Accepting request 346839 from security:netfilter

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/346839 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=57
2015-12-06 06:26:46 +00:00 · 2015-12-06 06:26:46 +00:00 · d0c5994e63
commit d0c5994e63
parent 3300824c22 4f18a580d5
6 changed files with 95 additions and 69 deletions
--- a/iptables-1.4.21.g367.9763347.tar.xz
+++ b/iptables-1.4.21.g367.9763347.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:266a9080f44224b4f3cdfe0b41da2f152823746370069723d8b0586c5d42ab91
 size 314784
--- a/iptables-1.4.21.tar.bz2
+++ b/iptables-1.4.21.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0
 size 547439
--- a/iptables-1.4.21.tar.bz2.sig
+++ b/iptables-1.4.21.tar.bz2.sig
--- a/iptables-batch.patch
+++ b/iptables-batch.patch
@ -1,17 +1,16 @@
 ---
- iptables/Makefile.am      |   10 
+ iptables/Makefile.am      |    9 
 iptables/iptables-batch.c |  468 ++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 477 insertions(+), 1 deletion(-)
+ 2 files changed, 477 insertions(+)
-Index: iptables-1.4.20/iptables/Makefile.am
+Index: iptables/iptables/Makefile.am
 ===================================================================
--- iptables-1.4.20.orig/iptables/Makefile.am
+--- iptables.orig/iptables/Makefile.am
-+++ iptables-1.4.20/iptables/Makefile.am
+++ iptables/iptables/Makefile.am
-@@ -24,7 +24,15 @@ endif
+@@ -48,7 +48,16 @@ xtables_compat_multi_SOURCES += xshared.
- xtables_multi_SOURCES += xshared.c
+ xtables_compat_multi_LDADD   += ../libxtables/libxtables.la -lm
- xtables_multi_LDADD   += ../libxtables/libxtables.la -lm
+ endif
 -sbin_PROGRAMS    = xtables-multi
 +iptables_batch_SOURCES    = iptables-batch.c iptables.c xshared.c
 +iptables_batch_LDFLAGS    = ${xtables_multi_LDFLAGS}
 +iptables_batch_LDADD      = ${xtables_multi_LDADD}
@ -20,14 +19,15 @@ Index: iptables-1.4.20/iptables/Makefile.am
 +ip6tables_batch_LDFLAGS   = ${xtables_multi_LDFLAGS}
 +ip6tables_batch_LDADD     = ${xtables_multi_LDADD}
 +
-+sbin_PROGRAMS    = xtables-multi iptables-batch ip6tables-batch
+ sbin_PROGRAMS    = xtables-multi
- man_MANS         = iptables.8 iptables-restore.8 iptables-save.8 \
+sbin_PROGRAMS   += iptables-batch ip6tables-batch
-                    iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
+ if ENABLE_NFTABLES
-                    ip6tables-save.8 iptables-extensions.8
+ sbin_PROGRAMS	+= xtables-compat-multi
-Index: iptables-1.4.20/iptables/iptables-batch.c
+ endif
 Index: iptables/iptables/iptables-batch.c
 ===================================================================
 --- /dev/null
-+++ iptables-1.4.20/iptables/iptables-batch.c
+++ iptables/iptables/iptables-batch.c
@@ -0,0 +1,468 @@
 +/*
 + * Author: Ludwig Nussel <ludwig.nussel@suse.de>
--- a/iptables.changes
+++ b/iptables.changes
@ -1,3 +1,18 @@
 -------------------------------------------------------------------
 Mon Nov 23 11:07:15 UTC 2015 - jengelh@inai.de
 - Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]
 * -m ah/esp/rt: restore matching "any SPI id" by default
  (they unexpectedly defaulted to --spi 0 rather than --spi ALL)
 * -m cgroup: new module
 * -m dst: make ! --dst-len work
 * -m ipcomp: new module
 * -m socket: add --restore-skmark option
 * -j CT: add support for new zone options
 * -j REJECT: add missing ICMPv6 codes
 * -j TEE: make it possible to delete rules with -D ... -j
 * -j SNAT/DNAT: add randomize-full support
 -------------------------------------------------------------------
 Thu Apr 24 09:54:12 UTC 2014 - dmueller@suse.com
--- a/iptables.spec
+++ b/iptables.spec
@ -1,7 +1,7 @@
 #
 # spec file for package iptables
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,22 +17,19 @@
 Name:           iptables
-%define lname_ipq	libipq0
+Version:        1.6.0~
 %define lname_iptc	libiptc0
 %define lname_xt	libxtables10
 Version:        1.4.21
 Release:        0
 Summary:        IP Packet Filter Administration utilities
 License:        GPL-2.0 and Artistic-2.0
 Group:          Productivity/Networking/Security
 Url:            http://netfilter.org/projects/iptables/
 #Freecode-URL:	http://freecode.com/projects/iptables/
 #Git-Web:	http://git.netfilter.org/
 #Git-Clone:	git://git.netfilter.org/iptables
