forked from pool/iptables
iptables-1.4.18
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=68
This commit is contained in:
parent
4bb32b41a9
commit
ad9e35b852
80
0001-build-also-use-libtool-for-install-stage.patch
Normal file
80
0001-build-also-use-libtool-for-install-stage.patch
Normal file
@ -0,0 +1,80 @@
|
||||
From 145e3ea1c4c6a8e47a77587d17fcad4df4e2c06f Mon Sep 17 00:00:00 2001
|
||||
From: Jan Engelhardt <jengelh@inai.de>
|
||||
Date: Thu, 10 Jan 2013 15:54:08 +0100
|
||||
Subject: [PATCH] build: also use libtool for install stage
|
||||
|
||||
The just-built library has DT_RPATH entries to be runnable from
|
||||
whereever it is. If we just install that, the distro build systems
|
||||
will throw warnings like
|
||||
|
||||
(Open Build Service) ERROR: RPATH
|
||||
"/home/abuild/rpmbuild/BUILD/iptables-1.4.18/libxtables/.libs"
|
||||
on /home/abuild/rpmbuild/BUILDROOT/iptables-1.4.18-0.x86_64/usr/lib64/xtables/libxt_unclean.so
|
||||
is not allowed
|
||||
|
||||
These RPATH entries are indeed undesired for libraries in a system
|
||||
location, which is why libtool produces another copy of the library on
|
||||
installation. The Makefile however missed using libtool during
|
||||
installation (introduced with commit v1.4.17-1-g68e77a2). This patch
|
||||
now resolves this.
|
||||
|
||||
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
||||
---
|
||||
extensions/GNUmakefile.in | 16 +++++++++++-----
|
||||
1 file changed, 11 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
|
||||
index 781ac6d..6467f05 100644
|
||||
--- a/extensions/GNUmakefile.in
|
||||
+++ b/extensions/GNUmakefile.in
|
||||
@@ -49,6 +49,9 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
|
||||
pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
|
||||
pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
|
||||
pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
|
||||
+pfx_lalibs := $(patsubst %,libxt_%.la,${pfx_build_mod})
|
||||
+pf4_lalibs := $(patsubst %,libipt_%.la,${pf4_build_mod})
|
||||
+pf6_lalibs := $(patsubst %,libip6t_%.la,${pf6_build_mod})
|
||||
pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod})
|
||||
pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
|
||||
pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
|
||||
@@ -63,8 +66,9 @@ targets_instlink :=
|
||||
@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
|
||||
@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
|
||||
@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
|
||||
-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfx_symlinks} ${pf4_solibs} ${pf6_solibs}
|
||||
-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
|
||||
+@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
|
||||
+@ENABLE_STATIC_FALSE@ targets_la_install += ${pfx_lalibs} ${pf4_lalibs} ${pf6_lalibs}
|
||||
+@ENABLE_STATIC_FALSE@ targets_so_install += ${pfx_solibs}
|
||||
@ENABLE_STATIC_FALSE@ targets_instlink += ${pfx_symlinks}
|
||||
|
||||
.SECONDARY:
|
||||
@@ -73,12 +77,14 @@ targets_instlink :=
|
||||
|
||||
all: ${targets}
|
||||
|
||||
-install: ${targets_install} ${targets_instlink}
|
||||
+install: ${targets_la_install} ${targets_so_install} ${targets_instlink}
|
||||
@mkdir -p "${DESTDIR}${xtlibdir}";
|
||||
+ ../libtool ${AM_LIBTOOL_SILENT} --no-warn --mode=install install -pm0755 ${targets_la_install} "${DESTDIR}${xtlibdir}/"
|
||||
+ rm -f "${DESTDIR}${xtlibdir}"/*.la
|
||||
if test -n "${targets_install}"; then \
|
||||
install -pm0755 ${targets_install} "${DESTDIR}${xtlibdir}/"; \
|
||||
cp -a ${pfx_symlinks} "${DESTDIR}${xtlibdir}/"; \
|
||||
- fi;
|
||||
+ fi
|
||||
|
||||
clean:
|
||||
rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
|
||||
@@ -99,7 +105,7 @@ lib%.so: lib%.la
|
||||
${AM_VERBOSE_NULL} ln -fs .libs/$@ $@
|
||||
|
||||
lib%.la: lib%.lo
|
||||
- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
|
||||
+ ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -avoid-version -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
|
||||
|
||||
lib%.lo: ${srcdir}/lib%.c
|
||||
${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<
|
||||
--
|
||||
1.7.10.4
|
||||
|
69
0001-build-do-not-dereference-symlinks-on-installation.patch
Normal file
69
0001-build-do-not-dereference-symlinks-on-installation.patch
Normal file
@ -0,0 +1,69 @@
|
||||
From cbe7c8ef0dabe56bf8a1f7ed27722e85abb0af9f Mon Sep 17 00:00:00 2001
|
||||
From: Jan Engelhardt <jengelh@inai.de>
|
||||
Date: Thu, 10 Jan 2013 16:02:09 +0100
|
||||
Subject: [PATCH] build: do not dereference symlinks on installation
|
||||
|
||||
By using install(1), libxt_NOTRACK.so was inadvertently installed as
|
||||
an actual file to /usr/lib/xtables rather than as a symlink. Switch to
|
||||
using cp(1).
|
||||
|
||||
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
||||
---
|
||||
extensions/GNUmakefile.in | 15 ++++++++++-----
|
||||
1 file changed, 10 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
|
||||
index adad4d6..781ac6d 100644
|
||||
--- a/extensions/GNUmakefile.in
|
||||
+++ b/extensions/GNUmakefile.in
|
||||
@@ -40,7 +40,7 @@ endif
|
||||
# Wildcard module list
|
||||
#
|
||||
pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
|
||||
-pfx_symlinks := NOTRACK state
|
||||
+pfx_symlinks := libxt_NOTRACK.so libxt_state.so
|
||||
@ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
|
||||
@ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
|
||||
pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
|
||||
@@ -49,7 +49,7 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
|
||||
pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
|
||||
pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
|
||||
pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
|
||||
-pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
|
||||
+pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod})
|
||||
pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
|
||||
pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
|
||||
|
||||
@@ -59,11 +59,13 @@ pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
|
||||
#
|
||||
targets := libext.a libext4.a libext6.a matches.man targets.man
|
||||
targets_install :=
|
||||
+targets_instlink :=
|
||||
@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
|
||||
@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
|
||||
@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
|
||||
-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
|
||||
+@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfx_symlinks} ${pf4_solibs} ${pf6_solibs}
|
||||
@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
|
||||
+@ENABLE_STATIC_FALSE@ targets_instlink += ${pfx_symlinks}
|
||||
|
||||
.SECONDARY:
|
||||
|
||||
@@ -71,9 +73,12 @@ targets_install :=
|
||||
|
||||
all: ${targets}
|
||||
|
||||
-install: ${targets_install}
|
||||
+install: ${targets_install} ${targets_instlink}
|
||||
@mkdir -p "${DESTDIR}${xtlibdir}";
|
||||
- if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
|
||||
+ if test -n "${targets_install}"; then \
|
||||
+ install -pm0755 ${targets_install} "${DESTDIR}${xtlibdir}/"; \
|
||||
+ cp -a ${pfx_symlinks} "${DESTDIR}${xtlibdir}/"; \
|
||||
+ fi;
|
||||
|
||||
clean:
|
||||
rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
|
||||
--
|
||||
1.7.10.4
|
||||
|
@ -1,42 +0,0 @@
|
||||
From 070e9ad8fe6380be3fe19924cd50619e540382d0 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Engelhardt <jengelh@inai.de>
|
||||
Date: Sun, 2 Dec 2012 19:09:38 +0100
|
||||
Subject: [PATCH] build: resolve link failure for ip6t_NETMAP
|
||||
|
||||
Link stage of libip6t_NETMAP failed since recently.
