Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package iptables for openSUSE:Factory
checked in at 2022-05-22 20:26:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/iptables (Old)
and /work/SRC/openSUSE:Factory/.iptables.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iptables"
Sun May 22 20:26:26 2022 rev:78 rq:978320 version:1.8.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/iptables/iptables.changes 2022-01-03
10:49:09.955574623 +0100
+++ /work/SRC/openSUSE:Factory/.iptables.new.1538/iptables.changes
2022-05-22 20:26:35.766190688 +0200
@@ -1,0 +2,14 @@
+Fri May 13 15:39:33 UTC 2022 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 1.8.8
+ * Add iptables-translate support for: sctp match's
+ --chunk-types option, connlimit match, multiport match's
+ --ports option, and the tcpmss match.
+ * Reject setuid executables in libxtables for safety reasons
+ * Extended arptables-nft with -C, -I, -R, -S cmomands and the
+ "-c N,M" counter syntax.
+ * Debug output in iptables-restore (all variants), iptables-nft
+ and ebtables-nft when specifying -v multiple times
+ * Improved performance of iptables-save and -restore
+
+-------------------------------------------------------------------
Old:
----
iptables-1.8.7.tar.bz2
iptables-1.8.7.tar.bz2.sig
New:
----
iptables-1.8.8.tar.bz2
iptables-1.8.8.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ iptables.spec ++++++
--- /var/tmp/diff_new_pack.zbmaW1/_old 2022-05-22 20:26:36.314191495 +0200
+++ /var/tmp/diff_new_pack.zbmaW1/_new 2022-05-22 20:26:36.318191501 +0200
@@ -1,7 +1,7 @@
#
# spec file for package iptables
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
%endif
Name: iptables
-Version: 1.8.7
+Version: 1.8.8
Release: 0
Summary: IP packet filter administration utilities
License: Artistic-2.0 AND GPL-2.0-only
++++++ iptables-1.8.7.tar.bz2 -> iptables-1.8.8.tar.bz2 ++++++
++++ 18449 lines of diff (skipped)
++++++ iptables-batch-lock.patch ++++++
--- /var/tmp/diff_new_pack.zbmaW1/_old 2022-05-22 20:26:36.842192272 +0200
+++ /var/tmp/diff_new_pack.zbmaW1/_new 2022-05-22 20:26:36.846192279 +0200
@@ -10,10 +10,10 @@
iptables/xshared.c | 8 +++++++-
2 files changed, 28 insertions(+), 1 deletion(-)
-Index: iptables-1.8.6/iptables/iptables-batch.c
+Index: iptables-1.8.8/iptables/iptables-batch.c
===================================================================
---- iptables-1.8.6.orig/iptables/iptables-batch.c
-+++ iptables-1.8.6/iptables/iptables-batch.c
+--- iptables-1.8.8.orig/iptables/iptables-batch.c
++++ iptables-1.8.8/iptables/iptables-batch.c
@@ -403,6 +403,27 @@ main(int argc, char *argv[])
tables[3].name = "raw";
tables[3].handle = NULL;
@@ -27,7 +27,7 @@
+ * call sequence needs to be locked until the commit is performed.
+ *
+ * Sadly, the xtables_lock() implementation is not very cooperative.
-+ * There is no unlock() equivalent. The lock file descriptor is smiply
++ * There is no unlock() equivalent. The lock file descriptor is simply
+ * left open until the process exits. Thus, we would have deadlocks
+ * when calling do_command{4,6} the second time.
+ *
@@ -42,35 +42,35 @@
while((r = getline(&iline, &llen, fp)) != -1)
{
-Index: iptables-1.8.6/iptables/xshared.c
+Index: iptables-1.8.8/iptables/xshared.c
===================================================================
---- iptables-1.8.6.orig/iptables/xshared.c
-+++ iptables-1.8.6/iptables/xshared.c
-@@ -248,10 +248,14 @@ void xs_init_match(struct xtables_match
+--- iptables-1.8.8.orig/iptables/xshared.c
++++ iptables-1.8.8/iptables/xshared.c
+@@ -262,10 +262,14 @@ static void alarm_ignore(int i) {
- static int xtables_lock(int wait, struct timeval *wait_interval)
+ static int xtables_lock(int wait)
{
+ static bool already_locked = false;
- struct timeval time_left, wait_time;
+ struct sigaction sigact_alarm;
const char *lock_file;
- int fd, i = 0;
+ int fd;
+ if (already_locked)
+ /* Avoid deadlocks, see iptables-batch.c */
+ return true;
- time_left.tv_sec = wait;
- time_left.tv_usec = 0;
-
-@@ -267,8 +271,10 @@ static int xtables_lock(int wait, struct
+ lock_file = getenv("XTABLES_LOCKFILE");
+ if (lock_file == NULL || lock_file[0] == '\0')
+ lock_file = XT_LOCK_NAME;
+@@ -285,8 +289,10 @@ static int xtables_lock(int wait)
+ alarm(wait);
}
- if (wait == -1) {
-- if (flock(fd, LOCK_EX) == 0)
-+ if (flock(fd, LOCK_EX) == 0) {
-+ already_locked = true;
- return fd;
-+ }
+- if (flock(fd, LOCK_EX) == 0)
++ if (flock(fd, LOCK_EX) == 0) {
++ already_locked = true;
+ return fd;
++ }
- fprintf(stderr, "Can't lock %s: %s\n", lock_file,
- strerror(errno));
+ if (errno == EINTR) {
+ errno = EWOULDBLOCK;
