Hello community,
here is the log from the commit of package iptables.3448 for openSUSE:13.1:Update checked in at 2015-02-04 18:01:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/iptables.3448 (Old)
and /work/SRC/openSUSE:13.1:Update/.iptables.3448.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iptables.3448"
Changes:
--------
New Changes file:
--- /dev/null 2014-12-25 22:38:16.200041506 +0100
+++ /work/SRC/openSUSE:13.1:Update/.iptables.3448.new/iptables.changes 2015-02-04 18:01:13.000000000 +0100
@@ -0,0 +1,754 @@
+-------------------------------------------------------------------
+Thu Jan 22 13:34:42 UTC 2015 - jengelh@inai.de
+
+- Update to new upstream release 1.4.21
+* Introduce a new revision for the set match with the counters support
+* Add locking to prevent concurrent instances
+* --nowildcard option for xt_socket, available since Linux kernel 3.11
+* SYNPROXY support, available since Linux kernel 3.12
+* Only convert netmasks to /prefixlen notation when representable
+ [bnc#914285]
+
+-------------------------------------------------------------------
+Fri May 31 20:00:39 UTC 2013 - jengelh@inai.de
+
+- Update to new upstream release 1.4.19.1
+* New connlabel and bpf matches
+- Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch,
+ 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
+ (are upstream)
+
+-------------------------------------------------------------------
+Mon Apr 15 06:19:21 UTC 2013 - jengelh@inai.de
+
+- libxt_state.so symlink was not installed (bnc#815182); fix by
+ removing 0001-build-also-use-libtool-for-install-stage.patch,
+ removing 0001-build-do-not-dereference-symlinks-on-installation.patch,
+ adding 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch,
+ adding 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
+
+-------------------------------------------------------------------
+Wed Mar 20 08:22:20 UTC 2013 - cfarrell@suse.com
+
+- license update: GPL-2.0 and Artistic-2.0
+ GPL version does not have ^or later^ due to inclusion of numerous GPL 2
+ ^only^ files. Also, aggregation of Artistic-2.0 content
+
+-------------------------------------------------------------------
+Mon Mar 4 21:42:12 UTC 2013 - jengelh@inai.de
+
+- Update to new upstream release 1.4.18
+* documentation updates
+- Create subpackage xtables-plugins, to aid packaging of xtadm
+- Add 0001-build-do-not-dereference-symlinks-on-installation.patch
+ as a prerequisite for:
+- Add 0001-build-also-use-libtool-for-install-stage.patch
+ to kill of undesired DT_RPATH entries
+
+-------------------------------------------------------------------
+Tue Dec 25 22:47:56 UTC 2012 - jengelh@inai.de
+
+- Update to new upstream release 1.4.17
+* libxt_time: add support to ignore day transition
+* libxt_statistic: fix save output
+
+-------------------------------------------------------------------
+Wed Nov 28 17:07:29 CET 2012 - sbrabec@suse.cz
+
+- Verify GPG signature
+
+-------------------------------------------------------------------
+Thu Nov 15 16:06:15 UTC 2012 - lnussel@suse.de
+
+- list all required binaries explicitly to make sure all of them are actually
+ compiled
+
+-------------------------------------------------------------------
+Thu Nov 15 14:15:48 UTC 2012 - jengelh@inai.de
+
+- Always regenerate files due to SUSE's iptables-batch patch
+
+-------------------------------------------------------------------
+Mon Oct 8 12:42:37 UTC 2012 - jengelh@inai.de
+
+- Update to new upstream release 1.4.16.3
+* This release includes aliasing support which translates command
+ lines using obsolete extensions into new ones. The option parser
+ now flags illegal negative numbers in some more extensions.
+ A division by zero was resolved in libxt_limit as well.
+
+-------------------------------------------------------------------
+Tue Jul 31 12:08:07 UTC 2012 - jengelh@inai.de
+
+- Update to new upstream release 1.4.15
+* libxt_recent: add --mask netmask
+* libxt_hashlimit: add support for byte-based operation
+
+-------------------------------------------------------------------
+Sat May 26 19:35:38 UTC 2012 - jengelh@inai.de
+
+- Update to new upstream release 1.4.14
+* Support for the new cttimeout infrastructure. This allows you to
+ attach specific timeout policies to flow via iptables CT target.
