Accepting request 910102 from home:polslinux:branches:security:netfilter

- Update to release 7.15
  * netfilter: ipset: Fix maximal range check in
    hash_ipportnet4_uadt()

OBS-URL: https://build.opensuse.org/request/show/910102
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=102
This commit is contained in:
Jan Engelhardt 2021-08-04 10:03:51 +00:00 committed by Git OBS Bridge
parent f81e0ee2f2
commit 0a6f4fb1f2
4 changed files with 42 additions and 36 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:27031c36d355907031cce41e65553e99bb013d762fcd55392f63d7e84760f900
size 680219

3
ipset-7.15.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0a5545aaadb640142c1f888d366a78ddf8724799967fa20686a70053bd621751
size 680383

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Aug 4 09:37:44 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
- Update to release 7.15
* netfilter: ipset: Fix maximal range check in
hash_ipportnet4_uadt()
-------------------------------------------------------------------
Wed Jul 28 14:54:37 UTC 2021 - Jan Engelhardt <jengelh@inai.de>

View File

@ -25,29 +25,28 @@
%define ipset_build_kmp 0
%endif
Name: ipset
Version: 7.14
Version: 7.15
Release: 0
Summary: Netfilter ipset administration utility
License: GPL-2.0-only
Group: Productivity/Networking/Security
URL: http://ipset.netfilter.org/
URL: https://ipset.netfilter.org/
#Git-Clone: git://git.netfilter.org/ipset
#Git-Web: http://git.netfilter.org/
Source: http://ipset.netfilter.org/%name-%version.tar.bz2
Source3: %name-preamble
Source: http://ipset.netfilter.org/%{name}-%{version}.tar.bz2
Source3: %{name}-preamble
Patch1: ipset-destdir.diff
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: linux-glibc-devel >= 2.6.24
BuildRequires: pkg-config >= 0.21
BuildRequires: pkgconfig >= 0.21
BuildRequires: pkgconfig(libmnl) >= 1
%if 0%{?ipset_build_kmp}
BuildRequires: %kernel_module_package_buildreqs
BuildRequires: %{kernel_module_package_buildreqs}
BuildRequires: kernel-devel >= 2.6.39
%kernel_module_package -p %name-preamble
BuildRequires: kmod-compat
%kernel_module_package -p %{name}-preamble
%endif
%description
@ -78,11 +77,11 @@ when matching an entry against a set.
This package contains a version update to the in-kernel ipset modules.
%package -n %lname
%package -n %{lname}
Summary: Userspace library for the in-kernel Netfilter ipset interface
Group: System/Libraries
%description -n %lname
%description -n %{lname}
IP sets are a framework inside the Linux kernel, which can be
administered by the ipset utility. Depending on the type, currently
an IP set may store IP addresses, (TCP/UDP) port numbers or IP
@ -92,7 +91,7 @@ when matching an entry against a set.
%package devel
Summary: Development files for ipset extensions
Group: Development/Libraries/C and C++
Requires: %lname = %version
Requires: %{lname} = %{version}
%description devel
IP sets are a framework inside the Linux kernel, which can be
@ -109,49 +108,49 @@ when matching an entry against a set.
export PATH="$PATH:%_sbindir"
autoreconf -fi
%if 0%{?ipset_build_kmp}
for flavor in %flavors_to_build; do
cp -a . "../%name-$flavor-%version"
pushd "../%name-$flavor-%version/"
for flavor in %{flavors_to_build}; do
cp -a . "../%{name}-$flavor-%{version}"
pushd "../%{name}-$flavor-%{version}/"
# ksource: it just checks for a header
%configure --disable-static \
--with-kbuild="%_prefix/src/linux-obj/%_target_cpu/$flavor" \
--with-ksource="%_prefix/src/linux" \
--includedir="%_includedir/%name"
make %{?_smp_mflags} all modules
--with-kbuild="%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor" \
--with-ksource="%{_prefix}/src/linux" \
--includedir="%{_includedir}/%{name}"
%make_build all modules
popd
done
%endif
%configure --disable-static --with-kmod=no \
--includedir="%_includedir/%name"
make %{?_smp_mflags} V=1
--includedir="%{_includedir}/%{name}"
%make_build
%install
export PATH="$PATH:%_sbindir"
b="%buildroot"
b=%{buildroot}
%if 0%{?ipset_build_kmp}
for flavor in %flavors_to_build; do
pushd "../%name-$flavor-%version/"
for flavor in %{flavors_to_build}; do
pushd "../%{name}-$flavor-%{version}/"
make %{?_smp_mflags} install modules_install \
DESTDIR="$b" INSTALL_MOD_PATH="$b" V=1
popd
done
%endif
%make_install
find "$b/%_libdir/" -type f -name "*.la" -delete -print
find %{buildroot} -type f -name "*.la" -delete -print
%post -n %lname -p /sbin/ldconfig
%postun -n %lname -p /sbin/ldconfig
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
%files
%_sbindir/ipset*
%_mandir/man*/*
%{_sbindir}/ipset*
%{_mandir}/man*/*
%files -n %lname
%_libdir/libipset.so.13*
%files -n %{lname}
%{_libdir}/libipset.so.13*
%files devel
%_libdir/libipset.so
%_libdir/pkgconfig/libipset.pc
%_includedir/%name/
%{_libdir}/libipset.so
%{_libdir}/pkgconfig/libipset.pc
%{_includedir}/%{name}/
%changelog