August 2012 - openSUSE Commits - openSUSE Mailing Lists

commit kst for openSUSE:Factory
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package kst for openSUSE:Factory checked in at 2012-08-04 09:19:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kst (Old) and /work/SRC/openSUSE:Factory/.kst.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "kst", Maintainer is "kde-maintainers(a)suse.de" Changes: -------- --- /work/SRC/openSUSE:Factory/kst/kst.changes 2012-07-13 11:31:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.kst.new/kst.changes 2012-08-04 09:19:44.000000000 +0200 @@ -1,0 +2,19 @@ +Mon Jul 30 17:55:38 UTC 2012 - ctrippe(a)opensuse.org + +- Update to 2.0.6, for a complete list of changes see + http://kst-plot.kde.org/files/Log_messages_2.0.5_to_2.0.6.txt + * When loading a kst file, prompt the user for an alternate if a + datasource can't be found + * Save/use arrow head property defaults + * Don't invert Z order of viewItems which are direct children of + the View + * Data wizard fixes (spectrum format, speed improvements when + there are many vectors, + * Properly handle missing data in custom-delimited ASCII to avoid + mixing the vectors + * Large speedup (x10!) for ASCII with very many columns + * Allow SVG and pixmap view objects to have adjustable aspect ratios + * Fix apply button in view item dialogs (including labels) +- Build python-kst for scripting + +------------------------------------------------------------------- Old: ---- kst-2.0.5.tar.gz New: ---- kst-2.0.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kst.spec ++++++ --- /var/tmp/diff_new_pack.C8HDfo/_old 2012-08-04 09:20:00.000000000 +0200 +++ /var/tmp/diff_new_pack.C8HDfo/_new 2012-08-04 09:20:00.000000000 +0200 @@ -18,7 +18,7 @@ Name: kst -Version: 2.0.5 +Version: 2.0.6 Release: 0 Summary: Real-Time Data Viewing and Plotting Tool with Basic Data Analysis Functionality License: GPL-2.0+ @@ -35,6 +35,9 @@ %if 0%{?suse_version} >= 1220 BuildRequires: libnetcdf_c++-devel BuildRequires: netcdf-devel +BuildRequires: python-numpy-devel +#Python-scipy is only available from 12.2 onwards, so the whole python scripting part ist only build for 12.2 onwards +BuildRequires: python-scipy-devel %else BuildRequires: libnetcdf-devel %endif @@ -77,15 +80,39 @@ Development libraries and headers needed to build software making use of %{name} +%if 0%{?suse_version} >= 1220 + +%package -n python-kst +Summary: Python scripting support for %{name} +Group: Development/Libraries/Python +Requires: %{name} = %{version} +Requires: python-base = %py_ver +Requires: python-numpy +Requires: python-scipy + +%description -n python-kst +Provides scripting support for %{name} with Python + +%endif + %prep %setup -q %build +%if 0%{?suse_version} >= 1220 +EXTRA_FLAGS="-Dkst_install_prefix=%{_kde_prefix} \ + -Dkst_rpath=0 \ + -Dkst_install_libdir=%{_lib} \ + -Dkst_install_plugin_desktop_file_path=%{_kde4_servicesdir}/%{name} + -Dkst_release=1 \ + -Dkst_python=1" +%else EXTRA_FLAGS="-Dkst_install_prefix=%{_kde_prefix} \ -Dkst_rpath=0 \ -Dkst_install_libdir=%{_lib} \ -Dkst_install_plugin_desktop_file_path=%{_kde4_servicesdir}/%{name} -Dkst_release=1" +%endif %cmake_kde4 -d build -- $EXTRA_FLAGS $RPM_BUILD_DIR/%buildsubdir/cmake make %{?_smp_mflags} @@ -119,4 +146,14 @@ %{_kde4_libdir}/*.so %{_kde4_libdir}/lib%{name}2app.a +%if 0%{?suse_version} >= 1220 + +%files -n python-kst +%defattr(-,root,root) +%{python_sitearch}/pykst.py +%{python_sitearch}/pykstpp.py +%{python_sitearch}/pykstpp_h.py + +%endif + %changelog ++++++ kst-2.0.5.tar.gz -> kst-2.0.6.tar.gz ++++++ /work/SRC/openSUSE:Factory/kst/kst-2.0.5.tar.gz /work/SRC/openSUSE:Factory/.kst.new/kst-2.0.6.tar.gz differ: char 5, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit kiwi-config-openSUSE for openSUSE:12.2
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package kiwi-config-openSUSE for openSUSE:12.2 checked in at 2012-08-04 09:18:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2/kiwi-config-openSUSE (Old) and /work/SRC/openSUSE:12.2/.kiwi-config-openSUSE.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "kiwi-config-openSUSE", Maintainer is "coolo(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:12.2/kiwi-config-openSUSE/kiwi-config-openSUSE.changes 2012-07-22 15:16:20.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.kiwi-config-openSUSE.new/kiwi-config-openSUSE.changes 2012-08-04 09:19:42.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Aug 3 14:28:29 CEST 2012 - fcrozat(a)suse.com + +- Update xdm-liveinstall.patch to terminate plymouth if present + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xdm-liveinstall.patch ++++++ --- /var/tmp/diff_new_pack.lqvYs5/_old 2012-08-04 09:19:43.000000000 +0200 +++ /var/tmp/diff_new_pack.lqvYs5/_new 2012-08-04 09:19:43.000000000 +0200 @@ -13,12 +13,13 @@ --- etc/init.d/xdm.orig 2011-04-12 10:21:03.911449606 +0200 +++ etc/init.d/xdm 2011-04-12 10:21:43.831694748 +0200 -@@ -211,7 +211,11 @@ case "$1" in +@@ -211,7 +211,12 @@ case "$1" in fi ;; esac - startproc -p $PIDFILE $DISPLAYMANAGER $XDMOPTIONS || rc_failed + if cat /proc/cmdline | grep -q liveinstall; then ++ [ -x /usr/bin/plymouth ] && /usr/bin/plymouth quit + /usr/lib/YaST2/startup/YaST2.call live-installer + else + startproc -p $PIDFILE $DISPLAYMANAGER $XDMOPTIONS || rc_failed -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit kiwi-config-openSUSE for openSUSE:Factory
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package kiwi-config-openSUSE for openSUSE:Factory checked in at 2012-08-04 09:18:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kiwi-config-openSUSE (Old) and /work/SRC/openSUSE:Factory/.kiwi-config-openSUSE.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "kiwi-config-openSUSE", Maintainer is "coolo(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/kiwi-config-openSUSE/kiwi-config-openSUSE.changes 2012-07-22 15:16:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.kiwi-config-openSUSE.new/kiwi-config-openSUSE.changes 2012-08-04 09:19:41.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Aug 3 14:28:29 CEST 2012 - fcrozat(a)suse.com + +- Update xdm-liveinstall.patch to terminate plymouth if present + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xdm-liveinstall.patch ++++++ --- /var/tmp/diff_new_pack.0OP4UV/_old 2012-08-04 09:19:42.000000000 +0200 +++ /var/tmp/diff_new_pack.0OP4UV/_new 2012-08-04 09:19:42.000000000 +0200 @@ -13,12 +13,13 @@ --- etc/init.d/xdm.orig 2011-04-12 10:21:03.911449606 +0200 +++ etc/init.d/xdm 2011-04-12 10:21:43.831694748 +0200 -@@ -211,7 +211,11 @@ case "$1" in +@@ -211,7 +211,12 @@ case "$1" in fi ;; esac - startproc -p $PIDFILE $DISPLAYMANAGER $XDMOPTIONS || rc_failed + if cat /proc/cmdline | grep -q liveinstall; then ++ [ -x /usr/bin/plymouth ] && /usr/bin/plymouth quit + /usr/lib/YaST2/startup/YaST2.call live-installer + else + startproc -p $PIDFILE $DISPLAYMANAGER $XDMOPTIONS || rc_failed -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit kdebase4-workspace for openSUSE:12.2
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package kdebase4-workspace for openSUSE:12.2 checked in at 2012-08-04 09:18:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2/kdebase4-workspace (Old) and /work/SRC/openSUSE:12.2/.kdebase4-workspace.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "kdebase4-workspace", Maintainer is "kde-maintainers(a)suse.de" Changes: -------- --- /work/SRC/openSUSE:12.2/kdebase4-workspace/kdebase4-workspace.changes 2012-07-02 10:59:41.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.kdebase4-workspace.new/kdebase4-workspace.changes 2012-08-04 09:18:51.000000000 +0200 @@ -1,0 +2,5 @@ +Mon Jul 30 02:48:47 UTC 2012 - mlin(a)suse.com + +- Apply to upstream to fix deletion of preferred launchers (bnc#757370, kde#278724) + +------------------------------------------------------------------- --- /work/SRC/openSUSE:12.2/kdebase4-workspace/python-kdebase4.changes 2012-06-25 15:37:18.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.kdebase4-workspace.new/python-kdebase4.changes 2012-08-04 09:18:51.000000000 +0200 @@ -1,0 +2,5 @@ +Mon Jul 30 02:49:02 UTC 2012 - mlin(a)suse.com + +- Apply to upstream to fix deletion of preferred launchers (bnc#757370, kde#278724) + +------------------------------------------------------------------- New: ---- plasma-fix-delete-preferred-launchers.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kdebase4-workspace.spec ++++++ --- /var/tmp/diff_new_pack.sQT0Ry/_old 2012-08-04 09:19:41.000000000 +0200 +++ /var/tmp/diff_new_pack.sQT0Ry/_new 2012-08-04 09:19:41.000000000 +0200 @@ -117,7 +117,8 @@ Patch400: kdm_plymouth.patch # PATCH-FIX-OPENSUSE opensuse-homepage.diff Patch401: opensuse-homepage.diff - +# PATCH-FIX-UPSTREAM plasma-fix-delete-preferred-launchers.diff kde#278724 +Patch402: plasma-fix-delete-preferred-launchers.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %suse_version > 1200 Requires: %{name}-branding = %{version} @@ -342,6 +343,7 @@ %endif %patch400 -p0 %patch401 -p1 +%patch402 -p1 cp %{SOURCE3} kwin/effects/cube/data/cubecap.png %build ++++++ plasma-fix-delete-preferred-launchers.diff ++++++ commit f8eb85a87846e49b10dae8170695533262011ae1 Author: Gregor Tätzner <gregor(a)freenet.de> Date: Thu Jul 26 14:32:38 2012 +0200 Fix deletion of preferred application launchers In default panel config the host of that magic preferred app url is used as the key. So lets use that key to delete the launchers, too. BUG: 278724 FIXED-IN: 4.9.1 REVIEW: 105374 diff --git a/libs/taskmanager/groupmanager.cpp b/libs/taskmanager/groupmanager.cpp index 5ca0159..45c15a9 100644 --- a/libs/taskmanager/groupmanager.cpp +++ b/libs/taskmanager/groupmanager.cpp @@ -1070,8 +1070,16 @@ void GroupManagerPrivate::unsaveLauncher(LauncherItem *launcher) return; } - if (cg.hasKey(launcher->name())) { - cg.deleteEntry(launcher->name()); + QString launcherKey; + + if (launcher->launcherUrl().protocol() == "preferred") + // in default config the host of the preferred application url is used as key + launcherKey = launcher->launcherUrl().host(); + else + launcherKey = launcher->name(); + + if (cg.hasKey(launcherKey)) { + cg.deleteEntry(launcherKey); emit q->configChanged(); } } @@ -1127,7 +1135,7 @@ int GroupManagerPrivate::launcherIndex(const KUrl &url) foreach (const LauncherItem * item, launchers) { if (item->launcherUrl() == url) { return index; - } + } ++index; } -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit kdebase4-workspace for openSUSE:Factory
