commit iptables for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package iptables for openSUSE:Factory checked in at 2015-12-06 07:26:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/iptables (Old)
and /work/SRC/openSUSE:Factory/.iptables.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iptables"
Changes:
--------
--- /work/SRC/openSUSE:Factory/iptables/iptables.changes 2014-04-26 19:34:01.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.iptables.new/iptables.changes 2015-12-06 07:26:48.000000000 +0100
@@ -1,0 +2,15 @@
+Mon Nov 23 11:07:15 UTC 2015 - jengelh@inai.de
+
+- Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]
+* -m ah/esp/rt: restore matching "any SPI id" by default
+ (they unexpectedly defaulted to --spi 0 rather than --spi ALL)
+* -m cgroup: new module
+* -m dst: make ! --dst-len work
+* -m ipcomp: new module
+* -m socket: add --restore-skmark option
+* -j CT: add support for new zone options
+* -j REJECT: add missing ICMPv6 codes
+* -j TEE: make it possible to delete rules with -D ... -j
+* -j SNAT/DNAT: add randomize-full support
+
+-------------------------------------------------------------------
Old:
----
iptables-1.4.21.tar.bz2
iptables-1.4.21.tar.bz2.sig
New:
----
iptables-1.4.21.g367.9763347.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ iptables.spec ++++++
--- /var/tmp/diff_new_pack.Jx2mpF/_old 2015-12-06 07:26:49.000000000 +0100
+++ /var/tmp/diff_new_pack.Jx2mpF/_new 2015-12-06 07:26:49.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package iptables
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,22 +17,19 @@
Name: iptables
-%define lname_ipq libipq0
-%define lname_iptc libiptc0
-%define lname_xt libxtables10
-Version: 1.4.21
+Version: 1.6.0~
Release: 0
Summary: IP Packet Filter Administration utilities
License: GPL-2.0 and Artistic-2.0
Group: Productivity/Networking/Security
Url: http://netfilter.org/projects/iptables/
-#Freecode-URL: http://freecode.com/projects/iptables/
#Git-Web: http://git.netfilter.org/
#Git-Clone: git://git.netfilter.org/iptables
#DL-URL: http://netfilter.org/projects/iptables/files/
-Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
-Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
+#Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
+#Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
+Source: iptables-1.4.21.g367.9763347.tar.xz
Source3: %name.keyring
Patch3: iptables-batch.patch
Patch4: iptables-apply-mktemp-fix.patch
@@ -41,26 +38,37 @@
%if 0%{?fedora_version} || 0%{?centos_version}
BuildRequires: sgml-common
%endif
-#git#BuildRequires: autoconf, automake >= 1.10
-BuildRequires: libtool
-BuildRequires: pkgconfig >= 0.21
%if 0%{?suse_version}
BuildRequires: fdupes
%endif
-%if 0%{?suse_version} >= 1140 || 0%{?fedora_version}
+#git#BuildRequires: autoconf, automake >= 1.10
+BuildRequires: bison
+BuildRequires: flex >= 2.5.33
+BuildRequires: libtool
+BuildRequires: pkg-config >= 0.21
+BuildRequires: xz
+BuildRequires: pkgconfig(libmnl) >= 1.0
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
-%endif
-%if (0%{?suse_version} && 0%{?suse_version} <= 1110) || 0%{?centos_version} || 0%{?redhat_version}
-BuildRequires: libnetfilter_conntrack-devel >= 1.0.4
-BuildRequires: libnfnetlink-devel >= 1.0.0
-%endif
-Requires: xtables-plugins = %version
+BuildRequires: pkgconfig(libnftnl) >= 1.0.5
+Requires: xtables-plugins = %version-%release
%description
-iptables is used to set up, maintain, and inspect the tables of IP
-packet filter rules in the Linux kernel. This version requires kernel
-3.0 or newer.
+iptables is used to set up, maintain, and inspect the rule tables of
+the classic "ip6_tables" and "ip_tables" packet filters in the Linux
+kernel.
+
+%package nft
+Summary: NFT Packet Filter Administration utilties in the style of Xtables
+Group: Productivity/Networking/Security
+Requires: xtables-plugins = %version-%release
+Conflicts: ebtables
+
+%description nft
+The programs shipped in this subpackage behave like iptables on the
+command line, but instead edit the rules of the NFT packet filter in
+the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit
+all features.
