From 340fc3f431ecd05db712aec76c75283aa686447ef30345188d23f9161338024d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 31 Dec 2011 22:59:05 +0000 Subject: [PATCH 1/4] 1.4.12.1+50 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=41 --- iptables-1.4.12.1+16.tar.xz | 3 - iptables-1.4.12.1+50.tar.xz | 3 + iptables.changes | 10 +++ iptables.spec | 161 +++++++++++++++++++++++++++--------- 4 files changed, 133 insertions(+), 44 deletions(-) delete mode 100644 iptables-1.4.12.1+16.tar.xz create mode 100644 iptables-1.4.12.1+50.tar.xz diff --git a/iptables-1.4.12.1+16.tar.xz b/iptables-1.4.12.1+16.tar.xz deleted file mode 100644 index 8d4ad8e..0000000 --- a/iptables-1.4.12.1+16.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:635d4839988b8f130a330e1f4d45dd20cd630e4561bb451c3cb2edac28211863 -size 415028 diff --git a/iptables-1.4.12.1+50.tar.xz b/iptables-1.4.12.1+50.tar.xz new file mode 100644 index 0000000..88f79df --- /dev/null +++ b/iptables-1.4.12.1+50.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:70b0b61e094e611d62731f7361de6964dde1364ce15b5f88eddfc64568945e02 +size 223356 diff --git a/iptables.changes b/iptables.changes index 8bca555..3d26261 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Dec 31 22:54:11 UTC 2011 - jengelh@medozas.de + +- Update to newer git snapshot (v1.4.12.1-50) +* ships missing pkgconfig files, compile fix for libnfnetlink +* libxt_NFQUEUE: fix --queue-bypass ipt-save output +* libxt_connbytes: fix handling of --connbytes FROM +* libxt_recent: Add support for --reap option +- split iptables-devel into libiptc-devel and libxtables-devel + ------------------------------------------------------------------- Wed Dec 28 09:50:23 UTC 2011 - puzel@suse.com diff --git a/iptables.spec b/iptables.spec index 982b770..c179943 100644 --- a/iptables.spec +++ b/iptables.spec @@ -15,59 +15,109 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + + Name: iptables -Version: 1.4.12.1+16 -Release: 0 -%define xt_sover 7 -Summary: IP Packet Filter Administration +%define lname_ipq libipq0 +%define lname_iptc libiptc0 +%define lname_xt libxtables7 +Version: 1.4.12.1+50 +Release: 1 +Summary: IP Packet Filter Administration utilities License: GPL-2.0+ Group: Productivity/Networking/Security + +Url: http://netfilter.org/ #DL-URL: ftp://ftp.netfilter.org/pub/iptables/ #Git-Web: http://git.netfilter.org/ #Git-Clone: git://git.netfilter.org/iptables Source: %name-%version.tar.xz Patch1: iptables-batch.patch Patch2: iptables-apply-mktemp-fix.patch -Url: http://netfilter.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} BuildRequires: sgmltool %endif %if 0%{?fedora_version} || 0%{?centos_version} BuildRequires: sgml-common -Provides: iptables-ipv6 = %version-%release -Obsoletes: iptables-ipv6 < %version-%release %endif -BuildRequires: automake -BuildRequires: fdupes -BuildRequires: libnfnetlink-devel -BuildRequires: pkgconfig +BuildRequires: fdupes pkgconfig >= 0.23 pkgconfig(libnfnetlink) >= 1.0.0 BuildRequires: xz %description -Iptables is used to set up, maintain, and inspect the tables of IP +iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. This version requires kernel 2.4.0 or newer. -%package devel -Summary: Libraries, Headers and Development Man Pages for iptables -Group: Development/Libraries/C and C++ -Requires: %name = %version -Requires: libxtables%xt_sover = %version - -%description devel -These libraries are needed to compile -- additional third-party extensions -- programs using libipq - -%package -n libxtables%xt_sover -Summary: Library for functions shared between iptables +%package -n %lname_ipq +Summary: Library to interface with the (old) ip_queue kernel mechanism Group: System/Libraries -%description -n libxtables%xt_sover -This package contains shared functions exposed for integration with +%description -n %lname_ipq +The Netfilter project provides a mechanism (ip_queue) for passing +packets out of the stack for queueing to userspace, then receiving +these packets back into the kernel with a verdict specifying what to +do with the