Hello community,
here is the log from the commit of package iptables.1143 for openSUSE:12.2:Update checked in at 2012-12-06 16:17:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/iptables.1143 (Old)
and /work/SRC/openSUSE:12.2:Update/.iptables.1143.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iptables.1143", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2012-11-30 12:21:47.308011256 +0100
+++ /work/SRC/openSUSE:12.2:Update/.iptables.1143.new/iptables.changes 2012-12-06 16:17:25.000000000 +0100
@@ -0,0 +1,682 @@
+-------------------------------------------------------------------
+Tue Nov 27 14:52:12 UTC 2012 - jengelh@inai.de
+
+- Update iptables in openSUSE:12.2 (bnc#791300) to 1.4.16.3; this
+ resolves, among other things, http://bugs.debian.org/678499
+ (gcc 4.7 exposed undefined behavior, causing --log-prefix to not
+ be correctly retained).
+
+-------------------------------------------------------------------
+Wed Nov 14 13:16:30 UTC 2012 - lnussel@suse.de
+
+- run autogen.sh as Makefile.am was patched to compile iptables-batch
+ (bnc#785240)
+
+-------------------------------------------------------------------
+Sat May 26 19:35:38 UTC 2012 - jengelh@inai.de
+
+- Update to new upstream release 1.4.14
+* Support for the new cttimeout infrastructure. This allows you to
+ attach specific timeout policies to flow via iptables CT target.
+
+-------------------------------------------------------------------
+Tue Mar 27 13:29:31 UTC 2012 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.13
+* Add the rpfilter, nfacct and IPv6 ECN extensions
+
+-------------------------------------------------------------------
+Mon Jan 2 21:30:38 UTC 2012 - jengelh@medozas.de
+
+- Update to newer git snapshot (v1.4.12.2-28-g2117f2b,
+ but master branch), tag locally as 1.4.12.90.
+* ships missing pkgconfig files, compile fix for libnfnetlink
+* libxt_NFQUEUE: fix --queue-bypass ipt-save output
+* libxt_connbytes: fix handling of --connbytes FROM
+* libxt_recent: Add support for --reap option
+- split iptables-devel into libiptc-devel and libxtables-devel
+
+-------------------------------------------------------------------
+Wed Dec 28 09:50:23 UTC 2011 - puzel@suse.com
+
+- iptables-apply-mktemp-fix.patch (bnc#730161)
+
+-------------------------------------------------------------------
+Wed Nov 30 14:28:11 UTC 2011 - coolo@suse.com
+
+- add automake as buildrequire to avoid implicit dependency
+
+-------------------------------------------------------------------
+Tue Oct 4 23:01:57 UTC 2011 - jengelh@medozas.de
+
+- Update to a newer git snapshot of the stable branch
+ (to v1.4.12.1-16-gd2b0eaa)
+* resolve failure to load extensions that depend on libm.so
+- rediff of iptables-batch due to fuzz
+- relax runtime requires
+
+-------------------------------------------------------------------
+Thu Sep 1 17:09:05 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.12.1
+* regression fixes for the new (stricter) command-line parser
+- restore --includedir= in spec file
+- Put libxtables into its own subpackage so that one does not need
+ a lockstep update of iproute2 on a new iptables package
+- Remove redundant fields (Autoreqprov defaults to on, License is
+ inherited from main package)
+
+-------------------------------------------------------------------
+Sat Aug 13 01:39:38 CEST 2011 - draht@suse.de
+
+- include path is /usr/include
+
+-------------------------------------------------------------------
+Mon Aug 8 00:42:53 UTC 2011 - jengelh@medozas.de
+
+- Put include files into a separate directory to flag up missing
+ CFLAGS. libipq.pc will now be provided.
+- Enable build of nfnl_osf, a tool to upload OS fingerprints to
+ the kernel for use with xt_osf.