+
+-------------------------------------------------------------------
+Tue Mar 27 13:29:31 UTC 2012 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.13
+* Add the rpfilter, nfacct and IPv6 ECN extensions
+
+-------------------------------------------------------------------
+Mon Jan 2 21:30:38 UTC 2012 - jengelh@medozas.de
+
+- Update to newer git snapshot (v1.4.12.2-28-g2117f2b,
+ but master branch), tag locally as 1.4.12.90.
+* ships missing pkgconfig files, compile fix for libnfnetlink
+* libxt_NFQUEUE: fix --queue-bypass ipt-save output
+* libxt_connbytes: fix handling of --connbytes FROM
+* libxt_recent: Add support for --reap option
+- split iptables-devel into libiptc-devel and libxtables-devel
+
+-------------------------------------------------------------------
+Wed Dec 28 09:50:23 UTC 2011 - puzel@suse.com
+
+- iptables-apply-mktemp-fix.patch (bnc#730161)
+
+-------------------------------------------------------------------
+Wed Nov 30 14:28:11 UTC 2011 - coolo@suse.com
+
+- add automake as buildrequire to avoid implicit dependency
+
+-------------------------------------------------------------------
+Tue Oct 4 23:01:57 UTC 2011 - jengelh@medozas.de
+
+- Update to a newer git snapshot of the stable branch
+ (to v1.4.12.1-16-gd2b0eaa)
+* resolve failure to load extensions that depend on libm.so
+- rediff of iptables-batch due to fuzz
+- relax runtime requires
+
+-------------------------------------------------------------------
+Thu Sep 1 17:09:05 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.12.1
+* regression fixes for the new (stricter) command-line parser
+- restore --includedir= in spec file
+- Put libxtables into its own subpackage so that one does not need
+ a lockstep update of iproute2 on a new iptables package
+- Remove redundant fields (Autoreqprov defaults to on, License is
+ inherited from main package)
+
+-------------------------------------------------------------------
+Sat Aug 13 01:39:38 CEST 2011 - draht@suse.de
+
+- include path is /usr/include
+
+-------------------------------------------------------------------
+Mon Aug 8 00:42:53 UTC 2011 - jengelh@medozas.de
+
+- Put include files into a separate directory to flag up missing
+ CFLAGS. libipq.pc will now be provided.
+- Enable build of nfnl_osf, a tool to upload OS fingerprints to
+ the kernel for use with xt_osf.
+
+-------------------------------------------------------------------
+Fri Jul 22 13:12:50 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.12
+* Include lost match/target descriptions in manpage again
+* libxt_LOG: fix ignorance of all but the last flag
+* libxt_HL: restore hl-* option names
+* libxt_hashlimit: use a more obvious expiry value by default
+* libxt_RATEEST: fix find-and-delete of rules with -j RATEEST
+* ipv4: restore negation for the -f option
+* Reject empty host specifications (e.g. -s "")
+* libxt_conntrack: restore network byteordering for ABI v1 & v2
+* Documentation updates
+
+-------------------------------------------------------------------
+Wed Jun 8 10:20:57 UTC 2011 - jengelh@medozas.de
+
+- Update to snapshot 1.4.11+git16
+* libxt_owner: restore inversion support
+* option: fix ignored negation before implicit extension loading
+* build: fix installation of symlinks
+* build: fix absence of xml translator in IPv6-only builds
+- Drop merged patches
+
+-------------------------------------------------------------------
+Sun May 29 23:56:33 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.11
+* stricter option parsing
+* support for the current xt_SET target as contained in 2.6.39
+* support for the new xt_devgroup match
+* support for the new xt_AUDIT target
+* support for a new NFQUEUE bypass option, allowing to bypass the
+ queue if no userspace listener is present
+* a new iptables option "-C" to check for existence of a rules
+- Fixes on top
+* allow negation of --uid-owner/--gid-owner again
+* fix installation of symlinks
+- Run spec-beautifier
+
+-------------------------------------------------------------------
+Fri Oct 29 17:56:48 UTC 2010 - jengelh@medozas.de
+
+- Update to new upstream release 1.4.10
++++ 557 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.1:Update/.iptables.3448.new/iptables.changes
New:
----
iptables-1.4.21.tar.bz2
iptables-1.4.21.tar.bz2.sig
iptables-apply-mktemp-fix.patch
iptables-batch.patch
iptables.changes
iptables.keyring
iptables.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ iptables.spec ++++++
#
# spec file for package iptables
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: iptables
%define lname_ipq libipq0
%define lname_iptc libiptc0
%define lname_xt libxtables10
Version: 1.4.21
Release: 0
Summary: IP Packet Filter Administration utilities
License: GPL-2.0 and Artistic-2.0
Group: Productivity/Networking/Security
Url: http://netfilter.org/projects/iptables/
#Git-Web: http://git.netfilter.org/
#Git-Clone: git://git.netfilter.org/iptables
#DL-URL: http://netfilter.org/projects/iptables/files/
Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
Source3: %name.keyring
Patch3: iptables-batch.patch
Patch4: iptables-apply-mktemp-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?fedora_version} || 0%{?centos_version}
BuildRequires: sgml-common
%endif
#git#BuildRequires: autoconf, automake >= 1.10
BuildRequires: libtool
BuildRequires: pkgconfig >= 0.21
%if 0%{?suse_version}
BuildRequires: fdupes
%endif
%if 0%{?suse_version} >= 1140 || 0%{?fedora_version}
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
%endif
%if (0%{?suse_version} && 0%{?suse_version} <= 1110) || 0%{?centos_version} || 0%{?redhat_version}
BuildRequires: libnetfilter_conntrack-devel >= 1.0.4
BuildRequires: libnfnetlink-devel >= 1.0.0
%endif
Requires: xtables-plugins = %version
%description
iptables is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel. This version requires kernel
3.0 or newer.
