rpms/iptables/F-8 iptables-1.4.1-cloexec.patch, NONE, 1.1 iptables-1.4.1-nf_ext_init.patch, NONE, 1.1 iptables.init, 1.20, 1.21 iptables.spec, 1.58, 1.59 sources, 1.20, 1.21 iptables-1.3.8-cloexec.patch, 1.1, NONE iptables-1.3.8-headers.patch, 1.1, NONE iptables-1.3.8-iptc.patch, 1.1, NONE iptables-1.3.8-limit_man.patch, 1.1, NONE iptables-1.3.8-reject_type.patch, 1.1, NONE

Thomas Woerner (twoerner) fedora-extras-commits at redhat.com
Tue Jul 1 14:39:33 UTC 2008 

Author: twoerner

Update of /cvs/pkgs/rpms/iptables/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4851

Modified Files:
	iptables.init iptables.spec sources 
Added Files:
	iptables-1.4.1-cloexec.patch iptables-1.4.1-nf_ext_init.patch 
Removed Files:
	iptables-1.3.8-cloexec.patch iptables-1.3.8-headers.patch 
	iptables-1.3.8-iptc.patch iptables-1.3.8-limit_man.patch 
	iptables-1.3.8-reject_type.patch 
Log Message:
- using new 1.4.1.1 package from devel


iptables-1.4.1-cloexec.patch:

--- NEW FILE iptables-1.4.1-cloexec.patch ---
diff -up iptables-1.4.1-rc2/ip6tables-restore.c.cloexec iptables-1.4.1-rc2/ip6tables-restore.c
--- iptables-1.4.1-rc2/ip6tables-restore.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/ip6tables-restore.c	2008-06-05 13:55:09.000000000 +0200
@@ -172,7 +172,7 @@ int main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.1-rc2/ip6tables-save.c.cloexec iptables-1.4.1-rc2/ip6tables-save.c
--- iptables-1.4.1-rc2/ip6tables-save.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/ip6tables-save.c	2008-06-05 13:55:09.000000000 +0200
@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co
 	FILE *procfile = NULL;
 	char tablename[IP6T_TABLE_MAXNAMELEN+1];
 
-	procfile = fopen("/proc/net/ip6_tables_names", "r");
+	procfile = fopen("/proc/net/ip6_tables_names", "re");
 	if (!procfile)
 		exit_error(OTHER_PROBLEM,
 			   "Unable to open /proc/net/ip6_tables_names: %s\n",
diff -up iptables-1.4.1-rc2/iptables-restore.c.cloexec iptables-1.4.1-rc2/iptables-restore.c
--- iptables-1.4.1-rc2/iptables-restore.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-restore.c	2008-06-05 13:55:09.000000000 +0200
@@ -176,7 +176,7 @@ main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.1-rc2/iptables-save.c.cloexec iptables-1.4.1-rc2/iptables-save.c
--- iptables-1.4.1-rc2/iptables-save.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-save.c	2008-06-05 13:55:09.000000000 +0200
@@ -38,7 +38,7 @@ static int for_each_table(int (*func)(co
 	FILE *procfile = NULL;
 	char tablename[IPT_TABLE_MAXNAMELEN+1];
 
-	procfile = fopen("/proc/net/ip_tables_names", "r");
+	procfile = fopen("/proc/net/ip_tables_names", "re");
 	if (!procfile)
 		exit_error(OTHER_PROBLEM,
 			   "Unable to open /proc/net/ip_tables_names: %s\n",
diff -up iptables-1.4.1-rc2/iptables-xml.c.cloexec iptables-1.4.1-rc2/iptables-xml.c
--- iptables-1.4.1-rc2/iptables-xml.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-xml.c	2008-06-05 13:55:09.000000000 +0200
@@ -664,7 +664,7 @@ main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.1-rc2/xtables.c.cloexec iptables-1.4.1-rc2/xtables.c
--- iptables-1.4.1-rc2/xtables.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/xtables.c	2008-06-05 13:57:49.000000000 +0200
@@ -498,6 +498,12 @@ static int compatible_revision(const cha
 		exit(1);
 	}
 
+ 	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ 		fprintf(stderr, "Could not set close on exec: %s\n",
+ 			strerror(errno));
+ 		exit(1);
+ 	}
+
 	load_xtables_ko(modprobe_program, 1);
 
 	strcpy(rev.name, name);

iptables-1.4.1-nf_ext_init.patch:

--- NEW FILE iptables-1.4.1-nf_ext_init.patch ---
diff -up iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init iptables-1.4.1-rc2/include/xtables.h.in
--- iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init	2008-06-05 14:13:49.000000000 +0200
+++ iptables-1.4.1-rc2/include/xtables.h.in	2008-06-05 14:14:03.000000000 +0200
@@ -199,13 +199,13 @@ extern void ip6parse_hostnetworkmask(con
 extern void save_string(const char *value);
 
