From 086b5d2ffd5c5803de5eca4613063122acbe462898f3955373fe139a888c67aa Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 19 Nov 2012 16:23:06 +0000 Subject: [PATCH 1/2] ipset-6.15 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=16 --- ipset-6.14.tar.xz | 3 --- ipset-6.15.tar.xz | 3 +++ ipset.changes | 11 +++++++++++ ipset.spec | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) delete mode 100644 ipset-6.14.tar.xz create mode 100644 ipset-6.15.tar.xz diff --git a/ipset-6.14.tar.xz b/ipset-6.14.tar.xz deleted file mode 100644 index 7898147..0000000 --- a/ipset-6.14.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:49caca75ed8457f01c2cd97d9e986b1b0614140c0c56737ecba9cbd19b033cf0 -size 361600 diff --git a/ipset-6.15.tar.xz b/ipset-6.15.tar.xz new file mode 100644 index 0000000..f2dac1e --- /dev/null +++ b/ipset-6.15.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:db81dc79d0d8de4cde27191973ff7718534c69b19f3a6c651f59a54b514cc29d +size 362840 diff --git a/ipset.changes b/ipset.changes index 29072d2..0d68655 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Nov 19 16:20:13 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 6.15 +* Userspace changes: +* Use gethostbyname2 instead of getaddrinfo +* Support protocol numbers as well, not only protocol names +* Kernel part changes: +* Increase the number of maximal sets automatically as needed +* Fix range bug in hash:ip,port,net + ------------------------------------------------------------------- Sat Sep 22 14:20:06 UTC 2012 - jengelh@inai.de diff --git a/ipset.spec b/ipset.spec index 39a79ad..125164b 100644 --- a/ipset.spec +++ b/ipset.spec @@ -18,7 +18,7 @@ Name: ipset %define lname libipset3 -Version: 6.14 +Version: 6.15 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 From 25a80326cc64e356e779b3d3e6e5f6291a98fd9e9a14caf8785713856995c856 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 21 Nov 2012 22:58:21 +0000 Subject: [PATCH 2/2] ipset-6.15+ OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=17 --- 0001-build-Linux-3.7-netlink-fun.patch | 106 ++++++++++++++++++++ 0001-build-support-for-Linux-3.7-UAPI.patch | 29 ++++++ ipset.changes | 2 + ipset.spec | 15 ++- 4 files changed, 150 insertions(+), 2 deletions(-) create mode 100644 0001-build-Linux-3.7-netlink-fun.patch create mode 100644 0001-build-support-for-Linux-3.7-UAPI.patch diff --git a/0001-build-Linux-3.7-netlink-fun.patch b/0001-build-Linux-3.7-netlink-fun.patch new file mode 100644 index 0000000..2abb810 --- /dev/null +++ b/0001-build-Linux-3.7-netlink-fun.patch @@ -0,0 +1,106 @@ +From fbd99092352fb0fac406da55b2ca08ba414823d0 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Wed, 21 Nov 2012 23:47:16 +0100 +Subject: [PATCH] build: Linux 3.7 netlink fun + +--- + kernel/net/netfilter/ipset/ip_set_core.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c +index 01af069..1a1f29c 100644 +--- a/kernel/net/netfilter/ipset/ip_set_core.c ++++ b/kernel/net/netfilter/ipset/ip_set_core.c +@@ -1105,7 +1105,7 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb) + ip_set_id_t index = IPSET_INVALID_ID, max; + struct ip_set *set = NULL; + struct nlmsghdr *nlh = NULL; +- unsigned int flags = NETLINK_CB(cb->skb).pid ? NLM_F_MULTI : 0; ++ unsigned int flags = NETLINK_CB(cb->skb).portid ? NLM_F_MULTI : 0; + u32 dump_type, dump_flags; + int ret = 0; + +@@ -1153,7 +1153,7 @@ dump_last: + pr_debug("reference set\n"); + __ip_set_get(index); + } +- nlh = start_msg(skb, NETLINK_CB(cb->skb).pid, ++ nlh = start_msg(skb, NETLINK_CB(cb->skb).portid, + cb->nlh->nlmsg_seq, flags, + IPSET_CMD_LIST); + if (!nlh) { +@@ -1296,7 +1296,7 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, + skb2 = nlmsg_new(payload, GFP_KERNEL); + if (skb2 == NULL) + return -ENOMEM; +- rep = __nlmsg_put(skb2, NETLINK_CB(skb).pid, ++ rep = __nlmsg_put(skb2, NETLINK_CB(skb).portid, + nlh->nlmsg_seq, NLMSG_ERROR, payload, 0); + errmsg = nlmsg_data(rep); + errmsg->error = ret; +@@ -1311,7 +1311,7 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, + + *errline = lineno; + +- netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); ++ netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT); + /* Signal netlink not to send its ACK/errmsg. */ + return -EINTR; + } +@@ -1486,7 +1486,7 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb, + if (skb2 == NULL) + return -ENOMEM; + +- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, ++ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0, + IPSET_CMD_HEADER); + if (!nlh2) + goto nlmsg_failure; +@@ -1498,7 +1498,7 @@ ip_set_header(struct sock *ctnl, struct sk_buff *skb, + goto nla_put_failure; + nlmsg_end(skb2, nlh2); + +- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); ++ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT); + if (ret < 0) + return ret; + +@@ -1546,7 +1546,7 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb, + if (skb2 == NULL) + return -ENOMEM; + +- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, ++ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0, + IPSET_CMD_TYPE); + if (!nlh2) + goto nlmsg_failure; +@@ -1559,7 +1559,7 @@ ip_set_type(struct sock *ctnl, struct sk_buff *skb, + nlmsg_end(skb2, nlh2); + + pr_debug("Send TYPE, nlmsg_len: %u\n", nlh2->nlmsg_len); +- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); ++ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT); + if (ret < 0) + return ret; + +@@ -1595,7 +1595,7 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, + if (skb2 == NULL) + return -ENOMEM; + +- nlh2 = start_msg(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 0, ++ nlh2 = start_msg(skb2, NETLINK_CB(skb).portid, nlh->nlmsg_seq, 0, + IPSET_CMD_PROTOCOL); + if (!nlh2) + goto nlmsg_failure; +@@ -1603,7 +1603,7 @@ ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, + goto nla_put_failure; + nlmsg_end(skb2, nlh2); + +- ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT); ++ ret = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).portid, MSG_DONTWAIT); + if (ret < 0) + return ret; + +-- +1.7.10.4 + diff --git a/0001-build-support-for-Linux-3.7-UAPI.patch b/0001-build-support-for-Linux-3.7-UAPI.patch new file mode 100644 index 0000000..6c54b8c --- /dev/null +++ b/0001-build-support-for-Linux-3.7-UAPI.patch @@ -0,0 +1,29 @@ +From a6addc5519c0de9bb939317086ca5b6b0df9039f Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Wed, 21 Nov 2012 23:39:37 +0100 +Subject: [PATCH] build: support for Linux 3.7 UAPI + +In Linux 3.7, nfnetlink.h moved below include/uapi/. Make configure +recognize that. Furthermore, we can drop the unnecessary indirection +via backticks and just ask grep directly if there was any result. +--- + configure.ac | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 7a6aa33..dea392d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -68,7 +68,8 @@ fi + + AC_PROG_GREP + +-if test "X`$GREP 'NFNL_SUBSYS_IPSET' $ksourcedir/include/linux/netfilter/nfnetlink.h`" = "X" ++if ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/linux/netfilter/nfnetlink.h" && \ ++ ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/uapi/linux/netfilter/nfnetlink.h"; + then + AC_MSG_ERROR([The kernel source directory $ksourcedir is not patched with netlink.patch to support ipset]) + fi +-- +1.7.10.4 + diff --git a/ipset.changes b/ipset.changes index 0d68655..89e6e71 100644 --- a/ipset.changes +++ b/ipset.changes @@ -8,6 +8,8 @@ Mon Nov 19 16:20:13 UTC 2012 - jengelh@inai.de * Kernel part changes: * Increase the number of maximal sets automatically as needed * Fix range bug in hash:ip,port,net +- Add 0001-build-support-for-Linux-3.7-UAPI.patch +- Add 0001-build-Linux-3.7-netlink-fun.patch ------------------------------------------------------------------- Sat Sep 22 14:20:06 UTC 2012 - jengelh@inai.de diff --git a/ipset.spec b/ipset.spec index 125164b..6196be2 100644 --- a/ipset.spec +++ b/ipset.spec @@ -31,8 +31,13 @@ Url: http://ipset.netfilter.org/ Source: %name-%version.tar.xz Source3: %name-preamble Patch1: sles11.diff +Patch2: 0001-build-support-for-Linux-3.7-UAPI.patch +Patch3: 0001-build-Linux-3.7-netlink-fun.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: autoconf +BuildRequires: automake >= 1.11 +BuildRequires: libtool >= 2 BuildRequires: pkgconfig >= 0.21 BuildRequires: xz %if 0%{?suse_version} >= 1140 || 0%{?fedora_version} @@ -47,7 +52,7 @@ BuildRequires: linux-glibc-devel >= 2.6.24 BuildRequires: linux-kernel-headers >= 2.6.24 %endif %if 0%{?redhat_version} || 0%{?centos_version} || 0%{?fedora_version} -#BuildRequires: kernel-headers >= 2.6.24 +BuildRequires: kernel-headers >= 2.6.24 %endif %if 0%{?suse_version} # Make quilt happy @@ -121,9 +126,15 @@ when matching an entry against a set. tar --use=xz -xf "%{S:0}"; %setup -DTq %endif -%patch -P 1 -p1 +%patch -P 1 -P 2 -p1 +%if "%_repository" == "Kernel_HEAD" +%patch -P 3 -p1 +%endif %build +# patch2: force reconf +autoreconf -fi; + %if 0%{?with_kmp} for flavor in %flavors_to_build; do cp -a . "../%name-$flavor-%version";