rpms/iptables/F-10 iptables-1.4.3.1-cloexec.patch, NONE, 1.1 iptables.spec, 1.72, 1.73 sources, 1.23, 1.24 iptables-1.3.8-typo_latter.patch, 1.1, NONE iptables-1.4.1-nf_ext_init.patch, 1.1, NONE iptables-1.4.1.1-cloexec.patch, 1.1, NONE iptables-1.4.1.1-tos_value_mask.patch, 1.1, NONE

Thomas Woerner twoerner at fedoraproject.org
Wed Jun 3 09:14:43 UTC 2009 

Author: twoerner

Update of /cvs/pkgs/rpms/iptables/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3254

Modified Files:
	iptables.spec sources 
Added Files:
	iptables-1.4.3.1-cloexec.patch 
Removed Files:
	iptables-1.3.8-typo_latter.patch 
	iptables-1.4.1-nf_ext_init.patch 
	iptables-1.4.1.1-cloexec.patch 
	iptables-1.4.1.1-tos_value_mask.patch 
Log Message:
- Latest version from rawhide, see changelog


iptables-1.4.3.1-cloexec.patch:

--- NEW FILE iptables-1.4.3.1-cloexec.patch ---
diff -up iptables-1.4.3.1/extensions/libipt_realm.c.cloexec iptables-1.4.3.1/extensions/libipt_realm.c
--- iptables-1.4.3.1/extensions/libipt_realm.c.cloexec	2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/extensions/libipt_realm.c	2009-03-30 14:23:11.000000000 +0200
@@ -49,7 +49,7 @@ static void load_realms(void)
 	int id;
 	struct realmname *oldnm = NULL, *newnm = NULL;
 
-	fil = fopen(rfnm, "r");
+	fil = fopen(rfnm, "re");
 	if (!fil) {
 		rdberr = 1;
 		return;
@@ -248,7 +248,7 @@ static struct xtables_match realm_mt_reg
 	.extra_opts	= realm_opts,
 };
 
-void _init(void)
+void __attribute((constructor)) nf_ext_init(void)
 {
 	xtables_register_match(&realm_mt_reg);
 }
diff -up iptables-1.4.3.1/ip6tables-restore.c.cloexec iptables-1.4.3.1/ip6tables-restore.c
--- iptables-1.4.3.1/ip6tables-restore.c.cloexec	2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/ip6tables-restore.c	2009-03-30 14:23:11.000000000 +0200
@@ -169,7 +169,7 @@ int main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.3.1/ip6tables-save.c.cloexec iptables-1.4.3.1/ip6tables-save.c
--- iptables-1.4.3.1/ip6tables-save.c.cloexec	2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/ip6tables-save.c	2009-03-30 14:24:11.000000000 +0200
@@ -41,7 +41,7 @@ static int for_each_table(int (*func)(co
 	FILE *procfile = NULL;
 	char tablename[IP6T_TABLE_MAXNAMELEN+1];
 
-	procfile = fopen("/proc/net/ip6_tables_names", "r");
+	procfile = fopen("/proc/net/ip6_tables_names", "re");
 	if (!procfile)
 		return ret;
 
diff -up iptables-1.4.3.1/iptables-restore.c.cloexec iptables-1.4.3.1/iptables-restore.c
--- iptables-1.4.3.1/iptables-restore.c.cloexec	2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/iptables-restore.c	2009-03-30 14:23:11.000000000 +0200
@@ -175,7 +175,7 @@ main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.3.1/iptables-save.c.cloexec iptables-1.4.3.1/iptables-save.c
--- iptables-1.4.3.1/iptables-save.c.cloexec	2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/iptables-save.c	2009-03-30 14:24:33.000000000 +0200
@@ -39,7 +39,7 @@ static int for_each_table(int (*func)(co
 	FILE *procfile = NULL;
 	char tablename[IPT_TABLE_MAXNAMELEN+1];
 