|
||||
|
||||
CCLD libip6t_NETMAP.so
|
||||
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld:
|
||||
cannot find -lip6tc
|
||||
|
||||
libip6t_NETMAP.c uses the "ipv6_prefix_length" function from
|
||||
libip6tc.so; "-lip6tc" is used in the Makefile, but, the directory to
|
||||
it is not specified.
|
||||
|
||||
Why does the link succeed for some people? Because
|
||||
/usr/lib(64)/libip6tc.so satisfies -lip6tc, but not all environments,
|
||||
especially those without iptables development files, have that file,
|
||||
hence this link error can happen.
|
||||
|
||||
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
||||
---
|
||||
extensions/GNUmakefile.in | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
|
||||
index e71e3ff..68e0b9b 100644
|
||||
--- a/extensions/GNUmakefile.in
|
||||
+++ b/extensions/GNUmakefile.in
|
||||
@@ -101,7 +101,8 @@ libxt_state.so: libxt_conntrack.so
|
||||
ln -fs $< $@
|
||||
|
||||
# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
|
||||
-ip6t_NETMAP_LIBADD = -lip6tc
|
||||
+ip6t_NETMAP_LIBADD = -L${top_builddir}/libiptc/.libs \
|
||||
+ -L${top_builddir}/libiptc -lip6tc
|
||||
xt_RATEEST_LIBADD = -lm
|
||||
xt_statistic_LIBADD = -lm
|
||||
|
||||
--
|
||||
1.7.10.4
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925
|
||||
size 541137
|
Binary file not shown.
3
iptables-1.4.18.tar.bz2
Normal file
3
iptables-1.4.18.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c
|
||||
size 542308
|
BIN
iptables-1.4.18.tar.bz2.sig
Normal file
BIN
iptables-1.4.18.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 4 21:42:12 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.4.18
|
||||
* documentation updates
|
||||
- Create subpackage xtables-plugins, to aid packaging of xtadm
|
||||
- Add 0001-build-do-not-dereference-symlinks-on-installation.patch
|
||||
as a prerequisite for:
|
||||
- Add 0001-build-also-use-libtool-for-install-stage.patch
|
||||
to kill of undesired DT_RPATH entries
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 25 22:47:56 UTC 2012 - jengelh@inai.de
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package iptables
|
||||
#
|
||||
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -19,13 +19,13 @@
|
||||
Name: iptables
|
||||
%define lname_ipq libipq0
|
||||
%define lname_iptc libiptc0
|
||||
%define lname_xt libxtables9
|
||||
Version: 1.4.17
|
||||
%define lname_xt libxtables10
|
||||
Version: 1.4.18
|
||||
Release: 0
|
||||
Summary: IP Packet Filter Administration utilities
|
||||
License: GPL-2.0+
|
||||
Group: Productivity/Networking/Security
|
||||
Url: http://netfilter.org/
|
||||
Url: http://netfilter.org/projects/iptables/
|
||||
|
||||
#Freecode-URL: http://freecode.com/projects/iptables/
|
||||
#Git-Web: http://git.netfilter.org/
|
||||
@ -34,9 +34,10 @@ Url: http://netfilter.org/
|
||||
Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
|
||||
Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
|
||||
Source3: %name.keyring
|
||||
Patch1: iptables-batch.patch
|
||||
Patch2: iptables-apply-mktemp-fix.patch
|
||||
Patch3: 0001-build-resolve-link-failure-for-ip6t_NETMAP.patch
|
||||
Patch1: 0001-build-do-not-dereference-symlinks-on-installation.patch
|
||||
Patch2: 0001-build-also-use-libtool-for-install-stage.patch
|
||||
Patch3: iptables-batch.patch
|
||||
Patch4: iptables-apply-mktemp-fix.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
%if 0%{?suse_version}
|
||||
@ -63,11 +64,20 @@ BuildRequires: libnfnetlink-devel >= 1.0.0
|
||||
%if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version}
|
||||
BuildRequires: libnfnetlink-devel >= 1.0.0
|
||||
%endif
|
||||
Requires: xtables-plugins = %version
|
||||
|
||||
%description
|
||||
iptables is used to set up, maintain, and inspect the tables of IP
|
||||
packet filter rules in the Linux kernel. This version requires kernel
|
||||
2.4.0 or newer.
