From 82aae01f3374f4b10409a25ad7891d334ba69d6757d69f00caaa234705c0aca7 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 27 Nov 2012 12:54:19 +0000 Subject: [PATCH] ipset-6.16 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=19 --- 0001-build-Linux-3.7-netlink-fun.patch | 106 -------------------- 0001-build-support-for-Linux-3.7-UAPI.patch | 29 ------ ipset-6.15.tar.xz | 3 - ipset-6.16.tar.xz | 3 + ipset.changes | 9 ++ ipset.spec | 15 +-- 6 files changed, 14 insertions(+), 151 deletions(-) delete mode 100644 0001-build-Linux-3.7-netlink-fun.patch delete mode 100644 0001-build-support-for-Linux-3.7-UAPI.patch delete mode 100644 ipset-6.15.tar.xz create mode 100644 ipset-6.16.tar.xz diff --git a/0001-build-Linux-3.7-netlink-fun.patch b/0001-build-Linux-3.7-netlink-fun.patch deleted file mode 100644 index 2abb810..0000000 --- a/0001-build-Linux-3.7-netlink-fun.patch +++ /dev/null @@ -1,106 +0,0 @@ -From fbd99092352fb0fac406da55b2ca08ba414823d0 Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Wed, 21 Nov 2012 23:47:16 +0100 -Subject: [PATCH] build: Linux 3.7 netlink fun - ---- - kernel/net/netfilter/ipset/ip_set_core.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c -index 01af069..1a1f29c 100644 ---- a/kernel/net/netfilter/ipset/ip_set_core.c -+++ b/kernel/net/netfilter/ipset/ip_set_core.c -@@ -1105,7 +1105,7 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb) - ip_set_id_t index = IPSET_INVALID_ID, max; - struct ip_set *set = NULL; - struct nlmsghdr *nlh = NULL; -- unsigned int flags = NETLINK_CB(cb->skb).pid ? NLM_F_MULTI : 0; -+ unsigned int flags = NETLINK_CB(cb->skb).portid ? NLM_F_MULTI : 0; - u32 dump_type, dump_flags; - int ret = 0; - -@@ -1153,7 +1153,7 @@ dump_last: - pr_debug("reference set\n"); - __ip_set_get(index); - } -- nlh = start_msg(skb, NETLINK_CB(cb->skb).pid, -+ nlh = start_msg(skb, NETLINK_CB(cb->skb).portid, - cb->nlh->nlmsg_seq, flags, - IPSET_CMD_LIST); - if (!nlh) { -@@ -1296,7 +1296,7 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, - skb2 = nlmsg_new(payload, GFP_KERNEL); - if (skb2 == NULL) - return -ENOMEM; -- rep = __nlmsg_put(skb2, NETLINK_CB(skb).pid, -+ rep = __nlmsg_put(skb2, NETLINK_CB(skb).portid, - nlh->nlmsg_seq, NLMSG_ERROR, payload, 0); - errmsg = nlmsg_data(rep); - errmsg->error = ret; -@@ -1311,7 +1311,7 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, - - *errline = lineno; - -- netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); -+ netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT); - /* Signal netlink not to send its ACK/errmsg. */ - return -EINTR; - } -@@ -1486,7 +1486,7 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb, - if (skb2 == NULL) - return -ENOMEM; - -- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, -+ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0, - IPSET_CMD_HEADER); - if (!nlh2) - goto nlmsg_failure; -@@ -1498,7 +1498,7 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb, - goto nla_put_failure; - nlmsg_end(skb2, nlh2); - -- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); -+ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT); - if (ret < 0) - return ret; - -@@ -1546,7 +1546,7 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb, - if (skb2 == NULL) - return -ENOMEM; - -- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, -+ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0, - IPSET_CMD_TYPE); - if (!nlh2) - goto nlmsg_failure; -@@ -1559,7 +1559,7 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb, - nlmsg_end(skb2, nlh2); - - pr_debug("Send TYPE, nlmsg_len: %u\n", nlh2->nlmsg_len); -- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); -+ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT); - if (ret < 0) - return ret; - -@@ -1595,7 +1595,7 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, - if (skb2 == NULL) - return -ENOMEM; - -- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, -+ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0, - IPSET_CMD_PROTOCOL); - if (!nlh2) - goto nlmsg_failure; -@@ -1603,7 +1603,7 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, - goto nla_put_failure; - nlmsg_end(skb2, nlh2); - -- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); -+ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT); - if (ret < 0) - return ret; - --- -1.7.10.4 - diff --git a/0001-build-support-for-Linux-3.7-UAPI.patch b/0001-build-support-for-Linux-3.7-UAPI.patch deleted file mode 100644 index 6c54b8c..0000000 --- a/0001-build-support-for-Linux-3.7-UAPI.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a6addc5519c0de9bb939317086ca5b6b0df9039f Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Wed, 21 Nov 2012 23:39:37 +0100 -Subject: [PATCH] build: support for Linux 3.7 UAPI - -In Linux 3.7, nfnetlink.h moved below include/uapi/. Make configure -recognize that. Furthermore, we can drop the unnecessary indirection -via backticks and just ask grep directly if there was any result. ---- - configure.ac | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 7a6aa33..dea392d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -68,7 +68,8 @@ fi - - AC_PROG_GREP - --if test "X`$GREP 'NFNL_SUBSYS_IPSET' $ksourcedir/include/linux/netfilter/nfnetlink.h`" = "X" -+if ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/linux/netfilter/nfnetlink.h" && \ -+ ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/uapi/linux/netfilter/nfnetlink.h"; - then - AC_MSG_ERROR([The kernel source directory $ksourcedir is not patched with netlink.patch to support ipset]) - fi --- -1.7.10.4 - diff --git a/ipset-6.15.tar.xz b/ipset-6.15.tar.xz deleted file mode 100644 index f2dac1e..0000000 --- a/ipset-6.15.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:db81dc79d0d8de4cde27191973ff7718534c69b19f3a6c651f59a54b514cc29d -size 362840 diff --git a/ipset-6.16.tar.xz b/ipset-6.16.tar.xz new file mode 100644 index 0000000..81631a3 --- /dev/null +++ b/ipset-6.16.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5fc4f3f4d4c56057083c102ba30923674fcf194afe102342ffff1c432cdd83a5 +size 363156 diff --git a/ipset.changes b/ipset.changes index 89e6e71..8fd1f7a 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Nov 27 12:50:37 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 6.16 +* Fix RCU handling when the number of maximal sets are increased––(89ba843) +* netfilter: ipset: fix netiface set name overflow––(cd42fcf) +- Remove 0001-build-support-for-Linux-3.7-UAPI.patch, merged upstream +- Remove 0001-build-Linux-3.7-netlink-fun.patch, merged upstream + ------------------------------------------------------------------- Mon Nov 19 16:20:13 UTC 2012 - jengelh@inai.de diff --git a/ipset.spec b/ipset.spec index 6196be2..62270de 100644 --- a/ipset.spec +++ b/ipset.spec @@ -18,7 +18,7 @@ Name: ipset %define lname libipset3 -Version: 6.15 +Version: 6.16 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 @@ -31,13 +31,8 @@ Url: http://ipset.netfilter.org/ Source: %name-%version.tar.xz Source3: %name-preamble Patch1: sles11.diff -Patch2: 0001-build-support-for-Linux-3.7-UAPI.patch -Patch3: 0001-build-Linux-3.7-netlink-fun.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: autoconf -BuildRequires: automake >= 1.11 -BuildRequires: libtool >= 2 BuildRequires: pkgconfig >= 0.21 BuildRequires: xz %if 0%{?suse_version} >= 1140 || 0%{?fedora_version} @@ -126,15 +121,9 @@ when matching an entry against a set. tar --use=xz -xf "%{S:0}"; %setup -DTq %endif -%patch -P 1 -P 2 -p1 -%if "%_repository" == "Kernel_HEAD" -%patch -P 3 -p1 -%endif +%patch -P 1 -p1 %build -# patch2: force reconf -autoreconf -fi; - %if 0%{?with_kmp} for flavor in %flavors_to_build; do cp -a . "../%name-$flavor-%version";