Hello community, here is the log from the commit of package iptables for openSUSE:Factory checked in at 2018-10-01 08:15:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/iptables (Old) and /work/SRC/openSUSE:Factory/.iptables.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iptables" Mon Oct 1 08:15:04 2018 rev:63 rq:637189 version:1.8.0.g85 Changes: -------- --- /work/SRC/openSUSE:Factory/iptables/iptables.changes 2018-05-29 16:46:06.373438099 +0200 +++ /work/SRC/openSUSE:Factory/.iptables.new/iptables.changes 2018-10-01 08:15:06.502056759 +0200 @@ -1,0 +2,17 @@ +Tue Sep 4 08:08:22 UTC 2018 - Markos Chandras <[email protected]> + +- Add missing update-alternatives dependency to Requires(post) + section. If this is missing the package fails to install properly + when it is used as build dependency. + +------------------------------------------------------------------- +Mon Jul 9 09:38:13 UTC 2018 - [email protected] + +- Update to new upstream release 1.8.0 and snapshot 1.8.0.g75 + * The ipv6 "srh" match can now match previous/next/last sid + * CONNMARK target now supports bit-shifting for restore,set + and save-mark. + * DNAT now supports shifted portmap ranges. + * iptables now comes in two backends: legacy and nft. + +------------------------------------------------------------------- Old: ---- iptables-1.6.2.tar.bz2 iptables-1.6.2.tar.bz2.sig New: ---- _service iptables-1.8.0.g85.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ iptables.spec ++++++ --- /var/tmp/diff_new_pack.t6kea2/_old 2018-10-01 08:15:07.030056420 +0200 +++ /var/tmp/diff_new_pack.t6kea2/_new 2018-10-01 08:15:07.030056420 +0200 @@ -17,29 +17,25 @@ Name: iptables -Version: 1.6.2 +Version: 1.8.0.g85 Release: 0 Summary: IP packet filter administration utilities License: GPL-2.0-only AND Artistic-2.0 Group: Productivity/Networking/Security Url: http://netfilter.org/projects/iptables/ #Git-Clone: git://git.netfilter.org/iptables -Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 -Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig +#Source: http://netfilter.org/projects/iptables/files/%%name-%%version.tar.bz2 +#Source2: http://netfilter.org/projects/iptables/files/%%name-%%version.tar.bz2.sig +Source: %name-%version.tar.xz Source3: %name.keyring Patch3: iptables-batch.patch Patch4: iptables-apply-mktemp-fix.patch Patch5: iptables-batch-lock.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if 0%{?fedora_version} || 0%{?centos_version} -BuildRequires: sgml-common -%endif -%if 0%{?suse_version} -BuildRequires: fdupes -%endif #git#BuildRequires: autoconf, automake >= 1.10 BuildRequires: bison +BuildRequires: fdupes BuildRequires: flex >= 2.5.33 BuildRequires: libtool BuildRequires: pkg-config >= 0.21 @@ -48,24 +44,27 @@ BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 BuildRequires: pkgconfig(libnftnl) >= 1.0.5 +Requires: netcfg >= 11.6 Requires: xtables-plugins = %version-%release +Requires(post): update-alternatives +Requires(postun): update-alternatives %description iptables is used to set up, maintain, and inspect the rule tables of -the classic "ip6_tables" and "ip_tables" packet filters in the Linux -kernel. +the various Netfilter packet filter engines inside the Linux kernel. -%package nft -Summary: nft packet filter administration utilties in the style of Xtables +%package backend-nft +Summary: Metapackage to make nft the default backend for iptables/arptables/ebtables Group: Productivity/Networking/Security -Requires: netcfg >= 11.6 -Requires: xtables-plugins = %version-%release - -%description nft -The programs shipped in this subpackage behave like iptables on the -command line, but instead edits the rules of the nft packet filter in -the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit -the features. +Requires: iptables >= 1.8.0 +Requires(post): update-alternatives +Requires(postun): update-alternatives + +%description backend-nft +Installation of this package adds higher priority alternatives (cf. +update-alternatives) that makes the iptables, ip6tables, arptables +and ebtables commands point to a program variant that uses the +nftables kernel interface. %package -n xtables-plugins Summary: Match and target extension plugins for iptables @@ -103,12 +102,12 @@ ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! %package -n libiptc0 -Summary: Library for low-level ruleset generation and parsing +Summary: Library for the ip_tables low-level ruleset generation and parsing Group: System/Libraries %description -n libiptc0 libiptc ("iptables cache") is used to retrieve from the