rpms/iptables/F-9 iptables-1.4.1-cloexec.patch, NONE, 1.1 iptables-1.4.1-ipv6_network_mask.patch, NONE, 1.1 iptables-1.4.1-nf_ext_init.patch, NONE, 1.1 iptables.spec, 1.69, 1.70 sources, 1.21, 1.22 iptables-1.3.8-iptc.patch, 1.1, NONE iptables-1.4.0-cloexec.patch, 1.2, NONE iptables-1.4.0-in6_u.patch, 1.1, NONE iptables-1.4.0-use-normal-kernel-headers.patch, 1.1, NONE
Thomas Woerner (twoerner)
fedora-extras-commits at redhat.com
Tue Jun 10 14:30:36 UTC 2008
Author: twoerner
Update of /cvs/pkgs/rpms/iptables/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17208
Modified Files:
iptables.spec sources
Added Files:
iptables-1.4.1-cloexec.patch
iptables-1.4.1-ipv6_network_mask.patch
iptables-1.4.1-nf_ext_init.patch
Removed Files:
iptables-1.3.8-iptc.patch iptables-1.4.0-cloexec.patch
iptables-1.4.0-in6_u.patch
iptables-1.4.0-use-normal-kernel-headers.patch
Log Message:
- new version 1.4.1 with new build environment
- additional ipv6 network mask patch from Jan Engelhardt
- spec file cleanup
- removed old patches
iptables-1.4.1-cloexec.patch:
--- NEW FILE iptables-1.4.1-cloexec.patch ---
diff -up iptables-1.4.1-rc2/ip6tables-restore.c.cloexec iptables-1.4.1-rc2/ip6tables-restore.c
--- iptables-1.4.1-rc2/ip6tables-restore.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/ip6tables-restore.c 2008-06-05 13:55:09.000000000 +0200
@@ -172,7 +172,7 @@ int main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff -up iptables-1.4.1-rc2/ip6tables-save.c.cloexec iptables-1.4.1-rc2/ip6tables-save.c
--- iptables-1.4.1-rc2/ip6tables-save.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/ip6tables-save.c 2008-06-05 13:55:09.000000000 +0200
@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co
FILE *procfile = NULL;
char tablename[IP6T_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip6_tables_names", "r");
+ procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
exit_error(OTHER_PROBLEM,
"Unable to open /proc/net/ip6_tables_names: %s\n",
diff -up iptables-1.4.1-rc2/iptables-restore.c.cloexec iptables-1.4.1-rc2/iptables-restore.c
--- iptables-1.4.1-rc2/iptables-restore.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-restore.c 2008-06-05 13:55:09.000000000 +0200
@@ -176,7 +176,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff -up iptables-1.4.1-rc2/iptables-save.c.cloexec iptables-1.4.1-rc2/iptables-save.c
--- iptables-1.4.1-rc2/iptables-save.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-save.c 2008-06-05 13:55:09.000000000 +0200
@@ -38,7 +38,7 @@ static int for_each_table(int (*func)(co
FILE *procfile = NULL;
char tablename[IPT_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip_tables_names", "r");
+ procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
exit_error(OTHER_PROBLEM,
"Unable to open /proc/net/ip_tables_names: %s\n",
diff -up iptables-1.4.1-rc2/iptables-xml.c.cloexec iptables-1.4.1-rc2/iptables-xml.c
--- iptables-1.4.1-rc2/iptables-xml.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/iptables-xml.c 2008-06-05 13:55:09.000000000 +0200
@@ -664,7 +664,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s", argv[optind],
strerror(errno));
diff -up iptables-1.4.1-rc2/xtables.c.cloexec iptables-1.4.1-rc2/xtables.c
--- iptables-1.4.1-rc2/xtables.c.cloexec 2008-05-26 14:15:40.000000000 +0200
+++ iptables-1.4.1-rc2/xtables.c 2008-06-05 13:57:49.000000000 +0200
@@ -498,6 +498,12 @@ static int compatible_revision(const cha
exit(1);
}
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
load_xtables_ko(modprobe_program, 1);
strcpy(rev.name, name);