-	procfile = fopen("/proc/net/ip_tables_names", "r");
+	procfile = fopen("/proc/net/ip_tables_names", "re");
 	if (!procfile)
 		return ret;
 
diff -up iptables-1.4.3.1/iptables-xml.c.cloexec iptables-1.4.3.1/iptables-xml.c
--- iptables-1.4.3.1/iptables-xml.c.cloexec	2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/iptables-xml.c	2009-03-30 14:23:11.000000000 +0200
@@ -653,7 +653,7 @@ main(int argc, char *argv[])
 	}
 
 	if (optind == argc - 1) {
-		in = fopen(argv[optind], "r");
+		in = fopen(argv[optind], "re");
 		if (!in) {
 			fprintf(stderr, "Can't open %s: %s", argv[optind],
 				strerror(errno));
diff -up iptables-1.4.3.1/xtables.c.cloexec iptables-1.4.3.1/xtables.c
--- iptables-1.4.3.1/xtables.c.cloexec	2009-03-24 13:08:24.000000000 +0100
+++ iptables-1.4.3.1/xtables.c	2009-03-30 14:25:51.000000000 +0200
@@ -280,6 +280,11 @@ static char *get_modprobe(void)
 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
 	if (procfile < 0)
 		return NULL;
+ 	if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
+ 		fprintf(stderr, "Could not set close on exec: %s\n",
+ 			strerror(errno));
+ 		exit(1);
+ 	}
 
 	ret = (char *) malloc(PROCFILE_BUFSIZ);
 	if (ret) {
@@ -672,6 +677,12 @@ static int compatible_revision(const cha
 		exit(1);
 	}
 
+	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+		fprintf(stderr, "Could not set close on exec: %s\n",
+			strerror(errno));
+		exit(1);
+	}
+
 	xtables_load_ko(xtables_modprobe_program, true);
 
 	strcpy(rev.name, name);


Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-10/iptables.spec,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -p -r1.72 -r1.73
--- iptables.spec	22 Jul 2008 15:37:03 -0000	1.72
+++ iptables.spec	3 Jun 2009 09:14:13 -0000	1.73
@@ -1,18 +1,15 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.4.1.1
-Release: 2%{?dist}
+Version: 1.4.3.2
+Release: 1%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
-Patch4: iptables-1.3.8-typo_latter.patch
-Patch5: iptables-1.4.1.1-cloexec.patch
-Patch8: iptables-1.4.1-nf_ext_init.patch
-Patch9: iptables-1.4.1.1-tos_value_mask.patch
+Patch5: iptables-1.4.3.1-cloexec.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-License: GPLv2
+License: GPL+
 BuildRequires: libselinux-devel
 BuildRequires: kernel-headers
 Conflicts: kernel < 2.4.20
@@ -44,6 +41,7 @@ network and you are using ipv6.
 Summary: Development package for iptables
 Group: System Environment/Base
 Requires: %{name} = %{version}-%{release}
+Requires: pkgconfig
 
 %description devel
 iptables development headers and libraries.
@@ -53,43 +51,53 @@ stable and may change with every new ver
 
 %prep
 %setup -q
-%patch4 -p1 -b .typo_latter
 %patch5 -p1 -b .cloexec
-%patch8 -p1 -b .nf_ext_init
-%patch9 -p1 -b .tos_value_mask
-
-# fix constructor names, see also nf_ext_init patch
-perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
-perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
 
 %build
+CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
 ./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+
+# do not use rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
 make
 
 %install
 rm -rf %{buildroot}
 
 make install DESTDIR=%{buildroot} 
+# remove la file(s)
+rm -f %{buildroot}/%{_libdir}/*.la
 
-# install iptc devel library
-install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir}
+# install ip*tables.h header files
+install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/
+install -d -m 755 %{buildroot}%{_includedir}/iptables
+install -m 644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables/
+
+# install ipulog header file
+install -d -m 755 %{buildroot}%{_includedir}/libipulog/
+install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/
 
