From f7ec09d02c7954bb15ce82cc70d4ea3d9ce30a61 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 4 Aug 2010 16:50:25 +0200
Subject: [PATCH] - new version 1.4.9 with all new features of 2.6.35   - doc:
 xt_hashlimit: fix a typo   - doc: xt_LED: nroff formatting requirements   -
 doc: xt_string: correct copy-and-pasting in manpage   - extensions: add the
 LED target   - extensions: libxt_quota.c: Support option negation   -
 extensions: libxt_rateest: fix bps options for iptables-save   - extensions:
 libxt_rateest: fix typo in the man page   - extensions: REDIRECT: add random
 help   - includes: sync header files from Linux 2.6.35-rc1   -
 libxt_conntrack: do print netmask   - libxt_hashlimit: always print burst
 value   - libxt_set: new revision added   - utils: add missing include flags
 to Makefile   - xtables: another try at chain name length checking   -
 xtables: remove xtables_set_revision function   - xt_quota: also document
 negation   - xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY
 extension   - xt_sctp: support FORWARD_TSN chunk type

---
 .gitignore                                    |  1 +
 ...exec.patch => iptables-1.4.9-cloexec.patch | 68 +++++++++----------
 iptables.spec                                 | 25 ++++++-
 sources                                       |  2 +-
 4 files changed, 59 insertions(+), 37 deletions(-)
 rename iptables-1.4.5-cloexec.patch => iptables-1.4.9-cloexec.patch (57%)

diff --git a/.gitignore b/.gitignore
index 16107b7..101a38a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ iptables-1.4.5.tar.bz2
 iptables-1.4.6.tar.bz2
 iptables-1.4.7.tar.bz2
 iptables-1.4.8.tar.bz2
+iptables-1.4.9.tar.bz2
diff --git a/iptables-1.4.5-cloexec.patch b/iptables-1.4.9-cloexec.patch
similarity index 57%
rename from iptables-1.4.5-cloexec.patch
rename to iptables-1.4.9-cloexec.patch
index 2cb0354..9f4c140 100644
--- a/iptables-1.4.5-cloexec.patch
+++ b/iptables-1.4.9-cloexec.patch
@@ -1,7 +1,7 @@
-diff -up iptables-1.4.5/extensions/libipt_realm.c.cloexec iptables-1.4.5/extensions/libipt_realm.c
---- iptables-1.4.5/extensions/libipt_realm.c.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/extensions/libipt_realm.c	2009-09-17 10:52:00.000000000 +0200
-@@ -49,7 +49,7 @@ static void load_realms(void)
+diff -up iptables-1.4.9/extensions/libipt_realm.c.cloexec iptables-1.4.9/extensions/libipt_realm.c
+--- iptables-1.4.9/extensions/libipt_realm.c.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/extensions/libipt_realm.c	2010-08-04 12:17:51.000000000 +0200
+@@ -48,7 +48,7 @@ static void load_realms(void)
  	int id;
  	struct realmname *oldnm = NULL, *newnm = NULL;
  
@@ -10,20 +10,20 @@ diff -up iptables-1.4.5/extensions/libipt_realm.c.cloexec iptables-1.4.5/extensi
  	if (!fil) {
  		rdberr = 1;
  		return;
-diff -up iptables-1.4.5/extensions/libipt_set.h.cloexec iptables-1.4.5/extensions/libipt_set.h
---- iptables-1.4.5/extensions/libipt_set.h.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/extensions/libipt_set.h	2009-09-17 11:02:07.000000000 +0200
+diff -up iptables-1.4.9/extensions/libxt_set.h.cloexec iptables-1.4.9/extensions/libxt_set.h
+--- iptables-1.4.9/extensions/libxt_set.h.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/extensions/libxt_set.h	2010-08-04 12:19:48.000000000 +0200
 @@ -2,6 +2,7 @@
- #define _LIBIPT_SET_H
+ #define _LIBXT_SET_H
  
  #include <unistd.h>
 +#include <fcntl.h>
  #include <sys/types.h>
  #include <sys/socket.h>
  #include <errno.h>
-@@ -48,6 +49,12 @@ static int get_version(unsigned *version
+@@ -23,6 +24,12 @@ get_version(unsigned *version)
  		xtables_error(OTHER_PROBLEM,
- 			   "Can't open socket to ipset.\n");
+ 			      "Can't open socket to ipset.\n");
  
