLAGS) ++CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" + + ifdef NO_SHARED_LIBS + CFLAGS += -DNO_SHARED_LIBS=1 diff --git a/iptables-1.4.0.tar.bz2 b/iptables-1.4.0.tar.bz2 new file mode 100644 index 0000000..aabc464 --- /dev/null +++ b/iptables-1.4.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd9a978035e6a8f73344f986c84a222dc4ac3706b901e0c1ecae9647db5e5d52 +size 181610 diff --git a/iptables.changes b/iptables.changes index 21aa43e..8fd5193 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,48 @@ +------------------------------------------------------------------- +Tue Jan 8 17:10:54 CET 2008 - prusnak@suse.cz + +- updated to 1.4.0: + * Add support for generic xtables infrastructure (improved IPv6 support!) + * Deletes empty ->final_check() functions + * Fix sparse warnings: non-C99 array declaration, incorrect function prototypes + * Remove last vestiges of NFC + * Make @msg argument a const char *, just like printf + * Makes it possible to omit extra_opts of matches/targets if unnecessary + * Fix "iptables getsockopt failed strangely" when querying revisions + for non-existant matches and targets + * Introduces DEST_IPT_LIBDIR in Makefile + * Change default KERNEL_DIR location and add KBUILD_OUTPUT + * Removes obsolete KERNEL_64_USERSPACE_32 definitions + * Fix unused function warning + * Don't use dlfcn.h if NO_SHARED_LIBS is defined + * Fix showing help text for matches/targets with revision as user + * Print warnings to stderr + * Fix sscanf type errors + * Always print mask in iptables-save + * Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names + * Adds --table to iptables-restore + * Make DO_MULTI=1 work for ip6tables* binaries + * Add ip6tables-{save,restore} to non-experimental target, + fix strict aliasing warnings + * Introducing libxt_*.man files. Sorted matches and modules + * Install ip6tables-{save,restore} manpages + * Performance optimization in sorting chain during pull-out + * Fix sockfd use accounting for kernels without autoloading + * use + * Fix make/compile error for iptables-1.4.0rc1 + * Fix for --random option in DNAT and REDIRECT + * Document xt_statistic + * sctp: fix - mistake to pass a pointer where array is required + * Fix connlimit output for inverted --connlimit-above: + ! > is <=, not < + * Add NFLOG manpage + * Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8 + * Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man + * Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8 + * fix check_inverse() call +- removed obsolete patch: + * strict-aliasing-fix.diff (included in update) + ------------------------------------------------------------------- Tue Jul 31 13:10:56 CEST 2007 - prusnak@suse.cz diff --git a/iptables.spec b/iptables.spec index ab047b0..e76b093 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,7 +1,7 @@ # -# spec file for package iptables (Version 1.3.8) +# spec file for package iptables (Version 1.4.0) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -14,16 +14,15 @@ Name: iptables BuildRequires: kernel-source License: GPL v2 or later Group: Productivity/Networking/Security -Autoreqprov: on -Version: 1.3.8 -Release: 4 +AutoReqProv: on +Version: 1.4.0 +Release: 1 Summary: IP Packet Filter Administration Source0: %{name}-%{version}.tar.bz2 Source1: %{name}-%{version}-debian-docs.tar.bz2 Patch0: %{name}-%{version}-makefile.diff Patch1: %{name}-%{version}-batch.diff -Patch2: %{name}-%{version}-strict-aliasing-fix.diff -URL: http://www.iptables.org +Url: http://www.iptables.org BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -40,7 +39,7 @@ Authors: %package devel Summary: Libraries, Headers and Development Man Pages for libipq Group: Development/Libraries/C and C++ -Autoreqprov: on +AutoReqProv: on Requires: %{name} = %{version} %description devel @@ -56,48 +55,85 @@ Authors: %setup -q -a 1 %patch0 %patch1 -%patch2 %build -[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"; -CFLAGS="$RPM_OPT_FLAGS" \ -make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" -CFLAGS="$RPM_OPT_FLAGS" \ -make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" experimental -# -# iptables-batch -CFLAGS="$RPM_OPT_FLAGS" \ -make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" iptables-batch ip6tables-batch +[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux" +CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" +CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" experimental +CFLAGS="$RPM_OPT_FLAGS" make LD=gcc BINDIR=%{_sbindir} LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" iptables-batch ip6tables-batch %install -[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux"; +[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux" CFLAGS="$RPM_OPT_FLAGS" \ make IPT_LIBDIR=%{_libdir}/iptables \ - BINDIR=$RPM_BUILD_ROOT%{_prefix}/sbin \ + BINDIR=$RPM_BUILD_ROOT%{_sbindir} \ LIBDIR=$RPM_BUILD_ROOT%{_libdir} \ - INCDIR=$RPM_BUILD_ROOT%{_prefix}/include \ - MANDIR=$RPM_BUILD_ROOT%{_mandir} install install-devel install-experimental KERNEL_DIR="$KERNEL_DIR" -install -m755 iptables-batch ip6tables-batch %{buildroot}%{_sbindir} + INCDIR=$RPM_BUILD_ROOT%{_includedir} \ + MANDIR=$RPM_BUILD_ROOT%{_mandir} \ + KERNEL_DIR="$KERNEL_DIR" \ + install install-devel install-experimental +install -m755 iptables-batch ip6tables-batch $RPM_BUILD_ROOT%{_sbindir} %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) -%doc COPYING -%{_prefix}/sbin/iptables* -%{_prefix}/sbin/ip6tables* -%{_libdir}/iptables +%doc COPYING doc/*.html %doc %{_mandir}/man8/* -%doc doc/*.html +%{_sbindir}/iptables* +%{_sbindir}/ip6tables* +%{_libdir}/iptables %files devel %defattr(-,root,root) %doc %{_mandir}/man3/* %{_libdir}/*.a -%{_prefix}/include/* +%{_includedir}/* %changelog +* Tue Jan 08 2008 - prusnak@suse.cz +- updated to 1.4.0: + * Add support for generic xtables infrastructure (improved IPv6 support!) + * Deletes empty ->final_check() functions + * Fix sparse warnings: non-C99 array declaration, incorrect function prototypes + * Remove last vestiges of NFC + * Make @msg argument a const char *, just like printf + * Makes it possible to omit extra_opts of matches/targets if unnecessary + * Fix "iptables getsockopt failed strangely" when querying revisions + for non-existant matches and targets + * Introduces DEST_IPT_LIBDIR in Makefile + * Change default KERNEL_DIR location and add KBUILD_OUTPUT + * Removes obsolete KERNEL_64_USERSPACE_32 definitions + * Fix unused function warning + * Don't use dlfcn.h if NO_SHARED_LIBS is defined + * Fix showing help text for matches/targets with revision as user + * Print warnings to stderr + * Fix sscanf type errors + * Always print mask in iptables-save + * Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names + * Adds --table to iptables-restore + * Make DO_MULTI=1 work for ip6tables* binaries + * Add ip6tables-{save,restore} to non-experimental target, + fix strict aliasing warnings + * Introducing libxt_*.man files. Sorted matches and modules + * Install ip6tables-{save,restore} manpages + * Performance optimization in sorting chain during pull-out + * Fix sockfd use accounting for kernels without autoloading + * use + * Fix make/compile error for iptables-1.4.0rc1 + * Fix for --random option in DNAT and REDIRECT + * Document xt_statistic + * sctp: fix - mistake to pass a pointer where array is required + * Fix connlimit output for inverted --connlimit-above: + ! > is <=, not < + * Add NFLOG manpage + * Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8 + * Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man + * Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8 + * fix check_inverse() call +- removed obsolete patch: + * strict-aliasing-fix.diff (included in update) * Tue Jul 31 2007 - prusnak@suse.cz - removed sed scripts in %%prep section from last update * not needed anymore