+
+-------------------------------------------------------------------
+Fri Jul 22 13:12:50 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.12
+* Include lost match/target descriptions in manpage again
+* libxt_LOG: fix ignorance of all but the last flag
+* libxt_HL: restore hl-* option names
+* libxt_hashlimit: use a more obvious expiry value by default
+* libxt_RATEEST: fix find-and-delete of rules with -j RATEEST
+* ipv4: restore negation for the -f option
+* Reject empty host specifications (e.g. -s "")
+* libxt_conntrack: restore network byteordering for ABI v1 & v2
+* Documentation updates
+
+-------------------------------------------------------------------
+Wed Jun 8 10:20:57 UTC 2011 - jengelh@medozas.de
+
+- Update to snapshot 1.4.11+git16
+* libxt_owner: restore inversion support
+* option: fix ignored negation before implicit extension loading
+* build: fix installation of symlinks
+* build: fix absence of xml translator in IPv6-only builds
+- Drop merged patches
+
+-------------------------------------------------------------------
+Sun May 29 23:56:33 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.11
+* stricter option parsing
+* support for the current xt_SET target as contained in 2.6.39
+* support for the new xt_devgroup match
+* support for the new xt_AUDIT target
+* support for a new NFQUEUE bypass option, allowing to bypass the
+ queue if no userspace listener is present
+* a new iptables option "-C" to check for existence of a rules
+- Fixes on top
+* allow negation of --uid-owner/--gid-owner again
+* fix installation of symlinks
+- Run spec-beautifier
+
+-------------------------------------------------------------------
+Fri Oct 29 17:56:48 UTC 2010 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.10
+* this is the release for the Linux 2.6.36 kernel
+* support for the cpu match, which can be used to improve cache
+ locality when running multiple server instances
+* support for the IDLETIMER target, which can be used to notify
+ userspace of interfaces being idle
+* support for the CHECKSUM target
+* support for the ipvs match
+* a fix for deletion of rules using the quota match
+
+-------------------------------------------------------------------
+Mon Aug 9 07:21:28 UTC 2010 - puzel@novell.com
+
+- update to new upstream release 1.4.9.1
+ * fixes a compilation problem with static linking in the 1.4.9
+ release
+
+-------------------------------------------------------------------
+Wed Aug 4 09:56:11 UTC 2010 - puzel@novell.com
+
+- update to new upstream release 1.4.9
+ * this is the release for the Linux 2.6.35 kernel
+ * support for the LED target
+ * a new version of the set extension for the upcoming release
+ supporting IPv6
+ * negation support for the quota match
+ * support for the SACK-IMMEDIATELY SCTP extension and
+ FORWARD_TSN chunk type in the sctp match
+ * documentation updates and various smaller bugfixes
+
+-------------------------------------------------------------------
+Wed May 26 15:20:25 UTC 2010 - jengelh@medozas.de
+
+- update to new upstream release 1.4.8
+ * this is the release for the Linux 2.6.34 kernel
+ * add support for the new xt_CT extension
+ * import the nfnl_osf program required for proper operation
+ of the xt_osf extension
+
+-------------------------------------------------------------------
+Sat Apr 24 11:38:18 UTC 2010 - coolo@novell.com
+
+- buildrequire pkg-config to fix provides
+
+-------------------------------------------------------------------
+Mon Mar 1 15:43:30 UTC 2010 - jengelh@medozas.de
+
+- update to new upstream release 1.4.7
+ * libipq is built as a shared library
+ * removal of some restrictions on interface names
+ * documentation updates
+- rebase and fix linking of iptables-batch
+- fix libdir->libexecdir
+
+-------------------------------------------------------------------
+Mon Feb 22 13:09:03 UTC 2010 - jengelh@medozas.de
+
+- only run configure when needed
+- use %_smp_mflags
+- use newer git snapshot to fix compile error due to missing
+ ipt_DSCP.h in newer linux-glibc-devel (>= 2.6.32)
+
+-------------------------------------------------------------------
+Wed Dec 30 13:01:52 UTC 2009 - puzel@novell.com
+
+- fix bnc#561793 - do not include unclean module documentation
+ in iptables manpage
+
+-------------------------------------------------------------------
+Tue Dec 22 18:09:11 CET 2009 - jengelh@medozas.de
+
+- update specfile descriptions (bnc#553801)
+- update to iptables 1.4.6:
++++ 485 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.2:Update/.iptables.1143.new/iptables.changes
New:
----
iptables-1.4.16.3.tar.bz2
iptables-1.4.16.3.tar.bz2.sig
iptables-apply-mktemp-fix.patch
iptables-batch.patch
iptables.changes
iptables.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ iptables.spec ++++++
#
# spec file for package iptables
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: iptables
%define lname_ipq libipq0
%define lname_iptc libiptc0
%define lname_xt libxtables9
Version: 1.4.16.3
Release: 0
Summary: IP Packet Filter Administration utilities
License: GPL-2.0+
Group: Productivity/Networking/Security
Url: http://netfilter.org/
#Git-Web: http://git.netfilter.org/
#Git-Clone: git://git.netfilter.org/iptables
#DL-URL: http://netfilter.org/projects/iptables/files/
Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
Patch1: iptables-batch.patch
Patch2: iptables-apply-mktemp-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version}
BuildRequires: sgmltool
%endif
%if 0%{?fedora_version} || 0%{?centos_version}
BuildRequires: sgml-common
%endif
#git#BuildRequires: autoconf, automake >= 1.10
BuildRequires: libtool
BuildRequires: pkgconfig >= 0.21
%if 0%{?suse_version}
BuildRequires: fdupes
%endif
%if 0%{?suse_version} >= 1140
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
%endif
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
BuildRequires: libnfnetlink-devel >= 1.0.0
%endif
%if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version}
BuildRequires: libnfnetlink-devel >= 1.0.0
%endif
%description
iptables is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel. This version requires kernel
2.4.0 or newer.