packets (such as ACCEPT or DROP). These packets may also +be modified in userspace prior to reinjection back into the kernel. + +ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! + +%package -n libipq-devel +Summary: Development files for the ip_queue kernel mechanism +Group: Development/Libraries/C and C++ +Requires: %lname_ipq = %version + +%description -n libipq-devel +The Netfilter project provides a mechanism (ip_queue) for passing +packets out of the stack for queueing to userspace, then receiving +these packets back into the kernel with a verdict specifying what to +do with the packets (such as ACCEPT or DROP). These packets may also +be modified in userspace prior to reinjection back into the kernel. + +ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! + +%package -n %lname_iptc +Summary: Library for low-level ruleset generation and parsing +Group: System/Libraries + +%description -n %lname_iptc +libiptc ("iptables cache") is used to retrieve from the kernel, parse, +construct, and load new rulesets into the kernel. + +%package -n libiptc-devel +Summary: Development files for libiptc, a packet filter ruleset library +Group: Development/Libraries/C and C++ +Requires: %lname_iptc = %version +# NOT adding Obsoletes/Provides: iptables-devel, because that one has +# been split into _two_ new pkgs (libxtables-devel, libiptc-devel). +# NOTE: Please use pkgconfig(...) symbols for BuildRequires. + +%description -n libiptc-devel +libiptc ("iptables cache") is used to retrieve from the kernel, parse, +construct, and load new rulesets into the kernel. + +%package -n %lname_xt +Summary: iptables extension interface +Group: System/Libraries + +%description -n %lname_xt +This library contains all the iptables code shared between iptables, +ip6tables, their extensions, and for external integration for e.g. iproute2's m_xt. +%package -n libxtables-devel +Summary: Libraries, Headers and Development Man Pages for iptables +Group: Development/Libraries/C and C++ +Requires: %lname_xt = %version + +%description -n libxtables-devel +This library contains all the iptables code shared between iptables, +ip6tables, their extensions, and for external integration for e.g. + +Link your extension (iptables plugins) with $(pkg-config xtables +--libs) and place the plugin in the directory given by $(pkg-config +xtables --variable=xtlibdir). + %prep %if 0%{?__xz:1} %setup -q @@ -94,22 +144,26 @@ make DESTDIR=%buildroot install # iptables-apply is not installed by upstream Makefile install -m0755 iptables/iptables-apply %buildroot%_sbindir/ install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/ -find "%buildroot" -iname "*.la" -delete +rm -f "%buildroot/%_libdir"/*.la; %if 0%{?suse_version} %fdupes %buildroot %endif -%post -p /sbin/ldconfig +%post -n %lname_ipq -p /sbin/ldconfig -%postun -p /sbin/ldconfig +%postun -n %lname_ipq -p /sbin/ldconfig -%post -n libxtables%xt_sover -p /sbin/ldconfig +%post -n %lname_iptc -p /sbin/ldconfig -%postun -n libxtables%xt_sover -p /sbin/ldconfig +%postun -n %lname_iptc -p /sbin/ldconfig + +%post -n %lname_xt -p /sbin/ldconfig + +%postun -n %lname_xt -p /sbin/ldconfig %files %defattr(-,root,root) -%doc COPYING INCOMPATIBILITIES +%doc COPYING %doc %_mandir/man1/* %doc %_mandir/man8/* %_bindir/iptables* @@ -118,18 +172,43 @@ find "%buildroot" -iname "*.la" -delete %_sbindir/xtables* %_sbindir/nfnl_osf %_libdir/xtables -%_libdir/libip*.so.* %_datadir/xtables -%files devel +%files -n %lname_ipq %defattr(-,root,root) -%doc %_mandir/man3/* -%_includedir/* -%_libdir/*.so -%_libdir/pkgconfig/*.pc +%_libdir/libipq.so.0* -%files -n libxtables%xt_sover +%files -n libipq-devel %defattr(-,root,root) -%_libdir/libxtables.so.