%package -n xtables-plugins
Summary: Match and Target Extension plugins for iptables
@@ -70,11 +78,11 @@
%description -n xtables-plugins
Match and Target Extension plugins for iptables.
-%package -n %lname_ipq
+%package -n libipq0
Summary: Library to interface with the (old) ip_queue kernel mechanism
Group: System/Libraries
-%description -n %lname_ipq
+%description -n libipq0
The Netfilter project provides a mechanism (ip_queue) for passing
packets out of the stack for queueing to userspace, then receiving
these packets back into the kernel with a verdict specifying what to
@@ -86,7 +94,7 @@
%package -n libipq-devel
Summary: Development files for the ip_queue kernel mechanism
Group: Development/Libraries/C and C++
-Requires: %lname_ipq = %version
+Requires: libipq0 = %version
%description -n libipq-devel
The Netfilter project provides a mechanism (ip_queue) for passing
@@ -97,28 +105,28 @@
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
-%package -n %lname_iptc
+%package -n libiptc0
Summary: Library for low-level ruleset generation and parsing
Group: System/Libraries
-%description -n %lname_iptc
+%description -n libiptc0
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel.
%package -n libiptc-devel
Summary: Development files for libiptc, a packet filter ruleset library
Group: Development/Libraries/C and C++
-Requires: %lname_iptc = %version
+Requires: libiptc0 = %version
%description -n libiptc-devel
libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel.
-%package -n %lname_xt
+%package -n libxtables11
Summary: iptables extension interface
Group: System/Libraries
-%description -n %lname_xt
+%description -n libxtables11
This library contains all the iptables code shared between iptables,
ip6tables, their extensions, and for external integration for e.g.
iproute2's m_xt.
@@ -126,7 +134,7 @@
%package -n libxtables-devel
Summary: Libraries, Headers and Development Man Pages for iptables
Group: Development/Libraries/C and C++
-Requires: %lname_xt = %version
+Requires: libxtables11 = %version
%description -n libxtables-devel
This library contains all the iptables code shared between iptables,
@@ -137,7 +145,7 @@
xtables --variable=xtlibdir).
%prep
-%setup -q
+%setup -qn iptables
%patch -P 3 -P 4 -p1
%build
@@ -149,7 +157,7 @@
rm -f extensions/libipt_unclean.man
# includedir is overriden on purpose to detect projects that
# fail to include libxtables_CFLAGS
-%configure --includedir="%_includedir/pkg/%name" --enable-libipq
+%configure --includedir="%_includedir/%name" --enable-libipq
make %{?_smp_mflags}
%install
@@ -162,12 +170,12 @@
%fdupes %buildroot/%_prefix
%endif
-%post -n %lname_ipq -p /sbin/ldconfig
-%postun -n %lname_ipq -p /sbin/ldconfig
-%post -n %lname_iptc -p /sbin/ldconfig
-%postun -n %lname_iptc -p /sbin/ldconfig
-%post -n %lname_xt -p /sbin/ldconfig
-%postun -n %lname_xt -p /sbin/ldconfig
+%post -n libipq0 -p /sbin/ldconfig
+%postun -n libipq0 -p /sbin/ldconfig
+%post -n libiptc0 -p /sbin/ldconfig
+%postun -n libiptc0 -p /sbin/ldconfig
+%post -n libxtables11 -p /sbin/ldconfig
+%postun -n libxtables11 -p /sbin/ldconfig
%files
%defattr(-,root,root)
@@ -186,13 +194,18 @@
%_sbindir/ip6tables-save
%_sbindir/xtables-multi
+%files nft
+%defattr(-,root,root)
+%_sysconfdir/ethertypes
+%_sbindir/*-compat*
+
