From 1e7c51b55c79d8d75cb4fb4799f37b90e2a092f9d970dc80f0fa6a15489f4d2e Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 20 Jan 2012 18:00:13 +0000 Subject: [PATCH] ipset 6.11 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=5 --- ipset-6.10+git9.tar.xz | 3 --- ipset-6.11.tar.xz | 3 +++ ipset.changes | 11 +++++++++++ ipset.spec | 40 ++++++++++++++++++++++------------------ kernel-3_3.diff | 38 ++++++++++++++++++-------------------- linux-export.h.diff | 41 +++++++++++++++++++++++++++++++++++++++++ no-static.diff | 12 ++++++------ 7 files changed, 101 insertions(+), 47 deletions(-) delete mode 100644 ipset-6.10+git9.tar.xz create mode 100644 ipset-6.11.tar.xz create mode 100644 linux-export.h.diff diff --git a/ipset-6.10+git9.tar.xz b/ipset-6.10+git9.tar.xz deleted file mode 100644 index 458c49f..0000000 --- a/ipset-6.10+git9.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:068bd00b9f94da5cc5718c4ac5ba6e0c3d71016ba6fba8471f04111a23c49d4d -size 118932 diff --git a/ipset-6.11.tar.xz b/ipset-6.11.tar.xz new file mode 100644 index 0000000..ecc2c67 --- /dev/null +++ b/ipset-6.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9491ce236d04d21dff120657081c9685f6fb83e9f3f183320180b24640bae508 +size 314464 diff --git a/ipset.changes b/ipset.changes index af0b258..dcf9386 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Jan 20 17:27:01 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 6.11 +* libipset is now complete; ipset is just a frontend +* Log warning when a hash type of set gets full +* Exceptions support added to hash:*net* types +* hash:net,iface timeout bug fixed +* Support hostnames and service names with dash + + ------------------------------------------------------------------- Sun Jan 1 03:17:39 UTC 2012 - jengelh@medozas.de diff --git a/ipset.spec b/ipset.spec index 9ba271b..32e3033 100644 --- a/ipset.spec +++ b/ipset.spec @@ -1,7 +1,7 @@ # # spec file for package ipset # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,28 +15,31 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + + Name: ipset -%define lname libipset1 -Version: 6.10+git9 +%define lname libipset2 +Version: 6.11 Release: 0 Group: Productivity/Networking/Security Summary: Netfilter ipset administration utility License: GPL-2.0 -URL: http://ipset.netfilter.org/ +Url: http://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ Source: %name-%version.tar.xz Source3: %name-preamble -Patch1: no-static.diff -Patch2: kernel-3_3.diff +Patch1: no-static.diff +Patch2: kernel-3_3.diff +Patch3: linux-export.h.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: autoconf, automake, libtool -BuildRequires: pkgconfig >= 0.23, pkgconfig(libmnl) >= 1, xz +BuildRequires: autoconf automake libtool +BuildRequires: pkgconfig >= 0.21 pkgconfig(libmnl) >= 1 xz %if 0%{?suse_version} BuildRequires: %kernel_module_package_buildreqs -BuildRequires: kernel-syms >= 2.6.39 +BuildRequires: kernel-syms >= 2.6.39 Recommends: %name-kmp %endif @@ -71,8 +74,8 @@ when matching an entry against a set. This package contains a version update to the in-kernel ipset modules. %package -n %lname -Summary: Userspace library for the in-kernel Netfilter ipset interface -Group: System/Libraries +Summary: Userspace library for the in-kernel Netfilter ipset interface +Group: System/Libraries %description -n %lname IP sets are a framework inside the Linux kernel, which can be @@ -82,9 +85,9 @@ addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. %package devel -Summary: Development files for ipset extensions -Group: Development/Libraries/C and C++ -Requires: %lname = %version +Summary: Development files for ipset extensions +Group: Development/Libraries/C and C++ +Requires: %lname = %version %description devel IP sets are a framework inside the Linux kernel, which can be @@ -95,12 +98,13 @@ when matching an entry against a set. %prep %setup -q -%patch -P 1 -P 2 -p1 +%patch -P 1 -P 2 -P 3 -p1 %build -if [ ! -e configure ]; then - ./autogen.sh; -fi; +./autogen.sh; # got patches +#if [ ! -e configure ]; then +# ./autogen.sh; +#fi; pushd ../; for flavor in %flavors_to_build; do cp -a "%name-%version" "%name-$flavor-%version"; diff --git a/kernel-3_3.diff b/kernel-3_3.diff index c797d1a..6528a81 100644 --- a/kernel-3_3.diff +++ b/kernel-3_3.diff @@ -3,18 +3,18 @@ commit b2d4e4b4e6c48dc0d53eeab3b52ce56f01a29397 Author: Jan Engelhardt Date: Sat Dec 31 02:22:10 2011 +0100 -kernel 3.2 support +kernel 3.3 support --- kernel/net/netfilter/ipset/ip_set_getport.c | 6 ++++++ kernel/net/netfilter/ipset/ip_set_hash_ip.c | 2 +- kernel/net/netfilter/ipset/ip_set_hash_net.c | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) -diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c -index 58ca4e1..836855f 100644 ---- a/kernel/net/netfilter/ipset/ip_set_getport.c -+++ b/kernel/net/netfilter/ipset/ip_set_getport.c -@@ -12,6 +12,7 @@ +Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.c +=================================================================== +--- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_getport.c ++++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.c +@@ -16,6 +16,7 @@ #include #include #include @@ -22,7 +22,7 @@ index 58ca4e1..836855f 100644 #include #include #include -@@ -115,9 +116,14 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src, +@@ -119,9 +120,14 @@ ip_set_get_ip6_port(const struct sk_buff { int protoff; u8 nexthdr; @@ -37,11 +37,11 @@ index 58ca4e1..836855f 100644 if (protoff < 0) return false; -diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c -index 14a8628..5139dea 100644 ---- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c -+++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c -@@ -241,7 +241,7 @@ hash_ip6_data_isnull(const struct hash_ip6_elem *elem) +Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_ip.c +=================================================================== +--- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_hash_ip.c ++++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_ip.c +@@ -241,7 +241,7 @@ hash_ip6_data_isnull(const struct hash_i static inline void hash_ip6_data_copy(struct hash_ip6_elem *dst, const struct hash_ip6_elem *src) { @@ -50,18 +50,16 @@ index 14a8628..5139dea 100644 } static inline void -diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c -index 48e35ba..5a4457a 100644 ---- a/kernel/net/netfilter/ipset/ip_set_hash_net.c -+++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c -@@ -267,7 +267,7 @@ static inline void +Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_net.c +=================================================================== +--- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_hash_net.c ++++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_net.c +@@ -295,7 +295,7 @@ static inline void hash_net6_data_copy(struct hash_net6_elem *dst, const struct hash_net6_elem *src) { - ipv6_addr_copy(&dst->ip.in6, &src->ip.in6); + dst->ip.in6 = src->ip.in6; dst->cidr = src->cidr; + dst->nomatch = src->nomatch; } - --- -# Created with git-export-patch diff --git a/linux-export.h.diff b/linux-export.h.diff new file mode 100644 index 0000000..25dba07 --- /dev/null +++ b/linux-export.h.diff @@ -0,0 +1,41 @@ +parent fe8800c8ad505196d4cde9fca21d868751760c9f (v6.11) +commit 94daadfc825c504dcb9bd510b895c6c673229b60 +Author: Henry Culver +Date: Fri Jan 20 13:40:55 2012 +0100 + +Fix the inclusion of linux/export.h + +The tests for inclusion of linux/export.h in +ipset-6.11:kernel/net/netfilter/ipset/{ip_set_getport.c,pfxlen.c} are +incorrect, linux/export.h did not go in until 3.2.0. +--- + kernel/net/netfilter/ipset/ip_set_getport.c | 2 +- + kernel/net/netfilter/ipset/pfxlen.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c +index 0f77a53..a66c67b 100644 +--- a/kernel/net/netfilter/ipset/ip_set_getport.c ++++ b/kernel/net/netfilter/ipset/ip_set_getport.c +@@ -8,7 +8,7 @@ + /* Get Layer-4 data from the packets */ + + #include +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) + #include + #endif + #include +diff --git a/kernel/net/netfilter/ipset/pfxlen.c b/kernel/net/netfilter/ipset/pfxlen.c +index c5191c7..56ca480 100644 +--- a/kernel/net/netfilter/ipset/pfxlen.c ++++ b/kernel/net/netfilter/ipset/pfxlen.c +@@ -1,5 +1,5 @@ + #include +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0) + #include + #endif + #include +-- +# Created with git-export-patch diff --git a/no-static.diff b/no-static.diff index 63f2013..ea2fd63 100644 --- a/no-static.diff +++ b/no-static.diff @@ -2,13 +2,13 @@ src/Makefile.am | 1 - 1 file changed, 1 deletion(-) -Index: ipset-6.10+git9/src/Makefile.am +Index: ipset-6.11/src/Makefile.am =================================================================== ---- ipset-6.10+git9.orig/src/Makefile.am -+++ ipset-6.10+git9/src/Makefile.am -@@ -15,7 +15,6 @@ ipset_SOURCES = ipset.c \ - ipset_list_set.c \ - ui.c +--- ipset-6.11.orig/src/Makefile.am ++++ ipset-6.11/src/Makefile.am +@@ -3,7 +3,6 @@ include $(top_srcdir)/Make_global.am + sbin_PROGRAMS = ipset + ipset_SOURCES = ipset.c ui.c ipset_LDADD = ../lib/libipset.la -AM_LDFLAGS = -static