From ad9e35b852d5897257bc335032f088eee3e8863e3d4404098e562cbfe9e6a533 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Tue, 5 Mar 2013 23:25:19 +0000
Subject: [PATCH] iptables-1.4.18

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=68
---
 ...d-also-use-libtool-for-install-stage.patch |  80 ++++++++++++++++++
 ...dereference-symlinks-on-installation.patch |  69 +++++++++++++++
 ...resolve-link-failure-for-ip6t_NETMAP.patch |  42 ---------
 iptables-1.4.17.tar.bz2                       |   3 -
 iptables-1.4.17.tar.bz2.sig                   | Bin 543 -> 0 bytes
 iptables-1.4.18.tar.bz2                       |   3 +
 iptables-1.4.18.tar.bz2.sig                   | Bin 0 -> 543 bytes
 iptables.changes                              |  11 +++
 iptables.spec                                 |  53 ++++++------
 9 files changed, 191 insertions(+), 70 deletions(-)
 create mode 100644 0001-build-also-use-libtool-for-install-stage.patch
 create mode 100644 0001-build-do-not-dereference-symlinks-on-installation.patch
 delete mode 100644 0001-build-resolve-link-failure-for-ip6t_NETMAP.patch
 delete mode 100644 iptables-1.4.17.tar.bz2
 delete mode 100644 iptables-1.4.17.tar.bz2.sig
 create mode 100644 iptables-1.4.18.tar.bz2
 create mode 100644 iptables-1.4.18.tar.bz2.sig

