From dcf172f95e5007aaef8c039379cec4de999c213832bb5dfde4b378a41f073236 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Sat, 1 Jun 2013 02:42:31 +0000
Subject: [PATCH] iptables-1.4.19.1

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=74
---
 ...resolve-link-failure-for-ip6t_NETMAP.patch |  74 ---------------
 ...se-xtables_ip6mask_to_cidr-and-get-r.patch |  88 ------------------
 iptables-1.4.18.tar.bz2                       |   3 -
 iptables-1.4.18.tar.bz2.sig                   | Bin 543 -> 0 bytes
 iptables-1.4.19.1.tar.bz2                     |   3 +
 iptables-1.4.19.1.tar.bz2.sig                 | Bin 0 -> 543 bytes
 iptables.changes                              |   9 ++
 iptables.spec                                 |  30 +++---
 8 files changed, 28 insertions(+), 179 deletions(-)
 delete mode 100644 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
 delete mode 100644 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
 delete mode 100644 iptables-1.4.18.tar.bz2
 delete mode 100644 iptables-1.4.18.tar.bz2.sig
 create mode 100644 iptables-1.4.19.1.tar.bz2
 create mode 100644 iptables-1.4.19.1.tar.bz2.sig

diff --git a/0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch b/0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
deleted file mode 100644
index 76e175b..0000000
--- a/0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Sat, 16 Mar 2013 12:15:30 +0100
-Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP"
-
-This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6.
-
-The use of libtool was introduced to resolve linking problems
-in NETMAP (IPv6 version), but that resulted in RPATH problems
-reported from distributors and warnings spotted by libtool at
-linking stage.
-
-Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and
-get rid of libip6tc dependency) fixed the NETMAP issue, let's
-roll back to our previous stage.
-
-A small conflicts in extensions/GNUmakefile.in has been resolved
-in this revert.
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- extensions/GNUmakefile.in | 18 +++++++-----------
- 1 file changed, 7 insertions(+), 11 deletions(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index 3db6985..1ae7f74 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -33,7 +33,6 @@ AM_VERBOSE_CXX    = @echo "  CXX     " $@;
- AM_VERBOSE_CXXLD  = @echo "  CXXLD   " $@;
- AM_VERBOSE_AR     = @echo "  AR      " $@;
- AM_VERBOSE_GEN    = @echo "  GEN     " $@;
--AM_VERBOSE_NULL   = @
- endif
- 
- #
-@@ -76,7 +75,7 @@ install: ${targets_install}
- 	if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
- 
- clean:
--	rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
-+	rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
- 	rm -f .*.d .*.dd;
- 
- distclean: clean
-@@ -90,19 +89,16 @@ init%.o: init%.c
- #
- #	Shared libraries
- #
--lib%.so: lib%.la
--	${AM_VERBOSE_NULL} ln -fs .libs/$@ $@
-+lib%.so: lib%.oo
-+	${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD};
- 
--lib%.la: lib%.lo
--	${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
--
--lib%.lo: ${srcdir}/lib%.c
--	${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<
-+lib%.oo: ${srcdir}/lib%.c
-+	${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
- 
- libxt_NOTRACK.so: libxt_CT.so
--	${AM_VERBOSE_GEN} ln -fs $< $@
-+	ln -fs $< $@
- libxt_state.so: libxt_conntrack.so
--	${AM_VERBOSE_GEN} ln -fs $< $@
-+	ln -fs $< $@
- 
- # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
- xt_RATEEST_LIBADD   = -lm
--- 
-1.8.2
-
diff --git a/0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch b/0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
deleted file mode 100644
index c095baa..0000000
--- a/0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Sat, 16 Mar 2013 12:11:07 +0100
-Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of
- libip6tc dependency
-
-This patch changes the NETMAP target extension (IPv6 side) to use
-the xtables_ip6mask_to_cidr available in libxtables.
-
-As a side effect, we get rid of the libip6tc dependency.
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- extensions/GNUmakefile.in   | 1 -
- extensions/libip6t_NETMAP.c | 2 +-
- include/libiptc/libip6tc.h  | 3 ---
- iptables/ip6tables.c        | 2 +-
- libiptc/libip6tc.c          | 2 +-
- 5 files changed, 3 insertions(+), 7 deletions(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index adad4d6..3db6985 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so
- 	${AM_VERBOSE_GEN} ln -fs $< $@
- 
- # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
--ip6t_NETMAP_LIBADD  = ../libiptc/libip6tc.la
- xt_RATEEST_LIBADD   = -lm
- xt_statistic_LIBADD = -lm
- 
-diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c
-index d14dece..a4df70e 100644
---- a/extensions/libip6t_NETMAP.c
-+++ b/extensions/libip6t_NETMAP.c
-@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
- 	printf("%s", xtables_ip6addr_to_numeric(&a));
- 	for (i = 0; i < 4; i++)
- 		a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]);
--	bits = ipv6_prefix_length(&a);
-+	bits = xtables_ip6mask_to_cidr(&a);
- 	if (bits < 0)
- 		printf("/%s", xtables_ip6addr_to_numeric(&a));
- 	else
-diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
-index c656bc4..9aed80a 100644
---- a/include/libiptc/libip6tc.h
-+++ b/include/libiptc/libip6tc.h
-@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void);
- /* Translates errno numbers into more human-readable form than strerror. */
- const char *ip6tc_strerror(int err);
- 
--/* Return prefix length, or -1 if not contiguous */
--int ipv6_prefix_length(const struct in6_addr *a);
--
- extern void dump_entries6(struct xtc_handle *const);
- 
- extern const struct xtc_ops ip6tc_ops;
-diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
-index 4cfbea3..7d02cc1 100644
---- a/iptables/ip6tables.c
-+++ b/iptables/ip6tables.c
-@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
- 		     const struct in6_addr *mask, int invert)
- {
- 	char buf[51];
--	int l = ipv6_prefix_length(mask);
-+	int l = xtables_ip6mask_to_cidr(mask);
- 
- 	if (l == 0 && !invert)
- 		return;
-diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
-index 7128e1c..ca01bcb 100644
---- a/libiptc/libip6tc.c
-+++ b/libiptc/libip6tc.c
-@@ -113,7 +113,7 @@ typedef unsigned int socklen_t;
- #define BIT6(a, l) \
-  ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1)
- 
--int
-+static int
- ipv6_prefix_length(const struct in6_addr *a)
- {
- 	int l, i;
--- 
-1.8.2
-
diff --git a/iptables-1.4.18.tar.bz2 b/iptables-1.4.18.tar.bz2
deleted file mode 100644
index 565c95c..0000000
--- a/iptables-1.4.18.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c
-size 542308
diff --git a/iptables-1.4.18.tar.bz2.sig b/iptables-1.4.18.tar.bz2.sig
deleted file mode 100644
index 96785528288018632e7c5fd8eb6aaf7e21dfe5c3fe6477aa388e8e6d6a972236..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 543
zcmV+)0^t3L0vrSY0RjL91p-ks!~p;b2@s?aABnqPSj?$G5C28=qACBbg2$Aq2KVY^
zzLGGqmT%s^Gd=Ys5wY(yhKMdF<hOdG&6^&}neo6kk0c5n@jED_6ww3rP~R@UXZUKW
zYhbE*xO}fAF$Xx;7OES^qJ}p>C&KFfC9APX%FKc<BMY<9aHv*!*KOq>=CAF>{N42*
z+a~6hk(h_=SqqubB30G(1YpoE#xB3dezB{k*yNS|By~ZHFkQ<%Dmfb!vysz-Q~h$f
z3etEe&445Td3Oh0dhY$%`A;J*BtW%qOD;nii?aXP^bZ8hgHE>mBoPUgg#(eShxGT6
z`OYin{+c4f*%Im&)X{F(9AaiwWll;}eP$P0m575m!FiRDNlCb7WEG|Vu)1ac%0Zrm
zHw5+HPg&<CH&?wL{{n#le3FRz{gG^n;XM~HZG3=YWoj$&ew_HJNjn*?uUnCNYI5j$
znjxm~GL={*?$6`;n9yGq?Ku9^(IKwG*~Q#^9Bp7fja|k={=32TBUAx7Iy&){eOBg_
zQM5d32>4YBM=j}7(2q}@p$l#))Y=05kuZ4?*2(NK)25vz44xr>;dp)5y-5T{jS4{y
zK8Wt~!jU8jF6k6o6=G$n4ez)QA6EVm9%SoIf*#8cP|UJ*hs@$|fjtug9kw+v&jf80
hstk_-ga`~J6$!dLF4uMN8BSR5rv9*4*1V~+ZHB{D24?^O