 +	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
 +		xtables_error(OTHER_PROBLEM,
@@ -34,9 +34,9 @@ diff -up iptables-1.4.5/extensions/libipt_set.h.cloexec iptables-1.4.5/extension
  	req_version.op = IP_SET_OP_VERSION;
  	res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size);
  	if (res != 0)
-diff -up iptables-1.4.5/ip6tables-restore.c.cloexec iptables-1.4.5/ip6tables-restore.c
---- iptables-1.4.5/ip6tables-restore.c.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/ip6tables-restore.c	2009-09-17 10:52:00.000000000 +0200
+diff -up iptables-1.4.9/ip6tables-restore.c.cloexec iptables-1.4.9/ip6tables-restore.c
+--- iptables-1.4.9/ip6tables-restore.c.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/ip6tables-restore.c	2010-08-04 12:17:51.000000000 +0200
 @@ -169,7 +169,7 @@ int main(int argc, char *argv[])
  	}
  
@@ -46,9 +46,9 @@ diff -up iptables-1.4.5/ip6tables-restore.c.cloexec iptables-1.4.5/ip6tables-res
  		if (!in) {
  			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
  				strerror(errno));
-diff -up iptables-1.4.5/ip6tables-save.c.cloexec iptables-1.4.5/ip6tables-save.c
---- iptables-1.4.5/ip6tables-save.c.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/ip6tables-save.c	2009-09-17 10:52:00.000000000 +0200
+diff -up iptables-1.4.9/ip6tables-save.c.cloexec iptables-1.4.9/ip6tables-save.c
+--- iptables-1.4.9/ip6tables-save.c.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/ip6tables-save.c	2010-08-04 12:17:51.000000000 +0200
 @@ -41,7 +41,7 @@ static int for_each_table(int (*func)(co
  	FILE *procfile = NULL;
  	char tablename[IP6T_TABLE_MAXNAMELEN+1];
@@ -58,9 +58,9 @@ diff -up iptables-1.4.5/ip6tables-save.c.cloexec iptables-1.4.5/ip6tables-save.c
  	if (!procfile)
  		return ret;
  
-diff -up iptables-1.4.5/iptables-restore.c.cloexec iptables-1.4.5/iptables-restore.c
---- iptables-1.4.5/iptables-restore.c.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/iptables-restore.c	2009-09-17 10:52:00.000000000 +0200
+diff -up iptables-1.4.9/iptables-restore.c.cloexec iptables-1.4.9/iptables-restore.c
+--- iptables-1.4.9/iptables-restore.c.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/iptables-restore.c	2010-08-04 12:17:51.000000000 +0200
 @@ -175,7 +175,7 @@ main(int argc, char *argv[])
  	}
  
@@ -70,9 +70,9 @@ diff -up iptables-1.4.5/iptables-restore.c.cloexec iptables-1.4.5/iptables-resto
  		if (!in) {
  			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
  				strerror(errno));
-diff -up iptables-1.4.5/iptables-save.c.cloexec iptables-1.4.5/iptables-save.c
---- iptables-1.4.5/iptables-save.c.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/iptables-save.c	2009-09-17 10:52:00.000000000 +0200
+diff -up iptables-1.4.9/iptables-save.c.cloexec iptables-1.4.9/iptables-save.c
+--- iptables-1.4.9/iptables-save.c.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/iptables-save.c	2010-08-04 12:17:51.000000000 +0200
 @@ -39,7 +39,7 @@ static int for_each_table(int (*func)(co
  	FILE *procfile = NULL;
  	char tablename[IPT_TABLE_MAXNAMELEN+1];
@@ -82,9 +82,9 @@ diff -up iptables-1.4.5/iptables-save.c.cloexec iptables-1.4.5/iptables-save.c
  	if (!procfile)
  		return ret;
  
-diff -up iptables-1.4.5/iptables-xml.c.cloexec iptables-1.4.5/iptables-xml.c
---- iptables-1.4.5/iptables-xml.c.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/iptables-xml.c	2009-09-17 10:52:00.000000000 +0200
+diff -up iptables-1.4.9/iptables-xml.c.cloexec iptables-1.4.9/iptables-xml.c
+--- iptables-1.4.9/iptables-xml.c.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/iptables-xml.c	2010-08-04 12:17:51.000000000 +0200
 @@ -653,7 +653,7 @@ main(int argc, char *argv[])
  	}
  