 #DL-URL:	http://netfilter.org/projects/iptables/files/
-Source:         http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
+#Source:         http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
-Source2:        http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
+#Source2:        http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
 Source:         iptables-1.4.21.g367.9763347.tar.xz
 Source3:        %name.keyring
 Patch3:         iptables-batch.patch
 Patch4:         iptables-apply-mktemp-fix.patch
@ -41,26 +38,37 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?fedora_version} || 0%{?centos_version}
 BuildRequires:  sgml-common
 %endif
 #git#BuildRequires:  autoconf, automake >= 1.10
 BuildRequires:  libtool
 BuildRequires:  pkgconfig >= 0.21
 %if 0%{?suse_version}
 BuildRequires:  fdupes
 %endif
-%if 0%{?suse_version} >= 1140 || 0%{?fedora_version}
+#git#BuildRequires:  autoconf, automake >= 1.10
 BuildRequires:  bison
 BuildRequires:  flex >= 2.5.33
 BuildRequires:  libtool
 BuildRequires:  pkg-config >= 0.21
 BuildRequires:  xz
 BuildRequires:  pkgconfig(libmnl) >= 1.0
 BuildRequires:  pkgconfig(libnetfilter_conntrack) >= 1.0.4
 BuildRequires:  pkgconfig(libnfnetlink) >= 1.0.0
-%endif
+BuildRequires:  pkgconfig(libnftnl) >= 1.0.5
-%if (0%{?suse_version} && 0%{?suse_version} <= 1110) || 0%{?centos_version} || 0%{?redhat_version}
+Requires:       xtables-plugins = %version-%release
 BuildRequires:  libnetfilter_conntrack-devel >= 1.0.4
 BuildRequires:  libnfnetlink-devel >= 1.0.0
 %endif
 Requires:       xtables-plugins = %version
 %description
-iptables is used to set up, maintain, and inspect the tables of IP
+iptables is used to set up, maintain, and inspect the rule tables of
-packet filter rules in the Linux kernel. This version requires kernel
+the classic "ip6_tables" and "ip_tables" packet filters in the Linux
-3.0 or newer.
+kernel.
 %package nft
 Summary:        NFT Packet Filter Administration utilties in the style of Xtables
 Group:          Productivity/Networking/Security
 Requires:       xtables-plugins = %version-%release
 Conflicts:      ebtables
 %description nft
 The programs shipped in this subpackage behave like iptables on the
 command line, but instead edit the rules of the NFT packet filter in
 the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit
 all features.
 %package -n xtables-plugins
 Summary:        Match and Target Extension plugins for iptables
@ -70,11 +78,11 @@ Conflicts:      iptables < 1.4.18
 %description -n xtables-plugins
 Match and Target Extension plugins for iptables.
-%package -n %lname_ipq
+%package -n libipq0
 Summary:        Library to interface with the (old) ip_queue kernel mechanism
 Group:          System/Libraries
-%description -n %lname_ipq
+%description -n libipq0
 The Netfilter project provides a mechanism (ip_queue) for passing
 packets out of the stack for queueing to userspace, then receiving
 these packets back into the kernel with a verdict specifying what to
@ -86,7 +94,7 @@ ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
 %package -n libipq-devel
 Summary:        Development files for the ip_queue kernel mechanism
 Group:          Development/Libraries/C and C++
-Requires:       %lname_ipq = %version
+Requires:       libipq0 = %version
 %description -n libipq-devel
 The Netfilter project provides a mechanism (ip_queue) for passing
@ -97,28 +105,28 @@ be modified in userspace prior to reinjection back into the kernel.
 ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
-%package -n %lname_iptc
+%package -n libiptc0
 Summary:        Library for low-level ruleset generation and parsing
 Group:          System/Libraries
-%description -n %lname_iptc
+%description -n libiptc0
 libiptc ("iptables cache") is used to retrieve from the kernel, parse,
 construct, and load new rulesets into the kernel.
 %package -n libiptc-devel
 Summary:        Development files for libiptc, a packet filter ruleset library
 Group:          Development/Libraries/C and C++
-Requires:       %lname_iptc = %version
+Requires:       libiptc0 = %version
 %description -n libiptc-devel
 libiptc ("iptables cache") is used to retrieve from the kernel, parse,
 construct, and load new rulesets into the kernel.