%files -n xtables-plugins
%defattr(-,root,root)
%_libdir/xtables/
%_sbindir/nfnl_osf
%_datadir/xtables/
-%files -n %lname_ipq
+%files -n libipq0
%defattr(-,root,root)
%_libdir/libipq.so.0*
@@ -200,12 +213,12 @@
%defattr(-,root,root)
%doc %_mandir/man3/libipq*
%doc %_mandir/man3/ipq*
-%dir %_includedir/pkg/%name/
-%_includedir/pkg/%name/libipq*
+%dir %_includedir/%name/
+%_includedir/%name/libipq*
%_libdir/libipq.so
%_libdir/pkgconfig/libipq.pc
-%files -n %lname_iptc
+%files -n libiptc0
%defattr(-,root,root)
%_libdir/libiptc.so.0*
%_libdir/libip4tc.so.0*
@@ -213,22 +226,20 @@
%files -n libiptc-devel
%defattr(-,root,root)
-%dir %_includedir/pkg/
-%dir %_includedir/pkg/%name/
-%_includedir/pkg/%name/libiptc*
+%dir %_includedir/%name/
+%_includedir/%name/libiptc*
%_libdir/libip*tc.so
%_libdir/pkgconfig/libip*tc.pc
-%files -n %lname_xt
+%files -n libxtables11
%defattr(-,root,root)
-%_libdir/libxtables.so.10*
+%_libdir/libxtables.so.11*
%files -n libxtables-devel
%defattr(-,root,root)
-%dir %_includedir/pkg/
-%dir %_includedir/pkg/%name/
-%_includedir/pkg/%name/xtables.h
-%_includedir/pkg/%name/xtables-version.h
+%dir %_includedir/%name/
+%_includedir/%name/xtables.h
+%_includedir/%name/xtables-version.h
%_libdir/libxtables.so
%_libdir/pkgconfig/xtables.pc
++++++ iptables-batch.patch ++++++
--- /var/tmp/diff_new_pack.Jx2mpF/_old 2015-12-06 07:26:49.000000000 +0100
+++ /var/tmp/diff_new_pack.Jx2mpF/_new 2015-12-06 07:26:49.000000000 +0100
@@ -1,17 +1,16 @@
---
- iptables/Makefile.am | 10
+ iptables/Makefile.am | 9
iptables/iptables-batch.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 477 insertions(+), 1 deletion(-)
+ 2 files changed, 477 insertions(+)
-Index: iptables-1.4.20/iptables/Makefile.am
+Index: iptables/iptables/Makefile.am
===================================================================
---- iptables-1.4.20.orig/iptables/Makefile.am
-+++ iptables-1.4.20/iptables/Makefile.am
-@@ -24,7 +24,15 @@ endif
- xtables_multi_SOURCES += xshared.c
- xtables_multi_LDADD += ../libxtables/libxtables.la -lm
+--- iptables.orig/iptables/Makefile.am
++++ iptables/iptables/Makefile.am
+@@ -48,7 +48,16 @@ xtables_compat_multi_SOURCES += xshared.
+ xtables_compat_multi_LDADD += ../libxtables/libxtables.la -lm
+ endif
--sbin_PROGRAMS = xtables-multi
+iptables_batch_SOURCES = iptables-batch.c iptables.c xshared.c
+iptables_batch_LDFLAGS = ${xtables_multi_LDFLAGS}
+iptables_batch_LDADD = ${xtables_multi_LDADD}
@@ -20,14 +19,15 @@
+ip6tables_batch_LDFLAGS = ${xtables_multi_LDFLAGS}
+ip6tables_batch_LDADD = ${xtables_multi_LDADD}
+
-+sbin_PROGRAMS = xtables-multi iptables-batch ip6tables-batch
- man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \
- iptables-xml.1 ip6tables.8 ip6tables-restore.8 \
- ip6tables-save.8 iptables-extensions.8
-Index: iptables-1.4.20/iptables/iptables-batch.c
+ sbin_PROGRAMS = xtables-multi
++sbin_PROGRAMS += iptables-batch ip6tables-batch
+ if ENABLE_NFTABLES
+ sbin_PROGRAMS += xtables-compat-multi
+ endif
+Index: iptables/iptables/iptables-batch.c
===================================================================
--- /dev/null
-+++ iptables-1.4.20/iptables/iptables-batch.c
++++ iptables/iptables/iptables-batch.c
@@ -0,0 +1,468 @@
+/*
+ * Author: Ludwig Nussel
participants (1)
-
root@hilbert.suse.de