rpm/ipset
SHA256
1
0
Fork 0
forked from pool/ipset
Code Pull Requests Activity

Accepting request 120630 from security:netfilter

Browse Source 
- Update to new upstream release 6.12
* Report syntax error messages immediately
* Add dynamic module support to ipset userspace tool
* Fix timeout value overflow bug at large timeout parameters
* gcc 4.7 support

OBS-URL: https://build.opensuse.org/request/show/120630
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ipset?expand=0&rev=3
This commit is contained in:
Stephan Kulow 2012-05-11 07:46:46 +00:00 committed by Git OBS Bridge
commit 04e2cb51c8
7 changed files with 27 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ipset-6.11.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9491ce236d04d21dff120657081c9685f6fb83e9f3f183320180b24640bae508
size 314464

3
ipset-6.12.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:35ffccf3f9462272960ac538b92d7e3d2f776315ceceaff1244a1bda6192145e
size 361684

9
ipset.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Thu May 10 11:07:52 UTC 2012 - jengelh@inai.de
- Update to new upstream release 6.12
* Report syntax error messages immediately
* Add dynamic module support to ipset userspace tool
* Fix timeout value overflow bug at large timeout parameters
* gcc 4.7 support
-------------------------------------------------------------------
Fri Jan 20 17:27:01 UTC 2012 - jengelh@medozas.de

33
ipset.spec
View File

@ -16,27 +16,27 @@
#
Name: ipset
%define lname libipset2
Version: 6.11
Version: 6.12
Release: 0
Group: Productivity/Networking/Security
Summary: Netfilter ipset administration utility
License: GPL-2.0
Group: Productivity/Networking/Security
Url: http://ipset.netfilter.org/
#Git-Clone: git://git.netfilter.org/ipset
#Git-Web: http://git.netfilter.org/
Source: %name-%version.tar.xz
Source3: %name-preamble
Patch1: no-static.diff
Patch2: kernel-3_3.diff
Patch3: linux-export.h.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf automake libtool
BuildRequires: pkgconfig >= 0.21 pkgconfig(libmnl) >= 1 xz
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: pkgconfig >= 0.21
BuildRequires: xz
BuildRequires: pkgconfig(libmnl) >= 1
%if 0%{?suse_version}
BuildRequires: %kernel_module_package_buildreqs
BuildRequires: kernel-syms >= 2.6.39
@ -61,8 +61,8 @@ ipset can:
iptables rule and benefit from the speed of IP sets
%package KMP
Group: System/Kernel
Summary: Netfilter ipset kernel modules
Group: System/Kernel
%description KMP
IP sets are a framework inside the Linux kernel, which can be
@ -98,35 +98,32 @@ when matching an entry against a set.
%prep
%setup -q
%patch -P 1 -P 2 -P 3 -p1
%build
./autogen.sh; # got patches
#if [ ! -e configure ]; then
# ./autogen.sh;
#fi;
pushd ../;
for flavor in %flavors_to_build; do
cp -a "%name-%version" "%name-$flavor-%version";
pushd "%name-$flavor-%version/";
cp -a . "../%name-$flavor-%version";
pushd "../%name-$flavor-%version/";
# ksource: it just checks for a header
%configure --disable-static \
--with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" \
--with-ksource="/usr/src/linux";
--with-ksource="/usr/src/linux" \
--enable-dependency-tracking;
make %{?_smp_mflags} all modules;
popd;
done;
%install
b="%buildroot";
pushd ../;
for flavor in %flavors_to_build; do
pushd "%name-$flavor-%version/";
pushd "../%name-$flavor-%version/";
make %{?_smp_mflags} install modules_install \
DESTDIR="$b" INSTALL_MOD_PATH="$b";
popd;
done;
rm -f "$b/%_libdir"/*.la;
find "$b/%_libdir" -type f -name "*.la" -delete;
%post -n %lname -p /sbin/ldconfig

