rpms/iptables/F-9 iptables-1.4.3.1-cloexec.patch, NONE, 1.1 iptables.spec, 1.72, 1.73 sources, 1.23, 1.24 iptables-1.3.8-typo_latter.patch, 1.1, NONE iptables-1.4.1-nf_ext_init.patch, 1.1, NONE iptables-1.4.1.1-cloexec.patch, 1.1, NONE iptables-1.4.1.1-tos_value_mask.patch, 1.1, NONE
Thomas Woerner
twoerner at fedoraproject.org
Wed Jun 3 09:09:16 UTC 2009
- Previous message (by thread): [pkgdb] brasero: mschwendt has requested watchcommits
- Next message (by thread): rpms/iptables/F-10 iptables-1.4.3.1-cloexec.patch, NONE, 1.1 iptables.spec, 1.72, 1.73 sources, 1.23, 1.24 iptables-1.3.8-typo_latter.patch, 1.1, NONE iptables-1.4.1-nf_ext_init.patch, 1.1, NONE iptables-1.4.1.1-cloexec.patch, 1.1, NONE iptables-1.4.1.1-tos_value_mask.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: twoerner
Update of /cvs/pkgs/rpms/iptables/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1672
Modified Files:
iptables.spec sources
Added Files:
iptables-1.4.3.1-cloexec.patch
Removed Files:
iptables-1.3.8-typo_latter.patch
iptables-1.4.1-nf_ext_init.patch
iptables-1.4.1.1-cloexec.patch
iptables-1.4.1.1-tos_value_mask.patch
Log Message:
- Latest versions from rawhide, see changelog
iptables-1.4.3.1-cloexec.patch:
--- NEW FILE iptables-1.4.3.1-cloexec.patch ---
diff -up iptables-1.4.3.1/extensions/libipt_realm.c.cloexec iptables-1.4.3.1/extensions/libipt_realm.c
--- iptables-1.4.3.1/extensions/libipt_realm.c.cloexec 2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/extensions/libipt_realm.c 2009-03-30 14:23:11.000000000 +0200
@@ -49,7 +49,7 @@ static void load_realms(void)
int id;
struct realmname *oldnm = NULL, *newnm = NULL;
- fil = fopen(rfnm, "r");
+ fil = fopen(rfnm, "re");
if (!fil) {
rdberr = 1;
return;
@@ -248,7 +248,7 @@ static struct xtables_match realm_mt_reg
.extra_opts = realm_opts,
};
-void _init(void)
+void __attribute((constructor)) nf_ext_init(void)
{
xtables_register_match(&realm_mt_reg);
}
diff -up iptables-1.4.3.1/ip6tables-restore.c.cloexec iptables-1.4.3.1/ip6tables-restore.c
--- iptables-1.4.3.1/ip6tables-restore.c.cloexec 2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/ip6tables-restore.c 2009-03-30 14:23:11.000000000 +0200
@@ -169,7 +169,7 @@ int main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff -up iptables-1.4.3.1/ip6tables-save.c.cloexec iptables-1.4.3.1/ip6tables-save.c
--- iptables-1.4.3.1/ip6tables-save.c.cloexec 2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/ip6tables-save.c 2009-03-30 14:24:11.000000000 +0200
@@ -41,7 +41,7 @@ static int for_each_table(int (*func)(co
FILE *procfile = NULL;
char tablename[IP6T_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip6_tables_names", "r");
+ procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
return ret;
diff -up iptables-1.4.3.1/iptables-restore.c.cloexec iptables-1.4.3.1/iptables-restore.c
--- iptables-1.4.3.1/iptables-restore.c.cloexec 2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/iptables-restore.c 2009-03-30 14:23:11.000000000 +0200
@@ -175,7 +175,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff -up iptables-1.4.3.1/iptables-save.c.cloexec iptables-1.4.3.1/iptables-save.c
--- iptables-1.4.3.1/iptables-save.c.cloexec 2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/iptables-save.c 2009-03-30 14:24:33.000000000 +0200
@@ -39,7 +39,7 @@ static int for_each_table(int (*func)(co
FILE *procfile = NULL;
char tablename[IPT_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip_tables_names", "r");
+ procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
return ret;
diff -up iptables-1.4.3.1/iptables-xml.c.cloexec iptables-1.4.3.1/iptables-xml.c
--- iptables-1.4.3.1/iptables-xml.c.cloexec 2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/iptables-xml.c 2009-03-30 14:23:11.000000000 +0200
@@ -653,7 +653,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s", argv[optind],
strerror(errno));
diff -up iptables-1.4.3.1/xtables.c.cloexec iptables-1.4.3.1/xtables.c
--- iptables-1.4.3.1/xtables.c.cloexec 2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/xtables.c 2009-03-30 14:25:51.000000000 +0200
@@ -280,6 +280,11 @@ static char *get_modprobe(void)
procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
if (procfile < 0)
return NULL;
+ if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
ret = (char *) malloc(PROCFILE_BUFSIZ);
if (ret) {
@@ -672,6 +677,12 @@ static int compatible_revision(const cha
exit(1);
}
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
xtables_load_ko(xtables_modprobe_program, true);
strcpy(rev.name, name);
Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-9/iptables.spec,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -p -r1.72 -r1.73
--- iptables.spec 23 Jul 2008 10:30:29 -0000 1.72
+++ iptables.spec 3 Jun 2009 09:08:45 -0000 1.73
@@ -1,18 +1,15 @@
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.4.1.1
-Release: 2%{?dist}
+Version: 1.4.3.2
+Release: 1%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
-Patch4: iptables-1.3.8-typo_latter.patch
-Patch5: iptables-1.4.1.1-cloexec.patch
-Patch8: iptables-1.4.1-nf_ext_init.patch
-Patch9: iptables-1.4.1.1-tos_value_mask.patch
+Patch5: iptables-1.4.3.1-cloexec.patch
Group: System Environment/Base
URL: http://www.netfilter.org/
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-License: GPLv2
+License: GPL+
BuildRequires: libselinux-devel
BuildRequires: kernel-headers
Conflicts: kernel < 2.4.20
@@ -44,6 +41,7 @@ network and you are using ipv6.
