From 1053d485c1d4cb0d1b9966fb0a9e25fef06e0b2a Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Wed, 13 Jan 2010 15:34:55 +0000 Subject: [PATCH] - new version 1.4.6 with support for all new features of 2.6.32 - several man page fixes - Support for nommu arches - realm: remove static initializations - libiptc: remove unused functions - libiptc: avoid strict-aliasing warnings - iprange: do accept non-ranges for xt_iprange v1 - iprange: warn on reverse range - iprange: roll address parsing into a loop - iprange: do accept non-ranges for xt_iprange v1 (log) - iprange: warn on reverse range (log) - libiptc: fix wrong maptype of base chain counters on restore - iptables: fix undersized deletion mask creation - style: reduce indent in xtables_check_inverse - libxtables: hand argv to xtables_check_inverse - iptables/extensions: make bundled options work again - CONNMARK: print mark rules with mask 0xffffffff as set instead of xset - iptables: take masks into consideration for replace command - doc: explain experienced --hitcount limit - doc: name resolution clarification - iptables: expose option to zero packet/byte counters for a specific rule - build: restore --disable-ipv6 functionality on system w/o v6 headers - MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark - DNAT: fix incorrect check during parsing - extensions: add osf extension - conntrack: fix --expires parsing - dropped nf_ext_init remains from cloexec patch --- .cvsignore | 1 + iptables-1.4.5-cloexec.patch | 9 --------- iptables.spec | 33 ++++++++++++++++++++++++++++++++- sources | 2 +- 4 files changed, 34 insertions(+), 11 deletions(-) diff --git a/.cvsignore b/.cvsignore index 5894750..0959b00 100644 --- a/.cvsignore +++ b/.cvsignore @@ -7,3 +7,4 @@ iptables-1.4.3.1.tar.bz2 iptables-1.4.3.2.tar.bz2 iptables-1.4.4.tar.bz2 iptables-1.4.5.tar.bz2 +iptables-1.4.6.tar.bz2 diff --git a/iptables-1.4.5-cloexec.patch b/iptables-1.4.5-cloexec.patch index a8e0f81..2cb0354 100644 --- a/iptables-1.4.5-cloexec.patch +++ b/iptables-1.4.5-cloexec.patch @@ -10,15 +10,6 @@ diff -up iptables-1.4.5/extensions/libipt_realm.c.cloexec iptables-1.4.5/extensi if (!fil) { rdberr = 1; return; -@@ -248,7 +248,7 @@ static struct xtables_match realm_mt_reg - .extra_opts = realm_opts, - }; - --void _init(void) -+void __attribute((constructor)) nf_ext_init(void) - { - xtables_register_match(&realm_mt_reg); - } diff -up iptables-1.4.5/extensions/libipt_set.h.cloexec iptables-1.4.5/extensions/libipt_set.h --- iptables-1.4.5/extensions/libipt_set.h.cloexec 2009-09-14 18:36:55.000000000 +0200 +++ iptables-1.4.5/extensions/libipt_set.h 2009-09-17 11:02:07.000000000 +0200 diff --git a/iptables.spec b/iptables.spec index db898e5..88fa8e9 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,6 +1,6 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities -Version: 1.4.5 +Version: 1.4.6 Release: 1%{?dist} Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 Source1: iptables.init @@ -152,6 +152,37 @@ fi %{_libdir}/pkgconfig/xtables.pc %changelog +* Wed Jan 13 2010 Thomas Woerner 1.4.6-1 +- new version 1.4.6 with support for all new features of 2.6.32 + - several man page fixes + - Support for nommu arches + - realm: remove static initializations + - libiptc: remove unused functions + - libiptc: avoid strict-aliasing warnings + - iprange: do accept non-ranges for xt_iprange v1 + - iprange: warn on reverse range + - iprange: roll address parsing into a loop + - iprange: do accept non-ranges for xt_iprange v1 (log) + - iprange: warn on reverse range (log) + - libiptc: fix wrong maptype of base chain counters on restore + - iptables: fix undersized deletion mask creation + - style: reduce indent in xtables_check_inverse + - libxtables: hand argv to xtables_check_inverse + - iptables/extensions: make bundled options work again + - CONNMARK: print mark rules with mask 0xffffffff as set instead of xset + - iptables: take masks into consideration for replace command + - doc: explain experienced --hitcount limit + - doc: name resolution clarification + - iptables: expose option to zero packet/byte counters for a specific rule + - build: restore --disable-ipv6 functionality on system w/o v6 headers + - MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark + - DNAT: fix incorrect check during parsing + - extensions: add osf extension + - conntrack: fix --expires parsing + +* Thu Dec 17 2009 Thomas Woerner 1.4.5-2 +- dropped nf_ext_init remains from cloexec patch + * Thu Sep 17 2009 Thomas Woerner 1.4.5-1 - new version 1.4.5 with support for all new features of 2.6.31 - libxt_NFQUEUE: add new v1 version with queue-balance option diff --git a/sources b/sources index ccb1440..8c314bd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -44f13990132c20299c1994cd6f425140 iptables-1.4.5.tar.bz2 +c67cf30e281a924def6426be0973df56 iptables-1.4.6.tar.bz2