diff --git a/0001-build-also-use-libtool-for-install-stage.patch b/0001-build-also-use-libtool-for-install-stage.patch
new file mode 100644
index 0000000..cf1348d
--- /dev/null
+++ b/0001-build-also-use-libtool-for-install-stage.patch
@@ -0,0 +1,80 @@
+From 145e3ea1c4c6a8e47a77587d17fcad4df4e2c06f Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Thu, 10 Jan 2013 15:54:08 +0100
+Subject: [PATCH] build: also use libtool for install stage
+
+The just-built library has DT_RPATH entries to be runnable from
+whereever it is. If we just install that, the distro build systems
+will throw warnings like
+
+	(Open Build Service) ERROR: RPATH
+	"/home/abuild/rpmbuild/BUILD/iptables-1.4.18/libxtables/.libs"
+	on /home/abuild/rpmbuild/BUILDROOT/iptables-1.4.18-0.x86_64/usr/lib64/xtables/libxt_unclean.so
+	is not allowed
+
+These RPATH entries are indeed undesired for libraries in a system
+location, which is why libtool produces another copy of the library on
+installation. The Makefile however missed using libtool during
+installation (introduced with commit v1.4.17-1-g68e77a2). This patch
+now resolves this.
+
+Signed-off-by: Jan Engelhardt <jengelh@inai.de>
+---
+ extensions/GNUmakefile.in |   16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index 781ac6d..6467f05 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -49,6 +49,9 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
+ pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_mod})
+ pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_mod})
+ pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_mod})
++pfx_lalibs    := $(patsubst %,libxt_%.la,${pfx_build_mod})
++pf4_lalibs    := $(patsubst %,libipt_%.la,${pf4_build_mod})
++pf6_lalibs    := $(patsubst %,libip6t_%.la,${pf6_build_mod})
+ pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod})
+ pf4_solibs    := $(patsubst %,libipt_%.so,${pf4_build_mod})
+ pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
+@@ -63,8 +66,9 @@ targets_instlink :=
+ @ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
+ @ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
+ @ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
+-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfx_symlinks} ${pf4_solibs} ${pf6_solibs}
+-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
++@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
++@ENABLE_STATIC_FALSE@ targets_la_install += ${pfx_lalibs} ${pf4_lalibs} ${pf6_lalibs}
++@ENABLE_STATIC_FALSE@ targets_so_install += ${pfx_solibs}
+ @ENABLE_STATIC_FALSE@ targets_instlink += ${pfx_symlinks}
+ 
+ .SECONDARY:
+@@ -73,12 +77,14 @@ targets_instlink :=
+ 
+ all: ${targets}
+ 
+-install: ${targets_install} ${targets_instlink}
++install: ${targets_la_install} ${targets_so_install} ${targets_instlink}
+ 	@mkdir -p "${DESTDIR}${xtlibdir}";
++	../libtool ${AM_LIBTOOL_SILENT} --no-warn --mode=install install -pm0755 ${targets_la_install} "${DESTDIR}${xtlibdir}/"
++	rm -f "${DESTDIR}${xtlibdir}"/*.la
+ 	if test -n "${targets_install}"; then \
+ 		install -pm0755 ${targets_install} "${DESTDIR}${xtlibdir}/"; \
+ 		cp -a ${pfx_symlinks} "${DESTDIR}${xtlibdir}/"; \
+-	fi;
++	fi
+ 
+ clean:
+ 	rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
+@@ -99,7 +105,7 @@ lib%.so: lib%.la
+ 	${AM_VERBOSE_NULL} ln -fs .libs/$@ $@
+ 
+ lib%.la: lib%.lo
+-	${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
++	${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -avoid-version -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
+ 
+ lib%.lo: ${srcdir}/lib%.c
+ 	${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<
+-- 
+1.7.10.4
+
diff --git a/0001-build-do-not-dereference-symlinks-on-installation.patch b/0001-build-do-not-dereference-symlinks-on-installation.patch
new file mode 100644
index 0000000..a7893a0
--- /dev/null
+++ b/0001-build-do-not-dereference-symlinks-on-installation.patch
@@ -0,0 +1,69 @@
+From cbe7c8ef0dabe56bf8a1f7ed27722e85abb0af9f Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Thu, 10 Jan 2013 16:02:09 +0100
+Subject: [PATCH] build: do not dereference symlinks on installation
+
+By using install(1), libxt_NOTRACK.so was inadvertently installed as
+an actual file to /usr/lib/xtables rather than as a symlink. Switch to
+using cp(1).
+
+Signed-off-by: Jan Engelhardt <jengelh@inai.de>
+---
+ extensions/GNUmakefile.in |   15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index adad4d6..781ac6d 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -40,7 +40,7 @@ endif
+ #	Wildcard module list
+ #
+ pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
+-pfx_symlinks  := NOTRACK state
++pfx_symlinks  := libxt_NOTRACK.so libxt_state.so
+ @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
+ @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
+ pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
+@@ -49,7 +49,7 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
+ pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_mod})
+ pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_mod})
+ pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_mod})
+-pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
++pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod})
+ pf4_solibs    := $(patsubst %,libipt_%.so,${pf4_build_mod})
+ pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
+ 
+@@ -59,11 +59,13 @@ pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
+ #
+ targets := libext.a libext4.a libext6.a matches.man targets.man
+ targets_install :=
++targets_instlink :=
+ @ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
+ @ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
+ @ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
+-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
++@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfx_symlinks} ${pf4_solibs} ${pf6_solibs}
+ @ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
++@ENABLE_STATIC_FALSE@ targets_instlink += ${pfx_symlinks}
+ 
+ .SECONDARY:
+ 
+@@ -71,9 +73,12 @@ targets_install :=
+ 
+ all: ${targets}
+ 
+-install: ${targets_install}
++install: ${targets_install} ${targets_instlink}
+ 	@mkdir -p "${DESTDIR}${xtlibdir}";
+-	if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
++	if test -n "${targets_install}"; then \
++		install -pm0755 ${targets_install} "${DESTDIR}${xtlibdir}/"; \
++		cp -a ${pfx_symlinks} "${DESTDIR}${xtlibdir}/"; \
++	fi;
+ 
+ clean:
+ 	rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
+-- 
+1.7.10.4
+
diff --git a/0001-build-resolve-link-failure-for-ip6t_NETMAP.patch b/0001-build-resolve-link-failure-for-ip6t_NETMAP.patch
deleted file mode 100644
index a824a62..0000000
--- a/0001-build-resolve-link-failure-for-ip6t_NETMAP.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 070e9ad8fe6380be3fe19924cd50619e540382d0 Mon Sep 17 00:00:00 2001
-From: Jan Engelhardt <jengelh@inai.de>
-Date: Sun, 2 Dec 2012 19:09:38 +0100
-Subject: [PATCH] build: resolve link failure for ip6t_NETMAP
-
-Link stage of libip6t_NETMAP failed since recently.
-
-  CCLD     libip6t_NETMAP.so
-/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld:
-cannot find -lip6tc
-
-libip6t_NETMAP.c uses the "ipv6_prefix_length" function from
-libip6tc.so; "-lip6tc" is used in the Makefile, but, the directory to
-it is not specified.
-
-Why does the link succeed for some people? Because
-/usr/lib(64)/libip6tc.so satisfies -lip6tc, but not all environments,
-especially those without iptables development files, have that file,
-hence this link error can happen.
-
-Signed-off-by: Jan Engelhardt <jengelh@inai.de>
----
- extensions/GNUmakefile.in |    3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index e71e3ff..68e0b9b 100644
---- a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -101,7 +101,8 @@ libxt_state.so: libxt_conntrack.so
- 	ln -fs $< $@
- 
- # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
--ip6t_NETMAP_LIBADD  = -lip6tc
-+ip6t_NETMAP_LIBADD  = -L${top_builddir}/libiptc/.libs \
-+                      -L${top_builddir}/libiptc -lip6tc
- xt_RATEEST_LIBADD   = -lm
- xt_statistic_LIBADD = -lm
- 
--- 
-1.7.10.4
-
diff --git a/iptables-1.4.17.tar.bz2 b/iptables-1.4.17.tar.bz2
deleted file mode 100644
index f323a8b..0000000
--- a/iptables-1.4.17.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925
-size 541137
diff --git a/iptables-1.4.17.tar.bz2.sig b/iptables-1.4.17.tar.bz2.sig
deleted file mode 100644
index 8b295150db9b443c135913d32090b57971aada868e5e93c220d9ee79e393dccf..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 543
zcmV+)0^t3L0vrSY0RjL91p-jnp)>#r2@s?aABnqPSj>4&5C3V09|&m!K!uUoXx`F{
zwn`0q^#IJfY>JF#u{bc~jY|vz6MdYEF83f9`>u~9w4eg=Ufn}yzXm{jH>)<l$47X>
z4S>LaMFJ=9YXnEF{qA_4lUX)4SgH4s=*<1@%H^|HWTkuT6W8UD;vhaaq;xKbER~GD
z3ZM`N8`j#1v;SXTFoCxqI0d<N6W~H)%htdyUy#5psuiz0s{hp_V3gTGRfX!H9%WKt
zC%<X-W`(!-s1y=GO>8KjvT>mwb=1!GJz07L>%$~ncr}rgQy?KjrPQe)5EXy^&rU!h
zPBFz?+^RtfKwY7uIV)3Q0ZyiD>DYxH!5~zzP>eO03kJ-k10UMbp$bPuHmYMcvQ*@i
z90_rS^RLAvWus&w#$s~<EE~L362~oq%#c|m8lmV-(0LXaQApC$n88jo)+J{w@98us
zh*s5It*=UK6QjrgH<s=K=^l;#OPjbK34Fn01Z!P*U7SU<A9=0*Z{yY6H)ixQ;d~;&
zd<vW)`5AKug`Y~G_OpHEoFQu;r_<ufd=8xO*K2(k)^^QHc_9=^KXzVx&uRSk6`GIF
zV^L$4V=$2yHn((WY^Z;~RYY3o*R?1Ik75ZOD4q;b^9F@eo05i-=G?tkjBsYZ^Mnu!
h7?wzIyZ!0MfFXJ#T(+&~#-0%-ryB*1zrroLrmi7*`p^IX

