New version 1.8.9

- Make iptables-xml a relative symlink - Drop not needed xtables.conf - Ship iptables.xslt with iptables-legacy package - Ship ebtables-translate tool with iptables-nft package Resolves: rhbz#2160427
2023-01-12 14:16:58 +01:00 · 2023-01-12 14:16:58 +01:00 · 4ee5eabf2a
commit 4ee5eabf2a
parent 565364658d
5 changed files with 52 additions and 35 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,4 @@
 /iptables-1.8.6.tar.bz2
 /iptables-1.8.7.tar.bz2
 /iptables-1.8.8.tar.bz2
 /iptables-1.8.9.tar.xz
--- a/0001-extensions-NAT-Fix-for-Werror-format-security.patch
+++ b/0001-extensions-NAT-Fix-for-Werror-format-security.patch
@ -0,0 +1,29 @@
 From ed4082a7405a5838c205a34c1559e289949200cc Mon Sep 17 00:00:00 2001
 From: Phil Sutter <phil@nwl.cc>
 Date: Thu, 12 Jan 2023 14:38:44 +0100
 Subject: [iptables PATCH] extensions: NAT: Fix for -Werror=format-security
 Have to pass either a string literal or format string to xt_xlate_add().
 Fixes: f30c5edce0413 ("extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE")
 Signed-off-by: Phil Sutter <phil@nwl.cc>
 ---
 extensions/libxt_NAT.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/extensions/libxt_NAT.c b/extensions/libxt_NAT.c
 index da9f22012c5d6..2a6343986d54f 100644
 --- a/extensions/libxt_NAT.c
 +++ b/extensions/libxt_NAT.c
@@ -424,7 +424,7 @@ __NAT_xlate(struct xt_xlate *xl, const struct nf_nat_range2 *r,
 	if (r->flags & NF_NAT_RANGE_PROTO_OFFSET)
 		return 0;
 -	xt_xlate_add(xl, tgt);
 +	xt_xlate_add(xl, "%s", tgt);
 	if (strlen(range_str))
 		xt_xlate_add(xl, " to %s", range_str);
 	if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) {
 -- 
 2.38.0
--- a/0001-xshared-Fix-build-for-Werror-format-security.patch
+++ b/0001-xshared-Fix-build-for-Werror-format-security.patch
@ -1,29 +0,0 @@
 From fe9bd3b29dd7661e6f74c24db8356014798d1d78 Mon Sep 17 00:00:00 2001
 From: Phil Sutter <phil@nwl.cc>
 Date: Fri, 13 May 2022 16:51:58 +0200
 Subject: [PATCH] xshared: Fix build for -Werror=format-security
 Gcc complains about the omitted format string.
 Signed-off-by: Phil Sutter <phil@nwl.cc>
 (cherry picked from commit b72eb12ea5a61df0655ad99d5048994e916be83a)
 ---
 iptables/xshared.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/iptables/xshared.c b/iptables/xshared.c
 index fae5ddd5df93e..a8512d3808154 100644
 --- a/iptables/xshared.c
 +++ b/iptables/xshared.c
@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg)
 		return;
 	if (args->family != NFPROTO_ARP)
 -		xtables_error(PARAMETER_PROBLEM, msg);
 +		xtables_error(PARAMETER_PROBLEM, "%s", msg);
 	fprintf(stderr, "%s", msg);
 }
 -- 
 2.34.1
--- a/iptables.spec
+++ b/iptables.spec
@ -10,9 +10,9 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: https://www.netfilter.org/projects/iptables
-Version: 1.8.8
+Version: 1.8.9
-Release: 3%{?dist}
+Release: 1%{?dist}
-Source: %{url}/files/%{name}-%{version}.tar.bz2
+Source: %{url}/files/%{name}-%{version}.tar.xz
 Source1: iptables.init
 Source2: iptables-config
 Source3: iptables.service
@ -20,7 +20,7 @@ Source4: sysconfig_iptables
 Source5: sysconfig_ip6tables
 Source6: arptables-nft-helper
-Patch01: 0001-xshared-Fix-build-for-Werror-format-security.patch
+Patch01: 0001-extensions-NAT-Fix-for-Werror-format-security.patch
 # pf.os: ISC license
 # iptables-apply: Artistic Licence 2.0
@ -236,6 +236,13 @@ touch %{buildroot}%{_mandir}/man8/arptables-save.8
 touch %{buildroot}%{_mandir}/man8/arptables-restore.8
 touch %{buildroot}%{_mandir}/man8/ebtables.8
 # Drop xtables.conf, it's not used
 rm -f %{buildroot}%{_sysconfdir}/xtables.conf
 # fix absolute symlink
 rm -f %{buildroot}%{_bindir}/iptables-xml
 ln -s ../sbin/xtables-legacy-multi %{buildroot}%{_bindir}/iptables-xml
 %ldconfig_scriptlets
 %post legacy
@ -349,12 +356,12 @@ fi
 %files compat
 %files legacy
 %doc INCOMPATIBILITIES
 %{_sbindir}/ip{,6}tables-legacy*
 %{_sbindir}/xtables-legacy-multi
 %{_bindir}/iptables-xml
 %{_mandir}/man1/iptables-xml*
 %{_mandir}/man8/xtables-legacy*
 %{_datadir}/xtables/iptables.xslt
 %ghost %{_sbindir}/ip{,6}tables{,-save,-restore}
 %files libs
@ -405,6 +412,7 @@ fi
 %{_sbindir}/{eb,arp}tables-nft*
 %{_sbindir}/xtables-nft-multi
 %{_sbindir}/xtables-monitor
 %{_sbindir}/ebtables-translate
 %dir %{_libdir}/xtables
 %{_libdir}/xtables/lib{arp,eb}t*
 %{_libexecdir}/arptables-nft-helper
@ -412,6 +420,7 @@ fi
 %{_mandir}/man8/xtables-translate*
 %{_mandir}/man8/*-nft*
 %{_mandir}/man8/ip{,6}tables{,-restore}-translate*
 %{_mandir}/man8/ebtables-translate*
 %ghost %{_sbindir}/ip{,6}tables{,-save,-restore}
 %ghost %{_sbindir}/{eb,arp}tables{,-save,-restore}
 %ghost %{_libexecdir}/arptables-helper
@ -420,6 +429,13 @@ fi
 %changelog
 * Thu Jan 12 2023 Phil Sutter <psutter@redhat.com> - 1.8.9-1
 - Make iptables-xml a relative symlink
 - Drop not needed xtables.conf
 - Ship iptables.xslt with iptables-legacy package
 - Ship ebtables-translate tool with iptables-nft package
 - Update to 1.8.9.
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.8-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (iptables-1.8.8.tar.bz2) = f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
+SHA512 (iptables-1.8.9.tar.xz) = e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70
`@ -1 +1 @@`
	`SHA512 (iptables-1.8.8.tar.bz2) = f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59`	`SHA512 (iptables-1.8.9.tar.xz) = e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70`