iptables-1.4.1-ipv6_network_mask.patch:
--- NEW FILE iptables-1.4.1-ipv6_network_mask.patch ---
commit f52d74a1a83c4fa30fcab8b318d325bb3c9b5535
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 10 14:05:21 2008 +0200
ip6tables: fix printing of ipv6 network masks
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
---
xtables.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/xtables.c b/xtables.c
index 8241687..a97bdaa 100644
--- a/xtables.c
+++ b/xtables.c
@@ -1011,10 +1011,10 @@ static int ip6addr_prefix_length(const struct in6_addr *k)
unsigned int bits = 0;
uint32_t a, b, c, d;
- a = k->s6_addr32[0];
- b = k->s6_addr32[1];
- c = k->s6_addr32[2];
- d = k->s6_addr32[3];
+ a = ntohl(k->s6_addr32[0]);
+ b = ntohl(k->s6_addr32[1]);
+ c = ntohl(k->s6_addr32[2]);
+ d = ntohl(k->s6_addr32[3]);
while (a & 0x80000000U) {
++bits;
a <<= 1;
iptables-1.4.1-nf_ext_init.patch:
--- NEW FILE iptables-1.4.1-nf_ext_init.patch ---
diff -up iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init iptables-1.4.1-rc2/include/xtables.h.in
--- iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init 2008-06-05 14:13:49.000000000 +0200
+++ iptables-1.4.1-rc2/include/xtables.h.in 2008-06-05 14:14:03.000000000 +0200
@@ -199,13 +199,13 @@ extern void ip6parse_hostnetworkmask(con
extern void save_string(const char *value);
#ifdef NO_SHARED_LIBS
-# ifdef _INIT
-# undef _init
-# define _init _INIT
+# ifdef NF_EXT_INIT
+# undef nf_ext_init
+# define nf_ext_init NF_EXT_INIT
# endif
extern void init_extensions(void);
#else
-# define _init __attribute__((constructor)) _INIT
+# define nf_ext_init __attribute__((constructor)) NF_EXT_INIT
#endif
/* Present in both iptables.c and ip6tables.c */
diff -up iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init iptables-1.4.1-rc2/include/xtables/internal.h
--- iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init 2008-06-05 14:13:24.000000000 +0200
+++ iptables-1.4.1-rc2/include/xtables/internal.h 2008-06-05 14:13:26.000000000 +0200
@@ -61,6 +61,6 @@ extern struct xtables_match *find_match(
struct xtables_rule_match **match);
extern struct xtables_target *find_target(const char *name, enum xt_tryload);
-extern void _init(void);
+extern void nf_ext_init(void);
#endif /* _XTABLES_INTERNAL_H */
Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-9/iptables.spec,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- iptables.spec 6 Jun 2008 18:59:08 -0000 1.69
+++ iptables.spec 10 Jun 2008 14:29:55 -0000 1.70
@@ -1,18 +1,14 @@
-%define build_devel 1
-%define _kernel $(ls -d /usr/src/kernels/* | head -1)
-
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.4.0
-Release: 5%{?dist}
+Version: 1.4.1
+Release: 1%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
-Patch0: iptables-1.3.8-iptc.patch
Patch4: iptables-1.3.8-typo_latter.patch
-Patch5: iptables-1.4.0-cloexec.patch
-Patch6: iptables-1.4.0-in6_u.patch
-Patch7: iptables-1.4.0-use-normal-kernel-headers.patch
+Patch5: iptables-1.4.1-cloexec.patch
+Patch8: iptables-1.4.1-nf_ext_init.patch
+Patch9: iptables-1.4.1-ipv6_network_mask.patch
Group: System Environment/Base
URL: http://www.netfilter.org/
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -44,7 +40,6 @@
Install iptables-ipv6 if you need to set up firewalling for your
network and you are using ipv6.
-%if %{build_devel}
%package devel
Summary: Development package for iptables
Group: System Environment/Base
@@ -55,64 +50,39 @@
The iptc interface is upstream marked as not public. The interface is not
stable and may change with every new version. It is therefore unsupported.
