From ca25de4fcfe4908cf93a8e57aaff49103f577b21 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 8 Nov 2024 23:17:46 +0100 Subject: [PATCH] iptables-1.8.11-1.el10 * Fri Nov 08 2024 Phil Sutter [1.8.11-1.el10] - Add requirement on kernel-modules-extra (Phil Sutter) [RHEL-65224] - Rebase onto upstream version 1.8.11 (Phil Sutter) [RHEL-66725] Resolves: RHEL-65224, RHEL-66725 --- .gitignore | 1 + ...ion-notices-to-all-relevant-man-page.patch | 46 ++++----- ...RK-Use-a-better-context-in-test-case.patch | 2 +- ...-Fix-corner-case-noflush-restore-bug.patch | 73 -------------- ...t-Fix-for-broken-recover_rule_compat.patch | 99 ------------------- ...sions-libxt_sctp-Add-an-extra-assert.patch | 43 -------- ...-recent-New-kernels-support-999-hits.patch | 39 -------- iptables.spec | 21 ++-- sources | 2 +- 9 files changed, 37 insertions(+), 289 deletions(-) delete mode 100644 0003-ebtables-Fix-corner-case-noflush-restore-bug.patch delete mode 100644 0004-nft-Fix-for-broken-recover_rule_compat.patch delete mode 100644 0005-extensions-libxt_sctp-Add-an-extra-assert.patch delete mode 100644 0006-extensions-recent-New-kernels-support-999-hits.patch diff --git a/.gitignore b/.gitignore index 4cb5d7a..b6bd02b 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /iptables-1.8.8.tar.bz2 /iptables-1.8.9.tar.xz /iptables-1.8.10.tar.xz +/iptables-1.8.11.tar.xz diff --git a/0001-doc-Add-deprecation-notices-to-all-relevant-man-page.patch b/0001-doc-Add-deprecation-notices-to-all-relevant-man-page.patch index 07221d2..e435de0 100644 --- a/0001-doc-Add-deprecation-notices-to-all-relevant-man-page.patch +++ b/0001-doc-Add-deprecation-notices-to-all-relevant-man-page.patch @@ -1,4 +1,4 @@ -From 2abc07c47189b26fce16f4751a96f747fa53fc0f Mon Sep 17 00:00:00 2001 +From cc09ad00d7915c21dd21f20fa616f1a68cb4fc26 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 17 Jun 2021 18:44:28 +0200 Subject: [PATCH] doc: Add deprecation notices to all relevant man pages @@ -23,12 +23,12 @@ Signed-off-by: Phil Sutter 10 files changed, 142 insertions(+), 7 deletions(-) diff --git a/iptables/arptables-nft-restore.8 b/iptables/arptables-nft-restore.8 -index 09d9082..b1bf029 100644 +index 596ca1c..99b1cb7 100644 --- a/iptables/arptables-nft-restore.8 +++ b/iptables/arptables-nft-restore.8 -@@ -24,6 +24,17 @@ arptables-restore \- Restore ARP Tables (nft-based) +@@ -24,6 +24,17 @@ arptables-restore \(em Restore ARP Tables (nft-based) .SH SYNOPSIS - \fBarptables\-restore + \fBarptables\-restore\fP .SH DESCRIPTION +This tool is +.B deprecated @@ -52,10 +52,10 @@ index 09d9082..b1bf029 100644 +\fBarptables\-save\fP(8), \fBarptables\fP(8), \fBnft\fP(8) .PP diff --git a/iptables/arptables-nft-save.8 b/iptables/arptables-nft-save.8 -index 905e598..49bb0f6 100644 +index e9171d5..6a95991 100644 --- a/iptables/arptables-nft-save.8 +++ b/iptables/arptables-nft-save.8 -@@ -27,6 +27,18 @@ arptables-save \- dump arptables rules to stdout (nft-based) +@@ -27,6 +27,18 @@ arptables-save \(em dump arptables rules to stdout (nft-based) \fBarptables\-save\fP [\fB\-V\fP] .SH DESCRIPTION .PP @@ -82,12 +82,12 @@ index 905e598..49bb0f6 100644 +\fBarptables\-restore\fP(8), \fBarptables\fP(8), \fBnft\fP(8) .PP diff --git a/iptables/arptables-nft.8 b/iptables/arptables-nft.8 -index ea31e08..ec5b993 100644 +index c48a2cc..66bec39 100644 --- a/iptables/arptables-nft.8 +++ b/iptables/arptables-nft.8 -@@ -39,6 +39,19 @@ arptables \- ARP table administration (nft-based) - .BR "arptables " [ "-t table" ] " -P chain target " [ options ] - +@@ -53,6 +53,19 @@ match := \fB\-m\fP \fImatchname\fP [per-match-options] + .PP + target := \fB\-j\fP \fItargetname\fP [per-target-options] .SH DESCRIPTION +.PP +This tool is @@ -105,7 +105,7 @@ index ea31e08..ec5b993 100644 .B arptables is a user space tool, it is used to set up and maintain the tables of ARP rules in the Linux kernel. These rules inspect -@@ -340,9 +353,13 @@ bridges, the same may be achieved using +@@ -354,9 +367,13 @@ bridges, the same may be achieved using chain in .BR ebtables . @@ -116,15 +116,15 @@ index ea31e08..ec5b993 100644 .SH MAILINGLISTS .BR "" "See " http://netfilter.org/mailinglists.html .SH SEE ALSO --.BR xtables-nft "(8), " iptables "(8), " ebtables "(8), " ip (8) -+.BR xtables-nft "(8), " iptables "(8), " ebtables "(8), " ip "(8), " nft (8) +-.BR xtables\-nft "(8), " iptables "(8), " ebtables "(8), " ip (8) ++.BR xtables\-nft "(8), " iptables "(8), " ebtables "(8), " ip "(8), " nft (8) .PP .BR "" "See " https://wiki.nftables.org diff --git a/iptables/ebtables-nft.8 b/iptables/ebtables-nft.8 -index 0304b50..cfd617a 100644 +index 8698165..e68d64b 100644 --- a/iptables/ebtables-nft.8 +++ b/iptables/ebtables-nft.8 -@@ -46,6 +46,19 @@ ebtables \- Ethernet bridge frame table administration (nft-based) +@@ -46,6 +46,19 @@ ebtables \(em Ethernet bridge frame table administration (nft-based) .br .SH DESCRIPTION @@ -144,7 +144,7 @@ index 0304b50..cfd617a 100644 .B ebtables is an application program used to set up and maintain the tables of rules (inside the Linux kernel) that inspect -@@ -1083,6 +1096,6 @@ has not been implemented, although +@@ -1084,6 +1097,6 @@ has not been implemented, although might replace them entirely given the inherent atomicity of nftables. Finally, this list is probably not complete. .SH SEE ALSO @@ -153,10 +153,10 @@ index 0304b50..cfd617a 100644 .PP .BR "" "See " https://wiki.nftables.org diff --git a/iptables/iptables-apply.8.in b/iptables/iptables-apply.8.in -index f0ed4e5..7f99a21 100644 +index 33fd79f..f0171f1 100644 --- a/iptables/iptables-apply.8.in +++ b/iptables/iptables-apply.8.in -@@ -11,6 +11,18 @@ iptables-apply \- a safer way to update iptables remotely +@@ -9,6 +9,18 @@ iptables-apply \(em a safer way to update iptables remotely \fBiptables\-apply\fP [\-\fBhV\fP] [\fB-t\fP \fItimeout\fP] [\fB-w\fP \fIsavefile\fP] {[\fIrulesfile]|-c [runcmd]}\fP .SH "DESCRIPTION" .PP @@ -175,7 +175,7 @@ index f0ed4e5..7f99a21 100644 iptables\-apply will try to apply a new rulesfile (as output by iptables-save, read by iptables-restore) or run a command to configure iptables and then prompt the user whether the changes are okay. If the -@@ -47,7 +59,7 @@ Display usage information. +@@ -45,7 +57,7 @@ Display usage information. Display version information. .SH "SEE ALSO" .PP @@ -278,12 +278,12 @@ index 65c1f28..d47be27 100644 The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which details NAT, and the netfilter-hacking-HOWTO which details the diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in -index ecaa555..4c4a15a 100644 +index 21fb891..ef20bf2 100644 --- a/iptables/iptables.8.in +++ b/iptables/iptables.8.in -@@ -55,6 +55,20 @@ match = \fB\-m\fP \fImatchname\fP [\fIper-match-options\fP] +@@ -55,6 +55,20 @@ match := \fB\-m\fP \fImatchname\fP [per-match-options] .PP - target = \fB\-j\fP \fItargetname\fP [\fIper\-target\-options\fP] + target := \fB\-j\fP \fItargetname\fP [per-target-options] .SH DESCRIPTION +These tools are +.B deprecated @@ -313,7 +313,7 @@ index ecaa555..4c4a15a 100644 The packet-filtering-HOWTO details iptables usage for packet filtering, the NAT-HOWTO details NAT, diff --git a/iptables/xtables-monitor.8.in b/iptables/xtables-monitor.8.in -index a7f22c0..e21d7ff 100644 +index ed2c5fb..99016cd 100644 --- a/iptables/xtables-monitor.8.in +++ b/iptables/xtables-monitor.8.in @@ -6,6 +6,17 @@ xtables-monitor \(em show changes to rule set and trace-events diff --git a/0002-extensions-SECMARK-Use-a-better-context-in-test-case.patch b/0002-extensions-SECMARK-Use-a-better-context-in-test-case.patch index 5086dc5..ff7a960 100644 --- a/0002-extensions-SECMARK-Use-a-better-context-in-test-case.patch +++ b/0002-extensions-SECMARK-Use-a-better-context-in-test-case.patch @@ -1,4 +1,4 @@ -From 4388fad6c3874a3861907734f9a6368cfd0a731c Mon Sep 17 00:00:00 2001 +From 9ff1da0df36a3e963b797d7251f8f350f059ea64 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 16 Jul 2021 21:51:49 +0200 Subject: [PATCH] extensions: SECMARK: Use a better context in test case diff --git a/0003-ebtables-Fix-corner-case-noflush-restore-bug.patch b/0003-ebtables-Fix-corner-case-noflush-restore-bug.patch deleted file mode 100644 index 9b28f86..0000000 --- a/0003-ebtables-Fix-corner-case-noflush-restore-bug.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 7a8231504928a4ad7a2229d0f8a27d9734159647 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 7 Nov 2023 23:44:55 +0100 -Subject: [PATCH] ebtables: Fix corner-case noflush restore bug - -JIRA: https://issues.redhat.com/browse/RHEL-14147 -Upstream Status: iptables commit c1083acea70787eea3f7929fd04718434bb05ba8 - -commit c1083acea70787eea3f7929fd04718434bb05ba8 -Author: Phil Sutter -Date: Tue Nov 7 19:12:14 2023 +0100 - - ebtables: Fix corner-case noflush restore bug - - Report came from firwalld, but this is actually rather hard to trigger. - Since a regular chain line prevents it, typical dump/restore use-cases - are unaffected. - - Fixes: 73611d5582e72 ("ebtables-nft: add broute table emulation") - Cc: Eric Garver - Signed-off-by: Phil Sutter - -Signed-off-by: Phil Sutter ---- - .../testcases/ebtables/0009-broute-bug_0 | 25 +++++++++++++++++++ - iptables/xtables-eb.c | 2 ++ - 2 files changed, 27 insertions(+) - create mode 100755 iptables/tests/shell/testcases/ebtables/0009-broute-bug_0 - -diff --git a/iptables/tests/shell/testcases/ebtables/0009-broute-bug_0 b/iptables/tests/shell/testcases/ebtables/0009-broute-bug_0 -new file mode 100755 -index 0000000..0def0ac ---- /dev/null -+++ b/iptables/tests/shell/testcases/ebtables/0009-broute-bug_0 -@@ -0,0 +1,25 @@ -+#!/bin/sh -+# -+# Missing BROUTING-awareness in ebt_get_current_chain() caused an odd caching bug when restoring: -+# - with --noflush -+# - a second table after the broute one -+# - A policy command but no chain line for BROUTING chain -+ -+set -e -+ -+case "$XT_MULTI" in -+*xtables-nft-multi) -+ ;; -+*) -+ echo "skip $XT_MULTI" -+ exit 0 -+ ;; -+esac -+ -+$XT_MULTI ebtables-restore --noflush < -Date: Wed, 22 May 2024 18:26:58 +0200 -Subject: [PATCH] nft: Fix for broken recover_rule_compat() - -JIRA: https://issues.redhat.com/browse/RHEL-26619 -Upstream Status: iptables commit bb1a7a5b297aa271f7f59abbcb891cd94d7fb305 - -commit bb1a7a5b297aa271f7f59abbcb891cd94d7fb305 -Author: Phil Sutter -Date: Tue Feb 27 18:47:39 2024 +0100 - - nft: Fix for broken recover_rule_compat() - - When IPv4 rule generator was changed to emit payload instead of - meta expressions for l4proto matches, the code reinserting - NFTNL_RULE_COMPAT_* attributes into rules being reused for counter - zeroing was broken by accident. - - Make rule compat recovery aware of the alternative match, basically - reinstating the effect of commit 7a373f6683afb ("nft: Fix -Z for rules - with NFTA_RULE_COMPAT") but add a test case this time to make sure - things stay intact. - - Fixes: 69278f9602b43 ("nft: use payload matching for layer 4 protocol") - Signed-off-by: Phil Sutter - -Signed-off-by: Phil Sutter ---- - iptables/nft.c | 27 ++++++++++++++++--- - .../nft-only/0011-zero-needs-compat_0 | 12 +++++++++ - 2 files changed, 35 insertions(+), 4 deletions(-) - create mode 100755 iptables/tests/shell/testcases/nft-only/0011-zero-needs-compat_0 - -diff --git a/iptables/nft.c b/iptables/nft.c -index 97fd4f4..c4caf29 100644 ---- a/iptables/nft.c -+++ b/iptables/nft.c -@@ -3679,6 +3679,27 @@ const char *nft_strerror(int err) - return strerror(err); - } - -+static int l4proto_expr_get_dreg(struct nftnl_expr *e, uint32_t *dregp) -+{ -+ const char *name = nftnl_expr_get_str(e, NFTNL_EXPR_NAME); -+ uint32_t poff = offsetof(struct iphdr, protocol); -+ uint32_t pbase = NFT_PAYLOAD_NETWORK_HEADER; -+ -+ if (!strcmp(name, "payload") && -+ nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_BASE) == pbase && -+ nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET) == poff && -+ nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_LEN) == sizeof(uint8_t)) { -+ *dregp = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_DREG); -+ return 0; -+ } -+ if (!strcmp(name, "meta") && -+ nftnl_expr_get_u32(e, NFTNL_EXPR_META_KEY) == NFT_META_L4PROTO) { -+ *dregp = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG); -+ return 0; -+ } -+ return -1; -+} -+ - static int recover_rule_compat(struct nftnl_rule *r) - { - struct nftnl_expr_iter *iter; -@@ -3695,12 +3716,10 @@ next_expr: - if (!e) - goto out; - -- if (strcmp("meta", nftnl_expr_get_str(e, NFTNL_EXPR_NAME)) || -- nftnl_expr_get_u32(e, NFTNL_EXPR_META_KEY) != NFT_META_L4PROTO) -+ /* may be 'ip protocol' or 'meta l4proto' with identical RHS */ -+ if (l4proto_expr_get_dreg(e, ®) < 0) - goto next_expr; - -- reg = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG); -- - e = nftnl_expr_iter_next(iter); - if (!e) - goto out; -diff --git a/iptables/tests/shell/testcases/nft-only/0011-zero-needs-compat_0 b/iptables/tests/shell/testcases/nft-only/0011-zero-needs-compat_0 -new file mode 100755 -index 0000000..e276a95 ---- /dev/null -+++ b/iptables/tests/shell/testcases/nft-only/0011-zero-needs-compat_0 -@@ -0,0 +1,12 @@ -+#!/bin/bash -+ -+[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } -+ -+set -e -+ -+rule="-p tcp -m tcp --dport 27374 -c 23 42 -j TPROXY --on-port 50080" -+for cmd in iptables ip6tables; do -+ $XT_MULTI $cmd -t mangle -A PREROUTING $rule -+ $XT_MULTI $cmd -t mangle -Z -+ $XT_MULTI $cmd -t mangle -v -S | grep -q -- "${rule/23 42/0 0}" -+done diff --git a/0005-extensions-libxt_sctp-Add-an-extra-assert.patch b/0005-extensions-libxt_sctp-Add-an-extra-assert.patch deleted file mode 100644 index 47fe875..0000000 --- a/0005-extensions-libxt_sctp-Add-an-extra-assert.