-%package -n %lname_xt
+%package -n libxtables11
 Summary:        iptables extension interface
 Group:          System/Libraries
-%description -n %lname_xt
+%description -n libxtables11
 This library contains all the iptables code shared between iptables,
 ip6tables, their extensions, and for external integration for e.g.
 iproute2's m_xt.
@ -126,7 +134,7 @@ iproute2's m_xt.
 %package -n libxtables-devel
 Summary:        Libraries, Headers and Development Man Pages for iptables
 Group:          Development/Libraries/C and C++
-Requires:       %lname_xt = %version
+Requires:       libxtables11 = %version
 %description -n libxtables-devel
 This library contains all the iptables code shared between iptables,
@ -137,7 +145,7 @@ Link your extension (iptables plugins) with $(pkg-config xtables
 xtables --variable=xtlibdir).
 %prep
-%setup -q
+%setup -qn iptables
 %patch -P 3 -P 4 -p1
 %build
@ -149,7 +157,7 @@ fi
 rm -f extensions/libipt_unclean.man
 # includedir is overriden on purpose to detect projects that
 # fail to include libxtables_CFLAGS
-%configure --includedir="%_includedir/pkg/%name" --enable-libipq
+%configure --includedir="%_includedir/%name" --enable-libipq
 make %{?_smp_mflags}
 %install
@ -162,12 +170,12 @@ rm -f "%buildroot/%_libdir"/*.la;
 %fdupes %buildroot/%_prefix
 %endif
-%post   -n %lname_ipq -p /sbin/ldconfig
+%post   -n libipq0 -p /sbin/ldconfig
-%postun -n %lname_ipq -p /sbin/ldconfig
+%postun -n libipq0 -p /sbin/ldconfig
-%post   -n %lname_iptc -p /sbin/ldconfig
+%post   -n libiptc0 -p /sbin/ldconfig
-%postun -n %lname_iptc -p /sbin/ldconfig
+%postun -n libiptc0 -p /sbin/ldconfig
-%post   -n %lname_xt -p /sbin/ldconfig
+%post   -n libxtables11 -p /sbin/ldconfig
-%postun -n %lname_xt -p /sbin/ldconfig
+%postun -n libxtables11 -p /sbin/ldconfig
 %files
 %defattr(-,root,root)
@ -186,13 +194,18 @@ rm -f "%buildroot/%_libdir"/*.la;
 %_sbindir/ip6tables-save
 %_sbindir/xtables-multi
 %files nft
 %defattr(-,root,root)
 %_sysconfdir/ethertypes
 %_sbindir/*-compat*
 %files -n xtables-plugins
 %defattr(-,root,root)
 %_libdir/xtables/
 %_sbindir/nfnl_osf
 %_datadir/xtables/
-%files -n %lname_ipq
+%files -n libipq0
 %defattr(-,root,root)
 %_libdir/libipq.so.0*
@ -200,12 +213,12 @@ rm -f "%buildroot/%_libdir"/*.la;
 %defattr(-,root,root)
 %doc %_mandir/man3/libipq*
 %doc %_mandir/man3/ipq*
-%dir %_includedir/pkg/%name/
+%dir %_includedir/%name/
-%_includedir/pkg/%name/libipq*
+%_includedir/%name/libipq*
 %_libdir/libipq.so
 %_libdir/pkgconfig/libipq.pc
-%files -n %lname_iptc
+%files -n libiptc0
 %defattr(-,root,root)
 %_libdir/libiptc.so.0*
 %_libdir/libip4tc.so.0*
@ -213,22 +226,20 @@ rm -f "%buildroot/%_libdir"/*.la;
 %files -n libiptc-devel
 %defattr(-,root,root)
-%dir %_includedir/pkg/
+%dir %_includedir/%name/
-%dir %_includedir/pkg/%name/
+%_includedir/%name/libiptc*
 %_includedir/pkg/%name/libiptc*
 %_libdir/libip*tc.so
 %_libdir/pkgconfig/libip*tc.pc
-%files -n %lname_xt
+%files -n libxtables11
 %defattr(-,root,root)
-%_libdir/libxtables.so.10*
+%_libdir/libxtables.so.11*
 %files -n libxtables-devel
 %defattr(-,root,root)
-%dir %_includedir/pkg/
+%dir %_includedir/%name/
-%dir %_includedir/pkg/%name/
+%_includedir/%name/xtables.h
-%_includedir/pkg/%name/xtables.h
+%_includedir/%name/xtables-version.h
 %_includedir/pkg/%name/xtables-version.h
 %_libdir/libxtables.so
 %_libdir/pkgconfig/xtables.pc