- new version 1.4.1 with new build environment
- additional ipv6 network mask patch from Jan Engelhardt - spec file cleanup - removed old patches
This commit is contained in:
parent
1a6c05b472
commit
47932511b3
@ -1,2 +1,3 @@
|
|||||||
iptables-1.3.8.tar.bz2
|
iptables-1.3.8.tar.bz2
|
||||||
iptables-1.4.0.tar.bz2
|
iptables-1.4.0.tar.bz2
|
||||||
|
iptables-1.4.1.tar.bz2
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
diff -up iptables-1.3.8/libiptc/Makefile.iptc iptables-1.3.8/libiptc/Makefile
|
|
||||||
--- iptables-1.3.8/libiptc/Makefile.iptc 2007-08-23 13:52:17.000000000 +0200
|
|
||||||
+++ iptables-1.3.8/libiptc/Makefile 2007-08-23 13:54:28.000000000 +0200
|
|
||||||
@@ -3,7 +3,7 @@
|
|
||||||
EXTRAS+=libiptc/libiptc.a
|
|
||||||
|
|
||||||
# libiptc is not a public interface and therefore not installed
|
|
||||||
-# DEVEL_LIBS+=libiptc/libiptc.a
|
|
||||||
+DEVEL_LIBS+=libiptc/libiptc.a
|
|
||||||
|
|
||||||
ifndef TOPLEVEL_INCLUDED
|
|
||||||
local:
|
|
@ -1,76 +0,0 @@
|
|||||||
diff -up iptables-1.4.0/iptables-save.c.cloexec iptables-1.4.0/iptables-save.c
|
|
||||||
--- iptables-1.4.0/iptables-save.c.cloexec 2008-03-20 15:17:38.000000000 +0100
|
|
||||||
+++ iptables-1.4.0/iptables-save.c 2008-03-20 15:17:40.000000000 +0100
|
|
||||||
@@ -255,7 +255,7 @@ static int for_each_table(int (*func)(co
|
|
||||||
FILE *procfile = NULL;
|
|
||||||
char tablename[IPT_TABLE_MAXNAMELEN+1];
|
|
||||||
|
|
||||||
- procfile = fopen("/proc/net/ip_tables_names", "r");
|
|
||||||
+ procfile = fopen("/proc/net/ip_tables_names", "re");
|
|
||||||
if (!procfile)
|
|
||||||
exit_error(OTHER_PROBLEM,
|
|
||||||
"Unable to open /proc/net/ip_tables_names: %s\n",
|
|
||||||
diff -up iptables-1.4.0/ip6tables-save.c.cloexec iptables-1.4.0/ip6tables-save.c
|
|
||||||
--- iptables-1.4.0/ip6tables-save.c.cloexec 2008-03-20 15:17:40.000000000 +0100
|
|
||||||
+++ iptables-1.4.0/ip6tables-save.c 2008-03-20 15:17:40.000000000 +0100
|
|
||||||
@@ -232,7 +232,7 @@ static int for_each_table(int (*func)(co
|
|
||||||
FILE *procfile = NULL;
|
|
||||||
char tablename[IP6T_TABLE_MAXNAMELEN+1];
|
|
||||||
|
|
||||||
- procfile = fopen("/proc/net/ip6_tables_names", "r");
|
|
||||||
+ procfile = fopen("/proc/net/ip6_tables_names", "re");
|
|
||||||
if (!procfile)
|
|
||||||
exit_error(OTHER_PROBLEM,
|
|
||||||
"Unable to open /proc/net/ip6_tables_names: %s\n",
|
|
||||||
diff -up iptables-1.4.0/ip6tables-restore.c.cloexec iptables-1.4.0/ip6tables-restore.c
|
|
||||||
--- iptables-1.4.0/ip6tables-restore.c.cloexec 2008-03-20 15:21:36.000000000 +0100
|
|
||||||
+++ iptables-1.4.0/ip6tables-restore.c 2008-03-20 15:21:53.000000000 +0100
|
|
||||||
@@ -165,7 +165,7 @@ int main(int argc, char *argv[])
|
|
||||||
}
|
|
||||||
|
|
||||||
if (optind == argc - 1) {
|
|
||||||
- in = fopen(argv[optind], "r");
|
|
||||||
+ in = fopen(argv[optind], "re");
|
|
||||||
if (!in) {
|
|
||||||
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
|
|
||||||
strerror(errno));
|
|
||||||
diff -up iptables-1.4.0/iptables-xml.c.cloexec iptables-1.4.0/iptables-xml.c
|
|
||||||
--- iptables-1.4.0/iptables-xml.c.cloexec 2008-03-20 15:17:40.000000000 +0100
|
|
||||||
+++ iptables-1.4.0/iptables-xml.c 2008-03-20 15:17:38.000000000 +0100