 #ifdef NO_SHARED_LIBS
-#	ifdef _INIT
-#		undef _init
-#		define _init _INIT
+#	ifdef NF_EXT_INIT
+#		undef nf_ext_init
+#		define nf_ext_init NF_EXT_INIT
 #	endif
 	extern void init_extensions(void);
 #else
-#	define _init __attribute__((constructor)) _INIT
+#	define nf_ext_init __attribute__((constructor)) NF_EXT_INIT
 #endif
 
 /* Present in both iptables.c and ip6tables.c */
diff -up iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init iptables-1.4.1-rc2/include/xtables/internal.h
--- iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init	2008-06-05 14:13:24.000000000 +0200
+++ iptables-1.4.1-rc2/include/xtables/internal.h	2008-06-05 14:13:26.000000000 +0200
@@ -61,6 +61,6 @@ extern struct xtables_match *find_match(
 					struct xtables_rule_match **match);
 extern struct xtables_target *find_target(const char *name, enum xt_tryload);
 
-extern void _init(void);
+extern void nf_ext_init(void);
 
 #endif /* _XTABLES_INTERNAL_H */


Index: iptables.init
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-8/iptables.init,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- iptables.init	11 Feb 2008 14:07:14 -0000	1.20
+++ iptables.init	1 Jul 2008 14:38:47 -0000	1.21
@@ -49,8 +49,8 @@
 [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
 
 # Netfilter modules
-NF_MODULES=(${IPV}_tables nf_conntrack_${_IPV})
-NF_MODULES_COMMON=(x_tables nf_conntrack) # Used by netfilter v4 and v6
+NF_MODULES=($(lsmod | awk "/^${IPV}table_/ {print \$1}") ${IPV}_tables)
+NF_MODULES_COMMON=(x_tables nf_nat nf_conntrack) # Used by netfilter v4 and v6
 
 # Get active tables
 NF_TABLES=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
@@ -80,7 +80,9 @@
     # after all referring modules are unloaded.
     if grep -q "^${mod}" /proc/modules ; then
 	modprobe -r $mod > /dev/null 2>&1
-	let ret+=$?;
+	res=$?
+	[ $res -eq 0 ] || echo -n " $mod"
+	let ret+=$res;
     fi
 
     return $ret


Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-8/iptables.spec,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- iptables.spec	11 Feb 2008 14:07:15 -0000	1.58
+++ iptables.spec	1 Jul 2008 14:38:47 -0000	1.59
@@ -1,23 +1,19 @@
-%define build_devel 1
-
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.3.8
-Release: 7%{?dist}
+Version: 1.4.1.1
+Release: 1%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
-Patch0: iptables-1.3.8-iptc.patch
-Patch1: iptables-1.3.8-headers.patch
-Patch2: iptables-1.3.8-reject_type.patch
-Patch3: iptables-1.3.8-limit_man.patch
 Patch4: iptables-1.3.8-typo_latter.patch
-Patch5: iptables-1.3.8-cloexec.patch
+Patch5: iptables-1.4.1-cloexec.patch
+Patch8: iptables-1.4.1-nf_ext_init.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 License: GPLv2
 BuildRequires: libselinux-devel
+BuildRequires: kernel-headers
 Conflicts: kernel < 2.4.20
 Requires(post): chkconfig
 Requires(preun): chkconfig
@@ -43,7 +39,6 @@
 Install iptables-ipv6 if you need to set up firewalling for your
 network and you are using ipv6.
 
-%if %{build_devel}
 %package devel
 Summary: Development package for iptables
 Group: System Environment/Base
@@ -54,56 +49,38 @@
 
 The iptc interface is upstream marked as not public. The interface is not 
 stable and may change with every new version. It is therefore unsupported.
-%endif
 
 %prep
 %setup -q
-%patch0 -p1 -b .iptc
-%patch1 -p1 -b .headers
-%patch2 -p1 -b .reject_type
-%patch3 -p1 -b .limit_man
 %patch4 -p1 -b .typo_latter
 %patch5 -p1 -b .cloexec
+%patch8 -p1 -b .nf_ext_init
 
-# Put it to a reasonable place
-find . -type f -exec perl -pi -e "s,/usr/local,%{_prefix},g" {} \;
-
-# do not use ld -shared and _init
-perl -pi -e "s/\(LD\) -shared/\(CC\) -shared/g" Rules.make
-perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) my_init\(/g" extensions/*.c
-perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) my_init\(/g" extensions/*.c
+# fix constructor names, see also nf_ext_init patch
+perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
+perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
 
