From eba35b07eaec21c8d589e22241590dd31c6f15c9146fb10aecd2f827c59e931a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 13 Mar 2016 11:49:43 +0000 Subject: [PATCH] - Update to new upstream release 6.28 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=51 --- ipset-6.27.tar.bz2 | 3 -- ipset-6.28.tar.bz2 | 3 ++ ipset-pkgc.diff | 31 +++++++++++++++ ipset-preamble | 3 ++ ipset.changes | 10 +++++ ipset.spec | 96 ++++++++++++++++++++++++++++++++++------------ 6 files changed, 119 insertions(+), 27 deletions(-) delete mode 100644 ipset-6.27.tar.bz2 create mode 100644 ipset-6.28.tar.bz2 create mode 100644 ipset-pkgc.diff create mode 100644 ipset-preamble diff --git a/ipset-6.27.tar.bz2 b/ipset-6.27.tar.bz2 deleted file mode 100644 index 240ea4d..0000000 --- a/ipset-6.27.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:724897a80395534466142c3542184e5a480a5046140ca2a7d9097690b931b235 -size 532887 diff --git a/ipset-6.28.tar.bz2 b/ipset-6.28.tar.bz2 new file mode 100644 index 0000000..0ac4bef --- /dev/null +++ b/ipset-6.28.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd4239590b3f8dec31f9b4e8fdc7bc2d35f17ebd75fe448282d230b00e996b2e +size 542058 diff --git a/ipset-pkgc.diff b/ipset-pkgc.diff new file mode 100644 index 0000000..70d09f8 --- /dev/null +++ b/ipset-pkgc.diff @@ -0,0 +1,31 @@ +--- + Makefile.am | 2 +- + configure.ac | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +Index: ipset-6.28/Makefile.am +=================================================================== +--- ipset-6.28.orig/Makefile.am ++++ ipset-6.28/Makefile.am +@@ -71,7 +71,7 @@ modules_install: + if WITH_KMOD + ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel/net \ + KDIR=$$PWD/kernel modules_install +- @modinfo ip_set_hash_ip | ${GREP} /extra/ >/dev/null || echo "$$DEPMOD_WARNING" ++ ${AM_V_at}modinfo -b ${DESTDIR} ip_set_hash_ip | ${GREP} /extra/ >/dev/null || echo "$$DEPMOD_WARNING" + @lsmod | ${GREP} '^ip_set' >/dev/null && echo "$$MODULE_WARNING" + else + @echo Skipping kernel modules due to --with-kmod=no +Index: ipset-6.28/configure.ac +=================================================================== +--- ipset-6.28.orig/configure.ac ++++ ipset-6.28/configure.ac +@@ -12,6 +12,8 @@ LT_INIT([dlopen]) + LT_CONFIG_LTDL_DIR([libltdl]) + LTDL_INIT([nonrecursive]) + ++PKG_PROG_PKG_CONFIG ++ + dnl Shortcut: Linux supported alone + case "$host" in + *-*-linux* | *-*-uclinux*) ;; diff --git a/ipset-preamble b/ipset-preamble new file mode 100644 index 0000000..0be4ca1 --- /dev/null +++ b/ipset-preamble @@ -0,0 +1,3 @@ +Enhances: kernel-%1 +Requires: kernel-%1 +Supplements: packageand(kernel-%1:ipset) diff --git a/ipset.changes b/ipset.changes index fff515d..2236102 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Mar 12 21:40:08 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 6.28 +* Test added to check 0.0.0.0/0,iface to be matched in + hash:net,iface type +* Check IPSET_ATTR_ETHER netlink attribute length +* Fix set:list type crash when flush/dump set in parallel +* Allow a 0 netmask with hash_netiface type + ------------------------------------------------------------------- Mon Jan 18 15:42:54 UTC 2016 - kstreitova@suse.com diff --git a/ipset.spec b/ipset.spec index fb451e4..44fbb98 100644 --- a/ipset.spec +++ b/ipset.spec @@ -16,9 +16,9 @@ # -%define lname libipset3 Name: ipset -Version: 6.27 +%define lname libipset3 +Version: 6.28 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 @@ -26,14 +26,24 @@ Group: Productivity/Networking/Security Url: http://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ -Source: ftp://ftp.netfilter.org/pub/ipset/%{name}-%{version}.tar.bz2 +Source: ftp://ftp.netfilter.org/pub/ipset/%name-%version.tar.bz2 +Source3: %name-preamble +Patch1: ipset-pkgc.