From 0a6f4fb1f287c6be6fbb5c5a0cda054a4f3fab33e45559c420fa5f36f66168b9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 4 Aug 2021 10:03:51 +0000 Subject: [PATCH 1/3] Accepting request 910102 from home:polslinux:branches:security:netfilter - Update to release 7.15 * netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() OBS-URL: https://build.opensuse.org/request/show/910102 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=102 --- ipset-7.14.tar.bz2 | 3 --- ipset-7.15.tar.bz2 | 3 +++ ipset.changes | 7 +++++ ipset.spec | 65 +++++++++++++++++++++++----------------------- 4 files changed, 42 insertions(+), 36 deletions(-) delete mode 100644 ipset-7.14.tar.bz2 create mode 100644 ipset-7.15.tar.bz2 diff --git a/ipset-7.14.tar.bz2 b/ipset-7.14.tar.bz2 deleted file mode 100644 index 8bc9235..0000000 --- a/ipset-7.14.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:27031c36d355907031cce41e65553e99bb013d762fcd55392f63d7e84760f900 -size 680219 diff --git a/ipset-7.15.tar.bz2 b/ipset-7.15.tar.bz2 new file mode 100644 index 0000000..eb27a25 --- /dev/null +++ b/ipset-7.15.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0a5545aaadb640142c1f888d366a78ddf8724799967fa20686a70053bd621751 +size 680383 diff --git a/ipset.changes b/ipset.changes index e8549f9..39d8f7f 100644 --- a/ipset.changes +++ b/ipset.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Aug 4 09:37:44 UTC 2021 - Paolo Stivanin + +- Update to release 7.15 + * netfilter: ipset: Fix maximal range check in + hash_ipportnet4_uadt() + ------------------------------------------------------------------- Wed Jul 28 14:54:37 UTC 2021 - Jan Engelhardt diff --git a/ipset.spec b/ipset.spec index 3802ada..4bad0a1 100644 --- a/ipset.spec +++ b/ipset.spec @@ -25,29 +25,28 @@ %define ipset_build_kmp 0 %endif Name: ipset -Version: 7.14 +Version: 7.15 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0-only Group: Productivity/Networking/Security -URL: http://ipset.netfilter.org/ - +URL: https://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ -Source: http://ipset.netfilter.org/%name-%version.tar.bz2 -Source3: %name-preamble +Source: http://ipset.netfilter.org/%{name}-%{version}.tar.bz2 +Source3: %{name}-preamble Patch1: ipset-destdir.diff BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: linux-glibc-devel >= 2.6.24 -BuildRequires: pkg-config >= 0.21 +BuildRequires: pkgconfig >= 0.21 BuildRequires: pkgconfig(libmnl) >= 1 %if 0%{?ipset_build_kmp} -BuildRequires: %kernel_module_package_buildreqs +BuildRequires: %{kernel_module_package_buildreqs} BuildRequires: kernel-devel >= 2.6.39 -%kernel_module_package -p %name-preamble BuildRequires: kmod-compat +%kernel_module_package -p %{name}-preamble %endif %description @@ -78,11 +77,11 @@ when matching an entry against a set. This package contains a version update to the in-kernel ipset modules. -%package -n %lname +%package -n %{lname} Summary: Userspace library for the in-kernel Netfilter ipset interface Group: System/Libraries -%description -n %lname +%description -n %{lname} IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP @@ -92,7 +91,7 @@ when matching an entry against a set. %package devel Summary: Development files for ipset extensions Group: Development/Libraries/C and C++ -Requires: %lname = %version +Requires: %{lname} = %{version} %description devel IP sets are a framework inside the Linux kernel, which can be @@ -109,49 +108,49 @@ when matching an entry against a set. export PATH="$PATH:%_sbindir" autoreconf -fi %if 0%{?ipset_build_kmp} -for flavor in %flavors_to_build; do - cp -a . "../%name-$flavor-%version" - pushd "../%name-$flavor-%version/" +for flavor in %{flavors_to_build}; do + cp -a . "../%{name}-$flavor-%{version}" + pushd "../%{name}-$flavor-%{version}/" # ksource: it just checks for a header %configure --disable-static \ - --with-kbuild="%_prefix/src/linux-obj/%_target_cpu/$flavor" \ - --with-ksource="%_prefix/src/linux" \ - --includedir="%_includedir/%name" - make %{?_smp_mflags} all modules + --with-kbuild="%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor" \ + --with-ksource="%{_prefix}/src/linux" \ + --includedir="%{_includedir}/%{name}" + %make_build all modules popd done %endif %configure --disable-static --with-kmod=no \ - --includedir="%_includedir/%name" -make %{?_smp_mflags} V=1 + --includedir="%{_includedir}/%{name}" +%make_build %install export PATH="$PATH:%_sbindir" -b="%buildroot" +b=%{buildroot} %if 0%{?ipset_build_kmp} -for flavor in %flavors_to_build; do - pushd "../%name-$flavor-%version/" +for flavor in %{flavors_to_build}; do + pushd "../%{name}-$flavor-%{version}/" make %{?