rpms/iptables/F-9 iptables-1.4.1-cloexec.patch, NONE, 1.1 iptables-1.4.1-ipv6_network_mask.patch, NONE, 1.1 iptables-1.4.1-nf_ext_init.patch, NONE, 1.1 iptables.spec, 1.69, 1.70 sources, 1.21, 1.22 iptables-1.3.8-iptc.patch, 1.1, NONE iptables-1.4.0-cloexec.patch, 1.2, NONE iptables-1.4.0-in6_u.patch, 1.1, NONE iptables-1.4.0-use-normal-kernel-headers.patch, 1.1, NONE

Thomas Woerner (twoerner) fedora-extras-commits at redhat.com
Tue Jun 10 14:30:36 UTC 2008 

Author: twoerner

Update of /cvs/pkgs/rpms/iptables/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17208

Modified Files:
	iptables.spec sources 
Added Files:
	iptables-1.4.1-cloexec.patch 
	iptables-1.4.1-ipv6_network_mask.patch 
	iptables-1.4.1-nf_ext_init.patch 
Removed Files:
	iptables-1.3.8-iptc.patch iptables-1.4.0-cloexec.patch 
	iptables-1.4.0-in6_u.patch 
	iptables-1.4.0-use-normal-kernel-headers.patch 
Log Message:
- new version 1.4.1 with new build environment
- additional ipv6 network mask patch from Jan Engelhardt
- spec file cleanup
- removed old patches



iptables-1.4.1-cloexec.patch:

--- NEW FILE iptables-1.4.1-cloexec.patch ---
diff -up iptables-1.4.1-rc2/ip6tables-restore.c.cloexec iptables-1.4.1-rc2/ip6tables-restore.c
--- iptables-1.4.1-rc2/ip6tables-restore.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/ip6tables-restore.c	2008-06-05 13:55:09.000000000 +0200
@@ -172,7 +172,7 @@ int main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.1-rc2/ip6tables-save.c.cloexec iptables-1.4.1-rc2/ip6tables-save.c
--- iptables-1.4.1-rc2/ip6tables-save.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/ip6tables-save.c	2008-06-05 13:55:09.000000000 +0200
@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co
 	FILE *procfile = NULL;
 	char tablename[IP6T_TABLE_MAXNAMELEN+1];
 
-	procfile = fopen("/proc/net/ip6_tables_names", "r");
+	procfile = fopen("/proc/net/ip6_tables_names", "re");
 	if (!procfile)
 		exit_error(OTHER_PROBLEM,
 			   "Unable to open /proc/net/ip6_tables_names: %s\n",
diff -up iptables-1.4.1-rc2/iptables-restore.c.cloexec iptables-1.4.1-rc2/iptables-restore.c
--- iptables-1.4.1-rc2/iptables-restore.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-restore.c	2008-06-05 13:55:09.000000000 +0200
@@ -176,7 +176,7 @@ main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.1-rc2/iptables-save.c.cloexec iptables-1.4.1-rc2/iptables-save.c
--- iptables-1.4.1-rc2/iptables-save.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-save.c	2008-06-05 13:55:09.000000000 +0200
@@ -38,7 +38,7 @@ static int for_each_table(int (*func)(co
 	FILE *procfile = NULL;
 	char tablename[IPT_TABLE_MAXNAMELEN+1];
 
-	procfile = fopen("/proc/net/ip_tables_names", "r");
+	procfile = fopen("/proc/net/ip_tables_names", "re");
 	if (!procfile)
 		exit_error(OTHER_PROBLEM,
 			   "Unable to open /proc/net/ip_tables_names: %s\n",
diff -up iptables-1.4.1-rc2/iptables-xml.c.cloexec iptables-1.4.1-rc2/iptables-xml.c
--- iptables-1.4.1-rc2/iptables-xml.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-xml.c	2008-06-05 13:55:09.000000000 +0200
@@ -664,7 +664,7 @@ main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.1-rc2/xtables.c.cloexec iptables-1.4.1-rc2/xtables.c
--- iptables-1.4.1-rc2/xtables.c.cloexec	2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/xtables.c	2008-06-05 13:57:49.000000000 +0200
@@ -498,6 +498,12 @@ static int compatible_revision(const cha
 		exit(1);
 	}
 
+ 	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ 		fprintf(stderr, "Could not set close on exec: %s\n",
+ 			strerror(errno));
+ 		exit(1);
+ 	}
+
 	load_xtables_ko(modprobe_program, 1);
 
 	strcpy(rev.name, name);

iptables-1.4.1-ipv6_network_mask.patch:

