From 4ee5eabf2a57eeb5750ca7bfc6befcba39aad965 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 12 Jan 2023 14:16:58 +0100 Subject: [PATCH] New version 1.8.9 - Make iptables-xml a relative symlink - Drop not needed xtables.conf - Ship iptables.xslt with iptables-legacy package - Ship ebtables-translate tool with iptables-nft package Resolves: rhbz#2160427 --- .gitignore | 1 + ...s-NAT-Fix-for-Werror-format-security.patch | 29 +++++++++++++++++++ ...Fix-build-for-Werror-format-security.patch | 29 ------------------- iptables.spec | 26 +++++++++++++---- sources | 2 +- 5 files changed, 52 insertions(+), 35 deletions(-) create mode 100644 0001-extensions-NAT-Fix-for-Werror-format-security.patch delete mode 100644 0001-xshared-Fix-build-for-Werror-format-security.patch diff --git a/.gitignore b/.gitignore index d0729c1..141b2e8 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ /iptables-1.8.6.tar.bz2 /iptables-1.8.7.tar.bz2 /iptables-1.8.8.tar.bz2 +/iptables-1.8.9.tar.xz diff --git a/0001-extensions-NAT-Fix-for-Werror-format-security.patch b/0001-extensions-NAT-Fix-for-Werror-format-security.patch new file mode 100644 index 0000000..ff8adfb --- /dev/null +++ b/0001-extensions-NAT-Fix-for-Werror-format-security.patch @@ -0,0 +1,29 @@ +From ed4082a7405a5838c205a34c1559e289949200cc Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 12 Jan 2023 14:38:44 +0100 +Subject: [iptables PATCH] extensions: NAT: Fix for -Werror=format-security + +Have to pass either a string literal or format string to xt_xlate_add(). + +Fixes: f30c5edce0413 ("extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE") +Signed-off-by: Phil Sutter +--- + extensions/libxt_NAT.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/extensions/libxt_NAT.c b/extensions/libxt_NAT.c +index da9f22012c5d6..2a6343986d54f 100644 +--- a/extensions/libxt_NAT.c ++++ b/extensions/libxt_NAT.c +@@ -424,7 +424,7 @@ __NAT_xlate(struct xt_xlate *xl, const struct nf_nat_range2 *r, + if (r->flags & NF_NAT_RANGE_PROTO_OFFSET) + return 0; + +- xt_xlate_add(xl, tgt); ++ xt_xlate_add(xl, "%s", tgt); + if (strlen(range_str)) + xt_xlate_add(xl, " to %s", range_str); + if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) { +-- +2.38.0 + diff --git a/0001-xshared-Fix-build-for-Werror-format-security.patch b/0001-xshared-Fix-build-for-Werror-format-security.patch deleted file mode 100644 index ba6d2db..0000000 --- a/0001-xshared-Fix-build-for-Werror-format-security.patch +++ /dev/null @@ -1,29 +0,0 @@ -From fe9bd3b29dd7661e6f74c24db8356014798d1d78 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Fri, 13 May 2022 16:51:58 +0200 -Subject: [PATCH] xshared: Fix build for -Werror=format-security - -Gcc complains about the omitted format string. - -Signed-off-by: Phil Sutter -(cherry picked from commit b72eb12ea5a61df0655ad99d5048994e916be83a) ---- - iptables/xshared.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/iptables/xshared.c b/iptables/xshared.c -index fae5ddd5df93e..a8512d3808154 100644 ---- a/iptables/xshared.c -+++ b/iptables/xshared.c -@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg) - return; - - if (args->family != NFPROTO_ARP) -- xtables_error(PARAMETER_PROBLEM, msg); -+ xtables_error(PARAMETER_PROBLEM, "%s", msg); - - fprintf(stderr, "%s", msg); - } --- -2.34.1 - diff --git a/iptables.spec b/iptables.spec index 7a51dd4..40ac8cd 100644 --- a/iptables.spec +++ b/iptables.spec @@ -10,9 +10,9 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities URL: https://www.netfilter.org/projects/iptables -Version: 1.8.8 -Release: 3%{?dist} -Source: %{url}/files/%{name}-%{version}.tar.bz2 +Version: 1.8.9 +Release: 1%{?dist} +Source: %{url}/files/%{name}-%{version}.tar.xz Source1: iptables.init Source2: iptables-config Source3: iptables.service @@ -20,7 +20,7 @@ Source4: sysconfig_iptables Source5: sysconfig_ip6tables Source6: arptables-nft-helper -Patch01: 0001-xshared-Fix-build-for-Werror-format-security.patch +Patch01: 0001-extensions-NAT-Fix-for-Werror-format-security.patch # pf.os: ISC license # iptables-apply: Artistic Licence 2.0 @@ -236,6 +236,13 @@ touch %{buildroot}%{_mandir}/man8/arptables-save.8 touch %{buildroot}%{_mandir}/man8/arptables-restore.8 touch %{buildroot}%{_mandir}/man8/ebtables.8 +# Drop xtables.conf, it's not used +rm -f %{buildroot}%{_sysconfdir}/xtables.conf + +# fix absolute symlink +rm -f %{buildroot}%{_bindir}/iptables-xml +ln -s ../sbin/xtables-legacy-multi %{buildroot}%{_bindir}/iptables-xml + %ldconfig_scriptlets %post legacy @@ -349,12 +356,12 @@ fi %files compat %files legacy -%doc INCOMPATIBILITIES %{_sbindir}/ip{,6}tables-legacy* %{_sbindir}/xtables-legacy-multi %{_bindir}/iptables-xml %{_mandir}/man1/iptables-xml* %{_mandir}/man8/xtables-legacy* +%{_datadir}/xtables/iptables.xslt %ghost %{_sbindir}/ip{,6}tables{,-save,-restore} %files libs @@ -405,6 +412,7 @@ fi %{_sbindir}/{eb,arp}tables-nft* %{_sbindir}/xtables-nft-multi %{_sbindir}/xtables-monitor +%{_sbindir}/ebtables-translate %dir %{_libdir}/xtables %{_libdir}/xtables/lib{arp,eb}t* %{_libexecdir}/arptables-nft-helper @@ -412,6 +420,7 @@ fi %{_mandir}/man8/xtables-translate* %{_mandir}/man8/*-nft* %{_mandir}/man8/ip{,6}tables{,-restore}-translate* +%{_mandir}/man8/ebtables-translate* %ghost %{_sbindir}/ip{,6}tables{,-save,-restore} %ghost %{_sbindir}/{eb,arp}tables{,-save,-restore} %ghost %{_libexecdir}/arptables-helper @@ -420,6 +429,13 @@ fi %changelog +* Thu Jan 12 2023 Phil Sutter - 1.8.9-1 +- Make iptables-xml a relative symlink +- Drop not needed xtables.conf +- Ship iptables.xslt with iptables-legacy package +- Ship ebtables-translate tool with iptables-nft package +- Update to 1.8.9. + * Thu Jul 21 2022 Fedora Release Engineering - 1.8.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild diff --git a/sources b/sources index 014f6c0..fef1030 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (iptables-1.8.8.tar.bz2) = f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 +SHA512 (iptables-1.8.9.tar.xz) = e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70