-%endif
%prep
%setup -q
-%patch0 -p1 -b .iptc
%patch4 -p1 -b .typo_latter
%patch5 -p1 -b .cloexec
-%patch6 -p1 -b .in6_u
-%patch7 -p1 -b .use_normal_headers
-
-# Put it to a reasonable place
-find . -type f -exec perl -pi -e "s,/usr/local,%{_prefix},g" {} \;
+%patch8 -p1 -b .nf_ext_init
+%patch9 -p1 -b .ipv6_network_mask
-# do not use ld -shared and _init
-perl -pi -e "s/\(LD\) -shared/\(CC\) -shared/g" Rules.make
+# fix constructor names, see also nf_ext_init patch
perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
%build
-TOPDIR=`pwd`
-OPT="$RPM_OPT_FLAGS -I$TOPDIR/include -fPIC"
-#export KERNEL_DIR=/usr
-#export KBUILD_OUTPUT=/usr
-export KERNEL_DIR=%{_kernel}
-export KBUILD_OUTPUT=%{_kernel}
-
-export DO_SELINUX=1
-make COPT_FLAGS="$OPT" LIBDIR=/%{_lib}
-make COPT_FLAGS="$OPT" LIBDIR=/%{_lib} iptables-save iptables-restore
-make COPT_FLAGS="$OPT" LIBDIR=/%{_lib} ip6tables-save ip6tables-restore
+./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+make
%install
rm -rf %{buildroot}
-#export KERNEL_DIR=/usr
-#export KBUILD_OUTPUT=/usr
-export KERNEL_DIR=%{_kernel}
-export KBUILD_OUTPUT=%{_kernel}
-export DO_SELINUX=1
-make install DESTDIR=%{buildroot} BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
-%if %{build_devel}
-make install-devel DESTDIR=%{buildroot} BINDIR=/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir}
-%endif
-cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
-cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
-mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
+
+make install DESTDIR=%{buildroot}
+
+# install iptc devel library
+install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir}
+
+# install init scripts and configuration files
+install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
-mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
-install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
+install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
+install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig
+install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
-install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
-# install devel header files
-mkdir -p $RPM_BUILD_ROOT%{_includedir}
-install -c -m644 include/ip*.h $RPM_BUILD_ROOT%{_includedir}
-# install libiptc header files (unsupported)
-mkdir -p $RPM_BUILD_ROOT%{_includedir}/libiptc
-install -c -m644 include/libiptc/*.h $RPM_BUILD_ROOT%{_includedir}/libiptc
+install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
%clean
rm -rf $RPM_BUILD_ROOT
@@ -140,31 +110,35 @@
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
/sbin/iptables*
%{_mandir}/man8/iptables*
-%dir /%{_lib}/iptables
-/%{_lib}/iptables/libipt*
-/%{_lib}/iptables/libxt*
+%dir /%{_lib}/xtables
+/%{_lib}/xtables/libipt*
+/%{_lib}/xtables/libxt*
%files ipv6
%defattr(-,root,root)
%attr(0755,root,root) /etc/rc.d/init.d/ip6tables
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
/sbin/ip6tables*
+/bin/iptables-xml
%{_mandir}/man8/ip6tables*
-/%{_lib}/iptables/libip6t*
+/%{_lib}/xtables/libip6t*
-%if %{build_devel}
%files devel
%defattr(-,root,root)
-%{_includedir}/ip*.h
-%{_includedir}/libipq.h
+%{_includedir}/*.h
%dir %{_includedir}/libiptc
%{_includedir}/libiptc/*.h
%{_libdir}/libipq.a
%{_libdir}/libiptc.a
%{_mandir}/man3/*
-%endif
%changelog
+* Tue Jun 10 2008 Thomas Woerner <twoerner at redhat.com> 1.4.1-1
+- new version 1.4.1 with new build environment
+- additional ipv6 network mask patch from Jan Engelhardt
+- spec file cleanup
+- removed old patches
+
* Fri Jun 6 2008 Tom "spot" Callaway <tcallawa at redhat.com> 1.4.0-5
- use normal kernel headers, not linux/compiler.h
- change BuildRequires: kernel-devel to kernel-headers
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-9/sources,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- sources 11 Feb 2008 13:56:53 -0000 1.21
+++ sources 10 Jun 2008 14:29:55 -0000 1.22
@@ -1 +1 @@
-90cfa8a554a29b0b859a625e701af2a7 iptables-1.4.0.tar.bz2
+e628f033b95741266a315d54fe73db9c iptables-1.4.1.tar.bz2
--- iptables-1.3.8-iptc.patch DELETED ---
--- iptables-1.4.0-cloexec.patch DELETED ---
--- iptables-1.4.0-in6_u.patch DELETED ---
--- iptables-1.4.0-use-normal-kernel-headers.patch DELETED ---
More information about the fedora-extras-commits
mailing list