 # install init scripts and configuration files
-install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
-install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
+install -d -m 755 %{buildroot}/etc/rc.d/init.d
+install -c -m 755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/iptables
 sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
-install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig
-install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
+install -c -m 755 ip6tables.init %{buildroot}/etc/rc.d/init.d/ip6tables
+install -d -m 755 %{buildroot}/etc/sysconfig
+install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config
 sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
-install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
+install -c -m 755 ip6tables-config %{buildroot}/etc/sysconfig/ip6tables-config
 
 %clean
-rm -rf $RPM_BUILD_ROOT 
+rm -rf %{buildroot}
 
 %post
+/sbin/ldconfig
 /sbin/chkconfig --add iptables
 
+%postun -p /sbin/ldconfig
+
 %preun
 if [ "$1" = 0 ]; then
 	/sbin/chkconfig --del iptables
@@ -113,6 +121,8 @@ fi
 %dir /%{_lib}/xtables
 /%{_lib}/xtables/libipt*
 /%{_lib}/xtables/libxt*
+%{_libdir}/libiptc.so.*
+%{_libdir}/libxtables.so.*
 
 %files ipv6
 %defattr(-,root,root)
@@ -125,14 +135,47 @@ fi
 
 %files devel
 %defattr(-,root,root)
+%dir %{_includedir}/iptables
+%{_includedir}/iptables/*.h
 %{_includedir}/*.h
 %dir %{_includedir}/libiptc
 %{_includedir}/libiptc/*.h
+%dir %{_includedir}/libipulog
+%{_includedir}/libipulog/*.h
 %{_libdir}/libipq.a
-%{_libdir}/libiptc.a
 %{_mandir}/man3/*
+%{_libdir}/libiptc.so
+%{_libdir}/libxtables.so
+%{_libdir}/pkgconfig/libiptc.pc
+%{_libdir}/pkgconfig/xtables.pc
 
 %changelog
+* Wed Apr 15 2009 Thomas Woerner <twoerner at redhat.com> 1.4.3.2-1
+- new version 1.4.3.2
+- also install iptables/internal.h, needed for iptables.h and ip6tables.h
+
+* Mon Mar 30 2009 Thomas Woerner <twoerner at redhat.com> 1.4.3.1-1
+- new version 1.4.3.1
+  - libiptc is now shared
+  - supports all new features of the 2.6.29 kernel
+- dropped typo_latter patch
+
+* Thu Mar  5 2009 Thomas Woerner <twoerner at redhat.com> 1.4.2-3
+- still more review fixes (rhbz#225906)
+  - consistent macro usage
+  - use sed instead of perl for rpath removal
+  - use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for libiptc*)
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb 20 2009 Thomas Woerner <twoerner at redhat.com> 1.4.2-1
+- new version 1.4.2
+- removed TOS value mask patch (upstream)
+- more review fixes (rhbz#225906)
+- install all header files (rhbz#462207)
+- dropped nf_ext_init (rhbz#472548)
+
 * Tue Jul 22 2008 Thomas Woerner <twoerner at redhat.com> 1.4.1.1-2
 - fixed TOS value mask problem (rhbz#456244) (upstream patch)
 - two more cloexec fixes


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/F-10/sources,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -p -r1.23 -r1.24
--- sources	1 Jul 2008 09:57:56 -0000	1.23
+++ sources	3 Jun 2009 09:14:13 -0000	1.24
@@ -1 +1 @@
-723fa88d8a0915e184f99e03e9bf06cb  iptables-1.4.1.1.tar.bz2
+545698693b636cfc844aafc6729fd48a  iptables-1.4.3.2.tar.bz2


--- iptables-1.3.8-typo_latter.patch DELETED ---


--- iptables-1.4.1-nf_ext_init.patch DELETED ---


--- iptables-1.4.1.1-cloexec.patch DELETED ---


--- iptables-1.4.1.1-tos_value_mask.patch DELETED ---

More information about the fedora-extras-commits mailing list