diff --git a/.cvsignore b/.cvsignore index 90598f7..a709ff5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1,2 @@ iptables-1.2.11.tar.bz2 +iptables-1.3.0.tar.bz2 diff --git a/iptables-1.3.0-autoload.patch b/iptables-1.3.0-autoload.patch new file mode 100644 index 0000000..b6b5889 --- /dev/null +++ b/iptables-1.3.0-autoload.patch @@ -0,0 +1,11 @@ +--- iptables-1.3.0/ip6tables.c.autoload 2005-02-21 17:52:46.502379964 +0100 ++++ iptables-1.3.0/ip6tables.c 2005-02-21 18:01:38.113422285 +0100 +@@ -1589,7 +1589,7 @@ + if (procfile < 0) + return NULL; + +- ret = malloc(PROCFILE_BUFSIZ); ++ ret = (char *) malloc(PROCFILE_BUFSIZ); + if (ret) { + memset(ret, 0, PROCFILE_BUFSIZ); + switch (read(procfile, ret, PROCFILE_BUFSIZ)) { diff --git a/iptables-1.3.0-selinux.patch b/iptables-1.3.0-selinux.patch new file mode 100644 index 0000000..82571a9 --- /dev/null +++ b/iptables-1.3.0-selinux.patch @@ -0,0 +1,42 @@ +--- iptables-1.3.0/ip6tables.c.selinux 2005-01-04 11:38:39.000000000 +0100 ++++ iptables-1.3.0/ip6tables.c 2005-02-21 17:51:24.811668259 +0100 +@@ -1612,6 +1612,7 @@ + char *buf = NULL; + char *argv[3]; + int status; ++ int i = 0; + + /* If they don't explicitly set it, read out of kernel */ + if (!modprobe) { +@@ -1623,6 +1624,10 @@ + + switch (fork()) { + case 0: ++ /* close open file descriptors */ ++ for (i=0; i< 10; i++) { ++ close(i); ++ } + argv[0] = (char *)modprobe; + argv[1] = (char *)modname; + argv[2] = NULL; +--- iptables-1.3.0/iptables.c.selinux 2005-01-04 11:38:38.000000000 +0100 ++++ iptables-1.3.0/iptables.c 2005-02-21 17:51:33.409499635 +0100 +@@ -1708,6 +1708,7 @@ + char *buf = NULL; + char *argv[3]; + int status; ++ int i = 0; + + /* If they don't explicitly set it, read out of kernel */ + if (!modprobe) { +@@ -1719,6 +1720,10 @@ + + switch (fork()) { + case 0: ++ /* close open file descriptors */ ++ for (i=0; i< 10; i++) { ++ close(i); ++ } + argv[0] = (char *)modprobe; + argv[1] = (char *)modname; + argv[2] = NULL; diff --git a/iptables.spec b/iptables.spec index 9751bb7..dcade90 100644 --- a/iptables.spec +++ b/iptables.spec @@ -3,8 +3,8 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities. -Version: 1.2.11 -Release: 3.2 +Version: 1.3.0 +Release: 1 Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -13,11 +13,10 @@ Source3: netfilter-2.4.20.tar.gz %endif Patch2: iptables-1.2.8-nolibnsl.patch Patch4: iptables-1.2.9-netlink.patch -Patch5: iptables-1.2.9-selinux.patch +Patch5: iptables-1.3.0-selinux.patch Patch6: iptables-1.2.10-counters.patch -Patch7: iptables-1.2.11-free.patch Patch8: iptables-1.2.11-cleanup.patch -Patch9: iptables-1.2.11-autoload.patch +Patch9: iptables-1.3.0-autoload.patch Group: System Environment/Base URL: http://www.netfilter.org/ BuildRoot: %{_tmppath}/%{name}-buildroot @@ -73,7 +72,6 @@ cd .. %patch4 -p1 -b .netlink %patch5 -p1 -b .selinux %patch6 -p1 -b .counters -%patch7 -p1 -b .free %patch8 -p1 -b .cleanup %patch9 -p1 -b .autoload @@ -150,6 +148,9 @@ fi %endif %changelog +* Mon Feb 21 2005 Thomas Woerner 1.3.0-1 +- new version 1.3.0 + * Thu Nov 11 2004 Thomas Woerner 1.2.11-3.2 - fixed autoload problem in iptables and ip6tables (CAN-2004-0986) diff --git a/sources b/sources index 9feb4da..c3ee416 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -0a5f5f226e41ce408a895bec995e8c05 iptables-1.2.11.tar.bz2 +a072c0f09f1b289cb7af56f76407d033 iptables-1.3.0.tar.bz2