Accepting request 134111 from security:netfilter

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/134111 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ipset?expand=0&rev=5
2012-09-14 10:28:05 +00:00 · 2012-09-14 10:28:05 +00:00 · f2af598809
commit f2af598809
parent 04e2cb51c8 802df4199e
5 changed files with 73 additions and 14 deletions
--- a/ipset-6.12.tar.xz
+++ b/ipset-6.12.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:35ffccf3f9462272960ac538b92d7e3d2f776315ceceaff1244a1bda6192145e
-size 361684
--- a/ipset-6.13.tar.xz
+++ b/ipset-6.13.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:043ba8a076e8af0e4cdf770af71baa4bb854e6c14c98500eb4c3293b8ccf73c2
+size 360620
--- a/ipset.changes
+++ b/ipset.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Sat Jun 30 18:33:33 UTC 2012 - jengelh@inai.de
+
+- Update to new upstream release 6.13
+* more restrictive command-line parser
+* documentation updates w.r.t. src/dst for hash:net,iface
+* allow saving to/restoring from a file without shell redirection
+* kernel: hash:net,iface: fix interface comparison
+* timeout fixing bug broke SET target special timeout value, fixed
+
 -------------------------------------------------------------------
 Thu May 10 11:07:52 UTC 2012 - jengelh@inai.de

--- a/ipset.spec
+++ b/ipset.spec
@ -17,8 +17,8 @@


 Name:           ipset
-%define lname	libipset2
-Version:        6.12
+%define lname	libipset3
+Version:        6.13
 Release:        0
 Summary:        Netfilter ipset administration utility
 License:        GPL-2.0
@ -29,21 +29,38 @@ Url:            http://ipset.netfilter.org/
 #Git-Web:	http://git.netfilter.org/
 Source:         %name-%version.tar.xz
 Source3:        %name-preamble
+Patch1:         sles11.diff

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  autoconf
-BuildRequires:  automake
-BuildRequires:  libtool
 BuildRequires:  pkgconfig >= 0.21
 BuildRequires:  xz
+%if 0%{?suse_version} >= 1140 || 0%{?fedora_version}
 BuildRequires:  pkgconfig(libmnl) >= 1
+%else
+BuildRequires:  libmnl-devel >= 1
+%endif
+%if 0%{?suse_version} >= 1140
+BuildRequires:  linux-glibc-devel >= 2.6.24
+%endif
+%if 0%{?suse_version} && 0%{?suse_version} <= 1110
+BuildRequires:  linux-kernel-headers >= 2.6.24
+%endif
+%if 0%{?redhat_version} || 0%{?centos_version} || 0%{?fedora_version}
+BuildRequires:  kernel-headers >= 2.6.24
+%endif
 %if 0%{?suse_version}
+# Make quilt happy
+%if 0%{?kernel_module_package_buildreqs:1}
+%define with_kmp 1
 BuildRequires:  %kernel_module_package_buildreqs
+%endif
 BuildRequires:  kernel-syms >= 2.6.39
 Recommends:     %name-kmp
 %endif

+%if 0%{?with_kmp:1}
 %kernel_module_package -p %name-preamble
+%endif

 %description
 IP sets are a framework inside the Linux kernel, which can be
@ -97,32 +114,43 @@ addresses with MAC addresses in a way, which ensures lightning speed
 when matching an entry against a set.

 %prep
+%if 0%{?__xz:1}
 %setup -q
+%else
+tar --use=xz -xf "%{S:0}";
+%setup -DTq
+%endif
+%patch -P 1 -p1

 %build
-#if [ ! -e configure ]; then
-#	./autogen.sh;
-#fi;
+%if 0%{?with_kmp}
 for flavor in %flavors_to_build; do
 	cp -a . "../%name-$flavor-%version";
 	pushd "../%name-$flavor-%version/";
 	# ksource: it just checks for a header
 	%configure --disable-static \
 		--with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" \
-		--with-ksource="/usr/src/linux" \
-		--enable-dependency-tracking;
+		--with-ksource="/usr/src/linux";
 	make %{?_smp_mflags} all modules;
 	popd;
 done;
+%else
+%configure --disable-static --with-kmod=no
+make %{?_smp_mflags};
+%endif

 %install
 b="%buildroot";
+%if 0%{?with_kmp}
 for flavor in %flavors_to_build; do
 	pushd "../%name-$flavor-%version/";
 	make %{?_smp_mflags} install modules_install \
 		DESTDIR="$b" INSTALL_MOD_PATH="$b";
 	popd;
 done;
+%else
+make %{?_smp_mflags} install DESTDIR="$b";
+%endif
 find "$b/%_libdir" -type f -name "*.la" -delete;

 %post -n %lname -p /sbin/ldconfig
@ -136,7 +164,7 @@ find "$b/%_libdir" -type f -name "*.la" -delete;

 %files -n %lname
 %defattr(-,root,root)
-%_libdir/libipset.so.2*
+%_libdir/libipset.so.3*

 %files devel
 %defattr(-,root,root)
--- a/sles11.diff
+++ b/sles11.diff
@ -0,0 +1,21 @@
+
+The evil overloads backported the 5-argument form,
+causing the version check to be meaningless.
+
+---
+ kernel/net/netfilter/ipset/ip_set_core.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: ipset-6.13/kernel/net/netfilter/ipset/ip_set_core.c
+===================================================================
+--- ipset-6.13.orig/kernel/net/netfilter/ipset/ip_set_core.c
+++ ipset-6.13/kernel/net/netfilter/ipset/ip_set_core.c
+@@ -1180,7 +1180,7 @@ ip_set_dump(struct sock *ctnl, struct sk
+ 	if (unlikely(protocol_failed(attr)))
+ 		return -IPSET_ERR_PROTOCOL;
+ 
+-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0)
+#if 0
+ 	return netlink_dump_start(ctnl, skb, nlh,
+ 				  ip_set_dump_start,
+ 				  ip_set_dump_done);