%package -n xtables-plugins
Summary: Match and Target Extension plugins for iptables
Group: Productivity/Networking/Security
Conflicts: iptables < 1.4.18
%description -n xtables-plugins
Match and Target Extension plugins for iptables.
%package -n %lname_ipq
Summary: Library to interface with the (old) ip_queue kernel mechanism
Group: System/Libraries
%description -n %lname_ipq
The Netfilter project provides a mechanism (ip_queue) for passing
packets out of the stack for queueing to userspace, then receiving
these packets back into the kernel with a verdict specifying what to
do with the packets (such as ACCEPT or DROP). These packets may also
be modified in userspace prior to reinjection back into the kernel.
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
%package -n libipq-devel
Summary: Development files for the ip_queue kernel mechanism
Group: Development/Libraries/C and C++
Requires: %lname_ipq = %version
%description -n libipq-devel
The Netfilter project provides a mechanism (ip_queue) for passing
packets out of the stack for queueing to userspace, then receiving
these packets back into the kernel with a verdict specifying what to
do with the packets (such as ACCEPT or DROP). These packets may also
be modified in userspace prior to reinjection back into the kernel.
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
%package -n %lname_iptc
Summary: Library for low-level ruleset generation and parsing
Group: System/Libraries
%description -n %lname_iptc
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel.
%package -n libiptc-devel
Summary: Development files for libiptc, a packet filter ruleset library
Group: Development/Libraries/C and C++
Requires: %lname_iptc = %version
%description -n libiptc-devel
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel.
%package -n %lname_xt
Summary: iptables extension interface
Group: System/Libraries
%description -n %lname_xt
This library contains all the iptables code shared between iptables,
ip6tables, their extensions, and for external integration for e.g.
iproute2's m_xt.
%package -n libxtables-devel
Summary: Libraries, Headers and Development Man Pages for iptables
Group: Development/Libraries/C and C++
Requires: %lname_xt = %version
%description -n libxtables-devel
This library contains all the iptables code shared between iptables,
ip6tables, their extensions, and for external integration for e.g.
Link your extension (iptables plugins) with $(pkg-config xtables
--libs) and place the plugin in the directory given by $(pkg-config
xtables --variable=xtlibdir).