%package -n %lname_ipq
Summary: Library to interface with the (old) ip_queue kernel mechanism
Group: System/Libraries
%description -n %lname_ipq
The Netfilter project provides a mechanism (ip_queue) for passing
packets out of the stack for queueing to userspace, then receiving
these packets back into the kernel with a verdict specifying what to
do with the packets (such as ACCEPT or DROP). These packets may also
be modified in userspace prior to reinjection back into the kernel.
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
%package -n libipq-devel
Summary: Development files for the ip_queue kernel mechanism
Group: Development/Libraries/C and C++
Requires: %lname_ipq = %version
%description -n libipq-devel
The Netfilter project provides a mechanism (ip_queue) for passing
packets out of the stack for queueing to userspace, then receiving
these packets back into the kernel with a verdict specifying what to
do with the packets (such as ACCEPT or DROP). These packets may also
be modified in userspace prior to reinjection back into the kernel.
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
%package -n %lname_iptc
Summary: Library for low-level ruleset generation and parsing
Group: System/Libraries
%description -n %lname_iptc
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel.
%package -n libiptc-devel
Summary: Development files for libiptc, a packet filter ruleset library
Group: Development/Libraries/C and C++
Requires: %lname_iptc = %version
# NOT adding Obsoletes/Provides: iptables-devel, because that one has
# been split into _two_ new pkgs (libxtables-devel, libiptc-devel).
# NOTE: Please use pkgconfig(...) symbols for BuildRequires.
%description -n libiptc-devel
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel.
%package -n %lname_xt
Summary: iptables extension interface
Group: System/Libraries
%description -n %lname_xt
This library contains all the iptables code shared between iptables,
ip6tables, their extensions, and for external integration for e.g.
iproute2's m_xt.
%package -n libxtables-devel
Summary: Libraries, Headers and Development Man Pages for iptables
Group: Development/Libraries/C and C++
Requires: %lname_xt = %version
%description -n libxtables-devel
This library contains all the iptables code shared between iptables,
ip6tables, their extensions, and for external integration for e.g.
Link your extension (iptables plugins) with $(pkg-config xtables
--libs) and place the plugin in the directory given by $(pkg-config
xtables --variable=xtlibdir).
%prep
%if 0%{?__xz:1}
%setup -q
%else
tar -xf "%{S:0}" --use=bzip2;
