rpms/iptables/F-8 iptables-1.4.1-cloexec.patch, NONE, 1.1 iptables-1.4.1-nf_ext_init.patch, NONE, 1.1 iptables.init, 1.20, 1.21 iptables.spec, 1.58, 1.59 sources, 1.20, 1.21 iptables-1.3.8-cloexec.patch, 1.1, NONE iptables-1.3.8-headers.patch, 1.1, NONE iptables-1.3.8-iptc.patch, 1.1, NONE iptables-1.3.8-limit_man.patch, 1.1, NONE iptables-1.3.8-reject_type.patch, 1.1, NONE
Thomas Woerner (twoerner)
fedora-extras-commits at redhat.com
Tue Jul 1 14:39:33 UTC 2008
Author: twoerner
Update of /cvs/pkgs/rpms/iptables/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4851
Modified Files:
iptables.init iptables.spec sources
Added Files:
iptables-1.4.1-cloexec.patch iptables-1.4.1-nf_ext_init.patch
Removed Files:
iptables-1.3.8-cloexec.patch iptables-1.3.8-headers.patch
iptables-1.3.8-iptc.patch iptables-1.3.8-limit_man.patch
iptables-1.3.8-reject_type.patch
Log Message:
- using new 1.4.1.1 package from devel
iptables-1.4.1-cloexec.patch:
--- NEW FILE iptables-1.4.1-cloexec.patch ---
diff -up iptables-1.4.1-rc2/ip6tables-restore.c.cloexec iptables-1.4.1-rc2/ip6tables-restore.c
--- iptables-1.4.1-rc2/ip6tables-restore.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/ip6tables-restore.c 2008-06-05 13:55:09.000000000 +0200
@@ -172,7 +172,7 @@ int main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff -up iptables-1.4.1-rc2/ip6tables-save.c.cloexec iptables-1.4.1-rc2/ip6tables-save.c
--- iptables-1.4.1-rc2/ip6tables-save.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/ip6tables-save.c 2008-06-05 13:55:09.000000000 +0200
@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co
FILE *procfile = NULL;
char tablename[IP6T_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip6_tables_names", "r");
+ procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
exit_error(OTHER_PROBLEM,
"Unable to open /proc/net/ip6_tables_names: %s\n",
diff -up iptables-1.4.1-rc2/iptables-restore.c.cloexec iptables-1.4.1-rc2/iptables-restore.c
--- iptables-1.4.1-rc2/iptables-restore.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-restore.c 2008-06-05 13:55:09.000000000 +0200
@@ -176,7 +176,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff -up iptables-1.4.1-rc2/iptables-save.c.cloexec iptables-1.4.1-rc2/iptables-save.c
--- iptables-1.4.1-rc2/iptables-save.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-save.c 2008-06-05 13:55:09.000000000 +0200
@@ -38,7 +38,7 @@ static int for_each_table(int (*func)(co
FILE *procfile = NULL;
char tablename[IPT_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip_tables_names", "r");
+ procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
exit_error(OTHER_PROBLEM,
"Unable to open /proc/net/ip_tables_names: %s\n",
diff -up iptables-1.4.1-rc2/iptables-xml.c.cloexec iptables-1.4.1-rc2/iptables-xml.c
--- iptables-1.4.1-rc2/iptables-xml.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-xml.c 2008-06-05 13:55:09.000000000 +0200
@@ -664,7 +664,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s", argv[optind],
strerror(errno));
diff -up iptables-1.4.1-rc2/xtables.c.cloexec iptables-1.4.1-rc2/xtables.c
--- iptables-1.4.1-rc2/xtables.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/xtables.c 2008-06-05 13:57:49.000000000 +0200
@@ -498,6 +498,12 @@ static int compatible_revision(const cha
exit(1);
}
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
load_xtables_ko(modprobe_program, 1);
strcpy(rev.name, name);
iptables-1.4.1-nf_ext_init.patch:
--- NEW FILE iptables-1.4.1-nf_ext_init.patch ---
diff -up iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init iptables-1.4.1-rc2/include/xtables.h.in
--- iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init 2008-06-05 14:13:49.000000000 +0200
+++ iptables-1.4.1-rc2/include/xtables.h.in 2008-06-05 14:14:03.000000000 +0200
@@ -199,13 +199,13 @@ extern void ip6parse_hostnetworkmask(con
extern void save_string(const char *value);
#ifdef NO_SHARED_LIBS
-# ifdef _INIT
-# undef _init
-# define _init _INIT
+# ifdef NF_EXT_INIT
+# undef nf_ext_init
+# define nf_ext_init NF_EXT_INIT
# endif
extern void init_extensions(void);
#else
-# define _init __attribute__((constructor)) _INIT
+# define nf_ext_init __attribute__((constructor)) NF_EXT_INIT
#endif
/* Present in both iptables.c and ip6tables.c */
diff -up iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init iptables-1.4.1-rc2/include/xtables/internal.h
--- iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init 2008-06-05 14:13:24.000000000 +0200
+++ iptables-1.4.1-rc2/include/xtables/internal.h 2008-06-05 14:13:26.000000000 +0200
@@ -61,6 +61,6 @@ extern struct xtables_match *find_match(
struct xtables_rule_match **match);
extern struct xtables_target *find_target(const char *name, enum xt_tryload);
-extern void _init(void);
+extern void nf_ext_init(void);
#endif /* _XTABLES_INTERNAL_H */
Index: iptables.init
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-8/iptables.init,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- iptables.init 11 Feb 2008 14:07:14 -0000 1.20
+++ iptables.init 1 Jul 2008 14:38:47 -0000 1.21
@@ -49,8 +49,8 @@
[ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
# Netfilter modules
-NF_MODULES=(${IPV}_tables nf_conntrack_${_IPV})
-NF_MODULES_COMMON=(x_tables nf_conntrack) # Used by netfilter v4 and v6
+NF_MODULES=($(lsmod | awk "/^${IPV}table_/ {print \$1}") ${IPV}_tables)
+NF_MODULES_COMMON=(x_tables nf_nat nf_conntrack) # Used by netfilter v4 and v6
# Get active tables
NF_TABLES=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
@@ -80,7 +80,9 @@
# after all referring modules are unloaded.
if grep -q "^${mod}" /proc/modules ; then
modprobe -r $mod > /dev/null 2>&1
- let ret+=$?;
+ res=$?
+ [ $res -eq 0 ] || echo -n " $mod"
+ let ret+=$res;
fi
return $ret
Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-8/iptables.spec,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- iptables.spec 11 Feb 2008 14:07:15 -0000 1.58
+++ iptables.spec 1 Jul 2008 14:38:47 -0000 1.59
@@ -1,23 +1,19 @@
-%define build_devel 1
-
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.3.8
-Release: 7%{?dist}
+Version: 1.4.1.1
+Release: 1%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
-Patch0: iptables-1.3.8-iptc.patch
-Patch1: iptables-1.3.8-headers.patch
-Patch2: iptables-1.3.8-reject_type.patch
-Patch3: iptables-1.3.8-limit_man.patch
Patch4: iptables-1.3.8-typo_latter.patch
-Patch5: iptables-1.3.8-cloexec.patch
+Patch5: iptables-1.4.1-cloexec.patch
+Patch8: iptables-1.4.1-nf_ext_init.patch
Group: System Environment/Base
URL: http://www.netfilter.org/
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
License: GPLv2
BuildRequires: libselinux-devel
+BuildRequires: kernel-headers
Conflicts: kernel < 2.4.20
Requires(post): chkconfig
Requires(preun): chkconfig
@@ -43,7 +39,6 @@
Install iptables-ipv6 if you need to set up firewalling for your
network and you are using ipv6.
-%if %{build_devel}
%package devel
Summary: Development package for iptables
Group: System Environment/Base
@@ -54,56 +49,38 @@
The iptc interface is upstream marked as not public. The interface is not
stable and may change with every new version. It is therefore unsupported.