|
|
||||||
@@ -664,7 +664,7 @@ main(int argc, char *argv[])
|
|
||||||
}
|
|
||||||
|
|
||||||
if (optind == argc - 1) {
|
|
||||||
- in = fopen(argv[optind], "r");
|
|
||||||
+ in = fopen(argv[optind], "re");
|
|
||||||
if (!in) {
|
|
||||||
fprintf(stderr, "Can't open %s: %s", argv[optind],
|
|
||||||
strerror(errno));
|
|
||||||
diff -up iptables-1.4.0/iptables-restore.c.cloexec iptables-1.4.0/iptables-restore.c
|
|
||||||
--- iptables-1.4.0/iptables-restore.c.cloexec 2008-03-20 15:17:40.000000000 +0100
|
|
||||||
+++ iptables-1.4.0/iptables-restore.c 2008-03-20 15:17:40.000000000 +0100
|
|
||||||
@@ -170,7 +170,7 @@ main(int argc, char *argv[])
|
|
||||||
}
|
|
||||||
|
|
||||||
if (optind == argc - 1) {
|
|
||||||
- in = fopen(argv[optind], "r");
|
|
||||||
+ in = fopen(argv[optind], "re");
|
|
||||||
if (!in) {
|
|
||||||
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
|
|
||||||
strerror(errno));
|
|
||||||
diff -up iptables-1.4.0/xtables.c.cloexec iptables-1.4.0/xtables.c
|
|
||||||
--- iptables-1.4.0/xtables.c.cloexec 2008-03-20 15:17:40.000000000 +0100
|
|
||||||
+++ iptables-1.4.0/xtables.c 2008-03-20 15:17:40.000000000 +0100
|
|
||||||
@@ -428,6 +428,12 @@ static int compatible_revision(const cha
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
|
|
||||||
+ fprintf(stderr, "Could not set close on exec: %s\n",
|
|
||||||
+ strerror(errno));
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
load_xtables_ko(modprobe, 1);
|
|
||||||
|
|
||||||
strcpy(rev.name, name);
|
|
@ -1,24 +0,0 @@
|
|||||||
diff -up iptables-1.4.0/ip6tables.c.in6_u iptables-1.4.0/ip6tables.c
|
|
||||||
--- iptables-1.4.0/ip6tables.c.in6_u 2008-03-03 14:33:30.000000000 +0100
|
|
||||||
+++ iptables-1.4.0/ip6tables.c 2008-03-03 14:38:54.000000000 +0100
|
|
||||||
@@ -678,7 +678,7 @@ parse_hostnetworkmask(const char *name,
|
|
||||||
for (i = 0, j = 0; i < n; i++) {
|
|
||||||
int k;
|
|
||||||
for (k = 0; k < 4; k++)
|
|
||||||
- addrp[j].in6_u.u6_addr32[k] &= maskp->in6_u.u6_addr32[k];
|
|
||||||
+ addrp[j].s6_addr32[k] &= maskp->s6_addr32[k];
|
|
||||||
j++;
|
|
||||||
for (k = 0; k < j - 1; k++) {
|
|
||||||
if (IN6_ARE_ADDR_EQUAL(&addrp[k], &addrp[j - 1])) {
|
|
||||||
diff -up iptables-1.4.0/libiptc/libip6tc.c.in6_u iptables-1.4.0/libiptc/libip6tc.c
|
|
||||||
--- iptables-1.4.0/libiptc/libip6tc.c.in6_u 2008-03-03 14:33:31.000000000 +0100
|
|
||||||
+++ iptables-1.4.0/libiptc/libip6tc.c 2008-03-03 14:33:31.000000000 +0100
|
|
||||||
@@ -113,7 +113,7 @@ typedef unsigned int socklen_t;
|
|
||||||
#include "libiptc.c"
|
|
||||||
|
|
||||||
#define BIT6(a, l) \
|
|
||||||
- ((ntohl(a->in6_u.u6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1)
|
|
||||||
+ ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1)
|
|
||||||
|
|
||||||
int
|
|
||||||
ipv6_prefix_length(const struct in6_addr *a)
|
|
@ -1,32 +0,0 @@
|
|||||||
diff -up iptables-1.4.0/include/linux/netfilter_ipv4/ip_tables.h.BAD iptables-1.4.0/include/linux/netfilter_ipv4/ip_tables.h
|
|
||||||
--- iptables-1.4.0/include/linux/netfilter_ipv4/ip_tables.h.BAD 2008-06-06 12:49:45.000000000 -0500
|
|
||||||
+++ iptables-1.4.0/include/linux/netfilter_ipv4/ip_tables.h 2008-06-06 12:54:14.000000000 -0500