_smp_mflags} install modules_install \ DESTDIR="$b" INSTALL_MOD_PATH="$b" V=1 popd done %endif %make_install -find "$b/%_libdir/" -type f -name "*.la" -delete -print +find %{buildroot} -type f -name "*.la" -delete -print -%post -n %lname -p /sbin/ldconfig -%postun -n %lname -p /sbin/ldconfig +%post -n %{lname} -p /sbin/ldconfig +%postun -n %{lname} -p /sbin/ldconfig %files -%_sbindir/ipset* -%_mandir/man*/* +%{_sbindir}/ipset* +%{_mandir}/man*/* -%files -n %lname -%_libdir/libipset.so.13* +%files -n %{lname} +%{_libdir}/libipset.so.13* %files devel -%_libdir/libipset.so -%_libdir/pkgconfig/libipset.pc -%_includedir/%name/ +%{_libdir}/libipset.so +%{_libdir}/pkgconfig/libipset.pc +%{_includedir}/%{name}/ %changelog From d5e8609187fb65dee92bfa6dbc3b0d01b3ae23de9d364a65e48927c6cf3329ce Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 4 Aug 2021 10:04:47 +0000 Subject: [PATCH 2/3] revert all the pointless style changes OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=103 --- ipset.spec | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/ipset.spec b/ipset.spec index 4bad0a1..a6cc0bf 100644 --- a/ipset.spec +++ b/ipset.spec @@ -33,20 +33,20 @@ Group: Productivity/Networking/Security URL: https://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ -Source: http://ipset.netfilter.org/%{name}-%{version}.tar.bz2 -Source3: %{name}-preamble +Source: http://ipset.netfilter.org/%name-%version.tar.bz2 +Source3: %name-preamble Patch1: ipset-destdir.diff BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: linux-glibc-devel >= 2.6.24 -BuildRequires: pkgconfig >= 0.21 +BuildRequires: pkg-config >= 0.21 BuildRequires: pkgconfig(libmnl) >= 1 %if 0%{?ipset_build_kmp} -BuildRequires: %{kernel_module_package_buildreqs} +BuildRequires: %kernel_module_package_buildreqs BuildRequires: kernel-devel >= 2.6.39 BuildRequires: kmod-compat -%kernel_module_package -p %{name}-preamble +%kernel_module_package -p %name-preamble %endif %description @@ -77,11 +77,11 @@ when matching an entry against a set. This package contains a version update to the in-kernel ipset modules. -%package -n %{lname} +%package -n %lname Summary: Userspace library for the in-kernel Netfilter ipset interface Group: System/Libraries -%description -n %{lname} +%description -n %lname IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP @@ -91,7 +91,7 @@ when matching an entry against a set. %package devel Summary: Development files for ipset extensions Group: Development/Libraries/C and C++ -Requires: %{lname} = %{version} +Requires: %lname = %version %description devel IP sets are a framework inside the Linux kernel, which can be @@ -108,49 +108,49 @@ when matching an entry against a set. export PATH="$PATH:%_sbindir" autoreconf -fi %if 0%{?ipset_build_kmp} -for flavor in %{flavors_to_build}; do - cp -a . "../%{name}-$flavor-%{version}" - pushd "../%{name}-$flavor-%{version}/" +for flavor in %flavors_to_build; do + cp -a . "../%name-$flavor-%version" + pushd "../%name-$flavor-%version/" # ksource: it just checks for a header %configure --disable-static \ - --with-kbuild="%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor" \ - --with-ksource="%{_prefix}/src/linux" \ - --includedir="%{_includedir}/%{name}" + --with-kbuild="%_prefix/src/linux-obj/%_target_cpu/$flavor" \ + --with-ksource="%_prefix/src/linux" \ + --includedir="%_includedir/%name" %make_build all modules popd done %endif %configure --disable-static --with-kmod=no \ - --includedir="%{_includedir}/%{name}" + --includedir="%_includedir/%name" %make_build %install export PATH="$PATH:%_sbindir" -b=%{buildroot} +b="%buildroot" %if 0%{?ipset_build_kmp} -for flavor in %{flavors_to_build}; do - pushd "../%{name}-$flavor-%{version}/" +for flavor in %flavors_to_build; do + pushd "../%name-$flavor-%version/" make %{?_smp_mflags} install modules_install \ DESTDIR="$b" INSTALL_MOD_PATH="$b" V=1 popd done %endif %make_install -find %{buildroot} -type f -name "*.la" -delete -print +find %buildroot -type f -name "*.la" -delete -print -%post -n %{lname} -p /sbin/ldconfig -%postun -n %{lname} -p /sbin/ldconfig +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig %files -%{_sbindir}/ipset* -%{_mandir}/man*/* +%_sbindir/ipset* +%_mandir/man*/* -%files -n %{lname} -%{_libdir}/libipset.so.13* +%files -n %lname +%_libdir/libipset.so.13* %files devel -%{_libdir}/libipset.so -%{_libdir}/pkgconfig/libipset.pc -%{_includedir}/%{name}/ +%_libdir/libipset.so +%_libdir/pkgconfig/libipset.pc +%_includedir/%name/ %changelog From 000f80ed67a8c3ae5beaf631072a5e5222e51da9fb59f93d5dcfec44ff04369c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 4 Aug 2021 10:05:26 +0000 Subject: [PATCH 3/3] This was here for a reason. .la files ought to be only removed for standard-search dirs. OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ipset?expand=0&rev=104 --- ipset.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipset.spec b/ipset.spec index a6cc0bf..1f2c190 100644 --- a/ipset.spec +++ b/ipset.spec @@ -136,7 +136,7 @@ for flavor in %flavors_to_build; do done %endif %make_install -find %buildroot -type f -name "*.la" -delete -print +find "$b/%_libdir" -type f -name "*.la" -delete -print %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig