From 802df4199ed91122bd8e13ccf26993f2c3b49d459ed5c500d2fe539a8360e026 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 30 Jun 2012 19:19:08 +0000 Subject: [PATCH] ipset-6.13 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=12 --- ipset-6.12.tar.xz | 3 --- ipset-6.13.tar.xz | 3 +++ ipset.changes | 10 ++++++++++ ipset.spec | 50 ++++++++++++++++++++++++++++++++++++----------- sles11.diff | 21 ++++++++++++++++++++ 5 files changed, 73 insertions(+), 14 deletions(-) delete mode 100644 ipset-6.12.tar.xz create mode 100644 ipset-6.13.tar.xz create mode 100644 sles11.diff diff --git a/ipset-6.12.tar.xz b/ipset-6.12.tar.xz deleted file mode 100644 index 6dead8c..0000000 --- a/ipset-6.12.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:35ffccf3f9462272960ac538b92d7e3d2f776315ceceaff1244a1bda6192145e -size 361684 diff --git a/ipset-6.13.tar.xz b/ipset-6.13.tar.xz new file mode 100644 index 0000000..70cb376 --- /dev/null +++ b/ipset-6.13.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:043ba8a076e8af0e4cdf770af71baa4bb854e6c14c98500eb4c3293b8ccf73c2 +size 360620 diff --git a/ipset.changes b/ipset.changes index 307f00b..d155e26 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Jun 30 18:33:33 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 6.13 +* more restrictive command-line parser +* documentation updates w.r.t. src/dst for hash:net,iface +* allow saving to/restoring from a file without shell redirection +* kernel: hash:net,iface: fix interface comparison +* timeout fixing bug broke SET target special timeout value, fixed + ------------------------------------------------------------------- Thu May 10 11:07:52 UTC 2012 - jengelh@inai.de diff --git a/ipset.spec b/ipset.spec index d3ba0a2..b80abf6 100644 --- a/ipset.spec +++ b/ipset.spec @@ -17,8 +17,8 @@ Name: ipset -%define lname libipset2 -Version: 6.12 +%define lname libipset3 +Version: 6.13 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 @@ -29,21 +29,38 @@ Url: http://ipset.netfilter.org/ #Git-Web: http://git.netfilter.org/ Source: %name-%version.tar.xz Source3: %name-preamble +Patch1: sles11.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool BuildRequires: pkgconfig >= 0.21 BuildRequires: xz +%if 0%{?suse_version} >= 1140 || 0%{?fedora_version} BuildRequires: pkgconfig(libmnl) >= 1 +%else +BuildRequires: libmnl-devel >= 1 +%endif +%if 0%{?suse_version} >= 1140 +BuildRequires: linux-glibc-devel >= 2.6.24 +%endif +%if 0%{?suse_version} && 0%{?suse_version} <= 1110 +BuildRequires: linux-kernel-headers >= 2.6.24 +%endif +%if 0%{?redhat_version} || 0%{?centos_version} || 0%{?fedora_version} +BuildRequires: kernel-headers >= 2.6.24 +%endif %if 0%{?suse_version} +# Make quilt happy +%if 0%{?kernel_module_package_buildreqs:1} +%define with_kmp 1 BuildRequires: %kernel_module_package_buildreqs +%endif BuildRequires: kernel-syms >= 2.6.39 Recommends: %name-kmp %endif +%if 0%{?with_kmp:1} %kernel_module_package -p %name-preamble +%endif %description IP sets are a framework inside the Linux kernel, which can be @@ -97,32 +114,43 @@ addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. %prep +%if 0%{?__xz:1} %setup -q +%else +tar --use=xz -xf "%{S:0}"; +%setup -DTq +%endif +%patch -P 1 -p1 %build -#if [ ! -e configure ]; then -# ./autogen.sh; -#fi; +%if 0%{?with_kmp} for flavor in %flavors_to_build; do cp -a . "../%name-$flavor-%version"; pushd "../%name-$flavor-%version/"; # ksource: it just checks for a header %configure --disable-static \ --with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" \ - --with-ksource="/usr/src/linux" \ - --enable-dependency-tracking; + --with-ksource="/usr/src/linux"; make %{?_smp_mflags} all modules; popd; done; +%else +%configure --disable-static --with-kmod=no +make %{?_smp_mflags}; +%endif %install b="%buildroot"; +%if 0%{?with_kmp} for flavor in %flavors_to_build; do pushd "../%name-$flavor-%version/"; make %{?_smp_mflags} install modules_install \ DESTDIR="$b" INSTALL_MOD_PATH="$b"; popd; done; +%else +make %{?_smp_mflags} install DESTDIR="$b"; +%endif find "$b/%_libdir" -type f -name "*.la" -delete; %post -n %lname -p /sbin/ldconfig @@ -136,7 +164,7 @@ find "$b/%_libdir" -type f -name "*.la" -delete; %files -n %lname %defattr(-,root,root) -%_libdir/libipset.so.2* +%_libdir/libipset.so.3* %files devel %defattr(-,root,root) diff --git a/sles11.diff b/sles11.diff new file mode 100644 index 0000000..b5ce472 --- /dev/null +++ b/sles11.diff @@ -0,0 +1,21 @@ + +The evil overloads backported the 5-argument form, +causing the version check to be meaningless. + +--- + kernel/net/netfilter/ipset/ip_set_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: ipset-6.13/kernel/net/netfilter/ipset/ip_set_core.c +=================================================================== +--- ipset-6.13.orig/kernel/net/netfilter/ipset/ip_set_core.c ++++ ipset-6.13/kernel/net/netfilter/ipset/ip_set_core.c +@@ -1180,7 +1180,7 @@ ip_set_dump(struct sock *ctnl, struct sk + if (unlikely(protocol_failed(attr))) + return -IPSET_ERR_PROTOCOL; + +-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0) ++#if 0 + return netlink_dump_start(ctnl, skb, nlh, + ip_set_dump_start, + ip_set_dump_done);