%prep
%setup -q
%patch -P 3 -P 4 -p1
%build
# We have the iptables-batch patch, so always regenerate.
if true || [ ! -e configure ]; then
./autogen.sh;
fi
# bnc#561793 - do not include unclean module in iptables manpage
rm -f extensions/libipt_unclean.man
# includedir is overriden on purpose to detect projects that
# fail to include libxtables_CFLAGS
%configure --includedir="%_includedir/pkg/%name" --enable-libipq
make %{?_smp_mflags}
%install
make DESTDIR=%buildroot install
# iptables-apply is not installed by upstream Makefile
install -m0755 iptables/iptables-apply %buildroot%_sbindir/
install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
rm -f "%buildroot/%_libdir"/*.la;
%if 0%{?suse_version}
%fdupes %buildroot/%_prefix
%endif
%post -n %lname_ipq -p /sbin/ldconfig
%postun -n %lname_ipq -p /sbin/ldconfig
%post -n %lname_iptc -p /sbin/ldconfig
%postun -n %lname_iptc -p /sbin/ldconfig
%post -n %lname_xt -p /sbin/ldconfig
%postun -n %lname_xt -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc COPYING
%doc %_mandir/man1/ip*
%doc %_mandir/man8/ip*
%_bindir/iptables-xml
%_sbindir/iptables
%_sbindir/iptables-apply
%_sbindir/iptables-batch
%_sbindir/iptables-restore
%_sbindir/iptables-save
%_sbindir/ip6tables
%_sbindir/ip6tables-batch
%_sbindir/ip6tables-restore
%_sbindir/ip6tables-save
%_sbindir/xtables-multi
%files -n xtables-plugins
%defattr(-,root,root)
%_libdir/xtables/
%_sbindir/nfnl_osf
%_datadir/xtables/
%files -n %lname_ipq
%defattr(-,root,root)
%_libdir/libipq.so.0*
%files -n libipq-devel
%defattr(-,root,root)
%doc %_mandir/man3/libipq*
%doc %_mandir/man3/ipq*
%dir %_includedir/pkg/%name/
%_includedir/pkg/%name/libipq*
%_libdir/libipq.so
%_libdir/pkgconfig/libipq.pc
%files -n %lname_iptc
%defattr(-,root,root)
%_libdir/libiptc.so.0*
%_libdir/libip4tc.so.0*
%_libdir/libip6tc.so.0*
%files -n libiptc-devel
%defattr(-,root,root)
%dir %_includedir/pkg/
%dir %_includedir/pkg/%name/
%_includedir/pkg/%name/libiptc*
%_libdir/libip*tc.so
%_libdir/pkgconfig/libip*tc.pc
%files -n %lname_xt
%defattr(-,root,root)
%_libdir/libxtables.so.10*
%files -n libxtables-devel
%defattr(-,root,root)
%dir %_includedir/pkg/
%dir %_includedir/pkg/%name/
%_includedir/pkg/%name/xtables.h
%_includedir/pkg/%name/xtables-version.h
%_libdir/libxtables.so
%_libdir/pkgconfig/xtables.pc
%changelog
++++++ iptables-apply-mktemp-fix.patch ++++++
Index: iptables-1.4.12.1+16/iptables/iptables-apply
===================================================================
--- iptables-1.4.12.1+16.orig/iptables/iptables-apply
+++ iptables-1.4.12.1+16/iptables/iptables-apply
@@ -111,7 +111,7 @@ if [[ ! -r "$FILE" ]]; then
exit 2
fi
-COMMANDS=(tempfile "$SAVE" "$RESTORE")
+COMMANDS=(mktemp "$SAVE" "$RESTORE")
for cmd in "${COMMANDS[@]}"; do
if ! command -v $cmd >/dev/null; then
@@ -122,7 +122,7 @@ done
umask 0700
-TMPFILE=$(tempfile -p iptap)
+TMPFILE=$(mktemp)
trap "rm -f $TMPFILE" EXIT 1 2 3 4 5 6 7 8 10 11 12 13 14 15
if ! "$SAVE" >"$TMPFILE"; then
++++++ iptables-batch.patch ++++++
---
iptables/Makefile.am | 10
iptables/iptables-batch.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 477 insertions(+), 1 deletion(-)
Index: iptables-1.4.20/iptables/Makefile.am
===================================================================
--- iptables-1.4.20.orig/iptables/Makefile.am
+++ iptables-1.4.20/iptables/Makefile.am
@@ -24,7 +24,15 @@ endif
xtables_multi_SOURCES += xshared.c
xtables_multi_LDADD += ../libxtables/libxtables.la -lm
-sbin_PROGRAMS = xtables-multi
+iptables_batch_SOURCES = iptables-batch.c iptables.c xshared.c
+iptables_batch_LDFLAGS = ${xtables_multi_LDFLAGS}
+iptables_batch_LDADD = ${xtables_multi_LDADD}
+ip6tables_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c
+ip6tables_batch_CFLAGS = ${AM_CFLAGS} -DIP6T
+ip6tables_batch_LDFLAGS = ${xtables_multi_LDFLAGS}
+ip6tables_batch_LDADD = ${xtables_multi_LDADD}
+
+sbin_PROGRAMS = xtables-multi iptables-batch ip6tables-batch
man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
ip6tables-save.8 iptables-extensions.8
Index: iptables-1.4.20/iptables/iptables-batch.c
===================================================================
--- /dev/null
+++ iptables-1.4.20/iptables/iptables-batch.c
@@ -0,0 +1,468 @@
+/*
+ * Author: Ludwig Nussel