|
|
||||||
@@ -15,7 +15,11 @@
|
|
||||||
#ifndef _IPTABLES_H
|
|
||||||
#define _IPTABLES_H
|
|
||||||
|
|
||||||
-#include <linux/compiler.h>
|
|
||||||
+// #include <linux/compiler.h>
|
|
||||||
+#ifndef __user
|
|
||||||
+#define __user
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#include <linux/netfilter_ipv4.h>
|
|
||||||
|
|
||||||
#include <linux/netfilter/x_tables.h>
|
|
||||||
diff -up iptables-1.4.0/include/linux/netfilter_ipv6/ip6_tables.h.BAD iptables-1.4.0/include/linux/netfilter_ipv6/ip6_tables.h
|
|
||||||
--- iptables-1.4.0/include/linux/netfilter_ipv6/ip6_tables.h.BAD 2008-06-06 12:50:00.000000000 -0500
|
|
||||||
+++ iptables-1.4.0/include/linux/netfilter_ipv6/ip6_tables.h 2008-06-06 12:54:27.000000000 -0500
|
|
||||||
@@ -15,7 +15,11 @@
|
|
||||||
#ifndef _IP6_TABLES_H
|
|
||||||
#define _IP6_TABLES_H
|
|
||||||
|
|
||||||
-#include <linux/compiler.h>
|
|
||||||
+// #include <linux/compiler.h>
|
|
||||||
+#ifndef __user
|
|
||||||
+#define __user
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#include <linux/netfilter_ipv6.h>
|
|
||||||
|
|
||||||
#include <linux/netfilter/x_tables.h>
|
|
76
iptables-1.4.1-cloexec.patch
Normal file
76
iptables-1.4.1-cloexec.patch
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
diff -up iptables-1.4.1-rc2/ip6tables-restore.c.cloexec iptables-1.4.1-rc2/ip6tables-restore.c
|
||||||
|
--- iptables-1.4.1-rc2/ip6tables-restore.c.cloexec 2008-05-26 14:15:40.000000000 +0200
|
||||||
|
+++ iptables-1.4.1-rc2/ip6tables-restore.c 2008-06-05 13:55:09.000000000 +0200
|
||||||
|
@@ -172,7 +172,7 @@ int main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
|
||||||
|
if (optind == argc - 1) {
|
||||||
|
- in = fopen(argv[optind], "r");
|
||||||
|
+ in = fopen(argv[optind], "re");
|
||||||
|
if (!in) {
|
||||||
|
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
|
||||||
|
strerror(errno));
|
||||||
|
diff -up iptables-1.4.1-rc2/ip6tables-save.c.cloexec iptables-1.4.1-rc2/ip6tables-save.c
|
||||||
|
--- iptables-1.4.1-rc2/ip6tables-save.c.cloexec 2008-05-26 14:15:40.000000000 +0200
|
||||||
|
+++ iptables-1.4.1-rc2/ip6tables-save.c 2008-06-05 13:55:09.000000000 +0200
|
||||||
|
@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co
|
||||||
|
FILE *procfile = NULL;
|
||||||
|
char tablename[IP6T_TABLE_MAXNAMELEN+1];
|
||||||
|
|
||||||
|
- procfile = fopen("/proc/net/ip6_tables_names", "r");
|
||||||
|
+ procfile = fopen("/proc/net/ip6_tables_names", "re");
|
||||||
|
if (!procfile)
|
||||||
|
exit_error(OTHER_PROBLEM,
|
||||||
|
"Unable to open /proc/net/ip6_tables_names: %s\n",
|
||||||
|
diff -up iptables-1.4.1-rc2/iptables-restore.c.cloexec iptables-1.4.1-rc2/iptables-restore.c
|
||||||
|
--- iptables-1.4.1-rc2/iptables-restore.c.cloexec 2008-05-26 14:15:40.000000000 +0200
|
||||||
|
+++ iptables-1.4.1-rc2/iptables-restore.c 2008-06-05 13:55:09.000000000 +0200
|
||||||
|
@@ -176,7 +176,7 @@ main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
|
||||||
|
if (optind == argc - 1) {
|
||||||
|
- in = fopen(argv[optind], "r");
|
||||||
|
+ in = fopen(argv[optind], "re");
|
||||||
|
if (!in) {
|
||||||
|
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
|
||||||
|
strerror(errno));
|
||||||