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package kdebase4-workspace for openSUSE:Factory checked in at 2012-08-04 09:17:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kdebase4-workspace (Old) and /work/SRC/openSUSE:Factory/.kdebase4-workspace.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "kdebase4-workspace", Maintainer is "kde-maintainers(a)suse.de" Changes: -------- --- /work/SRC/openSUSE:Factory/kdebase4-workspace/kdebase4-workspace.changes 2012-07-02 10:59:35.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.kdebase4-workspace.new/kdebase4-workspace.changes 2012-08-04 09:17:59.000000000 +0200 @@ -1,0 +2,5 @@ +Mon Jul 30 02:48:47 UTC 2012 - mlin(a)suse.com + +- Apply to upstream to fix deletion of preferred launchers (bnc#757370, kde#278724) + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/kdebase4-workspace/python-kdebase4.changes 2012-06-12 21:42:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.kdebase4-workspace.new/python-kdebase4.changes 2012-08-04 09:17:59.000000000 +0200 @@ -1,0 +2,5 @@ +Mon Jul 30 02:49:02 UTC 2012 - mlin(a)suse.com + +- Apply to upstream to fix deletion of preferred launchers (bnc#757370, kde#278724) + +------------------------------------------------------------------- New: ---- plasma-fix-delete-preferred-launchers.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kdebase4-workspace.spec ++++++ --- /var/tmp/diff_new_pack.j4c8QT/_old 2012-08-04 09:18:51.000000000 +0200 +++ /var/tmp/diff_new_pack.j4c8QT/_new 2012-08-04 09:18:51.000000000 +0200 @@ -117,7 +117,8 @@ Patch400: kdm_plymouth.patch # PATCH-FIX-OPENSUSE opensuse-homepage.diff Patch401: opensuse-homepage.diff - +# PATCH-FIX-UPSTREAM plasma-fix-delete-preferred-launchers.diff kde#278724 +Patch402: plasma-fix-delete-preferred-launchers.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %suse_version > 1200 Requires: %{name}-branding = %{version} @@ -342,6 +343,7 @@ %endif %patch400 -p0 %patch401 -p1 +%patch402 -p1 cp %{SOURCE3} kwin/effects/cube/data/cubecap.png %build ++++++ plasma-fix-delete-preferred-launchers.diff ++++++ commit f8eb85a87846e49b10dae8170695533262011ae1 Author: Gregor Tätzner <gregor(a)freenet.de> Date: Thu Jul 26 14:32:38 2012 +0200 Fix deletion of preferred application launchers In default panel config the host of that magic preferred app url is used as the key. So lets use that key to delete the launchers, too. BUG: 278724 FIXED-IN: 4.9.1 REVIEW: 105374 diff --git a/libs/taskmanager/groupmanager.cpp b/libs/taskmanager/groupmanager.cpp index 5ca0159..45c15a9 100644 --- a/libs/taskmanager/groupmanager.cpp +++ b/libs/taskmanager/groupmanager.cpp @@ -1070,8 +1070,16 @@ void GroupManagerPrivate::unsaveLauncher(LauncherItem *launcher) return; } - if (cg.hasKey(launcher->name())) { - cg.deleteEntry(launcher->name()); + QString launcherKey; + + if (launcher->launcherUrl().protocol() == "preferred") + // in default config the host of the preferred application url is used as key + launcherKey = launcher->launcherUrl().host(); + else + launcherKey = launcher->name(); + + if (cg.hasKey(launcherKey)) { + cg.deleteEntry(launcherKey); emit q->configChanged(); } } @@ -1127,7 +1135,7 @@ int GroupManagerPrivate::launcherIndex(const KUrl &url) foreach (const LauncherItem * item, launchers) { if (item->launcherUrl() == url) { return index; - } + } ++index; } -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit iptables for openSUSE:Factory
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package iptables for openSUSE:Factory checked in at 2012-08-04 09:16:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/iptables (Old) and /work/SRC/openSUSE:Factory/.iptables.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "iptables", Maintainer is "VCizek(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/iptables/iptables.changes 2012-05-29 11:39:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.iptables.new/iptables.changes 2012-08-04 09:16:56.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Jul 31 12:08:07 UTC 2012 - jengelh(a)inai.de + +- Update to new upstream release 1.4.15 +* libxt_recent: add --mask netmask +* libxt_hashlimit: add support for byte-based operation + +------------------------------------------------------------------- Old: ---- iptables-1.4.14.tar.bz2 iptables-1.4.14.tar.bz2.sig New: ---- iptables-1.4.15.tar.bz2 iptables-1.4.15.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ iptables.spec ++++++ --- /var/tmp/diff_new_pack.UD4tZF/_old 2012-08-04 09:16:59.000000000 +0200 +++ /var/tmp/diff_new_pack.UD4tZF/_new 2012-08-04 09:16:59.000000000 +0200 @@ -20,7 +20,7 @@ %define lname_ipq libipq0 %define lname_iptc libiptc0 %define lname_xt libxtables7 -Version: 1.4.14 +Version: 1.4.15 Release: 0 Summary: IP Packet Filter Administration utilities License: GPL-2.0+ @@ -46,9 +46,14 @@ BuildRequires: pkgconfig >= 0.21 %if 0%{?suse_version} BuildRequires: fdupes +%endif +%if 0%{?suse_version} >= 1140 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 %endif -%if 0%{?fedora} || 0%{?rhel} +%if 0%{?suse_version} && 0%{?suse_version} <= 1110 +BuildRequires: libnfnetlink-devel >= 1.0.0 +%endif +%if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version} BuildRequires: libnfnetlink-devel >= 1.0.0 %endif ++++++ iptables-1.4.14.tar.bz2 -> iptables-1.4.15.tar.bz2 ++++++ ++++ 2683 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/build-aux/compile new/iptables-1.4.15/build-aux/compile --- old/iptables-1.4.14/build-aux/compile 2012-05-26 18:45:19.000000000 +0200 +++ new/iptables-1.4.15/build-aux/compile 2012-07-31 12:45:36.000000000 +0200 @@ -1,7 +1,7 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2012-01-04.17; # UTC +scriptversion=2012-03-05.13; # UTC # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free # Software Foundation, Inc. @@ -79,6 +79,48 @@ esac } +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + # func_cl_wrapper cl arg... # Adjust compile command to suit cl func_cl_wrapper () @@ -109,43 +151,34 @@ ;; esac ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; -I*) func_file_conv "${1#-I}" mingw set x "$@" -I"$file" shift ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; -l*) - lib=${1#-l} - found=no - save_IFS=$IFS - IFS=';' - for dir in $lib_path $LIB - do - IFS=$save_IFS - if $shared && test -f "$dir/$lib.dll.lib"; then - found=yes - set x "$@" "$dir/$lib.dll.lib" - break - fi - if test -f "$dir/$lib.lib"; then - found=yes - set x "$@" "$dir/$lib.lib" - break - fi - done - IFS=$save_IFS - - test "$found" != yes && set x "$@" "$lib.lib" + func_cl_dashl "${1#-l}" + set x "$@" "$lib" shift ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; -L*) - func_file_conv "${1#-L}" - if test -z "$lib_path"; then - lib_path=$file - else - lib_path="$lib_path;$file" - fi - linker_opts="$linker_opts -LIBPATH:$file" + func_cl_dashL "${1#-L}" ;; -static) shared=false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/configure.ac new/iptables-1.4.15/configure.ac --- old/iptables-1.4.14/configure.ac 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/configure.ac 2012-07-31 12:44:36.000000000 +0200 @@ -1,9 +1,9 @@ -AC_INIT([iptables], [1.4.14]) +AC_INIT([iptables], [1.4.15]) # See libtool.info "Libtool's versioning system" -libxtables_vcurrent=7 -libxtables_vage=0 +libxtables_vcurrent=8 +libxtables_vage=1 AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/extensions/libxt_HMARK.c new/iptables-1.4.15/extensions/libxt_HMARK.c --- old/iptables-1.4.14/extensions/libxt_HMARK.c 1970-01-01 01:00:00.000000000 +0100 +++ new/iptables-1.4.15/extensions/libxt_HMARK.c 2012-07-31 12:44:36.000000000 +0200 @@ -0,0 +1,450 @@ +/* + * (C) 2012 by Hans Schillstrom <hans.schillstrom(a)ericsson.com> + * (C) 2012 by Pablo Neira Ayuso <pablo(a)netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Description: shared library add-on to iptables to add HMARK target support + * + * Initial development by Hans Schillstrom. Pablo's improvements to this piece + * of software has been sponsored by Sophos Astaro <http://www.sophos.com>. + */ + +#include <stdbool.h> +#include <stdio.h> +#include <string.h> + +#include "xtables.h" +#include <linux/netfilter/xt_HMARK.h> + +static void HMARK_help(void) +{ + printf( +"HMARK target options, i.e. modify hash calculation by:\n" +" --hmark-tuple [src|dst|sport|dport|spi|proto|ct][,...]