jengelh/iptables
SHA256
1
0
Fork 1
forked from pool/iptables
Code Pull Requests Activity

Accepting request 637189 from security:netfilter

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/637189
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=63
This commit is contained in:
Dominique Leuenberger 2018-10-01 06:15:04 +00:00 committed by Git OBS Bridge
commit a267cc2deb
7 changed files with 167 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
_service Normal file
View File

@ -0,0 +1,13 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="scm">git</param>
<param name="url">git://netfilter.org/iptables</param>
<param name="revision">0800d9b46b377bc24f15af2c6ae22550b954b6e2</param>
<param name="versionformat">1.8.0.g@TAG_OFFSET@</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
<service name="set_version" mode="disabled"/>
</services>

3
iptables-1.6.2.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:55d02dfa46263343a401f297d44190f2a3e5113c8933946f094ed40237053733
size 639785

BIN
iptables-1.6.2.tar.bz2.sig
View File

Binary file not shown.

3
iptables-1.8.0.g85.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0479c1b53a84f66eda0d9484d1a15c9a644049635bfe866af829df0976a1c737
size 364504

38
iptables-batch.patch
View File

@ -3,31 +3,27 @@
iptables/iptables-batch.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++ iptables/iptables-batch.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 477 insertions(+) 2 files changed, 477 insertions(+)
Index: iptables/iptables/Makefile.am Index: iptables-1.8.0/iptables/Makefile.am
=================================================================== ===================================================================
--- iptables.orig/iptables/Makefile.am --- iptables-1.8.0.orig/iptables/Makefile.am
+++ iptables/iptables/Makefile.am +++ iptables-1.8.0/iptables/Makefile.am
@@ -48,7 +48,16 @@ xtables_compat_multi_SOURCES += xshared. @@ -98,3 +98,12 @@ install-exec-hook:
xtables_compat_multi_LDADD += ../libxtables/libxtables.la -lm for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
endif for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done;
+iptables_batch_SOURCES = iptables-batch.c iptables.c xshared.c
+iptables_batch_LDFLAGS = ${xtables_multi_LDFLAGS}
+iptables_batch_LDADD = ${xtables_multi_LDADD}
+ip6tables_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c
+ip6tables_batch_CFLAGS = ${AM_CFLAGS} -DIP6T
+ip6tables_batch_LDFLAGS = ${xtables_multi_LDFLAGS}
+ip6tables_batch_LDADD = ${xtables_multi_LDADD}
+ +
sbin_PROGRAMS = xtables-multi +iptables_legacy_batch_SOURCES = iptables-batch.c iptables.c xshared.c
+sbin_PROGRAMS += iptables-batch ip6tables-batch +iptables_legacy_batch_LDFLAGS = ${xtables_legacy_multi_LDFLAGS}
if ENABLE_NFTABLES +iptables_legacy_batch_LDADD = ${xtables_legacy_multi_LDADD}
sbin_PROGRAMS += xtables-compat-multi +ip6tables_legacy_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c
endif +ip6tables_legacy_batch_CFLAGS = ${AM_CFLAGS} -DIP6T
Index: iptables/iptables/iptables-batch.c +ip6tables_legacy_batch_LDFLAGS = ${xtables_legacy_multi_LDFLAGS}
+ip6tables_legacy_batch_LDADD = ${xtables_legacy_multi_LDADD}
+sbin_PROGRAMS += iptables-legacy-batch ip6tables-legacy-batch
Index: iptables-1.8.0/iptables/iptables-batch.c
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ iptables/iptables/iptables-batch.c +++ iptables-1.8.0/iptables/iptables-batch.c
@@ -0,0 +1,468 @@ @@ -0,0 +1,468 @@
+/* +/*
+ * Author: Ludwig Nussel <ludwig.nussel@suse.de> + * Author: Ludwig Nussel <ludwig.nussel@suse.de>

17
iptables.changes
View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Tue Sep 4 08:08:22 UTC 2018 - Markos Chandras <mchandras@suse.de>
- Add missing update-alternatives dependency to Requires(post)
section. If this is missing the package fails to install properly
when it is used as build dependency.
-------------------------------------------------------------------
Mon Jul 9 09:38:13 UTC 2018 - jengelh@inai.de
- Update to new upstream release 1.8.0 and snapshot 1.8.0.g75
* The ipv6 "srh" match can now match previous/next/last sid
* CONNMARK target now supports bit-shifting for restore,set
and save-mark.
* DNAT now supports shifted portmap ranges.
* iptables now comes in two backends: legacy and nft.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 24 16:38:53 CEST 2018 - kukuk@suse.de Thu May 24 16:38:53 CEST 2018 - kukuk@suse.de