|
diff -up iptables-1.4.1-rc2/iptables-save.c.cloexec iptables-1.4.1-rc2/iptables-save.c
|
||||||
|
--- iptables-1.4.1-rc2/iptables-save.c.cloexec 2008-05-26 14:15:40.000000000 +0200
|
||||||
|
+++ iptables-1.4.1-rc2/iptables-save.c 2008-06-05 13:55:09.000000000 +0200
|
||||||
|
@@ -38,7 +38,7 @@ static int for_each_table(int (*func)(co
|
||||||
|
FILE *procfile = NULL;
|
||||||
|
char tablename[IPT_TABLE_MAXNAMELEN+1];
|
||||||
|
|
||||||
|
- procfile = fopen("/proc/net/ip_tables_names", "r");
|
||||||
|
+ procfile = fopen("/proc/net/ip_tables_names", "re");
|
||||||
|
if (!procfile)
|
||||||
|
exit_error(OTHER_PROBLEM,
|
||||||
|
"Unable to open /proc/net/ip_tables_names: %s\n",
|
||||||
|
diff -up iptables-1.4.1-rc2/iptables-xml.c.cloexec iptables-1.4.1-rc2/iptables-xml.c
|
||||||
|
--- iptables-1.4.1-rc2/iptables-xml.c.cloexec 2008-05-26 14:15:40.000000000 +0200
|
||||||
|
+++ iptables-1.4.1-rc2/iptables-xml.c 2008-06-05 13:55:09.000000000 +0200
|
||||||
|
@@ -664,7 +664,7 @@ main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
|
||||||
|
if (optind == argc - 1) {
|
||||||
|
- in = fopen(argv[optind], "r");
|
||||||
|
+ in = fopen(argv[optind], "re");
|
||||||
|
if (!in) {
|
||||||
|
fprintf(stderr, "Can't open %s: %s", argv[optind],
|
||||||
|
strerror(errno));
|
||||||
|
diff -up iptables-1.4.1-rc2/xtables.c.cloexec iptables-1.4.1-rc2/xtables.c
|
||||||
|
--- iptables-1.4.1-rc2/xtables.c.cloexec 2008-05-26 14:15:40.000000000 +0200
|
||||||
|
+++ iptables-1.4.1-rc2/xtables.c 2008-06-05 13:57:49.000000000 +0200
|
||||||
|
@@ -498,6 +498,12 @@ static int compatible_revision(const cha
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
|
||||||
|
+ fprintf(stderr, "Could not set close on exec: %s\n",
|
||||||
|
+ strerror(errno));
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
load_xtables_ko(modprobe_program, 1);
|
||||||
|
|
||||||
|
strcpy(rev.name, name);
|
30
iptables-1.4.1-ipv6_network_mask.patch
Normal file
30
iptables-1.4.1-ipv6_network_mask.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
commit f52d74a1a83c4fa30fcab8b318d325bb3c9b5535
|
||||||
|
Author: Jan Engelhardt <jengelh@medozas.de>
|
||||||
|
Date: Tue Jun 10 14:05:21 2008 +0200
|
||||||
|
|
||||||
|
ip6tables: fix printing of ipv6 network masks
|
||||||
|
|
||||||
|
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
||||||
|
---
|
||||||
|
xtables.c | 8 ++++----
|
||||||
|
1 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/xtables.c b/xtables.c
|
||||||
|
index 8241687..a97bdaa 100644
|
||||||
|
--- a/xtables.c
|
||||||
|
+++ b/xtables.c
|
||||||
|
@@ -1011,10 +1011,10 @@ static int ip6addr_prefix_length(const struct in6_addr *k)
|
||||||
|
unsigned int bits = 0;
|
||||||
|
uint32_t a, b, c, d;
|
||||||
|
|
||||||
|
- a = k->s6_addr32[0];
|
||||||
|
- b = k->s6_addr32[1];
|
||||||
|
- c = k->s6_addr32[2];
|
||||||
|
- d = k->s6_addr32[3];
|
||||||
|
+ a = ntohl(k->s6_addr32[0]);
|
||||||
|
+ b = ntohl(k->s6_addr32[1]);
|
||||||
|
+ c = ntohl(k->s6_addr32[2]);
|
||||||
|
+ d = ntohl(k->s6_addr32[3]);
|
||||||
|
while (a & 0x80000000U) {
|
||||||
|
++bits;
|
||||||
|
a <<= 1;
|
32
iptables-1.4.1-nf_ext_init.patch
Normal file
32
iptables-1.4.1-nf_ext_init.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