\n" +" --hmark-mod value nfmark modulus value\n" +" --hmark-offset value Last action add value to nfmark\n\n" +" --hmark-rnd Random see for hashing\n" +" Alternatively, fine tuning of what will be included in hash calculation\n" +" --hmark-src-prefix length Source address mask CIDR prefix\n" +" --hmark-dst-prefix length Dest address mask CIDR prefix\n" +" --hmark-sport-mask value Mask src port with value\n" +" --hmark-dport-mask value Mask dst port with value\n" +" --hmark-spi-mask value For esp and ah AND spi with value\n" +" --hmark-sport value OR src port with value\n" +" --hmark-dport value OR dst port with value\n" +" --hmark-spi value For esp and ah OR spi with value\n" +" --hmark-proto-mask value Mask Protocol with value\n"); +} + +#define hi struct xt_hmark_info + +enum { + O_HMARK_SADDR_MASK, + O_HMARK_DADDR_MASK, + O_HMARK_SPI, + O_HMARK_SPI_MASK, + O_HMARK_SPORT, + O_HMARK_DPORT, + O_HMARK_SPORT_MASK, + O_HMARK_DPORT_MASK, + O_HMARK_PROTO_MASK, + O_HMARK_RND, + O_HMARK_MODULUS, + O_HMARK_OFFSET, + O_HMARK_CT, + O_HMARK_TYPE, +}; + +#define HMARK_OPT_PKT_MASK \ + ((1 << O_HMARK_SADDR_MASK) | \ + (1 << O_HMARK_DADDR_MASK) | \ + (1 << O_HMARK_SPI_MASK) | \ + (1 << O_HMARK_SPORT_MASK) | \ + (1 << O_HMARK_DPORT_MASK) | \ + (1 << O_HMARK_PROTO_MASK) | \ + (1 << O_HMARK_SPI_MASK) | \ + (1 << O_HMARK_SPORT) | \ + (1 << O_HMARK_DPORT) | \ + (1 << O_HMARK_SPI)) + +static const struct xt_option_entry HMARK_opts[] = { + { .name = "hmark-tuple", + .type = XTTYPE_STRING, + .id = O_HMARK_TYPE, + }, + { .name = "hmark-src-prefix", + .type = XTTYPE_PLENMASK, + .id = O_HMARK_SADDR_MASK, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, src_mask) + }, + { .name = "hmark-dst-prefix", + .type = XTTYPE_PLENMASK, + .id = O_HMARK_DADDR_MASK, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, dst_mask) + }, + { .name = "hmark-sport-mask", + .type = XTTYPE_UINT16, + .id = O_HMARK_SPORT_MASK, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.p16.src) + }, + { .name = "hmark-dport-mask", + .type = XTTYPE_UINT16, + .id = O_HMARK_DPORT_MASK, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.p16.dst) + }, + { .name = "hmark-spi-mask", + .type = XTTYPE_UINT32, + .id = O_HMARK_SPI_MASK, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_mask.v32) + }, + { .name = "hmark-sport", + .type = XTTYPE_UINT16, + .id = O_HMARK_SPORT, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.p16.src) + }, + { .name = "hmark-dport", + .type = XTTYPE_UINT16, + .id = O_HMARK_DPORT, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.p16.dst) + }, + { .name = "hmark-spi", + .type = XTTYPE_UINT32, + .id = O_HMARK_SPI, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, port_set.v32) + }, + { .name = "hmark-proto-mask", + .type = XTTYPE_UINT16, + .id = O_HMARK_PROTO_MASK, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, proto_mask) + }, + { .name = "hmark-rnd", + .type = XTTYPE_UINT32, + .id = O_HMARK_RND, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, hashrnd) + }, + { .name = "hmark-mod", + .type = XTTYPE_UINT32, + .id = O_HMARK_MODULUS, + .min = 1, + .flags = XTOPT_PUT | XTOPT_MAND, XTOPT_POINTER(hi, hmodulus) + }, + { .name = "hmark-offset", + .type = XTTYPE_UINT32, + .id = O_HMARK_OFFSET, + .flags = XTOPT_PUT, XTOPT_POINTER(hi, hoffset) + }, + XTOPT_TABLEEND, +}; + +static int +hmark_parse(const char *type, size_t len, struct xt_hmark_info *info, + unsigned int *xflags) +{ + if (strncasecmp(type, "ct", len) == 0) { + info->flags |= XT_HMARK_FLAG(XT_HMARK_CT); + *xflags |= (1 << O_HMARK_CT); + } else if (strncasecmp(type, "src", len) == 0) { + memset(&info->src_mask, 0xff, sizeof(info->src_mask)); + info->flags |= XT_HMARK_FLAG(XT_HMARK_SADDR_MASK); + *xflags |= (1 << O_HMARK_SADDR_MASK); + } else if (strncasecmp(type, "dst", len) == 0) { + memset(&info->dst_mask, 0xff, sizeof(info->dst_mask)); + info->flags |= XT_HMARK_FLAG(XT_HMARK_DADDR_MASK); + *xflags |= (1 << O_HMARK_DADDR_MASK); + } else if (strncasecmp(type, "sport", len) == 0) { + memset(&info->port_mask.p16.src, 0xff, + sizeof(info->port_mask.p16.src)); + info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT_MASK); + *xflags |= (1 << O_HMARK_SPORT_MASK); + } else if (strncasecmp(type, "dport", len) == 0) { + memset(&info->port_mask.p16.dst, 0xff, + sizeof(info->port_mask.p16.dst)); + info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT_MASK); + *xflags |= (1 << O_HMARK_DPORT_MASK); + } else if (strncasecmp(type, "proto", len) == 0) { + memset(&info->proto_mask, 0xff, sizeof(info->proto_mask)); + info->flags |= XT_HMARK_FLAG(XT_HMARK_PROTO_MASK); + *xflags |= (1 << O_HMARK_PROTO_MASK); + } else if (strncasecmp(type, "spi", len) == 0) { + memset(&info->port_mask.v32, 0xff, sizeof(info->port_mask.v32)); + info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI_MASK); + *xflags |= (1 << O_HMARK_SPI_MASK); + } else + return 0; + + return 1; +} + +static void +hmark_parse_type(struct xt_option_call *cb) +{ + const char *arg = cb->arg; + struct xt_hmark_info *info = cb->data; + const char *comma; + + while ((comma = strchr(arg, ',')) != NULL) { + if (comma == arg || + !hmark_parse(arg, comma-arg, info, &cb->xflags)) + xtables_error(PARAMETER_PROBLEM, "Bad type \"%s\"", arg); + arg = comma+1; + } + if (!*arg) + xtables_error(PARAMETER_PROBLEM, "\"--hmark-tuple\" requires " + "a list of types with no " + "spaces, e.g. " + "src,dst,sport,dport,proto"); + if (strlen(arg) == 0 || + !hmark_parse(arg, strlen(arg), info, &cb->xflags)) + xtables_error(PARAMETER_PROBLEM, "Bad type \"%s\"", arg); +} + +static void HMARK_parse(struct xt_option_call *cb, int plen) +{ + struct xt_hmark_info *info = cb->data; + + xtables_option_parse(cb); + + switch (cb->entry->id) { + case O_HMARK_TYPE: + hmark_parse_type(cb); + break; + case O_HMARK_SADDR_MASK: + info->flags |= XT_HMARK_FLAG(XT_HMARK_SADDR_MASK); + break; + case O_HMARK_DADDR_MASK: + info->flags |= XT_HMARK_FLAG(XT_HMARK_DADDR_MASK); + break; + case O_HMARK_SPI: + info->port_set.v32 = htonl(cb->val.u32); + info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI); + break; + case O_HMARK_SPORT: + info->port_set.p16.src = htons(cb->val.u16); + info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT); + break; + case O_HMARK_DPORT: + info->port_set.p16.dst = htons(cb->val.u16); + info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT); + break; + case O_HMARK_SPORT_MASK: + info->port_mask.p16.src = htons(cb->val.u16); + info->flags |= XT_HMARK_FLAG(XT_HMARK_SPORT_MASK); + break; + case O_HMARK_DPORT_MASK: + info->port_mask.p16.dst = htons(cb->val.u16); + info->flags |= XT_HMARK_FLAG(XT_HMARK_DPORT_MASK); + break; + case O_HMARK_SPI_MASK: + info->port_mask.v32 = htonl(cb->val.u32); + info->flags |= XT_HMARK_FLAG(XT_HMARK_SPI_MASK); + break; + case O_HMARK_PROTO_MASK: + info->flags |= XT_HMARK_FLAG(XT_HMARK_PROTO_MASK); + break; + case O_HMARK_RND: + info->flags |= XT_HMARK_FLAG(XT_HMARK_RND); + break; + case O_HMARK_MODULUS: + info->flags |= XT_HMARK_FLAG(XT_HMARK_MODULUS); + break; + case O_HMARK_OFFSET: + info->flags |= XT_HMARK_FLAG(XT_HMARK_OFFSET); + break; + case O_HMARK_CT: + info->flags |= XT_HMARK_FLAG(XT_HMARK_CT); + break; + } + cb->xflags |= (1 << cb->entry->id); +} + +static void HMARK_ip4_parse(struct xt_option_call *cb) +{ + HMARK_parse(cb, 32); +} +static void HMARK_ip6_parse(struct xt_option_call *cb) +{ + HMARK_parse(cb, 128); +} + +static void HMARK_check(struct xt_fcheck_call *cb) +{ + if (!(cb->xflags & (1 << O_HMARK_MODULUS))) + xtables_error(PARAMETER_PROBLEM, "--hmark-mod is mandatory"); + if (!(cb->xflags & (1 << O_HMARK_RND))) + xtables_error(PARAMETER_PROBLEM, "--hmark-rnd is mandatory"); + if (cb->xflags & (1 << O_HMARK_SPI_MASK) && + (cb->xflags & ((1 << O_HMARK_SPORT_MASK) | + (1 << O_HMARK_DPORT_MASK)))) + xtables_error(PARAMETER_PROBLEM, "you cannot use " + "--hmark-spi-mask and --hmark-?port-mask," + "at the same time"); + if (!((cb->xflags & HMARK_OPT_PKT_MASK) || + cb->xflags & (1 << O_HMARK_CT))) + xtables_error(PARAMETER_PROBLEM, "you have to specify " + "--hmark-tuple at least"); +} + +static void HMARK_print(const struct xt_hmark_info *info) +{ + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT_MASK)) + printf("sport-mask 0x%x ", htons(info->port_mask.p16.src)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT_MASK)) + printf("dport-mask 0x%x ", htons(info->port_mask.p16.dst)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI_MASK)) + printf("spi-mask 0x%x ", htonl(info->port_mask.v32)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT)) + printf("sport 0x%x ", htons(info->port_set.p16.src)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT)) + printf("dport 0x%x ", htons(info->port_set.p16.dst)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI)) + printf("spi 0x%x ", htonl(info->port_set.v32)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_PROTO_MASK)) + printf("proto-mask 0x%x ", info->proto_mask); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_RND)) + printf("rnd 0x%x ", info->hashrnd); +} + +static void HMARK_ip6_print(const void *ip, + const struct xt_entry_target *target, int numeric) +{ + const struct xt_hmark_info *info = + (const struct xt_hmark_info *)target->data; + + printf(" HMARK "); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS)) + printf("mod %u ", info->hmodulus); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET)) + printf("+ 0x%x ", info->hoffset); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT)) + printf("ct, "); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK)) + printf("src-prefix %s ", + xtables_ip6mask_to_numeric(&info->src_mask.in6) + 1); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK)) + printf("dst-prefix %s ", + xtables_ip6mask_to_numeric(&info->dst_mask.in6) + 1); + HMARK_print(info); +} +static void HMARK_ip4_print(const void *ip, + const struct xt_entry_target *target, int numeric) +{ + const struct xt_hmark_info *info = + (const struct xt_hmark_info *)target->data; + + printf(" HMARK "); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS)) + printf("mod %u ", info->hmodulus); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET)) + printf("+ 0x%x ", info->hoffset); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT)) + printf("ct, "); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK)) + printf("src-prefix %u ", + xtables_ipmask_to_cidr(&info->src_mask.in)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK)) + printf("dst-prefix %u ", + xtables_ipmask_to_cidr(&info->dst_mask.in)); + HMARK_print(info); +} + +static void HMARK_save(const struct xt_hmark_info *info) +{ + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT_MASK)) + printf(" --hmark-sport-mask 0x%04x", + htons(info->port_mask.p16.src)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT_MASK)) + printf(" --hmark-dport-mask 0x%04x", + htons(info->port_mask.p16.dst)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI_MASK)) + printf(" --hmark-spi-mask 0x%08x", + htonl(info->port_mask.v32)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPORT)) + printf(" --hmark-sport 0x%04x", + htons(info->port_set.p16.src)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_DPORT)) + printf(" --hmark-dport 0x%04x", + htons(info->port_set.p16.dst)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI)) + printf(" --hmark-spi 0x%08x", htonl(info->port_set.v32)); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_PROTO_MASK)) + printf(" --hmark-proto-mask 0x%02x", info->proto_mask); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_RND)) + printf(" --hmark-rnd 0x%08x", info->hashrnd); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_MODULUS)) + printf(" --hmark-mod %u", info->hmodulus); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_OFFSET)) + printf(" --hmark-offset %u", info->hoffset); + if (info->flags & XT_HMARK_FLAG(XT_HMARK_CT)) + printf(" --hmark-tuple ct"); +} + +static void HMARK_ip6_save(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_hmark_info *info = + (const struct xt_hmark_info *)target->data; + int ret; + + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK)) { + ret = xtables_ip6mask_to_cidr(&info->src_mask.in6); + printf(" --hmark-src-prefix %d", ret); + } + if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK)) { + ret = xtables_ip6mask_to_cidr(&info->dst_mask.in6); + printf(" --hmark-dst-prefix %d", ret); + } + HMARK_save(info); +} + +static void HMARK_ip4_save(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_hmark_info *info = + (const struct xt_hmark_info *)target->data; + int ret; + + if (info->flags & XT_HMARK_FLAG(XT_HMARK_SADDR_MASK)) { + ret = xtables_ipmask_to_cidr(&info->src_mask.in); + printf(" --hmark-src-prefix %d", ret); + } + if (info->flags & XT_HMARK_FLAG(XT_HMARK_DADDR_MASK)) { + ret = xtables_ipmask_to_cidr(&info->dst_mask.in); + printf(" --hmark-dst-prefix %d", ret); + } + HMARK_save(info); +} + +static struct xtables_target mark_tg_reg[] = { + { + .family = NFPROTO_IPV4, + .name = "HMARK", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_hmark_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_hmark_info)), + .help = HMARK_help, + .print = HMARK_ip4_print, + .save = HMARK_ip4_save, + .x6_parse = HMARK_ip4_parse, + .x6_fcheck = HMARK_check, + .x6_options = HMARK_opts, + }, + { + .family = NFPROTO_IPV6, + .name = "HMARK", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_hmark_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_hmark_info)), + .help = HMARK_help, + .print = HMARK_ip6_print, + .save = HMARK_ip6_save, + .x6_parse = HMARK_ip6_parse, + .x6_fcheck = HMARK_check, + .x6_options = HMARK_opts, + }, +}; + +void _init(void) +{ + xtables_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg)); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/extensions/libxt_HMARK.man new/iptables-1.4.15/extensions/libxt_HMARK.man --- old/iptables-1.4.14/extensions/libxt_HMARK.man 1970-01-01 01:00:00.000000000 +0100 +++ new/iptables-1.4.15/extensions/libxt_HMARK.man 2012-07-31 12:44:36.000000000 +0200 @@ -0,0 +1,60 @@ +Like MARK, i.e. set the fwmark, but the mark is calculated from hashing +packet selector at choice. You have also to specify the mark range and, +optionally, the offset to start from. ICMP error messages are inspected +and used to calculate the hashing. +.PP +Existing options are: +.TP +\fB\-\-hmark\-tuple\fP tuple\fI\fP +Possible tuple members are: +.B src +meaning source address (IPv4, IPv6 address), +.B dst +meaning destination address (IPv4, IPv6 address), +.B sport +meaning source port (TCP, UDP, UDPlite, SCTP, DCCP), +.B dport +meaning destination port (TCP, UDP, UDPlite, SCTP, DCCP), +.B spi +meaning Security Parameter Index (AH, ESP), and +.B ct +meaning the usage of the conntrack tuple instead of the packet selectors. +.TP +\fB\-\-hmark\-mod\fP \fIvalue (must be > 0)\fP +Modulus for hash calculation (to limit the range of possible marks) +.TP +\fB\-\-hmark\-offset\fP \fIvalue\fP +Offset to start marks from. +.TP +For advanced usage, instead of using \-\-hmark\-tuple, you can specify custom +prefixes and masks: +.TP +\fB\-\-hmark\-src\-prefix\fP \fIcidr\fP +The source address mask in CIDR notation. +.TP +\fB\-\-hmark\-dst\-prefix\fP \fIcidr\fP +The destination address mask in CIDR notation. +.TP +\fB\-\-hmark\-sport\-mask\fP \fIvalue\fP +A 16 bit source port mask in hexadecimal. +.TP +\fB\-\-hmark\-dport\-mask\fP \fIvalue\fP +A 16 bit destination port mask in hexadecimal. +.TP +\fB\-\-hmark\-spi\-mask\fP \fIvalue\fP +A 32 bit field with spi mask. +.TP +\fB\-\-hmark\-proto\-mask\fP \fIvalue\fP +An 8 bit field with layer 4 protocol number. +.TP +\fB\-\-hmark\-rnd\fP \fIvalue\fP +A 32 bit random custom value to feed hash calculation. +.PP +\fIExamples:\fP +.PP +iptables \-t mangle \-A PREROUTING \-m state \-\-state NEW + \-j HMARK \-\-hmark-tuple ct,src,dst,proto \-\-hmark-offset 10000 +\-\-hmark\-mod 10 \-\-hmark\-rnd 0xfeedcafe +.PP +iptables \-t mangle \-A PREROUTING -j HMARK \-\-hmark\-offset 10000 +\-\-hmark-tuple src,dst,proto \-\-hmark-mod 10 \-\-hmark\-rnd 0xdeafbeef diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/extensions/libxt_devgroup.man new/iptables-1.4.15/extensions/libxt_devgroup.man --- old/iptables-1.4.14/extensions/libxt_devgroup.man 1970-01-01 01:00:00.000000000 +0100 +++ new/iptables-1.4.15/extensions/libxt_devgroup.man 2012-07-31 12:44:36.000000000 +0200 @@ -0,0 +1,7 @@ +Match device group of a packets incoming/outgoing interface. +.TP +[\fB!\fP] \fB\-\-src\-group\fP \fIname\fP +Match device group of incoming device +.TP +[\fB!\fP] \fB\-\-dst\-group\fP \fIname\fP +Match device group of outgoing device diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/extensions/libxt_hashlimit.c new/iptables-1.4.15/extensions/libxt_hashlimit.c --- old/iptables-1.4.14/extensions/libxt_hashlimit.c 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/extensions/libxt_hashlimit.c 2012-07-31 12:44:36.000000000 +0200 @@ -20,6 +20,10 @@ #include <linux/netfilter/xt_hashlimit.h> #define XT_HASHLIMIT_BURST 5 +#define XT_HASHLIMIT_BURST_MAX 10000 + +#define XT_HASHLIMIT_BYTE_EXPIRE 15 +#define XT_HASHLIMIT_BYTE_EXPIRE_BURST 60 /* miliseconds */ #define XT_HASHLIMIT_GCINTERVAL 1000 @@ -59,6 +63,7 @@ O_HTABLE_MAX, O_HTABLE_GCINT, O_HTABLE_EXPIRE, + F_BURST = 1 << O_BURST, F_UPTO = 1 << O_UPTO, F_ABOVE = 1 << O_ABOVE, F_HTABLE_EXPIRE = 1 << O_HTABLE_EXPIRE, @@ -90,7 +95,7 @@ {.name = "hashlimit", .id = O_UPTO, .excl = F_ABOVE, .type = XTTYPE_STRING}, {.name = "hashlimit-burst", .id = O_BURST, .type = XTTYPE_UINT32, - .min = 1, .max = 10000, .flags = XTOPT_PUT, + .min = 1, .max = XT_HASHLIMIT_BURST_MAX, .flags = XTOPT_PUT, XTOPT_POINTER(s, cfg.burst)}, {.name = "hashlimit-htable-size", .id = O_HTABLE_SIZE, .type = XTTYPE_UINT32, .flags = XTOPT_PUT, @@ -122,9 +127,7 @@ .