@@ -94,9 +94,9 @@ diff -up iptables-1.4.5/iptables-xml.c.cloexec iptables-1.4.5/iptables-xml.c
  		if (!in) {
  			fprintf(stderr, "Can't open %s: %s", argv[optind],
  				strerror(errno));
-diff -up iptables-1.4.5/libiptc/libiptc.c.cloexec iptables-1.4.5/libiptc/libiptc.c
---- iptables-1.4.5/libiptc/libiptc.c.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/libiptc/libiptc.c	2009-09-17 11:02:16.000000000 +0200
+diff -up iptables-1.4.9/libiptc/libiptc.c.cloexec iptables-1.4.9/libiptc/libiptc.c
+--- iptables-1.4.9/libiptc/libiptc.c.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/libiptc/libiptc.c	2010-08-04 12:17:51.000000000 +0200
 @@ -29,6 +29,8 @@
   * 	- performance work: speedup initial ruleset parsing.
   * 	- sponsored by ComX Networks A/S (http://www.comx.dk/)
@@ -106,7 +106,7 @@ diff -up iptables-1.4.5/libiptc/libiptc.c.cloexec iptables-1.4.5/libiptc/libiptc
  #include <sys/types.h>
  #include <sys/socket.h>
  #include <xtables.h>
-@@ -1326,6 +1328,12 @@ TC_INIT(const char *tablename)
+@@ -1328,6 +1330,12 @@ TC_INIT(const char *tablename)
  	if (sockfd < 0)
  		return NULL;
  
@@ -119,10 +119,10 @@ diff -up iptables-1.4.5/libiptc/libiptc.c.cloexec iptables-1.4.5/libiptc/libiptc
  retry:
  	s = sizeof(info);
  
-diff -up iptables-1.4.5/xtables.c.cloexec iptables-1.4.5/xtables.c
---- iptables-1.4.5/xtables.c.cloexec	2009-09-14 18:36:55.000000000 +0200
-+++ iptables-1.4.5/xtables.c	2009-09-17 10:52:00.000000000 +0200
-@@ -292,6 +292,11 @@ static char *get_modprobe(void)
+diff -up iptables-1.4.9/xtables.c.cloexec iptables-1.4.9/xtables.c
+--- iptables-1.4.9/xtables.c.cloexec	2010-08-03 16:54:25.000000000 +0200
++++ iptables-1.4.9/xtables.c	2010-08-04 12:17:51.000000000 +0200
+@@ -284,6 +284,11 @@ static char *get_modprobe(void)
  	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
  	if (procfile < 0)
  		return NULL;
@@ -134,7 +134,7 @@ diff -up iptables-1.4.5/xtables.c.cloexec iptables-1.4.5/xtables.c
  
  	ret = (char *) malloc(PROCFILE_BUFSIZ);
  	if (ret) {
-@@ -684,6 +689,12 @@ static int compatible_revision(const cha
+@@ -680,6 +685,12 @@ static int compatible_revision(const cha
  		exit(1);
  	}
  
diff --git a/iptables.spec b/iptables.spec
index d51f83c..5745b4d 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,11 +1,11 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.4.8
+Version: 1.4.9
 Release: 1%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
-Patch5: iptables-1.4.5-cloexec.patch
+Patch5: iptables-1.4.9-cloexec.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -163,6 +163,27 @@ fi
 %{_libdir}/pkgconfig/xtables.pc
 
 %changelog
+* Wed Aug  4 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-1
+- new version 1.4.9 with all new features of 2.6.35
+  - doc: xt_hashlimit: fix a typo
+  - doc: xt_LED: nroff formatting requirements
+  - doc: xt_string: correct copy-and-pasting in manpage
+  - extensions: add the LED target
+  - extensions: libxt_quota.c: Support option negation
+  - extensions: libxt_rateest: fix bps options for iptables-save
+  - extensions: libxt_rateest: fix typo in the man page
+  - extensions: REDIRECT: add random help
+  - includes: sync header files from Linux 2.6.35-rc1
+  - libxt_conntrack: do print netmask
+  - libxt_hashlimit: always print burst value
+  - libxt_set: new revision added
+  - utils: add missing include flags to Makefile
+  - xtables: another try at chain name length checking
+  - xtables: remove xtables_set_revision function
+  - xt_quota: also document negation
+  - xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY extension
+  - xt_sctp: support FORWARD_TSN chunk type
+
 * Fri Jul  2 2010 Thomas Woerner <twoerner@redhat.com> 1.4.8-1
 - new version 1.4.8 all new features of 2.6.34 (rhbz#)
   - extensions: REDIRECT: fix --to-ports parser
diff --git a/sources b/sources
index 35a7ee9..6127307 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-697ed89f37af4473a5f6349ba2700f2d  iptables-1.4.8.tar.bz2
+db1312f7ce5a4c11dc981a2ac76b26e8  iptables-1.4.9.tar.bz2