-%endif
%prep
%setup -q
-%patch0 -p1 -b .iptc
-%patch1 -p1 -b .headers
-%patch2 -p1 -b .reject_type
-%patch3 -p1 -b .limit_man
%patch4 -p1 -b .typo_latter
%patch5 -p1 -b .cloexec
+%patch8 -p1 -b .nf_ext_init
-# Put it to a reasonable place
-find . -type f -exec perl -pi -e "s,/usr/local,%{_prefix},g" {} \;
-
-# do not use ld -shared and _init
-perl -pi -e "s/\(LD\) -shared/\(CC\) -shared/g" Rules.make
-perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) my_init\(/g" extensions/*.c
-perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) my_init\(/g" extensions/*.c
+# fix constructor names, see also nf_ext_init patch
+perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
+perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
%build
-TOPDIR=`pwd`
-OPT="$RPM_OPT_FLAGS -I$TOPDIR/include -fPIC"
-export DO_SELINUX=1
-make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib}
-make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} iptables-save iptables-restore
-make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} ip6tables-save ip6tables-restore
+./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+make
%install
rm -rf %{buildroot}
-export DO_SELINUX=1
-make install DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
-%if %{build_devel}
-make install-devel DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir}
-%endif
-cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
-cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
-mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
+
+make install DESTDIR=%{buildroot}
+
+# install iptc devel library
+install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir}
+
+# install init scripts and configuration files
+install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
-mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
-install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
+install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
+install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig
+install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
-install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
-# install devel header files
-mkdir -p $RPM_BUILD_ROOT%{_includedir}
-install -c -m644 include/ip*.h $RPM_BUILD_ROOT%{_includedir}
-# install libiptc header files (unsupported)
-mkdir -p $RPM_BUILD_ROOT%{_includedir}/libiptc
-install -c -m644 include/libiptc/*.h $RPM_BUILD_ROOT%{_includedir}/libiptc
+install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
%clean
rm -rf $RPM_BUILD_ROOT
@@ -131,32 +108,61 @@
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
/sbin/iptables*
%{_mandir}/man8/iptables*
-%dir /%{_lib}/iptables
-/%{_lib}/iptables/libipt*
+%dir /%{_lib}/xtables
+/%{_lib}/xtables/libipt*
+/%{_lib}/xtables/libxt*
%files ipv6
%defattr(-,root,root)
%attr(0755,root,root) /etc/rc.d/init.d/ip6tables
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
/sbin/ip6tables*
+/bin/iptables-xml
%{_mandir}/man8/ip6tables*
-/%{_lib}/iptables/libip6t*
+/%{_lib}/xtables/libip6t*
-%if %{build_devel}
%files devel
%defattr(-,root,root)
-%{_includedir}/ip*.h
-%{_includedir}/libipq.h
+%{_includedir}/*.h
%dir %{_includedir}/libiptc
%{_includedir}/libiptc/*.h
%{_libdir}/libipq.a
%{_libdir}/libiptc.a
%{_mandir}/man3/*
-%endif
%changelog
-* Mon Feb 11 2008 Thomas Woerner <twoerner at redhat.com> 1.3.8-7
+* Tue Jul 1 2008 Thomas Woerner <twoerner at redhat.com> 1.4.1.1-1
+- upstream bug fix release 1.4.1.1
+- dropped extra patch for 1.4.1 - not needed anymore
+
+* Tue Jun 10 2008 Thomas Woerner <twoerner at redhat.com> 1.4.1-1
+- new version 1.4.1 with new build environment
+- additional ipv6 network mask patch from Jan Engelhardt
+- spec file cleanup
+- removed old patches
+
+* Fri Jun 6 2008 Tom "spot" Callaway <tcallawa at redhat.com> 1.4.0-5
+- use normal kernel headers, not linux/compiler.h
+- change BuildRequires: kernel-devel to kernel-headers
+- We need to do this to be able to build for both sparcv9 and sparc64
+ (there is no kernel-devel.sparcv9)
+
+* Thu Mar 20 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-4
+- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
+
+* Mon Mar 3 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-3
+- use the kernel headers from the build tree for iptables for now to be able to
+ compile this package, but this makes the package more kernel dependant
+- use s6_addr32 instead of in6_u.u6_addr32
+
+* Wed Feb 20 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.4.0-2
+- Autorebuild for GCC 4.3
+
+* Mon Feb 11 2008 Thomas Woerner <twoerner at redhat.com> 1.4.0-1
+- new version 1.4.0
- fixed condrestart (rhbz#428148)
+- report the module in rmmod_r if there is an error
+- use nf_ext_init instead of my_init for extension constructors
* Mon Nov 5 2007 Thomas Woerner <twoerner at redhat.com> 1.3.8-6
- fixed leaked file descriptor before fork/exec (rhbz#312191)
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-8/sources,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- sources 16 Jul 2007 22:03:39 -0000 1.20
+++ sources 1 Jul 2008 14:38:47 -0000 1.21
@@ -1 +1 @@
-0a9209f928002e5eee9cdff8fef4d4b3 iptables-1.3.8.tar.bz2
+723fa88d8a0915e184f99e03e9bf06cb iptables-1.4.1.1.tar.bz2
--- iptables-1.3.8-cloexec.patch DELETED ---
--- iptables-1.3.8-headers.patch DELETED ---
--- iptables-1.3.8-iptc.patch DELETED ---
--- iptables-1.3.8-limit_man.patch DELETED ---
--- iptables-1.3.8-reject_type.patch DELETED ---
More information about the fedora-extras-commits
mailing list