--- NEW FILE iptables-1.4.1-ipv6_network_mask.patch ---
commit f52d74a1a83c4fa30fcab8b318d325bb3c9b5535
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Tue Jun 10 14:05:21 2008 +0200

ip6tables: fix printing of ipv6 network masks
    
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
---
 xtables.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/xtables.c b/xtables.c
index 8241687..a97bdaa 100644
--- a/xtables.c
+++ b/xtables.c
@@ -1011,10 +1011,10 @@ static int ip6addr_prefix_length(const struct in6_addr *k)
 	unsigned int bits = 0;
 	uint32_t a, b, c, d;
 
-	a = k->s6_addr32[0];
-	b = k->s6_addr32[1];
-	c = k->s6_addr32[2];
-	d = k->s6_addr32[3];
+	a = ntohl(k->s6_addr32[0]);
+	b = ntohl(k->s6_addr32[1]);
+	c = ntohl(k->s6_addr32[2]);
+	d = ntohl(k->s6_addr32[3]);
 	while (a & 0x80000000U) {
 		++bits;
 		a <<= 1;

iptables-1.4.1-nf_ext_init.patch:

--- NEW FILE iptables-1.4.1-nf_ext_init.patch ---
diff -up iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init iptables-1.4.1-rc2/include/xtables.h.in
--- iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init	2008-06-05 14:13:49.000000000 +0200
+++ iptables-1.4.1-rc2/include/xtables.h.in	2008-06-05 14:14:03.000000000 +0200
@@ -199,13 +199,13 @@ extern void ip6parse_hostnetworkmask(con
 extern void save_string(const char *value);
 
 #ifdef NO_SHARED_LIBS
-#	ifdef _INIT
-#		undef _init
-#		define _init _INIT
+#	ifdef NF_EXT_INIT
+#		undef nf_ext_init
+#		define nf_ext_init NF_EXT_INIT
 #	endif
 	extern void init_extensions(void);
 #else
-#	define _init __attribute__((constructor)) _INIT
+#	define nf_ext_init __attribute__((constructor)) NF_EXT_INIT
 #endif
 
 /* Present in both iptables.c and ip6tables.c */
diff -up iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init iptables-1.4.1-rc2/include/xtables/internal.h
--- iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init	2008-06-05 14:13:24.000000000 +0200
+++ iptables-1.4.1-rc2/include/xtables/internal.h	2008-06-05 14:13:26.000000000 +0200
@@ -61,6 +61,6 @@ extern struct xtables_match *find_match(
 					struct xtables_rule_match **match);
 extern struct xtables_target *find_target(const char *name, enum xt_tryload);
 
-extern void _init(void);
+extern void nf_ext_init(void);
 
 #endif /* _XTABLES_INTERNAL_H */


Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-9/iptables.spec,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- iptables.spec	6 Jun 2008 18:59:08 -0000	1.69
+++ iptables.spec	10 Jun 2008 14:29:55 -0000	1.70
@@ -1,18 +1,14 @@
-%define build_devel 1
-%define _kernel $(ls -d /usr/src/kernels/* | head -1)
-
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.4.0
-Release: 5%{?dist}
+Version: 1.4.1
+Release: 1%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
-Patch0: iptables-1.3.8-iptc.patch
 Patch4: iptables-1.3.8-typo_latter.patch
-Patch5: iptables-1.4.0-cloexec.patch
-Patch6: iptables-1.4.0-in6_u.patch
-Patch7: iptables-1.4.0-use-normal-kernel-headers.patch
+Patch5: iptables-1.4.1-cloexec.patch
+Patch8: iptables-1.4.1-nf_ext_init.patch
+Patch9: iptables-1.4.1-ipv6_network_mask.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -44,7 +40,6 @@
 Install iptables-ipv6 if you need to set up firewalling for your
 network and you are using ipv6.
 
-%if %{build_devel}
 %package devel
 Summary: Development package for iptables
 Group: System Environment/Base
@@ -55,64 +50,39 @@
 
 The iptc interface is upstream marked as not public. The interface is not 
 stable and may change with every new version. It is therefore unsupported.
-%endif
 
 %prep
 %setup -q
-%patch0 -p1 -b .iptc
 %patch4 -p1 -b .typo_latter
 %patch5 -p1 -b .cloexec
-%patch6 -p1 -b .in6_u
-%patch7 -p1 -b .use_normal_headers
-
-# Put it to a reasonable place
-find . -type f -exec perl -pi -e "s,/usr/local,%{_prefix},g" {} \;
+%patch8 -p1 -b .nf_ext_init
+%patch9 -p1 -b .ipv6_network_mask
 