169
iptables.spec
View File

@ -17,29 +17,25 @@
Name: iptables Name: iptables
Version: 1.6.2 Version: 1.8.0.g85
Release: 0 Release: 0
Summary: IP packet filter administration utilities Summary: IP packet filter administration utilities
License: GPL-2.0-only AND Artistic-2.0 License: GPL-2.0-only AND Artistic-2.0
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Url: http://netfilter.org/projects/iptables/ Url: http://netfilter.org/projects/iptables/
#Git-Clone: git://git.netfilter.org/iptables #Git-Clone: git://git.netfilter.org/iptables
Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 #Source: http://netfilter.org/projects/iptables/files/%%name-%%version.tar.bz2
Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig #Source2: http://netfilter.org/projects/iptables/files/%%name-%%version.tar.bz2.sig
Source: %name-%version.tar.xz
Source3: %name.keyring Source3: %name.keyring
Patch3: iptables-batch.patch Patch3: iptables-batch.patch
Patch4: iptables-apply-mktemp-fix.patch Patch4: iptables-apply-mktemp-fix.patch
Patch5: iptables-batch-lock.patch Patch5: iptables-batch-lock.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?fedora_version} || 0%{?centos_version}
BuildRequires: sgml-common
%endif
%if 0%{?suse_version}
BuildRequires: fdupes
%endif
#git#BuildRequires: autoconf, automake >= 1.10 #git#BuildRequires: autoconf, automake >= 1.10
BuildRequires: bison BuildRequires: bison
BuildRequires: fdupes
BuildRequires: flex >= 2.5.33 BuildRequires: flex >= 2.5.33
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkg-config >= 0.21 BuildRequires: pkg-config >= 0.21
@ -48,24 +44,27 @@ BuildRequires: pkgconfig(libmnl) >= 1.0
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4 BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
BuildRequires: pkgconfig(libnftnl) >= 1.0.5 BuildRequires: pkgconfig(libnftnl) >= 1.0.5
Requires: netcfg >= 11.6
Requires: xtables-plugins = %version-%release Requires: xtables-plugins = %version-%release
Requires(post): update-alternatives
Requires(postun): update-alternatives
%description %description
iptables is used to set up, maintain, and inspect the rule tables of iptables is used to set up, maintain, and inspect the rule tables of
the classic "ip6_tables" and "ip_tables" packet filters in the Linux the various Netfilter packet filter engines inside the Linux kernel.
kernel.
%package nft %package backend-nft
Summary: nft packet filter administration utilties in the style of Xtables Summary: Metapackage to make nft the default backend for iptables/arptables/ebtables
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Requires: netcfg >= 11.6 Requires: iptables >= 1.8.0
Requires: xtables-plugins = %version-%release Requires(post): update-alternatives
Requires(postun): update-alternatives
%description nft %description backend-nft
The programs shipped in this subpackage behave like iptables on the Installation of this package adds higher priority alternatives (cf.
command line, but instead edits the rules of the nft packet filter in update-alternatives) that makes the iptables, ip6tables, arptables
the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit and ebtables commands point to a program variant that uses the
the features. nftables kernel interface.
%package -n xtables-plugins %package -n xtables-plugins
Summary: Match and target extension plugins for iptables Summary: Match and target extension plugins for iptables
@ -103,12 +102,12 @@ be modified in userspace prior to reinjection back into the kernel.
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
%package -n libiptc0 %package -n libiptc0
Summary: Library for low-level ruleset generation and parsing Summary: Library for the ip_tables low-level ruleset generation and parsing
Group: System/Libraries Group: System/Libraries
%description -n libiptc0 %description -n libiptc0