Summary: Development package for iptables
Group: System Environment/Base
Requires: %{name} = %{version}-%{release}
+Requires: pkgconfig
%description devel
iptables development headers and libraries.
@@ -53,43 +51,53 @@ stable and may change with every new ver
%prep
%setup -q
-%patch4 -p1 -b .typo_latter
%patch5 -p1 -b .cloexec
-%patch8 -p1 -b .nf_ext_init
-%patch9 -p1 -b .tos_value_mask
-
-# fix constructor names, see also nf_ext_init patch
-perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
-perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
%build
+CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+
+# do not use rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
make
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
+# remove la file(s)
+rm -f %{buildroot}/%{_libdir}/*.la
-# install iptc devel library
-install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir}
+# install ip*tables.h header files
+install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/
+install -d -m 755 %{buildroot}%{_includedir}/iptables
+install -m 644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables/
+
+# install ipulog header file
+install -d -m 755 %{buildroot}%{_includedir}/libipulog/
+install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/
# install init scripts and configuration files
-install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
-install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
+install -d -m 755 %{buildroot}/etc/rc.d/init.d
+install -c -m 755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/iptables
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
-install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig
-install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
+install -c -m 755 ip6tables.init %{buildroot}/etc/rc.d/init.d/ip6tables
+install -d -m 755 %{buildroot}/etc/sysconfig
+install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
-install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
+install -c -m 755 ip6tables-config %{buildroot}/etc/sysconfig/ip6tables-config
%clean
-rm -rf $RPM_BUILD_ROOT
+rm -rf %{buildroot}
%post
+/sbin/ldconfig
/sbin/chkconfig --add iptables
+%postun -p /sbin/ldconfig
+
%preun
if [ "$1" = 0 ]; then
/sbin/chkconfig --del iptables
@@ -113,6 +121,8 @@ fi
%dir /%{_lib}/xtables
/%{_lib}/xtables/libipt*
/%{_lib}/xtables/libxt*
+%{_libdir}/libiptc.so.*
+%{_libdir}/libxtables.so.*
%files ipv6
%defattr(-,root,root)
@@ -125,14 +135,47 @@ fi
%files devel
%defattr(-,root,root)
+%dir %{_includedir}/iptables
+%{_includedir}/iptables/*.h
%{_includedir}/*.h
%dir %{_includedir}/libiptc
%{_includedir}/libiptc/*.h
+%dir %{_includedir}/libipulog
+%{_includedir}/libipulog/*.h
%{_libdir}/libipq.a
-%{_libdir}/libiptc.a
%{_mandir}/man3/*
+%{_libdir}/libiptc.so
+%{_libdir}/libxtables.so
+%{_libdir}/pkgconfig/libiptc.pc
+%{_libdir}/pkgconfig/xtables.pc
%changelog
+* Wed Apr 15 2009 Thomas Woerner <twoerner at redhat.com> 1.4.3.2-1
+- new version 1.4.3.2
+- also install iptables/internal.h, needed for iptables.h and ip6tables.h
+
+* Mon Mar 30 2009 Thomas Woerner <twoerner at redhat.com> 1.4.3.1-1
+- new version 1.4.3.1
+ - libiptc is now shared
+ - supports all new features of the 2.6.29 kernel
+- dropped typo_latter patch
+
+* Thu Mar 5 2009 Thomas Woerner <twoerner at redhat.com> 1.4.2-3
+- still more review fixes (rhbz#225906)
+ - consistent macro usage
+ - use sed instead of perl for rpath removal
+ - use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for libiptc*)
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb 20 2009 Thomas Woerner <twoerner at redhat.com> 1.4.2-1
+- new version 1.4.2
+- removed TOS value mask patch (upstream)
+- more review fixes (rhbz#225906)
+- install all header files (rhbz#462207)
+- dropped nf_ext_init (rhbz#472548)
+
* Tue Jul 22 2008 Thomas Woerner <twoerner at redhat.com> 1.4.1.1-2
- fixed TOS value mask problem (rhbz#456244) (upstream patch)
- two more cloexec fixes
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-9/sources,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -p -r1.23 -r1.24
--- sources 1 Jul 2008 09:59:04 -0000 1.23
+++ sources 3 Jun 2009 09:08:45 -0000 1.24
@@ -1 +1 @@
-723fa88d8a0915e184f99e03e9bf06cb iptables-1.4.1.1.tar.bz2
+545698693b636cfc844aafc6729fd48a iptables-1.4.3.2.tar.bz2
--- iptables-1.3.8-typo_latter.patch DELETED ---
--- iptables-1.4.1-nf_ext_init.patch DELETED ---
--- iptables-1.4.1.1-cloexec.patch DELETED ---
--- iptables-1.4.1.1-tos_value_mask.patch DELETED ---
- Previous message (by thread): [pkgdb] brasero: mschwendt has requested watchcommits
- Next message (by thread): rpms/iptables/F-10 iptables-1.4.3.1-cloexec.patch, NONE, 1.1 iptables.spec, 1.72, 1.73 sources, 1.23, 1.24 iptables-1.3.8-typo_latter.patch, 1.1, NONE iptables-1.4.1-nf_ext_init.patch, 1.1, NONE iptables-1.4.1.1-cloexec.patch, 1.1, NONE iptables-1.4.1.1-tos_value_mask.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list