diff --git a/iptables-1.4.18.tar.bz2 b/iptables-1.4.18.tar.bz2
new file mode 100644
index 0000000..565c95c
--- /dev/null
+++ b/iptables-1.4.18.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c
+size 542308
diff --git a/iptables-1.4.18.tar.bz2.sig b/iptables-1.4.18.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..96785528288018632e7c5fd8eb6aaf7e21dfe5c3fe6477aa388e8e6d6a972236
GIT binary patch
literal 543
zcmV+)0^t3L0vrSY0RjL91p-ks!~p;b2@s?aABnqPSj?$G5C28=qACBbg2$Aq2KVY^
zzLGGqmT%s^Gd=Ys5wY(yhKMdF<hOdG&6^&}neo6kk0c5n@jED_6ww3rP~R@UXZUKW
zYhbE*xO}fAF$Xx;7OES^qJ}p>C&KFfC9APX%FKc<BMY<9aHv*!*KOq>=CAF>{N42*
z+a~6hk(h_=SqqubB30G(1YpoE#xB3dezB{k*yNS|By~ZHFkQ<%Dmfb!vysz-Q~h$f
z3etEe&445Td3Oh0dhY$%`A;J*BtW%qOD;nii?aXP^bZ8hgHE>mBoPUgg#(eShxGT6
z`OYin{+c4f*%Im&)X{F(9AaiwWll;}eP$P0m575m!FiRDNlCb7WEG|Vu)1ac%0Zrm
zHw5+HPg&<CH&?wL{{n#le3FRz{gG^n;XM~HZG3=YWoj$&ew_HJNjn*?uUnCNYI5j$
znjxm~GL={*?$6`;n9yGq?Ku9^(IKwG*~Q#^9Bp7fja|k={=32TBUAx7Iy&){eOBg_
zQM5d32>4YBM=j}7(2q}@p$l#))Y=05kuZ4?*2(NK)25vz44xr>;dp)5y-5T{jS4{y
zK8Wt~!jU8jF6k6o6=G$n4ez)QA6EVm9%SoIf*#8cP|UJ*hs@$|fjtug9kw+v&jf80
hstk_-ga`~J6$!dLF4uMN8BSR5rv9*4*1V~+ZHB{D24?^O