libiptc ("iptables cache") is used to retrieve from the kernel, parse, libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel. construct, and load rulesets into the kernel.
%package -n libiptc-devel %package -n libiptc-devel
Summary: Development files for libiptc, a packet filter ruleset library Summary: Development files for libiptc, a packet filter ruleset library
@ -117,10 +116,10 @@ Requires: libiptc0 = %version
%description -n libiptc-devel %description -n libiptc-devel
libiptc ("iptables cache") is used to retrieve from the kernel, parse, libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel. construct, and load rulesets into the kernel.
%package -n libxtables12 %package -n libxtables12
Summary: iptables extension interface Summary: The iptables plugin interface
Group: System/Libraries Group: System/Libraries
%description -n libxtables12 %description -n libxtables12
@ -147,26 +146,68 @@ xtables --variable=xtlibdir).
%build %build
# We have the iptables-batch patch, so always regenerate. # We have the iptables-batch patch, so always regenerate.
if true || [ ! -e configure ]; then ./autogen.sh
./autogen.sh
fi
# bnc#561793 - do not include unclean module in iptables manpage # bnc#561793 - do not include unclean module in iptables manpage
rm -f extensions/libipt_unclean.man rm -f extensions/libipt_unclean.man
# includedir is overriden on purpose to detect projects that # includedir is overriden on purpose to detect projects that
# fail to include libxtables_CFLAGS # fail to include libxtables_CFLAGS
%configure --includedir="%_includedir/%name" --enable-libipq %configure --includedir="%_includedir/%name" --enable-libipq
make %{?_smp_mflags} %make_build V=1
%install %install
make DESTDIR=%buildroot install %make_install
b="%buildroot"
# iptables-apply is not installed by upstream Makefile # iptables-apply is not installed by upstream Makefile
install -m0755 iptables/iptables-apply %buildroot%_sbindir/ install -m0755 iptables/iptables-apply "$b/%_sbindir/"
install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/ install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
rm -f "%buildroot/%_libdir"/*.la rm -f "$b/%_libdir"/*.la
rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
for i in iptables iptables-restore iptables-save ip6tables ip6tables-restore \
ip6tables-save arptables arptables-restore arptables-save ebtables \
ebtables-restore ebtables-save; do
ln -fsv "/etc/alternatives/$i" "$b/%_sbindir/$i"
done
%if 0%{?suse_version} %if 0%{?suse_version}
%fdupes %buildroot/%_prefix %fdupes %buildroot/%_prefix
%endif %endif
%post
update-alternatives \
--install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \
--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-legacy-multi" \
--slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-legacy-multi" \
--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-legacy-multi" \
--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-legacy-multi" \
--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi"
%postun
if test "$1" = 0; then
update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
fi
%post backend-nft
update-alternatives \
--install "%_sbindir/iptables" iptables "%_sbindir/xtables-nft-multi" 2 \
--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-nft-multi"
update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2 \
--slave "%_sbindir/arptables-restore" arptables-restore "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/arptables-save" arptables-save "%_sbindir/xtables-nft-multi"
update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2 \
--slave "%_sbindir/ebtables-restore" ebtables-restore "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/ebtables-save" ebtables-save "%_sbindir/xtables-nft-multi"
%postun backend-nft
if test "$1" = 0; then
update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
fi
%post -n libipq0 -p /sbin/ldconfig %post -n libipq0 -p /sbin/ldconfig
%postun -n libipq0 -p /sbin/ldconfig %postun -n libipq0 -p /sbin/ldconfig