* +%doc %_mandir/man3/libipq* +%doc %_mandir/man3/ipq* +%dir %_includedir/%name-%version +%_includedir/%name-%version/libipq* +%_libdir/libipq.so +%_libdir/pkgconfig/libipq.pc + +%files -n %lname_iptc +%defattr(-,root,root) +%_libdir/libiptc.so.0* +%_libdir/libip4tc.so.0* +%_libdir/libip6tc.so.0* + +%files -n libiptc-devel +%defattr(-,root,root) +%dir %_includedir/%name-%version +%_includedir/%name-%version/libiptc* +%_libdir/libip*tc.so +%_libdir/pkgconfig/libip*tc.pc + +%files -n %lname_xt +%defattr(-,root,root) +%_libdir/libxtables.so.7* + +%files -n libxtables-devel +%defattr(-,root,root) +%dir %_includedir/%name-%version +%_includedir/%name-%version/xtables.h +%_libdir/libxtables.so +%_libdir/pkgconfig/xtables.pc %changelog From c95fe7da5024c99a26d2964e8537110218d4359af3856de7bcf65324c85174db Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 31 Dec 2011 23:51:26 +0000 Subject: [PATCH 2/4] Need more BuildRequires for git builds OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=42 --- iptables.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/iptables.spec b/iptables.spec index c179943..bc93f53 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,7 +1,7 @@ # # spec file for package iptables # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -41,7 +41,8 @@ BuildRequires: sgmltool %if 0%{?fedora_version} || 0%{?centos_version} BuildRequires: sgml-common %endif -BuildRequires: fdupes pkgconfig >= 0.23 pkgconfig(libnfnetlink) >= 1.0.0 +BuildRequires: autoconf automake fdupes libtool +BuildRequires: pkgconfig >= 0.23 pkgconfig(libnfnetlink) >= 1.0.0 BuildRequires: xz %description From e6c3d9e74cde903a806e4857c79c11deb560ef6528268c3f32051199dd82fb21 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 2 Jan 2012 21:32:31 +0000 Subject: [PATCH 3/4] iptables 1.4.12.2+git28 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=43 --- iptables-1.4.12.1+50.tar.xz | 3 --- iptables-1.4.12.90.tar.xz | 3 +++ iptables.changes | 4 ++-- iptables.spec | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) delete mode 100644 iptables-1.4.12.1+50.tar.xz create mode 100644 iptables-1.4.12.90.tar.xz diff --git a/iptables-1.4.12.1+50.tar.xz b/iptables-1.4.12.1+50.tar.xz deleted file mode 100644 index 88f79df..0000000 --- a/iptables-1.4.12.1+50.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:70b0b61e094e611d62731f7361de6964dde1364ce15b5f88eddfc64568945e02 -size 223356 diff --git a/iptables-1.4.12.90.tar.xz b/iptables-1.4.12.90.tar.xz new file mode 100644 index 0000000..cee4550 --- /dev/null +++ b/iptables-1.4.12.90.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c175beb7f1eaa983efe6a416aa91f5218c68d5b32bed182fb20c7a430366874c +size 223348 diff --git a/iptables.changes b/iptables.changes index 3d26261..291a4dc 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- -Sat Dec 31 22:54:11 UTC 2011 - jengelh@medozas.de +Mon Jan 2 21:30:38 UTC 2012 - jengelh@medozas.de -- Update to newer git snapshot (v1.4.12.1-50) +- Update to newer git snapshot (v1.4.12.2-28) * ships missing pkgconfig files, compile fix for libnfnetlink * libxt_NFQUEUE: fix --queue-bypass ipt-save output * libxt_connbytes: fix handling of --connbytes FROM diff --git a/iptables.spec b/iptables.spec index bc93f53..0e089c7 100644 --- a/iptables.spec +++ b/iptables.spec @@ -21,7 +21,7 @@ Name: iptables %define lname_ipq libipq0 %define lname_iptc libiptc0 %define lname_xt libxtables7 -Version: 1.4.12.1+50 +Version: 1.4.12.90 Release: 1 Summary: IP Packet Filter Administration utilities License: GPL-2.0+ From f0daaa321a83cc3997de4d3fc04a83f0ed388b5ab7fa2ecdf27fc6db29514f72 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 4 Jan 2012 06:58:59 +0000 Subject: [PATCH 4/4] Versions explained OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=44 --- iptables.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/iptables.changes b/iptables.changes index 291a4dc..07a735d 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,7 +1,8 @@ ------------------------------------------------------------------- Mon Jan 2 21:30:38 UTC 2012 - jengelh@medozas.de -- Update to newer git snapshot (v1.4.12.2-28) +- Update to newer git snapshot (v1.4.12.2-28-g2117f2b, + but master branch), tag locally as 1.4.12.90. * ships missing pkgconfig files, compile fix for libnfnetlink * libxt_NFQUEUE: fix --queue-bypass ipt-save output * libxt_connbytes: fix handling of --connbytes FROM