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, /* old name */ {.name = "hashlimit-srcmask", .id = O_SRCMASK, .type = XTTYPE_PLEN}, {.name = "hashlimit-dstmask", .id = O_DSTMASK, .type = XTTYPE_PLEN}, - {.name = "hashlimit-burst", .id = O_BURST, .type = XTTYPE_UINT32, - .min = 1, .max = 10000, .flags = XTOPT_PUT, - XTOPT_POINTER(s, cfg.burst)}, + {.name = "hashlimit-burst", .id = O_BURST, .type = XTTYPE_STRING}, {.name = "hashlimit-htable-size", .id = O_HTABLE_SIZE, .type = XTTYPE_UINT32, .flags = XTOPT_PUT, XTOPT_POINTER(s, cfg.size)}, @@ -144,6 +147,82 @@ }; #undef s +static uint32_t cost_to_bytes(uint32_t cost) +{ + uint32_t r; + + r = cost ? UINT32_MAX / cost : UINT32_MAX; + r = (r - 1) << XT_HASHLIMIT_BYTE_SHIFT; + return r; +} + +static uint64_t bytes_to_cost(uint32_t bytes) +{ + uint32_t r = bytes >> XT_HASHLIMIT_BYTE_SHIFT; + return UINT32_MAX / (r+1); +} + +static uint32_t get_factor(int chr) +{ + switch (chr) { + case 'm': return 1024 * 1024; + case 'k': return 1024; + } + return 1; +} + +static void burst_error(void) +{ + xtables_error(PARAMETER_PROBLEM, "bad value for option " + "\"--hashlimit-burst\", or out of range (1-%u).", XT_HASHLIMIT_BURST_MAX); +} + +static uint32_t parse_burst(const char *burst, struct xt_hashlimit_mtinfo1 *info) +{ + uintmax_t v; + char *end; + + if (!xtables_strtoul(burst, &end, &v, 1, UINT32_MAX) || + (*end == 0 && v > XT_HASHLIMIT_BURST_MAX)) + burst_error(); + + v *= get_factor(*end); + if (v > UINT32_MAX) + xtables_error(PARAMETER_PROBLEM, "bad value for option " + "\"--hashlimit-burst\", value \"%s\" too large " + "(max %umb).", burst, UINT32_MAX/1024/1024); + return v; +} + +static bool parse_bytes(const char *rate, uint32_t *val, struct hashlimit_mt_udata *ud) +{ + unsigned int factor = 1; + uint64_t tmp; + int r; + const char *mode = strstr(rate, "b/s"); + if (!mode || mode == rate) + return false; + + mode--; + r = atoi(rate); + if (r == 0) + return false; + + factor = get_factor(*mode); + tmp = (uint64_t) r * factor; + if (tmp > UINT32_MAX) + xtables_error(PARAMETER_PROBLEM, + "Rate value too large \"%llu\" (max %u)\n", + (unsigned long long)tmp, UINT32_MAX); + + *val = bytes_to_cost(tmp); + if (*val == 0) + xtables_error(PARAMETER_PROBLEM, "Rate too high \"%s\"\n", rate); + + ud->mult = XT_HASHLIMIT_BYTE_EXPIRE; + return true; +} + static int parse_rate(const char *rate, uint32_t *val, struct hashlimit_mt_udata *ud) { @@ -265,17 +344,24 @@ xtables_option_parse(cb); switch (cb->entry->id) { + case O_BURST: + info->cfg.burst = parse_burst(cb->arg, info); + break; case O_UPTO: if (cb->invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; - if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata)) + if (parse_bytes(cb->arg, &info->cfg.avg, cb->udata)) + info->cfg.mode |= XT_HASHLIMIT_BYTES; + else if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata)) xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-upto", cb->arg); break; case O_ABOVE: if (!cb->invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; - if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata)) + if (parse_bytes(cb->arg, &info->cfg.avg, cb->udata)) + info->cfg.mode |= XT_HASHLIMIT_BYTES; + else if (!parse_rate(cb->arg, &info->cfg.avg, cb->udata)) xtables_param_act(XTF_BAD_VALUE, "hashlimit", "--hashlimit-above", cb->arg); break; @@ -315,6 +401,24 @@ "You have to specify --hashlimit"); if (!(cb->xflags & F_HTABLE_EXPIRE)) info->cfg.expire = udata->mult * 1000; /* from s to msec */ + + if (info->cfg.mode & XT_HASHLIMIT_BYTES) { + uint32_t burst = 0; + if (cb->xflags & F_BURST) { + if (info->cfg.burst < cost_to_bytes(info->cfg.avg)) + xtables_error(PARAMETER_PROBLEM, + "burst cannot be smaller than %ub", cost_to_bytes(info->cfg.avg)); + + burst = info->cfg.burst; + burst /= cost_to_bytes(info->cfg.avg); + if (info->cfg.burst % cost_to_bytes(info->cfg.avg)) + burst++; + if (!(cb->xflags & F_HTABLE_EXPIRE)) + info->cfg.expire = XT_HASHLIMIT_BYTE_EXPIRE_BURST * 1000; + } + info->cfg.burst = burst; + } else if (info->cfg.burst > XT_HASHLIMIT_BURST_MAX) + burst_error(); } static const struct rates @@ -340,6 +444,41 @@ return rates[i-1].mult / XT_HASHLIMIT_SCALE * 1000; } +static const struct { + const char *name; + uint32_t thresh; +} units[] = { + { "m", 1024 * 1024 }, + { "k", 1024 }, + { "", 1 }, +}; + +static uint32_t print_bytes(uint32_t avg, uint32_t burst, const char *prefix) +{ + unsigned int i; + unsigned long long r; + + r = cost_to_bytes(avg); + + for (i = 0; i < ARRAY_SIZE(units) -1; ++i) + if (r >= units[i].thresh && + bytes_to_cost(r & ~(units[i].thresh - 1)) == avg) + break; + printf(" %llu%sb/s", r/units[i].thresh, units[i].name); + + if (burst == 0) + return XT_HASHLIMIT_BYTE_EXPIRE * 1000; + + r *= burst; + printf(" %s", prefix); + for (i = 0; i < ARRAY_SIZE(units) -1; ++i) + if (r >= units[i].thresh) + break; + + printf("burst %llu%sb", r / units[i].thresh, units[i].name); + return XT_HASHLIMIT_BYTE_EXPIRE_BURST * 1000; +} + static void print_mode(unsigned int mode, char separator) { bool prevmode = false; @@ -398,8 +537,13 @@ fputs(" limit: above", stdout); else fputs(" limit: up to", stdout); - quantum = print_rate(info->cfg.avg); - printf(" burst %u", info->cfg.burst); + + if (info->cfg.mode & XT_HASHLIMIT_BYTES) { + quantum = print_bytes(info->cfg.avg, info->cfg.burst, ""); + } else { + quantum = print_rate(info->cfg.avg); + printf(" burst %u", info->cfg.burst); + } if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) { fputs(" mode", stdout); @@ -449,7 +593,7 @@ fputs(" --hashlimit-mode", stdout); print_mode(r->cfg.mode, ','); - + printf(" --hashlimit-name %s", r->name); if (r->cfg.size) @@ -471,8 +615,13 @@ fputs(" --hashlimit-above", stdout); else fputs(" --hashlimit-upto", stdout); - quantum = print_rate(info->cfg.avg); - printf(" --hashlimit-burst %u", info->cfg.burst); + + if (info->cfg.mode & XT_HASHLIMIT_BYTES) { + quantum = print_bytes(info->cfg.avg, info->cfg.burst, "--hashlimit-"); + } else { + quantum = print_rate(info->cfg.avg); + printf(" --hashlimit-burst %u", info->cfg.burst); + } if (info->cfg.mode & (XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/extensions/libxt_hashlimit.man new/iptables-1.4.15/extensions/libxt_hashlimit.man --- old/iptables-1.4.14/extensions/libxt_hashlimit.man 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/extensions/libxt_hashlimit.man 2012-07-31 12:44:36.000000000 +0200 @@ -2,14 +2,15 @@ \fBlimit\fP match) for a group of connections using a \fBsingle\fP iptables rule. Grouping can be done per-hostgroup (source and/or destination address) and/or per-port. It gives you the ability to express "\fIN\fP packets per time -quantum per group" (see below for some examples). +quantum per group" or "\fIN\fP bytes per seconds" (see below for some examples). .PP A hash limit option (\fB\-\-hashlimit\-upto\fP, \fB\-\-hashlimit\-above\fP) and \fB\-\-hashlimit\-name\fP are required. .TP \fB\-\-hashlimit\-upto\fP \fIamount\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP] -Match if the rate is below or equal to \fIamount\fP/quantum. It is specified as -a number, with an optional time quantum suffix; the default is 3/hour. +Match if the rate is below or equal to \fIamount\fP/quantum. It is specified either as +a number, with an optional time quantum suffix (the default is 3/hour), or as +\fIamount\fPb/second (number of bytes per second). .TP \fB\-\-hashlimit\-above\fP \fIamount\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP] Match if the rate is above \fIamount\fP/quantum. @@ -17,7 +18,9 @@ \fB\-\-hashlimit\-burst\fP \fIamount\fP Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the -default is 5. +default is 5. When byte-based rate matching is requested, this option specifies +the amount of bytes that can exceed the given rate. This option should be used +with caution -- if the entry expires, the burst value is reset too. .TP \fB\-\-hashlimit\-mode\fP {\fBsrcip\fP|\fBsrcport\fP|\fBdstip\fP|\fBdstport\fP}\fB,\fP... A comma-separated list of objects to take into consideration. If no @@ -63,3 +66,11 @@ "10000 packets per minute for every /28 subnet (groups of 8 addresses) in 10.0.0.0/8" => \-s 10.0.0.8 \-\-hashlimit\-mask 28 \-\-hashlimit\-upto 10000/min +.TP +matching bytes per second +"flows exceeding 512kbyte/s" => +\-\-hashlimit-mode srcip,dstip,srcport,dstport \-\-hashlimit\-above 512kb/s +.TP +matching bytes per second +"hosts that exceed 512kbyte/s, but permit up to 1Megabytes without matching" +\-\-hashlimit-mode dstip \-\-hashlimit\-above 512kb/s \-\-hashlimit-burst 1mb diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/extensions/libxt_recent.c new/iptables-1.4.15/extensions/libxt_recent.c --- old/iptables-1.4.14/extensions/libxt_recent.c 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/extensions/libxt_recent.c 2012-07-31 12:44:36.000000000 +0200 @@ -16,6 +16,7 @@ O_NAME, O_RSOURCE, O_RDEST, + O_MASK, F_SET = 1 << O_SET, F_RCHECK = 1 << O_RCHECK, F_UPDATE = 1 << O_UPDATE, @@ -25,7 +26,7 @@ }; #define s struct xt_recent_mtinfo -static const struct xt_option_entry recent_opts[] = { +static const struct xt_option_entry recent_opts_v0[] = { {.name = "set", .id = O_SET, .type = XTTYPE_NONE, .excl = F_ANY_OP, .flags = XTOPT_INVERT}, {.name = "rcheck", .id = O_RCHECK, .type = XTTYPE_NONE, @@ -50,6 +51,32 @@ }; #undef s +#define s struct xt_recent_mtinfo_v1 +static const struct xt_option_entry recent_opts_v1[] = { + {.name = "set", .id = O_SET, .type = XTTYPE_NONE, + .excl = F_ANY_OP, .flags = XTOPT_INVERT}, + {.name = "rcheck", .id = O_RCHECK, .type = XTTYPE_NONE, + .excl = F_ANY_OP, .flags = XTOPT_INVERT}, + {.name = "update", .id = O_UPDATE, .type = XTTYPE_NONE, + .excl = F_ANY_OP, .flags = XTOPT_INVERT}, + {.name = "remove", .id = O_REMOVE, .type = XTTYPE_NONE, + .excl = F_ANY_OP, .flags = XTOPT_INVERT}, + {.name = "seconds", .id = O_SECONDS, .type = XTTYPE_UINT32, + .flags = XTOPT_PUT, XTOPT_POINTER(s, seconds)}, + {.name = "hitcount", .id = O_HITCOUNT, .type = XTTYPE_UINT32, + .flags = XTOPT_PUT, XTOPT_POINTER(s, hit_count)}, + {.name = "rttl", .id = O_RTTL, .type = XTTYPE_NONE, + .excl = F_SET | F_REMOVE}, + {.name = "name", .id = O_NAME, .type = XTTYPE_STRING, + .flags = XTOPT_PUT, XTOPT_POINTER(s, name)}, + {.name = "rsource", .id = O_RSOURCE, .type = XTTYPE_NONE}, + {.name = "rdest", .id = O_RDEST, .type = XTTYPE_NONE}, + {.name = "mask", .id = O_MASK, .type = XTTYPE_HOST, + .flags = XTOPT_PUT, XTOPT_POINTER(s, mask)}, + XTOPT_TABLEEND, +}; +#undef s + static void recent_help(void) { printf( @@ -74,18 +101,28 @@ " --name name Name of the recent list to be used. DEFAULT used if none given.\n" " --rsource Match/Save the source address of each packet in the recent list table (default).\n" " --rdest Match/Save the destination address of each packet in the recent list table.