65
kernel-3_3.diff
View File

@ -1,65 +0,0 @@
parent 5f5e497db1f0810ce50bc8807836312c75511079 (v6.10-9-g5f5e497)
commit b2d4e4b4e6c48dc0d53eeab3b52ce56f01a29397
Author: Jan Engelhardt <jengelh@medozas.de>
Date: Sat Dec 31 02:22:10 2011 +0100
kernel 3.3 support
---
kernel/net/netfilter/ipset/ip_set_getport.c | 6 ++++++
kernel/net/netfilter/ipset/ip_set_hash_ip.c | 2 +-
kernel/net/netfilter/ipset/ip_set_hash_net.c | 2 +-
3 files changed, 8 insertions(+), 2 deletions(-)
Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.c
===================================================================
--- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_getport.c
+++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_getport.c
@@ -16,6 +16,7 @@
#include <linux/icmp.h>
#include <linux/icmpv6.h>
#include <linux/sctp.h>
+#include <linux/version.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <net/ip.h>
#include <net/ipv6.h>
@@ -119,9 +120,14 @@ ip_set_get_ip6_port(const struct sk_buff
{
int protoff;
u8 nexthdr;
+ __be16 frag_off;
nexthdr = ipv6_hdr(skb)->nexthdr;
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 3, 0)
protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
+#else
+ protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr, &frag_off);
+#endif
if (protoff < 0)
return false;
Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_ip.c
===================================================================
--- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_hash_ip.c
+++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_ip.c
@@ -241,7 +241,7 @@ hash_ip6_data_isnull(const struct hash_i
static inline void
hash_ip6_data_copy(struct hash_ip6_elem *dst, const struct hash_ip6_elem *src)
{
- ipv6_addr_copy(&dst->ip.in6, &src->ip.in6);
+ dst->ip.in6 = src->ip.in6;
}
static inline void
Index: ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_net.c
===================================================================
--- ipset-6.11.orig/kernel/net/netfilter/ipset/ip_set_hash_net.c
+++ ipset-6.11/kernel/net/netfilter/ipset/ip_set_hash_net.c
@@ -295,7 +295,7 @@ static inline void
hash_net6_data_copy(struct hash_net6_elem *dst,
const struct hash_net6_elem *src)
{
- ipv6_addr_copy(&dst->ip.in6, &src->ip.in6);
+ dst->ip.in6 = src->ip.in6;
dst->cidr = src->cidr;
dst->nomatch = src->nomatch;
}

41
linux-export.h.diff
View File

@ -1,41 +0,0 @@
parent fe8800c8ad505196d4cde9fca21d868751760c9f (v6.11)
commit 94daadfc825c504dcb9bd510b895c6c673229b60
Author: Henry Culver <henry@culcon.com>
Date: Fri Jan 20 13:40:55 2012 +0100
Fix the inclusion of linux/export.h
The tests for inclusion of linux/export.h in
ipset-6.11:kernel/net/netfilter/ipset/{ip_set_getport.c,pfxlen.c} are
incorrect, linux/export.h did not go in until 3.2.0.
---
kernel/net/netfilter/ipset/ip_set_getport.c | 2 +-
kernel/net/netfilter/ipset/pfxlen.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c
index 0f77a53..a66c67b 100644
--- a/kernel/net/netfilter/ipset/ip_set_getport.c
+++ b/kernel/net/netfilter/ipset/ip_set_getport.c
@@ -8,7 +8,7 @@
/* Get Layer-4 data from the packets */
#include <linux/version.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0)
#include <linux/export.h>
#endif
#include <linux/ip.h>
diff --git a/kernel/net/netfilter/ipset/pfxlen.c b/kernel/net/netfilter/ipset/pfxlen.c
index c5191c7..56ca480 100644
--- a/kernel/net/netfilter/ipset/pfxlen.c
+++ b/kernel/net/netfilter/ipset/pfxlen.c
@@ -1,5 +1,5 @@
#include <linux/version.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,0)
#include <linux/export.h>
#endif
#include <linux/netfilter/ipset/pfxlen.h>
--
# Created with git-export-patch

16
no-static.diff
View File

@ -1,16 +0,0 @@
---
src/Makefile.am | 1 -
1 file changed, 1 deletion(-)
Index: ipset-6.11/src/Makefile.am
===================================================================
--- ipset-6.11.orig/src/Makefile.am
+++ ipset-6.11/src/Makefile.am
@@ -3,7 +3,6 @@ include $(top_srcdir)/Make_global.am
sbin_PROGRAMS = ipset
ipset_SOURCES = ipset.c ui.c
ipset_LDADD = ../lib/libipset.la
-AM_LDFLAGS = -static
dist_man_MANS = ipset.8