kernel, parse, -construct, and load new rulesets into the kernel. +construct, and load rulesets into the kernel. %package -n libiptc-devel Summary: Development files for libiptc, a packet filter ruleset library @@ -117,10 +116,10 @@ %description -n libiptc-devel libiptc ("iptables cache") is used to retrieve from the kernel, parse, -construct, and load new rulesets into the kernel. +construct, and load rulesets into the kernel. %package -n libxtables12 -Summary: iptables extension interface +Summary: The iptables plugin interface Group: System/Libraries %description -n libxtables12 @@ -147,26 +146,68 @@ %build # We have the iptables-batch patch, so always regenerate. -if true || [ ! -e configure ]; then - ./autogen.sh -fi +./autogen.sh # bnc#561793 - do not include unclean module in iptables manpage rm -f extensions/libipt_unclean.man # includedir is overriden on purpose to detect projects that # fail to include libxtables_CFLAGS %configure --includedir="%_includedir/%name" --enable-libipq -make %{?_smp_mflags} +%make_build V=1 %install -make DESTDIR=%buildroot install +%make_install +b="%buildroot" # iptables-apply is not installed by upstream Makefile -install -m0755 iptables/iptables-apply %buildroot%_sbindir/ -install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/ -rm -f "%buildroot/%_libdir"/*.la +install -m0755 iptables/iptables-apply "$b/%_sbindir/" +install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/" +rm -f "$b/%_libdir"/*.la +rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg + +for i in iptables iptables-restore iptables-save ip6tables ip6tables-restore \ + ip6tables-save arptables arptables-restore arptables-save ebtables \ + ebtables-restore ebtables-save; do + ln -fsv "/etc/alternatives/$i" "$b/%_sbindir/$i" +done %if 0%{?suse_version} %fdupes %buildroot/%_prefix %endif +%post +update-alternatives \ + --install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \ + --slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-legacy-multi" \ + --slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-legacy-multi" \ + --slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-legacy-multi" \ + --slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-legacy-multi" \ + --slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi" + +%postun +if test "$1" = 0; then + update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi" +fi + +%post backend-nft +update-alternatives \ + --install "%_sbindir/iptables" iptables "%_sbindir/xtables-nft-multi" 2 \ + --slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-nft-multi" +update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2 \ + --slave "%_sbindir/arptables-restore" arptables-restore "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/arptables-save" arptables-save "%_sbindir/xtables-nft-multi" +update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2 \ + --slave "%_sbindir/ebtables-restore" ebtables-restore "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/ebtables-save" ebtables-save "%_sbindir/xtables-nft-multi" + +%postun backend-nft +if test "$1" = 0; then + update-alternatives --remove iptables "%_sbindir/xtables-nft-multi" + update-alternatives --remove arptables "%_sbindir/xtables-nft-multi" + update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi" +fi + %post -n libipq0 -p /sbin/ldconfig %postun -n libipq0 -p /sbin/ldconfig %post -n libiptc0 -p /sbin/ldconfig @@ -175,42 +216,70 @@ %postun -n libxtables12 -p /sbin/ldconfig %files -%defattr(-,root,root) %license COPYING -%doc %_mandir/man1/ip* -%doc %_mandir/man8/ip* %_bindir/iptables-xml -%_sbindir/iptables %_sbindir/iptables-apply -%_sbindir/iptables-batch +%_sbindir/iptables-legacy* +%_sbindir/iptables-nft* +%_sbindir/iptables-*translate* +%_sbindir/ip6tables-legacy* +%_sbindir/ip6tables-nft* +%_sbindir/ip6tables-*translate* +%_sbindir/arptables-nft* +%_sbindir/ebtables-nft* +%_sbindir/xtables* +%_mandir/man1/*tables* +%_mandir/man8/*tables* +# backend-legacy (implicit) +%ghost %_sysconfdir/alternatives/iptables +%ghost %_sysconfdir/alternatives/iptables-restore +%ghost %_sysconfdir/alternatives/iptables-save +%ghost %_sysconfdir/alternatives/ip6tables +%ghost %_sysconfdir/alternatives/ip6tables-restore +%ghost %_sysconfdir/alternatives/ip6tables-save +%_sbindir/iptables %_sbindir/iptables-restore %_sbindir/iptables-save %_sbindir/ip6tables -%_sbindir/ip6tables-batch %_sbindir/ip6tables-restore %_sbindir/ip6tables-save -%_sbindir/xtables-multi -%files nft -%defattr(-,root,root) -# is provided by netcfg -%exclude %_sysconfdir/ethertypes -%_sbindir/*-compat* -%_sbindir/*-translate* +%files backend-nft +%ghost %_sysconfdir/alternatives/iptables +%ghost %_sysconfdir/alternatives/iptables-restore +%ghost %_sysconfdir/alternatives/iptables-save +%ghost %_sysconfdir/alternatives/ip6tables +%ghost %_sysconfdir/alternatives/ip6tables-restore +%ghost %_sysconfdir/alternatives/ip6tables-save +%ghost %_sysconfdir/alternatives/arptables +%ghost %_sysconfdir/alternatives/arptables-restore +%ghost %_sysconfdir/alternatives/arptables-save +%ghost %_sysconfdir/alternatives/ebtables +%ghost %_sysconfdir/alternatives/ebtables-restore +%ghost %_sysconfdir/alternatives/ebtables-save +%_sbindir/iptables +%_sbindir/iptables-restore +%_sbindir/iptables-save +%_sbindir/ip6tables +%_sbindir/ip6tables-restore +%_sbindir/ip6tables-save +%_sbindir/arptables +%_sbindir/arptables-restore +%_sbindir/arptables-save +%_sbindir/ebtables +%_sbindir/ebtables-restore +%_sbindir/ebtables-save %files -n xtables-plugins -%defattr(-,root,root) %_libdir/xtables/ %_sbindir/nfnl_osf %_mandir/man8/nfnl_osf.8* %_datadir/xtables/ %files -n libipq0 -%defattr(-,root,root) %_libdir/libipq.so.0* %files -n libipq-devel -%defattr(-,root,root) %doc %_mandir/man3/libipq* %doc %_mandir/man3/ipq* %dir %_includedir/%name/ @@ -219,24 +288,20 @@ %_libdir/pkgconfig/libipq.pc %files -n libiptc0 -%defattr(-,root,root) %_libdir/libiptc.so.0* %_libdir/libip4tc.so.0* %_libdir/libip6tc.so.0* %files -n libiptc-devel -%defattr(-,root,root) %dir %_includedir/%name/ %_includedir/%name/libiptc* %_libdir/libip*tc.so %_libdir/pkgconfig/libip*tc.pc %files -n libxtables12 -%defattr(-,root,root) %_libdir/libxtables.so.12* %files -n libxtables-devel -%defattr(-,root,root) %dir %_includedir/%name/ %_includedir/%name/xtables.h %_includedir/%name/xtables-version.h ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="scm">git</param> <param name="url">git://netfilter.org/iptables</param> <param name="revision">0800d9b46b377bc24f15af2c6ae22550b954b6e2</param> <param name="versionformat">1.8.0.g@TAG_OFFSET@</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> <param name="compression">xz</param> </service> <service name="set_version" mode="disabled"/> </services> ++++++ iptables-batch.patch ++++++ --- /var/tmp/diff_new_pack.t6kea2/_old 2018-10-01 08:15:07.066056396 +0200 +++ /var/tmp/diff_new_pack.t6kea2/_new 2018-10-01 08:15:07.066056396 +0200 @@ -3,31 +3,27 @@ iptables/iptables-batch.c | 468 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 477 insertions(+) -Index: iptables/iptables/Makefile.am +Index: iptables-1.8.0/iptables/Makefile.am =================================================================== ---- iptables.orig/iptables/Makefile.am -+++ iptables/iptables/Makefile.am -@@ -48,7 +48,16 @@ xtables_compat_multi_SOURCES += xshared. - xtables_compat_multi_LDADD += ../libxtables/libxtables.la -lm - endif - -+iptables_batch_SOURCES = iptables-batch.c iptables.c xshared.c -+iptables_batch_LDFLAGS = ${xtables_multi_LDFLAGS} -+iptables_batch_LDADD = ${xtables_multi_LDADD} -+ip6tables_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c -+ip6tables_batch_CFLAGS = ${AM_CFLAGS} -DIP6T -+ip6tables_batch_LDFLAGS = ${xtables_multi_LDFLAGS} -+ip6tables_batch_LDADD = ${xtables_multi_LDADD} +--- iptables-1.8.0.orig/iptables/Makefile.am ++++ iptables-1.8.0/iptables/Makefile.am +@@ -98,3 +98,12 @@ install-exec-hook: + for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done; + for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done; + for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done; + - sbin_PROGRAMS = xtables-multi -+sbin_PROGRAMS += iptables-batch ip6tables-batch - if ENABLE_NFTABLES - sbin_PROGRAMS += xtables-compat-multi - endif -Index: iptables/iptables/iptables-batch.c ++iptables_legacy_batch_SOURCES = iptables-batch.c iptables.c xshared.c ++iptables_legacy_batch_LDFLAGS = ${xtables_legacy_multi_LDFLAGS} ++iptables_legacy_batch_LDADD = ${xtables_legacy_multi_LDADD} ++ip6tables_legacy_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c ++ip6tables_legacy_batch_CFLAGS = ${AM_CFLAGS} -DIP6T ++ip6tables_legacy_batch_LDFLAGS = ${xtables_legacy_multi_LDFLAGS} ++ip6tables_legacy_batch_LDADD = ${xtables_legacy_multi_LDADD} ++sbin_PROGRAMS += iptables-legacy-batch ip6tables-legacy-batch +Index: iptables-1.8.0/iptables/iptables-batch.c =================================================================== --- /dev/null -+++ iptables/iptables/iptables-batch.c ++++ iptables-1.8.0/iptables/iptables-batch.c @@ -0,0 +1,468 @@ +/* + * Author: Ludwig Nussel <[email protected]>