diff --git a/iptables-1.4.19.1.tar.bz2 b/iptables-1.4.19.1.tar.bz2
new file mode 100644
index 0000000..fca0977
--- /dev/null
+++ b/iptables-1.4.19.1.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dd51d3b942758a462afc7c8495930d25c93058e5319303247375183ad50164d2
+size 543785
diff --git a/iptables-1.4.19.1.tar.bz2.sig b/iptables-1.4.19.1.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..e181708b57e89d109c7f8999247b7f3a8115705b4a2f22c944cd587d08650d22
GIT binary patch
literal 543
zcmV+)0^t3L0vrSY0RjL91p-l~2b2H`2@s?aABnqPSj;qd5CG00t^_|CuO`hjNY4+V
zRuX<4>n(8_iUSzNIB%XZ0dm-(k4q?YW%5`T-Rt(q2i5K6!xfbT5<0-Z57)Z0%GP&w
z{fw$S$35asXjy%S{|PXvz(=;uPhstB<vsQc%+GmvCzachdNY%pHzGIuE5Fh3CvVpI
z+F5uJ-P)-xxk2KW9!z;{@aFx3bfbI_sk0uiV!-mm49%+eb0CnD$SZgda0UQws<z?0
znqo6+YG7A$Z!RPrU=e=-+MiE2O(5+f-$43i2xi&1!g8WF(33Psl*0>h>3yTux{W<R
zs$;5JVhBM|>-Hrul~v<gQ*&@Kv`yU8hp-zVOKn-sF?6!$^Z@KBW;L%rB1|j8IKLG@
z+qZPDu@g18F-%z?exVuruUe|ql>4{;-f~fC{QzG?yzc1@oDWXHt|8`5^`J5rSBl5p
zJ7Ri9Y^i(Hxf9%r{d>?$&)x@Cm|Q&S!rdwfrMYu7t-#jPpR0d^nqEemp-(q^T7FYz
zk0Hg2Z<5yS#`#RAL9aXw(V$Elc{xQ-p8sebuh-=%I{HP2-kI~cBRI3reTq|^4{L!o
zTD-!7V+ke1h+|hE{*1jn3J-_0t{(&_j4xQ)=^SpbH-TnmA*woJH&JF^{LgPbl;pDZ
h({p@lXD)wYizG1<Hd~^vNOxeSS(EV0fpC=QpfUr&1110f