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 6e4197dee5ff051f2daf1327faf1683fe350264f Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Wed, 12 Jun 2024 22:49:48 +0200 -Subject: [PATCH] extensions: libxt_sctp: Add an extra assert() - -JIRA: https://issues.redhat.com/browse/RHEL-40928 -Upstream Status: iptables commit 0234117d24609070f08ef36a11795c3c8e4c19bf - -commit 0234117d24609070f08ef36a11795c3c8e4c19bf -Author: Phil Sutter -Date: Fri May 17 15:20:05 2024 +0200 - - extensions: libxt_sctp: Add an extra assert() - - The code is sane, but this keeps popping up in static code analyzers. - - Signed-off-by: Phil Sutter - -Signed-off-by: Phil Sutter ---- - extensions/libxt_sctp.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c -index 6e2b274..e8312f0 100644 ---- a/extensions/libxt_sctp.c -+++ b/extensions/libxt_sctp.c -@@ -7,6 +7,7 @@ - * libipt_ecn.c borrowed heavily from libipt_dscp.c - * - */ -+#include - #include - #include - #include -@@ -354,6 +355,7 @@ print_chunk_flags(uint32_t chunknum, uint8_t chunk_flags, uint8_t chunk_flags_ma - - for (i = 7; i >= 0; i--) { - if (chunk_flags_mask & (1 << i)) { -+ assert(chunknum < ARRAY_SIZE(sctp_chunk_names)); - if (chunk_flags & (1 << i)) { - printf("%c", sctp_chunk_names[chunknum].valid_flags[7-i]); - } else { diff --git a/0006-extensions-recent-New-kernels-support-999-hits.patch b/0006-extensions-recent-New-kernels-support-999-hits.patch deleted file mode 100644 index f9fa8f8..0000000 --- a/0006-extensions-recent-New-kernels-support-999-hits.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 9dbd643945ba560e7fbb7aa2d4711bf14dd3452d Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Sat, 21 Sep 2024 02:04:54 +0200 -Subject: [PATCH] extensions: recent: New kernels support 999 hits - -JIRA: https://issues.redhat.com/browse/RHEL-34919 -Upstream Status: iptables commit d859b91e6f3ed055c22ee7b984b481c5b518d9e1 - -commit d859b91e6f3ed055c22ee7b984b481c5b518d9e1 -Author: Phil Sutter -Date: Sat Jul 20 02:23:28 2024 +0200 - - extensions: recent: New kernels support 999 hits - - Since kernel commit f4ebd03496f6 ("netfilter: xt_recent: Lift - restrictions on max hitcount value"), the max supported hitcount value - has increased significantly. Adjust the test to use a value which fails - on old as well as new kernels. - - Signed-off-by: Phil Sutter - -Signed-off-by: Phil Sutter ---- - extensions/libxt_recent.t | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/extensions/libxt_recent.t b/extensions/libxt_recent.t -index cf23aab..3b0dd9f 100644 ---- a/extensions/libxt_recent.t -+++ b/extensions/libxt_recent.t -@@ -4,7 +4,7 @@ - -m recent --rcheck --hitcount 12 --name foo --mask 255.255.255.255 --rsource;=;OK - -m recent --update --rttl;-m recent --update --rttl --name DEFAULT --mask 255.255.255.255 --rsource;OK - -m recent --set --rttl;;FAIL ---m recent --rcheck --hitcount 999 --name foo --mask 255.255.255.255 --rsource;;FAIL -+-m recent --rcheck --hitcount 65536 --name foo --mask 255.255.255.255 --rsource;;FAIL - # nonsensical, but all should load successfully: - -m recent --rcheck --hitcount 3 --name foo --mask 255.255.255.255 --rsource -m recent --rcheck --hitcount 4 --name foo --mask 255.255.255.255 --rsource;=;OK - -m