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: linux-glibc-devel >= 2.6.24 -BuildRequires: pkgconfig >= 0.21 +BuildRequires: pkg-config >= 0.21 BuildRequires: pkgconfig(libmnl) >= 1 -BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?ipset_build_kmp} +BuildRequires: %kernel_module_package_buildreqs +%if 0%{?suse_version} >= 1320 +BuildRequires: kmod-compat +%endif +BuildRequires: kernel-syms >= 2.6.39 +%kernel_module_package -p %name-preamble +%endif %description IP sets are a framework inside the Linux kernel, which can be @@ -50,11 +60,24 @@ ipset can: * express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets -%package -n %{lname} +%package KMP +Summary: Netfilter ipset kernel modules +Group: System/Kernel + +%description KMP +IP sets are a framework inside the Linux kernel, which can be +administered by the ipset utility. Depending on the type, currently +an IP set may store IP addresses, (TCP/UDP) port numbers or IP +addresses with MAC addresses in a way, which ensures lightning speed +when matching an entry against a set. + +This package contains a version update to the in-kernel ipset modules. + +%package -n %lname Summary: Userspace library for the in-kernel Netfilter ipset interface Group: System/Libraries -%description -n %{lname} +%description -n %lname IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP @@ -64,7 +87,7 @@ when matching an entry against a set. %package devel Summary: Development files for ipset extensions Group: Development/Libraries/C and C++ -Requires: %{lname} = %{version} +Requires: %lname = %version %description devel IP sets are a framework inside the Linux kernel, which can be @@ -75,34 +98,59 @@ when matching an entry against a set. %prep %setup -q +%patch -P 1 -p1 %build -%configure --disable-static \ - --with-kmod=no \ - --includedir="%{_includedir}/pkg/%{name}" -make %{?_smp_mflags}; +# build wants to call modinfo at some point +export PATH="$PATH:/usr/sbin" +autoreconf -fi +%if 0%{?ipset_build_kmp} +for flavor in %flavors_to_build; do + cp -a . "../%name-$flavor-%version" + pushd "../%name-$flavor-%version/" + # ksource: it just checks for a header + %configure --disable-static \ + --with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" \ + --with-ksource="/usr/src/linux" \ + --includedir="%_includedir/%name" + make %{?_smp_mflags} all modules + popd +done +%endif +%configure --disable-static --with-kmod=no \ + --includedir="%_includedir/%name" +make %{?_smp_mflags} %install -make %{?_smp_mflags} install DESTDIR="%{buildroot}"; -find %{buildroot} -type f -name "*.la" -delete -print +export PATH="$PATH:/usr/sbin" +b="%buildroot" +%if 0%{?ipset_build_kmp} +for flavor in %flavors_to_build; do + pushd "../%name-$flavor-%version/" + make %{?_smp_mflags} install modules_install \ + DESTDIR="$b" INSTALL_MOD_PATH="$b" V=1 + popd; +done; +%endif +make %{?_smp_mflags} install DESTDIR="$b" +find "$b/%_libdir" -type f -name "*.la" -delete -%post -n %{lname} -p /sbin/ldconfig - -%postun -n %{lname} -p /sbin/ldconfig +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig %files %defattr(-,root,root) -%{_sbindir}/ipset -%{_mandir}/man*/* +%_sbindir/ipset +%_mandir/man*/* -%files -n %{lname} +%files -n %lname %defattr(-,root,root) -%{_libdir}/libipset.so.3* +%_libdir/libipset.so.3* %files devel %defattr(-,root,root) -%{_libdir}/libipset.so -%{_libdir}/pkgconfig/libipset.pc -%{_includedir}/pkg/ +%_libdir/libipset.so +%_libdir/pkgconfig/libipset.pc +%_includedir/%name/ %changelog