literal 0
HcmV?d00001

diff --git a/iptables.changes b/iptables.changes
index 4c9e7fa..3537684 100644
--- a/iptables.changes
+++ b/iptables.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri May 31 20:00:39 UTC 2013 - jengelh@inai.de
+
+- Update to new upstream release 1.4.19.1
+* New connlabel and bpf matches
+- Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch,
+  0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
+  (are upstream)
+
 -------------------------------------------------------------------
 Mon Apr 15 06:19:21 UTC 2013 - jengelh@inai.de
 
diff --git a/iptables.spec b/iptables.spec
index 3e3e197..45d2696 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -20,7 +20,7 @@ Name:           iptables
 %define lname_ipq	libipq0
 %define lname_iptc	libiptc0
 %define lname_xt	libxtables10
-Version:        1.4.18
+Version:        1.4.19.1
 Release:        0
 Summary:        IP Packet Filter Administration utilities
 License:        GPL-2.0 and Artistic-2.0
@@ -34,8 +34,6 @@ Url:            http://netfilter.org/projects/iptables/
 Source:         http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
 Source2:        http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
 Source3:        %name.keyring
-Patch1:         0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
-Patch2:         0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
 Patch3:         iptables-batch.patch
 Patch4:         iptables-apply-mktemp-fix.patch
 
@@ -148,7 +146,7 @@ xtables --variable=xtlibdir).
 %prep
 %{?gpg_verify: %gpg_verify %{S:2}}
 %setup -q
-%patch -P 1 -P 2 -P 3 -P 4 -p1
+%patch -P 3 -P 4 -p1
 
 %build
 # We have the iptables-batch patch, so always regenerate.
@@ -159,7 +157,7 @@ fi
 rm -f extensions/libipt_unclean.man
 # includedir is overriden on purpose to detect projects that
 # fail to include libxtables_CFLAGS
-%configure --includedir=%_includedir/%name-%version --enable-libipq
+%configure --includedir="%_includedir/pkg/%name" --enable-libipq
 make %{?_smp_mflags}
 
 %install
@@ -201,9 +199,11 @@ rm -f "%buildroot/%_libdir"/*.la;
 
 %files -n xtables-plugins
 %defattr(-,root,root)
-%_libdir/xtables
+%dir %_sysconfdir/xtables/
+%config %_sysconfdir/xtables/*.conf
+%_libdir/xtables/
 %_sbindir/nfnl_osf
-%_datadir/xtables
+%_datadir/xtables/
 
 %files -n %lname_ipq
 %defattr(-,root,root)
@@ -213,8 +213,8 @@ rm -f "%buildroot/%_libdir"/*.la;
 %defattr(-,root,root)
 %doc %_mandir/man3/libipq*
 %doc %_mandir/man3/ipq*
-%dir %_includedir/%name-%version
-%_includedir/%name-%version/libipq*
+%dir %_includedir/pkg/%name/
+%_includedir/pkg/%name/libipq*
 %_libdir/libipq.so
 %_libdir/pkgconfig/libipq.pc
 
@@ -226,8 +226,9 @@ rm -f "%buildroot/%_libdir"/*.la;
 
 %files -n libiptc-devel
 %defattr(-,root,root)
-%dir %_includedir/%name-%version
-%_includedir/%name-%version/libiptc*
+%dir %_includedir/pkg/
+%dir %_includedir/pkg/%name/
+%_includedir/pkg/%name/libiptc*
 %_libdir/libip*tc.so
 %_libdir/pkgconfig/libip*tc.pc
 
@@ -237,9 +238,10 @@ rm -f "%buildroot/%_libdir"/*.la;
 
 %files -n libxtables-devel
 %defattr(-,root,root)
-%dir %_includedir/%name-%version
-%_includedir/%name-%version/xtables.h
-%_includedir/%name-%version/xtables-version.h
+%dir %_includedir/pkg/
+%dir %_includedir/pkg/%name/
+%_includedir/pkg/%name/xtables.h
+%_includedir/pkg/%name/xtables-version.h
 %_libdir/libxtables.so
 %_libdir/pkgconfig/xtables.pc