 %build
-TOPDIR=`pwd`
-OPT="$RPM_OPT_FLAGS -I$TOPDIR/include -fPIC"
-export DO_SELINUX=1
-make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} 
-make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} iptables-save iptables-restore
-make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} ip6tables-save ip6tables-restore
+./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+make
 
 %install
 rm -rf %{buildroot}
-export DO_SELINUX=1
-make install DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
-%if %{build_devel}
-make install-devel DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir}
-%endif
-cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
-cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
-mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
+
+make install DESTDIR=%{buildroot} 
+
+# install iptc devel library
+install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir}
+
+# install init scripts and configuration files
+install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
 sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
-mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
-install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
+install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
+install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig
+install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
 sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
-install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
-# install devel header files
-mkdir -p $RPM_BUILD_ROOT%{_includedir}
-install -c -m644 include/ip*.h $RPM_BUILD_ROOT%{_includedir}
-# install libiptc header files (unsupported)
-mkdir -p $RPM_BUILD_ROOT%{_includedir}/libiptc
-install -c -m644 include/libiptc/*.h $RPM_BUILD_ROOT%{_includedir}/libiptc
+install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
 
 %clean
 rm -rf $RPM_BUILD_ROOT 
@@ -131,32 +108,61 @@
 %config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
 /sbin/iptables*
 %{_mandir}/man8/iptables*
-%dir /%{_lib}/iptables
-/%{_lib}/iptables/libipt*
+%dir /%{_lib}/xtables
+/%{_lib}/xtables/libipt*
+/%{_lib}/xtables/libxt*
 
 %files ipv6
 %defattr(-,root,root)
 %attr(0755,root,root) /etc/rc.d/init.d/ip6tables
 %config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
 /sbin/ip6tables*
+/bin/iptables-xml
 %{_mandir}/man8/ip6tables*
-/%{_lib}/iptables/libip6t*
+/%{_lib}/xtables/libip6t*
 
-%if %{build_devel}
 %files devel
 %defattr(-,root,root)
-%{_includedir}/ip*.h
-%{_includedir}/libipq.h
+%{_includedir}/*.h
 %dir %{_includedir}/libiptc
 %{_includedir}/libiptc/*.h
 %{_libdir}/libipq.a
 %{_libdir}/libiptc.a
 %{_mandir}/man3/*
-%endif
 
 %changelog
-* Mon Feb 11 2008 Thomas Woerner <twoerner at redhat.com> 1.3.8-7
+* Tue Jul  1 2008 Thomas Woerner <twoerner at redhat.com> 1.4.1.1-1
+- upstream bug fix release 1.4.1.1
+- dropped extra patch for 1.4.1 - not needed anymore
+
+* Tue Jun 10 2008 Thomas Woerner <twoerner at redhat.com> 1.4.1-1
+- new version 1.4.1 with new build environment
+- additional ipv6 network mask patch from Jan Engelhardt
+- spec file cleanup
+- removed old patches
+
+* Fri Jun  6 2008 Tom "spot" Callaway <tcallawa at redhat.com> 1.4.0-5
+- use normal kernel headers, not linux/compiler.h
+- change BuildRequires: kernel-devel to kernel-headers
+- We need to do this to be able to build for both sparcv9 and sparc64 
+  (there is no kernel-devel.sparcv9)
+
+* Thu Mar 20 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-4
+- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
+
+* Mon Mar  3 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-3
+- use the kernel headers from the build tree for iptables for now to be able to 
+  compile this package, but this makes the package more kernel dependant
+- use s6_addr32 instead of in6_u.u6_addr32
+
+* Wed Feb 20 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.4.0-2
+- Autorebuild for GCC 4.3
+
+* Mon Feb 11 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-1
+- new version 1.4.0
 - fixed condrestart (rhbz#428148)
+- report the module in rmmod_r if there is an error
+- use nf_ext_init instead of my_init for extension constructors
 
 * Mon Nov  5 2007 Thomas Woerner <twoerner at redhat.com> 1.3.8-6
 - fixed leaked file descriptor before fork/exec (rhbz#312191)


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-8/sources,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- sources	16 Jul 2007 22:03:39 -0000	1.20
+++ sources	1 Jul 2008 14:38:47 -0000	1.21
@@ -1 +1 @@
-0a9209f928002e5eee9cdff8fef4d4b3  iptables-1.3.8.tar.bz2
+723fa88d8a0915e184f99e03e9bf06cb  iptables-1.4.1.1.tar.bz2


--- iptables-1.3.8-cloexec.patch DELETED ---


--- iptables-1.3.8-headers.patch DELETED ---


--- iptables-1.3.8-iptc.patch DELETED ---


--- iptables-1.3.8-limit_man.patch DELETED ---


--- iptables-1.3.8-reject_type.patch DELETED ---

More information about the fedora-extras-commits mailing list