diff -up iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init iptables-1.4.1-rc2/include/xtables.h.in
|
||||||
|
--- iptables-1.4.1-rc2/include/xtables.h.in.nf_ext_init 2008-06-05 14:13:49.000000000 +0200
|
||||||
|
+++ iptables-1.4.1-rc2/include/xtables.h.in 2008-06-05 14:14:03.000000000 +0200
|
||||||
|
@@ -199,13 +199,13 @@ extern void ip6parse_hostnetworkmask(con
|
||||||
|
extern void save_string(const char *value);
|
||||||
|
|
||||||
|
#ifdef NO_SHARED_LIBS
|
||||||
|
-# ifdef _INIT
|
||||||
|
-# undef _init
|
||||||
|
-# define _init _INIT
|
||||||
|
+# ifdef NF_EXT_INIT
|
||||||
|
+# undef nf_ext_init
|
||||||
|
+# define nf_ext_init NF_EXT_INIT
|
||||||
|
# endif
|
||||||
|
extern void init_extensions(void);
|
||||||
|
#else
|
||||||
|
-# define _init __attribute__((constructor)) _INIT
|
||||||
|
+# define nf_ext_init __attribute__((constructor)) NF_EXT_INIT
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Present in both iptables.c and ip6tables.c */
|
||||||
|
diff -up iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init iptables-1.4.1-rc2/include/xtables/internal.h
|
||||||
|
--- iptables-1.4.1-rc2/include/xtables/internal.h.nf_ext_init 2008-06-05 14:13:24.000000000 +0200
|
||||||
|
+++ iptables-1.4.1-rc2/include/xtables/internal.h 2008-06-05 14:13:26.000000000 +0200
|
||||||
|
@@ -61,6 +61,6 @@ extern struct xtables_match *find_match(
|
||||||
|
struct xtables_rule_match **match);
|
||||||
|
extern struct xtables_target *find_target(const char *name, enum xt_tryload);
|
||||||
|
|
||||||
|
-extern void _init(void);
|
||||||
|
+extern void nf_ext_init(void);
|
||||||
|
|
||||||
|
#endif /* _XTABLES_INTERNAL_H */
|
@ -1,18 +1,14 @@
|
|||||||
%define build_devel 1
|
|
||||||
%define _kernel $(ls -d /usr/src/kernels/* | head -1)
|
|
||||||
|
|
||||||
Name: iptables
|
Name: iptables
|
||||||
Summary: Tools for managing Linux kernel packet filtering capabilities
|
Summary: Tools for managing Linux kernel packet filtering capabilities
|
||||||
Version: 1.4.0
|
Version: 1.4.1
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
|
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
|
||||||
Source1: iptables.init
|
Source1: iptables.init
|
||||||
Source2: iptables-config
|
Source2: iptables-config
|
||||||
Patch0: iptables-1.3.8-iptc.patch
|
|
||||||
Patch4: iptables-1.3.8-typo_latter.patch
|
Patch4: iptables-1.3.8-typo_latter.patch
|
||||||
Patch5: iptables-1.4.0-cloexec.patch
|
Patch5: iptables-1.4.1-cloexec.patch
|
||||||
Patch6: iptables-1.4.0-in6_u.patch
|
Patch8: iptables-1.4.1-nf_ext_init.patch
|
||||||
Patch7: iptables-1.4.0-use-normal-kernel-headers.patch
|
Patch9: iptables-1.4.1-ipv6_network_mask.patch
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: http://www.netfilter.org/
|
URL: http://www.netfilter.org/
|
||||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||||
@ -44,7 +40,6 @@ masquerading.
|
|||||||
Install iptables-ipv6 if you need to set up firewalling for your
|
Install iptables-ipv6 if you need to set up firewalling for your
|
||||||
network and you are using ipv6.
|
network and you are using ipv6.
|
||||||
|
|
||||||
%if %{build_devel}