\n" +" --mask netmask Netmask that will be applied to this recent list.\n" "xt_recent by: Stephen Frost <sfrost(a)snowman.net>. http://snowman.net/projects/ipt_recent/\n"); } -static void recent_init(struct xt_entry_match *match) +enum { + XT_RECENT_REV_0 = 0, + XT_RECENT_REV_1, +}; + +static void recent_init(struct xt_entry_match *match, unsigned int rev) { - struct xt_recent_mtinfo *info = (void *)(match)->data; + struct xt_recent_mtinfo *info = (struct xt_recent_mtinfo *)match->data; + struct xt_recent_mtinfo_v1 *info_v1 = + (struct xt_recent_mtinfo_v1 *)match->data; strncpy(info->name,"DEFAULT", XT_RECENT_NAME_LEN); /* even though XT_RECENT_NAME_LEN is currently defined as 200, * better be safe, than sorry */ info->name[XT_RECENT_NAME_LEN-1] = '\0'; info->side = XT_RECENT_SOURCE; + if (rev == XT_RECENT_REV_1) + memset(&info_v1->mask, 0xFF, sizeof(info_v1->mask)); } static void recent_parse(struct xt_option_call *cb) @@ -131,8 +168,6 @@ static void recent_check(struct xt_fcheck_call *cb) { - struct xt_recent_mtinfo *info = cb->data; - if (!(cb->xflags & F_ANY_OP)) xtables_error(PARAMETER_PROBLEM, "recent: you must specify one of `--set', `--rcheck' " @@ -140,9 +175,9 @@ } static void recent_print(const void *ip, const struct xt_entry_match *match, - int numeric) + unsigned int family) { - const struct xt_recent_mtinfo *info = (const void *)match->data; + const struct xt_recent_mtinfo_v1 *info = (const void *)match->data; if (info->invert) printf(" !"); @@ -167,11 +202,23 @@ printf(" side: source"); if (info->side == XT_RECENT_DEST) printf(" side: dest"); + + switch(family) { + case NFPROTO_IPV4: + printf(" mask: %s", + xtables_ipaddr_to_numeric(&info->mask.in)); + break; + case NFPROTO_IPV6: + printf(" mask: %s", + xtables_ip6addr_to_numeric(&info->mask.in6)); + break; + } } -static void recent_save(const void *ip, const struct xt_entry_match *match) +static void recent_save(const void *ip, const struct xt_entry_match *match, + unsigned int family) { - const struct xt_recent_mtinfo *info = (const void *)match->data; + const struct xt_recent_mtinfo_v1 *info = (const void *)match->data; if (info->invert) printf(" !"); @@ -191,28 +238,116 @@ if (info->check_set & XT_RECENT_TTL) printf(" --rttl"); if(info->name) printf(" --name %s",info->name); + + switch(family) { + case NFPROTO_IPV4: + printf(" --mask %s", + xtables_ipaddr_to_numeric(&info->mask.in)); + break; + case NFPROTO_IPV6: + printf(" --mask %s", + xtables_ip6addr_to_numeric(&info->mask.in6)); + break; + } + if (info->side == XT_RECENT_SOURCE) printf(" --rsource"); if (info->side == XT_RECENT_DEST) printf(" --rdest"); } -static struct xtables_match recent_mt_reg = { - .name = "recent", - .version = XTABLES_VERSION, - .family = NFPROTO_UNSPEC, - .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)), - .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)), - .help = recent_help, - .init = recent_init, - .x6_parse = recent_parse, - .x6_fcheck = recent_check, - .print = recent_print, - .save = recent_save, - .x6_options = recent_opts, +static void recent_init_v0(struct xt_entry_match *match) +{ + recent_init(match, XT_RECENT_REV_0); +} + +static void recent_init_v1(struct xt_entry_match *match) +{ + recent_init(match, XT_RECENT_REV_1); +} + +static void recent_save_v0(const void *ip, const struct xt_entry_match *match) +{ + recent_save(ip, match, NFPROTO_UNSPEC); +} + +static void recent_save_v4(const void *ip, const struct xt_entry_match *match) +{ + recent_save(ip, match, NFPROTO_IPV4); +} + +static void recent_save_v6(const void *ip, const struct xt_entry_match *match) +{ + recent_save(ip, match, NFPROTO_IPV6); +} + +static void recent_print_v0(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + recent_print(ip, match, NFPROTO_UNSPEC); +} + +static void recent_print_v4(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + recent_print(ip, match, NFPROTO_IPV4); +} + +static void recent_print_v6(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + recent_print(ip, match, NFPROTO_IPV6); +} + +static struct xtables_match recent_mt_reg[] = { + { + .name = "recent", + .version = XTABLES_VERSION, + .revision = 0, + .family = NFPROTO_UNSPEC, + .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)), + .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)), + .help = recent_help, + .init = recent_init_v0, + .x6_parse = recent_parse, + .x6_fcheck = recent_check, + .print = recent_print_v0, + .save = recent_save_v0, + .x6_options = recent_opts_v0, + }, + { + .name = "recent", + .version = XTABLES_VERSION, + .revision = 1, + .family = NFPROTO_IPV4, + .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo_v1)), + .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo_v1)), + .help = recent_help, + .init = recent_init_v1, + .x6_parse = recent_parse, + .x6_fcheck = recent_check, + .print = recent_print_v4, + .save = recent_save_v4, + .x6_options = recent_opts_v1, + }, + { + .name = "recent", + .version = XTABLES_VERSION, + .revision = 1, + .family = NFPROTO_IPV6, + .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo_v1)), + .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo_v1)), + .help = recent_help, + .init = recent_init_v1, + .x6_parse = recent_parse, + .x6_fcheck = recent_check, + .print = recent_print_v6, + .save = recent_save_v6, + .x6_options = recent_opts_v1, + }, }; void _init(void) { - xtables_register_match(&recent_mt_reg); + xtables_register_matches(recent_mt_reg, ARRAY_SIZE(recent_mt_reg)); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/extensions/libxt_recent.man new/iptables-1.4.15/extensions/libxt_recent.man --- old/iptables-1.4.14/extensions/libxt_recent.man 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/extensions/libxt_recent.man 2012-07-31 12:44:36.000000000 +0200 @@ -24,6 +24,9 @@ \fB\-\-rdest\fP Match/save the destination address of each packet in the recent list table. .TP +\fB\-\-mask\fPnetmask +Netmask that will be applied to this recent list. +.TP [\fB!\fP] \fB\-\-rcheck\fP Check if the source address of the packet is currently in the list. .TP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/include/linux/netfilter/xt_HMARK.h new/iptables-1.4.15/include/linux/netfilter/xt_HMARK.h --- old/iptables-1.4.14/include/linux/netfilter/xt_HMARK.h 1970-01-01 01:00:00.000000000 +0100 +++ new/iptables-1.4.15/include/linux/netfilter/xt_HMARK.h 2012-07-31 12:44:36.000000000 +0200 @@ -0,0 +1,50 @@ +#ifndef XT_HMARK_H_ +#define XT_HMARK_H_ + +#include <linux/types.h> + +enum { + XT_HMARK_SADDR_MASK, + XT_HMARK_DADDR_MASK, + XT_HMARK_SPI, + XT_HMARK_SPI_MASK, + XT_HMARK_SPORT, + XT_HMARK_DPORT, + XT_HMARK_SPORT_MASK, + XT_HMARK_DPORT_MASK, + XT_HMARK_PROTO_MASK, + XT_HMARK_RND, + XT_HMARK_MODULUS, + XT_HMARK_OFFSET, + XT_HMARK_CT, + XT_HMARK_METHOD_L3, + XT_HMARK_METHOD_L3_4, +}; +#define XT_HMARK_FLAG(flag) (1 << flag) + +union hmark_ports { + struct { + __u16 src; + __u16 dst; + } p16; + struct { + __be16 src; + __be16 dst; + } b16; + __u32 v32; + __be32 b32; +}; + +struct xt_hmark_info { + union nf_inet_addr src_mask; + union nf_inet_addr dst_mask; + union hmark_ports port_mask; + union hmark_ports port_set; + __u32 flags; + __u16 proto_mask; + __u32 hashrnd; + __u32 hmodulus; + __u32 hoffset; /* Mark offset to start from */ +}; + +#endif /* XT_HMARK_H_ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/include/linux/netfilter/xt_hashlimit.h new/iptables-1.4.15/include/linux/netfilter/xt_hashlimit.h --- old/iptables-1.4.14/include/linux/netfilter/xt_hashlimit.h 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/include/linux/netfilter/xt_hashlimit.h 2012-07-31 12:44:36.000000000 +0200 @@ -6,7 +6,10 @@ /* timings are in milliseconds. */ #define XT_HASHLIMIT_SCALE 10000 /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ + seconds, or one packet every 59 hours. */ + +/* packet length accounting is done in 16-byte steps */ +#define XT_HASHLIMIT_BYTE_SHIFT 4 /* details of this structure hidden by the implementation */ struct xt_hashlimit_htable; @@ -17,6 +20,7 @@ XT_HASHLIMIT_HASH_SIP = 1 << 2, XT_HASHLIMIT_HASH_SPT = 1 << 3, XT_HASHLIMIT_INVERT = 1 << 4, + XT_HASHLIMIT_BYTES = 1 << 5, }; struct hashlimit_cfg { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/include/linux/netfilter/xt_recent.h new/iptables-1.4.15/include/linux/netfilter/xt_recent.h --- old/iptables-1.4.14/include/linux/netfilter/xt_recent.h 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/include/linux/netfilter/xt_recent.h 2012-07-31 12:44:36.000000000 +0200 @@ -32,4 +32,14 @@ __u8 side; }; +struct xt_recent_mtinfo_v1 { + __u32 seconds; + __u32 hit_count; + __u8 check_set; + __u8 invert; + char name[XT_RECENT_NAME_LEN]; + __u8 side; + union nf_inet_addr mask; +}; + #endif /* _LINUX_NETFILTER_XT_RECENT_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/include/xtables.h.in new/iptables-1.4.15/include/xtables.h.in --- old/iptables-1.4.14/include/xtables.h.in 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/include/xtables.h.in 2012-07-31 12:44:36.000000000 +0200 @@ -442,6 +442,7 @@ extern const char *xtables_ipmask_to_numeric(const struct in_addr *); extern struct in_addr *xtables_numeric_to_ipaddr(const char *); extern struct in_addr *xtables_numeric_to_ipmask(const char *); +extern int xtables_ipmask_to_cidr(const struct in_addr *); extern void xtables_ipparse_any(const char *, struct in_addr **, struct in_addr *, unsigned int *); extern void xtables_ipparse_multiple(const char *, struct in_addr **, @@ -451,6 +452,7 @@ extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *); extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *); extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *); +extern int xtables_ip6mask_to_cidr(const struct in6_addr *); extern void xtables_ip6parse_any(const char *, struct in6_addr **, struct in6_addr *, unsigned int *); extern void xtables_ip6parse_multiple(const char *, struct in6_addr **, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/iptables/ip6tables-restore.c new/iptables-1.4.15/iptables/ip6tables-restore.c --- old/iptables-1.4.14/iptables/ip6tables-restore.c 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/iptables/ip6tables-restore.c 2012-07-31 12:44:36.000000000 +0200 @@ -329,6 +329,7 @@ char *curchar; int quote_open, escaped; size_t param_len; + char param_buffer[1024]; /* reset the newargv */ newargc = 0; @@ -379,8 +380,6 @@ param_len = 0; for (curchar = parsestart; *curchar; curchar++) { - char param_buffer[1024]; - if (quote_open) { if (escaped) { param_buffer[param_len++] = *curchar; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/iptables/iptables-restore.c new/iptables-1.4.15/iptables/iptables-restore.c --- old/iptables-1.4.14/iptables/iptables-restore.c 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/iptables/iptables-restore.c 2012-07-31 12:44:36.000000000 +0200 @@ -329,6 +329,7 @@ char *curchar; int quote_open, escaped; size_t param_len; + char param_buffer[1024]; /* reset the newargv */ newargc = 0; @@ -379,8 +380,6 @@ param_len = 0; for (curchar = parsestart; *curchar; curchar++) { - char param_buffer[1024]; - if (quote_open) { if (escaped) { param_buffer[param_len++] = *curchar; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/libxtables/xtables.c new/iptables-1.4.15/libxtables/xtables.c --- old/iptables-1.4.14/libxtables/xtables.c 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/libxtables/xtables.c 2012-07-31 12:44:36.000000000 +0200 @@ -1133,28 +1133,43 @@ return xtables_ipaddr_to_numeric(addr); } -const char *xtables_ipmask_to_numeric(const struct in_addr *mask) +int xtables_ipmask_to_cidr(const struct in_addr *mask) { - static char buf[20]; uint32_t maskaddr, bits; int i; maskaddr = ntohl(mask->s_addr); - + /* shortcut for /32 networks */ if (maskaddr == 0xFFFFFFFFL) - /* we don't want to see "/32" */ - return ""; + return 32; i = 32; bits = 0xFFFFFFFEL; while (--i >= 0 && maskaddr != bits) bits <<= 1; if (i >= 0) - sprintf(buf, "/%d", i); - else + return i; + + /* this mask cannot be converted to CIDR notation */ + return -1; +} + +const char *xtables_ipmask_to_numeric(const struct in_addr *mask) +{ + static char buf[20]; + uint32_t cidr; + + cidr = xtables_ipmask_to_cidr(mask); + if (cidr < 0) { /* mask was not a decent combination of 1's and 0's */ sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask)); + return buf; + } else if (cidr == 32) { + /* we don't want to see "/32" */ + return ""; + } + sprintf(buf, "/%d", cidr); return buf; } @@ -1465,7 +1480,7 @@ return xtables_ip6addr_to_numeric(addr); } -static int ip6addr_prefix_length(const struct in6_addr *k) +int xtables_ip6mask_to_cidr(const struct in6_addr *k) { unsigned int bits = 0; uint32_t a, b, c, d; @@ -1492,7 +1507,7 @@ const char *xtables_ip6mask_to_numeric(const struct in6_addr *addrp) { static char buf[50+2]; - int l = ip6addr_prefix_length(addrp); + int l = xtables_ip6mask_to_cidr(addrp); if (l == -1) { strcpy(buf, "/"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/m4/libtool.m4 new/iptables-1.4.15/m4/libtool.m4 --- old/iptables-1.4.14/m4/libtool.m4 2012-05-26 18:45:16.000000000 +0200 +++ new/iptables-1.4.15/m4/libtool.m4 2012-07-31 12:45:33.000000000 +0200 @@ -2512,17 +2512,6 @@ esac ;; -gnu*) - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no @@ -2639,7 +2628,7 @@ ;; # This must be glibc/ELF. -linux* | k*bsd*-gnu | kopensolaris*-gnu) +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no @@ -3255,10 +3244,6 @@ fi ;; -gnu*) - lt_cv_deplibs_check_method=pass_all - ;; - haiku*) lt_cv_deplibs_check_method=pass_all ;; @@ -3297,7 +3282,7 @@ ;; # This must be glibc/ELF. -linux* | k*bsd*-gnu | kopensolaris*-gnu) +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; @@ -4049,7 +4034,7 @@ ;; esac ;; - linux* | k*bsd*-gnu | kopensolaris*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in KCC*) # KAI C++ Compiler @@ -4348,7 +4333,7 @@ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; - linux* | k*bsd*-gnu | kopensolaris*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) @@ -6241,9 +6226,6 @@ _LT_TAGVAR(ld_shlibs, $1)=yes ;; - gnu*) - ;; - haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes @@ -6405,7 +6387,7 @@ _LT_TAGVAR(inherit_rpath, $1)=yes ;; - linux* | k*bsd*-gnu | kopensolaris*-gnu) + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/iptables-1.4.14/tests/options-most.rules new/iptables-1.4.15/tests/options-most.rules --- old/iptables-1.4.14/tests/options-most.rules 2012-05-26 18:44:33.000000000 +0200 +++ new/iptables-1.4.15/tests/options-most.rules 2012-07-31 12:44:36.000000000 +0200 @@ -96,6 +96,9 @@ -A matches -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-name mini2 -A matches -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 1 --hashlimit-name mini3 -A matches -m hashlimit --hashlimit-upto 1/day --hashlimit-burst 1 --hashlimit-name mini4 +-A matches -m hashlimit --hashlimit-upto 4kb/s --hashlimit-burst 400kb --hashlimit-name mini5 +-A matches -m hashlimit --hashlimit-upto 10mb/s --hashlimit-name mini6 +-A matches -m hashlimit --hashlimit-upto 123456b/s --hashlimit-burst 1mb --hashlimit-name mini7 -A matches -A matches -m hbh ! --hbh-len 5 -A matches -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit iproute2 for openSUSE:Factory
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package iproute2 for openSUSE:Factory checked in at 2012-08-04 09:16:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/iproute2 (Old) and /work/SRC/openSUSE:Factory/.iproute2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "iproute2", Maintainer is "BiLi(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/iproute2/iproute2.changes 2012-06-01 07:20:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.iproute2.new/iproute2.changes 2012-08-04 09:16:29.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Jul 30 14:33:58 UTC 2012 - werner(a)suse.de + +- Make it build with modern pdflatex and TeXLive 2012 ... for this + also sgmltools has to know about correct babel style usage + +------------------------------------------------------------------- New: ---- iproute2-pdflatex.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ iproute2.spec ++++++ --- /var/tmp/diff_new_pack.H4MxNp/_old 2012-08-04 09:16:31.000000000 +0200 +++ /var/tmp/diff_new_pack.H4MxNp/_new 2012-08-04 09:16:31.000000000 +0200 @@ -33,6 +33,9 @@ Patch0: iproute2-libdir-1.diff # PATCH-??-OPENSUSE iproute2-HZ.diff status=noidea Patch1: iproute2-HZ.diff +%if 0%{?suse_version} +Patch42: iproute2-pdflatex.diff +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: db-devel @@ -46,6 +49,11 @@ BuildRequires: ghostscript-x11 BuildRequires: sgmltool BuildRequires: texlive-latex +%if 0%{?suse_version} > 1220 +BuildRequires: texlive-amsfonts +BuildRequires: texlive-cm-super +BuildRequires: texlive-ec +%endif %endif %if 0%{?fedora} || 0%{?rhel} BuildRequires: ghostscript @@ -56,8 +64,11 @@ %endif %define with_xt 1 %if 0%{?with_xt} -BuildRequires: pkgconfig(libnl-1) +%if 0%{?suse_version} >= 1140 BuildRequires: pkgconfig(xtables) >= 1.4.11 +%else +BuildRequires: libxtables-devel >= 1.4.11 +%endif %endif Provides: iproute = %version-%release @@ -96,6 +107,9 @@ %setup -DTq %endif %patch -P 0 -P 1 -p1 +%if 0%{?suse_version} +%patch42 -p0 +%endif find . -name *.orig -delete %build ++++++ iproute2-pdflatex.diff ++++++ --- doc/Makefile +++ doc/Makefile 2012-07-30 14:32:31.934018848 +0000 @@ -6,7 +6,7 @@ PSFILES=ip-cref.ps ip-tunnels.ps api-ip6 LATEX=latex DVIPS=dvips -SGML2DVI=sgml2latex --output=dvi +SGML2DVI=sgml2latex SGML2HTML=sgml2html -s 0 LPR=lpr -Zsduplex SHELL=bash @@ -32,7 +32,7 @@ print: $(PSFILES) $(LPR) $(PSFILES) %.dvi: %.sgml - $(SGML2DVI) $< + $(SGML2DVI) --output=dvi $< %.dvi: %.tex @set -e; pass=2; echo "Running LaTeX $<"; \ @@ -44,10 +44,22 @@ print: $(PSFILES) echo "Re-running LaTeX $<, $${pass}d pass"; pass=$$[$$pass + 1]; \ done -#%.pdf: %.tex -# pdflatex $< -%.pdf: %.ps - ps2pdf $< +%.tex: %.sgml + $(SGML2DVI) --output=tex $< + +%.pdf: %.tex + @set -e; pass=2; echo "Running pdfLaTeX $<"; \ + TEXINPUTS="/usr/lib/sgml-tools:$$(kpsewhich '-var-value=TEXINPUTS')"; \ + while [ `TEXINPUTS="$$TEXINPUTS" pdflatex $< </dev/null 2>&1 | \ + grep -c '^$LaTeX Warning: Label(s) may\|No file \|! Emergency stop$'` -ge 1 ]; do \ + if [ $$pass -gt 3 ]; then \ + echo "Seems, something is wrong. Try by hands." ; exit 1 ; \ + fi; \ + echo "Re-running LaTeX $<, $${pass}d pass"; pass=$$[$$pass + 1]; \ + done + +#%.pdf: %.ps +# ps2pdf $< %.ps: %.dvi $(DVIPS) $< -o $@ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit icedtea-web for openSUSE:12.2