recent --rcheck --hitcount 4 --name foo --mask 255.255.255.255 --rsource -m recent --rcheck --hitcount 4 --name foo --mask 255.255.255.255 --rsource;=;OK diff --git a/iptables.spec b/iptables.spec index e27595c..06a1948 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,6 +1,3 @@ -%define iptables_rpmversion 1.8.10 -%define iptables_specrelease 14 - # install init scripts to /usr/libexec with systemd %global script_path %{_libexecdir}/iptables @@ -18,8 +15,8 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities URL: https://www.netfilter.org/projects/iptables -Version: %{iptables_rpmversion} -Release: %{iptables_specrelease}%{?dist}%{?buildid}.1 +Version: 1.8.11 +Release: 1%{?dist} Source: %{url}/files/%{name}-%{version}.tar.xz Source1: iptables.init Source2: iptables-config @@ -35,10 +32,6 @@ Source11: iptables-test.stderr.expect Patch1: 0001-doc-Add-deprecation-notices-to-all-relevant-man-page.patch Patch2: 0002-extensions-SECMARK-Use-a-better-context-in-test-case.patch -Patch3: 0003-ebtables-Fix-corner-case-noflush-restore-bug.patch -Patch4: 0004-nft-Fix-for-broken-recover_rule_compat.patch -Patch5: 0005-extensions-libxt_sctp-Add-an-extra-assert.patch -Patch6: 0006-extensions-recent-New-kernels-support-999-hits.patch # pf.os: ISC license # iptables-apply: Artistic Licence 2.0 @@ -73,6 +66,7 @@ you should install this package. Summary: Legacy tools for managing Linux kernel packet filtering capabilities Requires: %{name}-legacy-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: kernel-modules-extra Conflicts: setup < 2.10.4-1 Requires(post): %{_sbindir}/update-alternatives Requires(postun): %{_sbindir}/update-alternatives @@ -174,6 +168,7 @@ a safer way to update iptables remotely. %package nft Summary: nftables compatibility for iptables, arptables and ebtables Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: kernel-modules-extra Requires(post): %{_sbindir}/update-alternatives Requires(post): %{_bindir}/readlink Requires(postun): %{_sbindir}/update-alternatives @@ -457,6 +452,7 @@ fi %{_sbindir}/ip{,6}tables{,-restore}-translate %{_sbindir}/{eb,arp}tables-nft* %{_sbindir}/ebtables-translate +%{_sbindir}/arptables-translate %{_sbindir}/xtables-nft-multi %{_sbindir}/xtables-monitor %dir %{_libdir}/xtables @@ -466,13 +462,18 @@ fi %{_mandir}/man8/xtables-translate* %{_mandir}/man8/*-nft* %{_mandir}/man8/ip{,6}tables{,-restore}-translate* +%{_mandir}/man8/{eb,arp}tables-translate.8.gz %ghost %{_sbindir}/ip{,6}tables{,-save,-restore} %ghost %{_sbindir}/{eb,arp}tables{,-save,-restore} %ghost %{_libexecdir}/arptables-helper %ghost %{_mandir}/man8/arptables{,-save,-restore}.8.gz -%ghost %{_mandir}/man8/ebtables{,-translate}.8.gz +%ghost %{_mandir}/man8/ebtables.8.gz %changelog +* Fri Nov 08 2024 Phil Sutter [1.8.11-1.el10] +- Add requirement on kernel-modules-extra (Phil Sutter) [RHEL-65224] +- Rebase onto upstream version 1.8.11 (Phil Sutter) [RHEL-66725] + * Tue Oct 29 2024 Troy Dawson - 1.8.10-14.1 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 diff --git a/sources b/sources index 59e259b..492d442 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (iptables-1.8.10.tar.xz) = 71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153 +SHA512 (iptables-1.8.11.tar.xz) = 4937020bf52d57a45b76e1eba125214a2f4531de52ff1d15185faeef8bea0cd90eb77f99f81baa573944aa122f350a7198cef41d70594e1b65514784addbcc40