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development package for iptables
|
Summary: Development package for iptables
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -55,64 +50,39 @@ iptables development headers and libraries.
|
|||||||
|
|
||||||
The iptc interface is upstream marked as not public. The interface is not
|
The iptc interface is upstream marked as not public. The interface is not
|
||||||
stable and may change with every new version. It is therefore unsupported.
|
stable and may change with every new version. It is therefore unsupported.
|
||||||
%endif
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .iptc
|
|
||||||
%patch4 -p1 -b .typo_latter
|
%patch4 -p1 -b .typo_latter
|
||||||
%patch5 -p1 -b .cloexec
|
%patch5 -p1 -b .cloexec
|
||||||
%patch6 -p1 -b .in6_u
|
%patch8 -p1 -b .nf_ext_init
|
||||||
%patch7 -p1 -b .use_normal_headers
|
%patch9 -p1 -b .ipv6_network_mask
|
||||||
|
|
||||||
# Put it to a reasonable place
|
# fix constructor names, see also nf_ext_init patch
|
||||||
find . -type f -exec perl -pi -e "s,/usr/local,%{_prefix},g" {} \;
|
|
||||||
|
|
||||||
# do not use ld -shared and _init
|
|
||||||
perl -pi -e "s/\(LD\) -shared/\(CC\) -shared/g" Rules.make
|
|
||||||
perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
|
perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
|
||||||
perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
|
perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c
|
||||||
|
|
||||||
%build
|
%build
|
||||||
TOPDIR=`pwd`
|
./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
|
||||||
OPT="$RPM_OPT_FLAGS -I$TOPDIR/include -fPIC"
|
make
|
||||||
#export KERNEL_DIR=/usr
|
|
||||||
#export KBUILD_OUTPUT=/usr
|
|
||||||
export KERNEL_DIR=%{_kernel}
|
|
||||||
export KBUILD_OUTPUT=%{_kernel}
|
|
||||||
|
|
||||||
export DO_SELINUX=1
|
|
||||||
make COPT_FLAGS="$OPT" LIBDIR=/%{_lib}
|
|
||||||
make COPT_FLAGS="$OPT" LIBDIR=/%{_lib} iptables-save iptables-restore
|
|
||||||
make COPT_FLAGS="$OPT" LIBDIR=/%{_lib} ip6tables-save ip6tables-restore
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf %{buildroot}
|
rm -rf %{buildroot}
|
||||||
#export KERNEL_DIR=/usr
|
|
||||||
#export KBUILD_OUTPUT=/usr
|
make install DESTDIR=%{buildroot}
|
||||||
export KERNEL_DIR=%{_kernel}
|
|
||||||
export KBUILD_OUTPUT=%{_kernel}
|
# install iptc devel library
|
||||||
export DO_SELINUX=1
|
install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir}
|
||||||
make install DESTDIR=%{buildroot} BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
|
|
||||||
%if %{build_devel}
|
# install init scripts and configuration files
|
||||||
make install-devel DESTDIR=%{buildroot} BINDIR=/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir}
|
install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||||||
%endif
|
install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
|
||||||
cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
|
|
||||||
cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
|
||||||
install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
|
|
||||||
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
|
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
|
||||||
install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