|
||||
3.0 or newer.
|
||||
|
||||
%package -n xtables-plugins
|
||||
Summary: Match and Target Extension plugins for iptables
|
||||
Group: Productivity/Networking/Security
|
||||
Conflicts: iptables < 1.4.18
|
||||
|
||||
%description -n xtables-plugins
|
||||
Match and Target Extension plugins for iptables.
|
||||
|
||||
%package -n %lname_ipq
|
||||
Summary: Library to interface with the (old) ip_queue kernel mechanism
|
||||
@ -108,9 +118,6 @@ construct, and load new rulesets into the kernel.
|
||||
Summary: Development files for libiptc, a packet filter ruleset library
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %lname_iptc = %version
|
||||
# NOT adding Obsoletes/Provides: iptables-devel, because that one has
|
||||
# been split into _two_ new pkgs (libxtables-devel, libiptc-devel).
|
||||
# NOTE: Please use pkgconfig(...) symbols for BuildRequires.
|
||||
|
||||
%description -n libiptc-devel
|
||||
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
|
||||
@ -139,16 +146,9 @@ Link your extension (iptables plugins) with $(pkg-config xtables
|
||||
xtables --variable=xtlibdir).
|
||||
|
||||
%prep
|
||||
%if 0%{?gpg_verify:1}
|
||||
%gpg_verify %{S:2}
|
||||
%endif
|
||||
%if 0%{?__xz:1}
|
||||
%{?gpg_verify: %gpg_verify %{S:2}}
|
||||
%setup -q
|
||||
%else
|
||||
tar -xf "%{S:0}" --use=bzip2;
|
||||
%setup -DTq
|
||||
%endif
|
||||
%patch -P 1 -P 2 -P 3 -p1
|
||||
%patch -P 1 -P 2 -P 3 -P 4 -p1
|
||||
|
||||
%build
|
||||
# We have the iptables-batch patch, so always regenerate.
|
||||
@ -169,7 +169,7 @@ install -m0755 iptables/iptables-apply %buildroot%_sbindir/
|
||||
install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
|
||||
rm -f "%buildroot/%_libdir"/*.la;
|
||||
%if 0%{?suse_version}
|
||||
%fdupes %buildroot
|
||||
%fdupes %buildroot/%_prefix
|
||||
%endif
|
||||
|
||||
%post -n %lname_ipq -p /sbin/ldconfig
|
||||
@ -182,8 +182,8 @@ rm -f "%buildroot/%_libdir"/*.la;
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc COPYING
|
||||
%doc %_mandir/man1/*
|
||||
%doc %_mandir/man8/*
|
||||
%doc %_mandir/man1/ip*
|
||||
%doc %_mandir/man8/ip*
|
||||
%_bindir/iptables-xml
|
||||
%_sbindir/iptables
|
||||
%_sbindir/iptables-apply
|
||||
@ -195,8 +195,11 @@ rm -f "%buildroot/%_libdir"/*.la;
|
||||
%_sbindir/ip6tables-restore
|
||||
%_sbindir/ip6tables-save
|
||||
%_sbindir/xtables-multi
|
||||
%_sbindir/nfnl_osf
|
||||
|
||||
%files -n xtables-plugins
|
||||
%defattr(-,root,root)
|
||||
%_libdir/xtables
|
||||
%_sbindir/nfnl_osf
|
||||
%_datadir/xtables
|
||||
|
||||
%files -n %lname_ipq
|
||||
@ -227,7 +230,7 @@ rm -f "%buildroot/%_libdir"/*.la;
|
||||
|
||||
%files -n %lname_xt
|
||||
%defattr(-,root,root)
|
||||
%_libdir/libxtables.so.9*
|
||||
%_libdir/libxtables.so.10*
|
||||
|
||||
%files -n libxtables-devel
|
||||
%defattr(-,root,root)
|
||||
|
Loading…
Reference in New Issue
Block a user