-# do not use ld -shared and _init
-perl -pi -e "s/\(LD\) -shared/\(CC\) -shared/g" Rules.make
+# fix constructor names, see also nf_ext_init patch
 perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
 perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
 
 %build
-TOPDIR=`pwd`
-OPT="$RPM_OPT_FLAGS -I$TOPDIR/include -fPIC"
-#export KERNEL_DIR=/usr
-#export KBUILD_OUTPUT=/usr
-export KERNEL_DIR=%{_kernel}
-export KBUILD_OUTPUT=%{_kernel}
-
-export DO_SELINUX=1
-make COPT_FLAGS="$OPT" LIBDIR=/%{_lib} 
-make COPT_FLAGS="$OPT" LIBDIR=/%{_lib} iptables-save iptables-restore
-make COPT_FLAGS="$OPT" LIBDIR=/%{_lib} ip6tables-save ip6tables-restore
+./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+make
 
 %install
 rm -rf %{buildroot}
-#export KERNEL_DIR=/usr
-#export KBUILD_OUTPUT=/usr
-export KERNEL_DIR=%{_kernel}
-export KBUILD_OUTPUT=%{_kernel}
-export DO_SELINUX=1
-make install DESTDIR=%{buildroot} BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
-%if %{build_devel}
-make install-devel DESTDIR=%{buildroot} BINDIR=/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir}
-%endif
-cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
-cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
-mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
+
+make install DESTDIR=%{buildroot} 
+
+# install iptc devel library
+install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir}
+
+# install init scripts and configuration files
+install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
 sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
-mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
-install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
+install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
+install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig
+install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
 sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
-install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
-# install devel header files
-mkdir -p $RPM_BUILD_ROOT%{_includedir}
-install -c -m644 include/ip*.h $RPM_BUILD_ROOT%{_includedir}
-# install libiptc header files (unsupported)
-mkdir -p $RPM_BUILD_ROOT%{_includedir}/libiptc
-install -c -m644 include/libiptc/*.h $RPM_BUILD_ROOT%{_includedir}/libiptc
+install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
 
 %clean
 rm -rf $RPM_BUILD_ROOT 
@@ -140,31 +110,35 @@
 %config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
 /sbin/iptables*
 %{_mandir}/man8/iptables*
-%dir /%{_lib}/iptables
-/%{_lib}/iptables/libipt*
-/%{_lib}/iptables/libxt*
+%dir /%{_lib}/xtables
+/%{_lib}/xtables/libipt*
+/%{_lib}/xtables/libxt*
 
 %files ipv6
 %defattr(-,root,root)
 %attr(0755,root,root) /etc/rc.d/init.d/ip6tables
 %config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
 /sbin/ip6tables*
+/bin/iptables-xml
 %{_mandir}/man8/ip6tables*
-/%{_lib}/iptables/libip6t*
+/%{_lib}/xtables/libip6t*
 
-%if %{build_devel}
 %files devel
 %defattr(-,root,root)
-%{_includedir}/ip*.h
-%{_includedir}/libipq.h
+%{_includedir}/*.h
 %dir %{_includedir}/libiptc
 %{_includedir}/libiptc/*.h
 %{_libdir}/libipq.a
 %{_libdir}/libiptc.a
 %{_mandir}/man3/*
-%endif
 
 %changelog
+* Tue Jun 10 2008 Thomas Woerner <twoerner at redhat.com> 1.4.1-1
+- new version 1.4.1 with new build environment
+- additional ipv6 network mask patch from Jan Engelhardt
+- spec file cleanup
+- removed old patches
+
 * Fri Jun  6 2008 Tom "spot" Callaway <tcallawa at redhat.com> 1.4.0-5
 - use normal kernel headers, not linux/compiler.h
 - change BuildRequires: kernel-devel to kernel-headers


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-9/sources,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- sources	11 Feb 2008 13:56:53 -0000	1.21
+++ sources	10 Jun 2008 14:29:55 -0000	1.22
@@ -1 +1 @@
-90cfa8a554a29b0b859a625e701af2a7  iptables-1.4.0.tar.bz2
+e628f033b95741266a315d54fe73db9c  iptables-1.4.1.tar.bz2


--- iptables-1.3.8-iptc.patch DELETED ---


--- iptables-1.4.0-cloexec.patch DELETED ---


--- iptables-1.4.0-in6_u.patch DELETED ---


--- iptables-1.4.0-use-normal-kernel-headers.patch DELETED ---

More information about the fedora-extras-commits mailing list