|
install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
|
||||||
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
|
install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig
|
||||||
install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
|
install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
|
||||||
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
|
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
|
||||||
install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
|
install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
|
||||||
# install devel header files
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_includedir}
|
|
||||||
install -c -m644 include/ip*.h $RPM_BUILD_ROOT%{_includedir}
|
|
||||||
# install libiptc header files (unsupported)
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_includedir}/libiptc
|
|
||||||
install -c -m644 include/libiptc/*.h $RPM_BUILD_ROOT%{_includedir}/libiptc
|
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
@ -140,31 +110,35 @@ fi
|
|||||||
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
|
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
|
||||||
/sbin/iptables*
|
/sbin/iptables*
|
||||||
%{_mandir}/man8/iptables*
|
%{_mandir}/man8/iptables*
|
||||||
%dir /%{_lib}/iptables
|
%dir /%{_lib}/xtables
|
||||||
/%{_lib}/iptables/libipt*
|
/%{_lib}/xtables/libipt*
|
||||||
/%{_lib}/iptables/libxt*
|
/%{_lib}/xtables/libxt*
|
||||||
|
|
||||||
%files ipv6
|
%files ipv6
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%attr(0755,root,root) /etc/rc.d/init.d/ip6tables
|
%attr(0755,root,root) /etc/rc.d/init.d/ip6tables
|
||||||
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
|
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
|
||||||
/sbin/ip6tables*
|
/sbin/ip6tables*
|
||||||
|
/bin/iptables-xml
|
||||||
%{_mandir}/man8/ip6tables*
|
%{_mandir}/man8/ip6tables*
|
||||||
/%{_lib}/iptables/libip6t*
|
/%{_lib}/xtables/libip6t*
|
||||||
|
|
||||||
%if %{build_devel}
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_includedir}/ip*.h
|
%{_includedir}/*.h
|
||||||
%{_includedir}/libipq.h
|
|
||||||
%dir %{_includedir}/libiptc
|
%dir %{_includedir}/libiptc
|
||||||
%{_includedir}/libiptc/*.h
|
%{_includedir}/libiptc/*.h
|
||||||
%{_libdir}/libipq.a
|
%{_libdir}/libipq.a
|
||||||
%{_libdir}/libiptc.a
|
%{_libdir}/libiptc.a
|
||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
%endif
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 10 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1-1
|
||||||
|
- new version 1.4.1 with new build environment
|
||||||
|
- additional ipv6 network mask patch from Jan Engelhardt
|
||||||
|
- spec file cleanup
|
||||||
|
- removed old patches
|
||||||
|
|
||||||
* Fri Jun 6 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.4.0-5
|
* Fri Jun 6 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.4.0-5
|
||||||
- use normal kernel headers, not linux/compiler.h
|
- use normal kernel headers, not linux/compiler.h
|
||||||
- change BuildRequires: kernel-devel to kernel-headers
|
- change BuildRequires: kernel-devel to kernel-headers
|
||||||
|
Loading…
Reference in New Issue
Block a user