%post -n libiptc0 -p /sbin/ldconfig %post -n libiptc0 -p /sbin/ldconfig
@ -175,42 +216,70 @@ rm -f "%buildroot/%_libdir"/*.la
%postun -n libxtables12 -p /sbin/ldconfig %postun -n libxtables12 -p /sbin/ldconfig
%files %files
%defattr(-,root,root)
%license COPYING %license COPYING
%doc %_mandir/man1/ip*
%doc %_mandir/man8/ip*
%_bindir/iptables-xml %_bindir/iptables-xml
%_sbindir/iptables
%_sbindir/iptables-apply %_sbindir/iptables-apply
%_sbindir/iptables-batch %_sbindir/iptables-legacy*
%_sbindir/iptables-nft*
%_sbindir/iptables-*translate*
%_sbindir/ip6tables-legacy*
%_sbindir/ip6tables-nft*
%_sbindir/ip6tables-*translate*
%_sbindir/arptables-nft*
%_sbindir/ebtables-nft*
%_sbindir/xtables*
%_mandir/man1/*tables*
%_mandir/man8/*tables*
# backend-legacy (implicit)
%ghost %_sysconfdir/alternatives/iptables
%ghost %_sysconfdir/alternatives/iptables-restore
%ghost %_sysconfdir/alternatives/iptables-save
%ghost %_sysconfdir/alternatives/ip6tables
%ghost %_sysconfdir/alternatives/ip6tables-restore
%ghost %_sysconfdir/alternatives/ip6tables-save
%_sbindir/iptables
%_sbindir/iptables-restore %_sbindir/iptables-restore
%_sbindir/iptables-save %_sbindir/iptables-save
%_sbindir/ip6tables %_sbindir/ip6tables
%_sbindir/ip6tables-batch
%_sbindir/ip6tables-restore %_sbindir/ip6tables-restore
%_sbindir/ip6tables-save %_sbindir/ip6tables-save
%_sbindir/xtables-multi
%files nft %files backend-nft
%defattr(-,root,root) %ghost %_sysconfdir/alternatives/iptables
# is provided by netcfg %ghost %_sysconfdir/alternatives/iptables-restore
%exclude %_sysconfdir/ethertypes %ghost %_sysconfdir/alternatives/iptables-save
%_sbindir/*-compat* %ghost %_sysconfdir/alternatives/ip6tables
%_sbindir/*-translate* %ghost %_sysconfdir/alternatives/ip6tables-restore
%ghost %_sysconfdir/alternatives/ip6tables-save
%ghost %_sysconfdir/alternatives/arptables
%ghost %_sysconfdir/alternatives/arptables-restore
%ghost %_sysconfdir/alternatives/arptables-save
%ghost %_sysconfdir/alternatives/ebtables
%ghost %_sysconfdir/alternatives/ebtables-restore
%ghost %_sysconfdir/alternatives/ebtables-save
%_sbindir/iptables
%_sbindir/iptables-restore
%_sbindir/iptables-save
%_sbindir/ip6tables
%_sbindir/ip6tables-restore
%_sbindir/ip6tables-save
%_sbindir/arptables
%_sbindir/arptables-restore
%_sbindir/arptables-save
%_sbindir/ebtables
%_sbindir/ebtables-restore
%_sbindir/ebtables-save
%files -n xtables-plugins %files -n xtables-plugins
%defattr(-,root,root)
%_libdir/xtables/ %_libdir/xtables/
%_sbindir/nfnl_osf %_sbindir/nfnl_osf
%_mandir/man8/nfnl_osf.8* %_mandir/man8/nfnl_osf.8*
%_datadir/xtables/ %_datadir/xtables/
%files -n libipq0 %files -n libipq0
%defattr(-,root,root)
%_libdir/libipq.so.0* %_libdir/libipq.so.0*
%files -n libipq-devel %files -n libipq-devel
%defattr(-,root,root)
%doc %_mandir/man3/libipq* %doc %_mandir/man3/libipq*
%doc %_mandir/man3/ipq* %doc %_mandir/man3/ipq*
%dir %_includedir/%name/ %dir %_includedir/%name/
@ -219,24 +288,20 @@ rm -f "%buildroot/%_libdir"/*.la
%_libdir/pkgconfig/libipq.pc %_libdir/pkgconfig/libipq.pc
%files -n libiptc0 %files -n libiptc0
%defattr(-,root,root)
%_libdir/libiptc.so.0* %_libdir/libiptc.so.0*
%_libdir/libip4tc.so.0* %_libdir/libip4tc.so.0*
%_libdir/libip6tc.so.0* %_libdir/libip6tc.so.0*
%files -n libiptc-devel %files -n libiptc-devel
%defattr(-,root,root)
%dir %_includedir/%name/ %dir %_includedir/%name/
%_includedir/%name/libiptc* %_includedir/%name/libiptc*
%_libdir/libip*tc.so %_libdir/libip*tc.so
%_libdir/pkgconfig/libip*tc.pc %_libdir/pkgconfig/libip*tc.pc
%files -n libxtables12 %files -n libxtables12
%defattr(-,root,root)
%_libdir/libxtables.so.12* %_libdir/libxtables.so.12*
%files -n libxtables-devel %files -n libxtables-devel
%defattr(-,root,root)
%dir %_includedir/%name/ %dir %_includedir/%name/
%_includedir/%name/xtables.h %_includedir/%name/xtables.h
%_includedir/%name/xtables-version.h %_includedir/%name/xtables-version.h