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package icedtea-web for openSUSE:12.2 checked in at 2012-08-04 09:15:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2/icedtea-web (Old) and /work/SRC/openSUSE:12.2/.icedtea-web.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "icedtea-web", Maintainer is "bnc-team-java(a)forge.provo.novell.com" Changes: -------- --- /work/SRC/openSUSE:12.2/icedtea-web/icedtea-web.changes 2012-06-26 15:52:33.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.icedtea-web.new/icedtea-web.changes 2012-08-04 09:15:56.000000000 +0200 @@ -1,0 +2,19 @@ +Thu Aug 2 08:35:25 UTC 2012 - mvyskocil(a)suse.cz + +- update to 1.2.1 (bnc#773458) +- Security Updates + * CVE-2012-3422, RH840592: Potential read from an uninitialized memory location + * CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings +- NetX + * PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen") + * PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly + * 816592: icedtea-web not loading GeoGebra java applets in Firefox or Chrome +- Plugin + * PR863: Error passing strings to applet methods in Chromium + * PR895: IcedTea-Web searches for missing classes on each loadClass or findClass + * PR518: NPString.utf8characters not guaranteed to be nul-terminated +- Common + * RH838417: Disambiguate signed applet security prompt from certificate warning + * RH838559: Disambiguate signed applet security prompt from certificate warning + +------------------------------------------------------------------- Old: ---- icedtea-web-1.2.tar.gz New: ---- icedtea-web-1.2.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icedtea-web.spec ++++++ --- /var/tmp/diff_new_pack.33s6KR/_old 2012-08-04 09:15:59.000000000 +0200 +++ /var/tmp/diff_new_pack.33s6KR/_new 2012-08-04 09:15:59.000000000 +0200 @@ -53,7 +53,7 @@ %define pluginname IcedTeaPlugin.so Name: icedtea-web -Version: 1.2 +Version: 1.2.1 Release: 0 Summary: Java Web Start and plugin implementation License: GPL-2.0-with-classpath-exception ++++++ icedtea-web-1.2.tar.gz -> icedtea-web-1.2.1.tar.gz ++++++ ++++ 4117 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit icedtea-web for openSUSE:Factory
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package icedtea-web for openSUSE:Factory checked in at 2012-08-04 09:15:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/icedtea-web (Old) and /work/SRC/openSUSE:Factory/.icedtea-web.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "icedtea-web", Maintainer is "bnc-team-java(a)forge.provo.novell.com" Changes: -------- --- /work/SRC/openSUSE:Factory/icedtea-web/icedtea-web.changes 2012-06-26 15:52:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.icedtea-web.new/icedtea-web.changes 2012-08-04 09:15:52.000000000 +0200 @@ -1,0 +2,19 @@ +Thu Aug 2 08:35:25 UTC 2012 - mvyskocil(a)suse.cz + +- update to 1.2.1 (bnc#773458) +- Security Updates + * CVE-2012-3422, RH840592: Potential read from an uninitialized memory location + * CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings +- NetX + * PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen") + * PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly + * 816592: icedtea-web not loading GeoGebra java applets in Firefox or Chrome +- Plugin + * PR863: Error passing strings to applet methods in Chromium + * PR895: IcedTea-Web searches for missing classes on each loadClass or findClass + * PR518: NPString.utf8characters not guaranteed to be nul-terminated +- Common + * RH838417: Disambiguate signed applet security prompt from certificate warning + * RH838559: Disambiguate signed applet security prompt from certificate warning + +------------------------------------------------------------------- Old: ---- icedtea-web-1.2.tar.gz New: ---- icedtea-web-1.2.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icedtea-web.spec ++++++ --- /var/tmp/diff_new_pack.qcfoMm/_old 2012-08-04 09:15:56.000000000 +0200 +++ /var/tmp/diff_new_pack.qcfoMm/_new 2012-08-04 09:15:56.000000000 +0200 @@ -53,7 +53,7 @@ %define pluginname IcedTeaPlugin.so Name: icedtea-web -Version: 1.2 +Version: 1.2.1 Release: 0 Summary: Java Web Start and plugin implementation License: GPL-2.0-with-classpath-exception ++++++ icedtea-web-1.2.tar.gz -> icedtea-web-1.2.1.tar.gz ++++++ ++++ 4117 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit hxtools for openSUSE:Factory
by root＠hilbert.suse.de 04 Aug '12

04 Aug '12

Hello community, here is the log from the commit of package hxtools for openSUSE:Factory checked in at 2012-08-04 09:15:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hxtools (Old) and /work/SRC/openSUSE:Factory/.hxtools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "hxtools", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/hxtools/hxtools.changes 2012-05-14 16:14:34.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.hxtools.new/hxtools.changes 2012-08-04 09:15:07.000000000 +0200 @@ -1,0 +2,8 @@ +Wed Aug 1 22:15:34 UTC 2012 - jengelh(a)inai.de + +- Update to new upstream release 20120802 +* sysinfo: do count tmpfs files as memory used +- Split some tools into separate package so that they are + installable independently (benefit to e.g. pam_mount) + +------------------------------------------------------------------- Old: ---- hxtools-20120514.tar.xz hxtools-20120514.tar.xz.asc New: ---- hxtools-20120802.tar.xz hxtools-20120802.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hxtools.spec ++++++ --- /var/tmp/diff_new_pack.lNMeG7/_old 2012-08-04 09:15:09.000000000 +0200 +++ /var/tmp/diff_new_pack.lNMeG7/_new 2012-08-04 09:15:09.000000000 +0200 @@ -17,11 +17,11 @@ Name: hxtools -Version: 20120514 +Version: 20120802 Release: 0 Url: http://inai.de/projects/hxtools/ Summary: Collection of day-to-day tools (binaries) -License: GPL-2.0+ +License: GPL-2.0+ ; WTFPL-2.0+ Group: System/Base Source: %name-%version.tar.xz @@ -55,8 +55,12 @@ %else Requires: %name-man = %version %endif +Requires: fd0ssh +Requires: ofl +Requires: sysinfo = %version %define build_profile 1 +%define hldir %_libexecdir/%name %description A collection of various tools. Some of the important ones: @@ -107,10 +111,8 @@ * git-track(1) — set up branch for tracking a remote * man2html(1) — convert nroff manpages to HTML * pesubst(1) — perl-regexp stream substitution (replaces sed for sub‐ stitutions) -* pmap_dirty(1) — display amount of RAM a process uses hard * recursive_lower(1) — recursively lowercase all filenames * spec-beautifier(1) — program to clean up RPM .spec files -* sysinfo(1) — print IRC-style system information banner * vcsaview(8) — display a screen dump in VCSA format * wktimer(1) — work timer @@ -154,6 +156,36 @@ the SUSE 6.x ls color scheme, and an uncluttered PS1 that shows only important parts of a path. +%package -n sysinfo +Summary: System diagnosis tools from hxtools +Group: System/Base + +%description -n sysinfo +This subpackage contains programs from the hxtools suite that +give info about available system components. + +* clock_info(1) – show available system clocks for clock_gettime(2) +* pmap_dirty(1) — display amount of RAM a process uses hard +* sysinfo(1) — print IRC-style system information banner + +%package -n fd0ssh +Summary: Helper program for using a pipe for SSH authentication +Group: System/Base + +%description -n fd0ssh +fd0ssh a helper program used by non-interactive programs, for example +pam_mount, that want to pipe a password to ssh. + +%package -n ofl +Summary: Open File Lister from hxtools +Group: System/Base + +%description -n ofl +ofl lists processes (and can send signals to them) that have +directories or files in specific locations in use. It differs from +lsof/fuser in that it can scan recursively and won't bluntly look at +an entire mount. + %prep %if 0%{?__xz:1} %setup -q @@ -181,12 +213,6 @@ ln -s "%_datadir/hxtools/rfc2307bis-utf8.schema" \ "$b/%_sysconfdir/openldap/schema/"; -cd "$b"; -find ./%_bindir ./%_libexecdir ! -type d -exec grep -l ELF {} + | \ - perl -pe 's{^\./+}{/}' >"$o/binary.lst"; -find ./%_bindir ./%_libexecdir ! -type d -exec grep -L ELF {} + | \ - perl -pe 's{^\./+}{/}' >"$o/scripts.lst"; - %if 0%{?build_profile} mkdir -p "$b/%_sysconfdir/bashrc.d"; ln -s "%_datadir/%name/hxtools_bashrc.bash" "$b/%_sysconfdir/bashrc.d/"; @@ -198,17 +224,63 @@ %fdupes %buildroot -%files -f binary.lst +%files %defattr(-,root,root) -%dir %_libexecdir/%name +%_bindir/declone +%_bindir/newns +%_bindir/omixer +%_bindir/oplay +%_bindir/orec +%_bindir/tailhex +%_bindir/xcp +%dir %hldir +%hldir/bsvplay +%hldir/cctypeinfo +%hldir/pcmdiff +%hldir/printcaps +%hldir/proc_iomem_count +%hldir/proc_stat_parse +%hldir/psthreads +%hldir/qplay +%hldir/utmp_register +%hldir/vfontas -%files scripts -f scripts.lst +%files scripts %defattr(-,root,root) -%dir %_libexecdir/%name +%_bindir/checkbrack +%_bindir/cwdiff +%_bindir/fduphl +%_bindir/fxterm +%_bindir/git-* +%_bindir/googtts +%_bindir/gpsh +%_bindir/man2html +%_bindir/pesubst +%_bindir/qtar +%_bindir/spec-beautifier +%_bindir/ssa2srt +%_bindir/su1 +%_bindir/wktimer +%dir %hldir +%hldir/diff2php +%hldir/doxygen-kerneldoc-filter +%hldir/extract_* +%hldir/*2* +%hldir/git-* +%hldir/logontime +%hldir/mailsplit +%hldir/png2wx* +%hldir/recursive_lower +%hldir/shared.pm +%hldir/sourcefuncsize +%hldir/stxdb +%hldir/vcsaview %files man %defattr(-,root,root) %doc %_mandir/man*/* +%exclude %_mandir/man*/fd0ssh.1* +%exclude %_mandir/man*/ofl.1* %files data %defattr(-,root,root) @@ -230,4 +302,25 @@ %config %_sysconfdir/profile.d/* %endif +%files -n fd0ssh +%defattr(-,root,root) +%dir %hldir +%hldir/fd0ssh +%_mandir/man1/fd0ssh.1* + +%files -n ofl +%defattr(-,root,root) +%_bindir/ofl +%_mandir/man1/ofl.1* + +%files -n sysinfo +%defattr(-,root,root) +%_bindir/clock_info +%_bindir/pmap_dirty +%_bindir/sysinfo +%dir %hldir +%hldir/netload +%hldir/paddrspacesize +%hldir/proc_stat_signal_decode + %changelog -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0