%setup -DTq
%endif
%patch -P 1 -P 2 -p1
%build
# We have the iptables-batch patch, so always regenerate.
if true || [ ! -e configure ]; then
./autogen.sh;
fi
# bnc#561793 - do not include unclean module in iptables manpage
rm -f extensions/libipt_unclean.man
# includedir is overriden on purpose to detect projects that
# fail to include libxtables_CFLAGS
%configure --includedir=%_includedir/%name-%version --enable-libipq
make %{?_smp_mflags}
%install
make DESTDIR=%buildroot install
# iptables-apply is not installed by upstream Makefile
install -m0755 iptables/iptables-apply %buildroot%_sbindir/
install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
rm -f "%buildroot/%_libdir"/*.la;
%if 0%{?suse_version}
%fdupes %buildroot
%endif
%post -n %lname_ipq -p /sbin/ldconfig
%postun -n %lname_ipq -p /sbin/ldconfig
%post -n %lname_iptc -p /sbin/ldconfig
%postun -n %lname_iptc -p /sbin/ldconfig
%post -n %lname_xt -p /sbin/ldconfig
%postun -n %lname_xt -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc COPYING
%doc %_mandir/man1/*
%doc %_mandir/man8/*
%_bindir/iptables-xml
%_sbindir/iptables
%_sbindir/iptables-apply
%_sbindir/iptables-batch
%_sbindir/iptables-restore
%_sbindir/iptables-save
%_sbindir/ip6tables
%_sbindir/ip6tables-batch
%_sbindir/ip6tables-restore
%_sbindir/ip6tables-save
%_sbindir/xtables-multi
%_sbindir/nfnl_osf
%_libdir/xtables
%_datadir/xtables
%files -n %lname_ipq
%defattr(-,root,root)
%_libdir/libipq.so.0*
%files -n libipq-devel
%defattr(-,root,root)
%doc %_mandir/man3/libipq*
%doc %_mandir/man3/ipq*
%dir %_includedir/%name-%version
%_includedir/%name-%version/libipq*
%_libdir/libipq.so
%_libdir/pkgconfig/libipq.pc
%files -n %lname_iptc
%defattr(-,root,root)
%_libdir/libiptc.so.0*
%_libdir/libip4tc.so.0*
%_libdir/libip6tc.so.0*
%files -n libiptc-devel
%defattr(-,root,root)
%dir %_includedir/%name-%version
%_includedir/%name-%version/libiptc*
%_libdir/libip*tc.so
%_libdir/pkgconfig/libip*tc.pc
%files -n %lname_xt
%defattr(-,root,root)
%_libdir/libxtables.so.9*
%files -n libxtables-devel
%defattr(-,root,root)
%dir %_includedir/%name-%version
%_includedir/%name-%version/xtables.h
%_includedir/%name-%version/xtables-version.h
%_libdir/libxtables.so
%_libdir/pkgconfig/xtables.pc
%changelog
++++++ iptables-apply-mktemp-fix.patch ++++++
Index: iptables-1.4.12.1+16/iptables/iptables-apply
===================================================================
--- iptables-1.4.12.1+16.orig/iptables/iptables-apply
+++ iptables-1.4.12.1+16/iptables/iptables-apply
@@ -111,7 +111,7 @@ if [[ ! -r "$FILE" ]]; then
exit 2
fi
-COMMANDS=(tempfile "$SAVE" "$RESTORE")
+COMMANDS=(mktemp "$SAVE" "$RESTORE")
for cmd in "${COMMANDS[@]}"; do
if ! command -v $cmd >/dev/null; then
@@ -122,7 +122,7 @@ done
umask 0700
-TMPFILE=$(tempfile -p iptap)
+TMPFILE=$(mktemp)
trap "rm -f $TMPFILE" EXIT 1 2 3 4 5 6 7 8 10 11 12 13 14 15
if ! "$SAVE" >"$TMPFILE"; then
++++++ iptables-batch.patch ++++++
---
iptables/Makefile.am | 10
iptables/iptables-batch.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 477 insertions(+), 1 deletion(-)
Index: iptables-1.4.16.2/iptables/Makefile.am
===================================================================
--- iptables-1.4.16.2.orig/iptables/Makefile.am
+++ iptables-1.4.16.2/iptables/Makefile.am
@@ -24,7 +24,15 @@ endif
xtables_multi_SOURCES += xshared.c
xtables_multi_LDADD += ../libxtables/libxtables.la -lm
-sbin_PROGRAMS = xtables-multi
+iptables_batch_SOURCES = iptables-batch.c iptables.c xshared.c
+iptables_batch_LDFLAGS = ${xtables_multi_LDFLAGS}
+iptables_batch_LDADD = ${xtables_multi_LDADD}
+ip6tables_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c
+ip6tables_batch_CFLAGS = ${AM_CFLAGS} -DIP6T
+ip6tables_batch_LDFLAGS = ${xtables_multi_LDFLAGS}
+ip6tables_batch_LDADD = ${xtables_multi_LDADD}
+
+sbin_PROGRAMS = xtables-multi iptables-batch ip6tables-batch
man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
ip6tables-save.8 iptables-extensions.8
Index: iptables-1.4.16.2/iptables/iptables-batch.c
===================================================================
--- /dev/null
+++ iptables-1.4.16.2/iptables/iptables-batch.c
@@ -0,0 +1,468 @@
+/*
+ * Author: Ludwig Nussel