From c76d6f02d4378f7e543627bfb2d16486105b0f9f Mon Sep 17 00:00:00 2001
From: cvsdist <cvsdist@fedoraproject.org>
Date: Thu, 9 Sep 2004 06:25:17 +0000
Subject: [PATCH] auto-import changelog data from iptables-1.2.9-1.2.src.rpm
 Sun Jan 25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.9-1.2 - Close File
 descriptors to prevent SELinux error message Wed Jan 07 2004 Thomas Woerner
 <twoerner@redhat.com> 1.2.9-1.1 - rebuild

---
 iptables-1.2.9-selinux.patch | 42 ++++++++++++++++++++++++++++++++++++
 iptables.spec                | 12 +++++++++--
 2 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 iptables-1.2.9-selinux.patch

diff --git a/iptables-1.2.9-selinux.patch b/iptables-1.2.9-selinux.patch
new file mode 100644
index 0000000..c9f32dc
--- /dev/null
+++ b/iptables-1.2.9-selinux.patch
@@ -0,0 +1,42 @@
+--- iptables-1.2.9/ip6tables.c.selinux	2004-01-25 13:39:58.652465653 -0500
++++ iptables-1.2.9/ip6tables.c	2004-01-25 13:52:50.291335019 -0500
+@@ -1587,6 +1587,7 @@
+ {
+ 	char *buf = NULL;
+ 	char *argv[3];
++	int i=0;
+ 
+ 	/* If they don't explicitly set it, read out of kernel */
+ 	if (!modprobe) {
+@@ -1598,6 +1599,10 @@
+ 
+ 	switch (fork()) {
+ 	case 0:
++	        /* close open file descriptors */
++	        for (i=0; i< 10; i++) {
++		  close(i);
++		}
+ 		argv[0] = (char *)modprobe;
+ 		argv[1] = (char *)modname;
+ 		argv[2] = NULL;
+--- iptables-1.2.9/iptables.c.selinux	2004-01-25 13:39:58.702460379 -0500
++++ iptables-1.2.9/iptables.c	2004-01-25 13:52:55.940802957 -0500
+@@ -1583,6 +1583,7 @@
+ {
+ 	char *buf = NULL;
+ 	char *argv[3];
++	int i=0;
+ 
+ 	/* If they don't explicitly set it, read out of kernel */
+ 	if (!modprobe) {
+@@ -1594,6 +1595,10 @@
+ 
+ 	switch (fork()) {
+ 	case 0:
++	        /* close open file descriptors */
++	        for (i=0; i< 10; i++) {
++		  close(i);
++		}
+ 		argv[0] = (char *)modprobe;
+ 		argv[1] = (char *)modname;
+ 		argv[2] = NULL;
diff --git a/iptables.spec b/iptables.spec
index 6ea0e2d..c259aa3 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -4,7 +4,7 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities.
 Version: 1.2.9
-Release: 1.0
+Release: 1.2
 Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -14,6 +14,7 @@ Source3: netfilter-2.4.20.tar.gz
 Patch2: iptables-1.2.8-nolibnsl.patch
 Patch3: iptables-1.2.8-print_type.patch
 Patch4: iptables-1.2.9-netlink.patch
+Patch5: iptables-1.2.9-selinux.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -68,6 +69,7 @@ cd ..
 %patch2 -p1 -b .nolibnsl
 %patch3 -p1 -b .print_type
 %patch4 -p1 -b .netlink
+%patch5 -p1 -b .selinux
 
 # Put it to a reasonable place
 find . -type f -exec perl -pi -e "s,/usr/local,%{prefix},g" {} \;
@@ -142,7 +144,13 @@ fi
 %endif
 
 %changelog
-* Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.0
+* Sun Jan  25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.9-1.2
+- Close File descriptors to prevent SELinux error message
+
+* Wed Jan  7 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.1
+- rebuild
+
+* Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1
 - vew version 1.2.9
 - new config options in ipXtables-config:
   IPTABLES_MODULES_UNLOAD