literal 0
HcmV?d00001

diff --git a/iptables.changes b/iptables.changes
index d86488c..5b9c4c8 100644
--- a/iptables.changes
+++ b/iptables.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Mar  4 21:42:12 UTC 2013 - jengelh@inai.de
+
+- Update to new upstream release 1.4.18
+* documentation updates
+- Create subpackage xtables-plugins, to aid packaging of xtadm
+- Add 0001-build-do-not-dereference-symlinks-on-installation.patch
+  as a prerequisite for:
+- Add 0001-build-also-use-libtool-for-install-stage.patch
+  to kill of undesired DT_RPATH entries
+
 -------------------------------------------------------------------
 Tue Dec 25 22:47:56 UTC 2012 - jengelh@inai.de
 
diff --git a/iptables.spec b/iptables.spec
index 5ad5c4b..4577439 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package iptables
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,13 +19,13 @@
 Name:           iptables
 %define lname_ipq	libipq0
 %define lname_iptc	libiptc0
-%define lname_xt	libxtables9
-Version:        1.4.17
+%define lname_xt	libxtables10
+Version:        1.4.18
 Release:        0
 Summary:        IP Packet Filter Administration utilities
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
-Url:            http://netfilter.org/
+Url:            http://netfilter.org/projects/iptables/
 
 #Freecode-URL:	http://freecode.com/projects/iptables/
 #Git-Web:	http://git.netfilter.org/
@@ -34,9 +34,10 @@ Url:            http://netfilter.org/
 Source:         http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
 Source2:        http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
 Source3:        %name.keyring
-Patch1:         iptables-batch.patch
-Patch2:         iptables-apply-mktemp-fix.patch
-Patch3:         0001-build-resolve-link-failure-for-ip6t_NETMAP.patch
+Patch1:         0001-build-do-not-dereference-symlinks-on-installation.patch
+Patch2:         0001-build-also-use-libtool-for-install-stage.patch
+Patch3:         iptables-batch.patch
+Patch4:         iptables-apply-mktemp-fix.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version}
@@ -63,11 +64,20 @@ BuildRequires:  libnfnetlink-devel >= 1.0.0
 %if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version}
 BuildRequires:  libnfnetlink-devel >= 1.0.0
 %endif
+Requires:       xtables-plugins = %version
 
 %description
 iptables is used to set up, maintain, and inspect the tables of IP
 packet filter rules in the Linux kernel. This version requires kernel
-2.4.0 or newer.
+3.0 or newer.
+
+%package -n xtables-plugins
+Summary:        Match and Target Extension plugins for iptables
+Group:          Productivity/Networking/Security
+Conflicts:      iptables < 1.4.18
+
+%description -n xtables-plugins
+Match and Target Extension plugins for iptables.
 
 %package -n %lname_ipq
 Summary:        Library to interface with the (old) ip_queue kernel mechanism
@@ -108,9 +118,6 @@ construct, and load new rulesets into the kernel.
 Summary:        Development files for libiptc, a packet filter ruleset library
 Group:          Development/Libraries/C and C++
 Requires:       %lname_iptc = %version
-# NOT adding Obsoletes/Provides: iptables-devel, because that one has
-# been split into _two_ new pkgs (libxtables-devel, libiptc-devel).
-# NOTE: Please use pkgconfig(...) symbols for BuildRequires.
 
 %description -n libiptc-devel
 libiptc ("iptables cache") is used to retrieve from the kernel, parse,
@@ -139,16 +146,9 @@ Link your extension (iptables plugins) with $(pkg-config xtables
 xtables --variable=xtlibdir).
 
 %prep
-%if 0%{?gpg_verify:1}
-%gpg_verify %{S:2}
-%endif
-%if 0%{?__xz:1}
+%{?gpg_verify: %gpg_verify %{S:2}}
 %setup -q
-%else
-tar -xf "%{S:0}" --use=bzip2;
-%setup -DTq
-%endif
-%patch -P 1 -P 2 -P 3 -p1
+%patch -P 1 -P 2 -P 3 -P 4 -p1
 
 %build
 # We have the iptables-batch patch, so always regenerate.
@@ -169,7 +169,7 @@ install -m0755 iptables/iptables-apply %buildroot%_sbindir/
 install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
 rm -f "%buildroot/%_libdir"/*.la;
 %if 0%{?suse_version}
-%fdupes %buildroot
+%fdupes %buildroot/%_prefix
 %endif
 
 %post   -n %lname_ipq -p /sbin/ldconfig
@@ -182,8 +182,8 @@ rm -f "%buildroot/%_libdir"/*.la;
 %files
 %defattr(-,root,root)
 %doc COPYING
-%doc %_mandir/man1/*
-%doc %_mandir/man8/*
+%doc %_mandir/man1/ip*
+%doc %_mandir/man8/ip*
 %_bindir/iptables-xml
 %_sbindir/iptables
 %_sbindir/iptables-apply
@@ -195,8 +195,11 @@ rm -f "%buildroot/%_libdir"/*.la;
 %_sbindir/ip6tables-restore
 %_sbindir/ip6tables-save
 %_sbindir/xtables-multi
-%_sbindir/nfnl_osf
+
+%files -n xtables-plugins
+%defattr(-,root,root)
 %_libdir/xtables
+%_sbindir/nfnl_osf
 %_datadir/xtables
 
 %files -n %lname_ipq
@@ -227,7 +230,7 @@ rm -f "%buildroot/%_libdir"/*.la;
 
 %files -n %lname_xt
 %defattr(-,root,root)
-%_libdir/libxtables.so.9*
+%_libdir/libxtables.so.10*
 
 %files -n libxtables-devel
 %defattr(-,root,root)