Commit Graph

54 Commits

Author SHA1 Message Date
Phil Sutter
6eebdb8221 iptables-1.8.10-5.el9
* Wed Aug 14 2024 Phil Sutter <psutter@redhat.com> [1.8.10-5.el9]
- xtables-monitor: Ignore ebtables policy rules unless tracing (Phil Sutter) [RHEL-47264]
- xtables-monitor: Fix for ebtables rule events (Phil Sutter) [RHEL-47264]
- tests: shell: New xtables-monitor test (Phil Sutter) [RHEL-47264]
- xtables-monitor: Support arptables chain events (Phil Sutter) [RHEL-47264]
- xtables-monitor: Align builtin chain and table output (Phil Sutter) [RHEL-47264]
- xtables-monitor: Flush stdout after all lines of output (Phil Sutter) [RHEL-47264]
- xtables-monitor: Proper re-init for rule's family (Phil Sutter) [RHEL-47264]
- nft: Fix for zeroing existent builtin chains (Phil Sutter) [RHEL-49497]
- nft: cache: Annotate faked base chains as such (Phil Sutter) [RHEL-49497]
- nft: Fix for zeroing non-existent builtin chains (Phil Sutter) [RHEL-49497]
Resolves: RHEL-47264, RHEL-49497
2024-08-14 16:11:43 +02:00
Phil Sutter
c4bd1fda82 iptables-1.8.10-4.el9
* Wed Jul 03 2024 Phil Sutter <psutter@redhat.com> [1.8.10-4.el9]
- spec: Simplify legacy package integration (Phil Sutter) [RHEL-5797]
Resolves: RHEL-5797
2024-07-03 15:18:39 +02:00
Phil Sutter
e74594c069 iptables-1.8.10-3.el9
* Wed Jun 12 2024 Phil Sutter <psutter@redhat.com> [1.8.10-3.el9]
- extensions: libxt_sctp: Add an extra assert() (Phil Sutter) [RHEL-40928]
- spec: Add symlinks for merged extension DSOs (Phil Sutter) [RHEL-32463]
- nft: Fix for broken recover_rule_compat() (Phil Sutter) [RHEL-26619]
- spec: Ship ebtables-translate and man page (Phil Sutter) [RHEL-32922]
Resolves: RHEL-26619, RHEL-32463, RHEL-32922, RHEL-40928
2024-06-12 22:52:05 +02:00
Phil Sutter
18727bce9f iptables-1.8.10-2.el9
* Tue Nov 07 2023 Phil Sutter <psutter@redhat.com> [1.8.10-2.el9]
- ebtables: Fix corner-case noflush restore bug (Phil Sutter) [RHEL-14147]
Resolves: RHEL-14147
2023-11-07 22:46:55 +00:00
Phil Sutter
e68693c04a tests: TRACE-target-of-iptables-can-t-work-in: Allow rmmod to fail
Modules are loaded with older kernels only, ignore if rmmod fails.
2023-10-27 20:34:56 +00:00
Phil Sutter
33ffe56c42 tests: iptables-nft does not lock in user space anymore
Effectively disable xtables-tools-locking-vulnerable-to-local-DoS unless
for old versions of RHEL/Fedora/CentOS.

Related: RHEL-14147
2023-10-27 20:10:19 +00:00
Phil Sutter
66c02f9077 tests: iptables-save-cuts-space-before-j: Fix for CentOS
Newer CentOS behave just like newer RHEL.

Related: RHEL-14147
2023-10-27 20:10:16 +00:00
Phil Sutter
26c9e1e407 tests: With iptables-nft, TRACE works differently
This is 'meta nftrace' internally, therefore have to use
'xtables-monitor --trace' command to fetch the traces (which also look a
bit differently).

Related: RHEL-14147
2023-10-27 20:10:13 +00:00
Phil Sutter
d977b706cf tests: Drop checks for iptables RPM
On one hand, the check will fail as the RPM is called 'iptables-nft'. On
the other, if the RPM is missing the commands will fail as well so this
check happens implicitly anyway.

Related: RHEL-14147
2023-10-27 18:59:35 +00:00
Phil Sutter
0d517b6b1f tests: Disable backport-iptables-add-libxt-cgroup-frontend test
It is disabled in RHTS as well. The main issue is that starting with
RHEL9, libcgroup-tools is no longer available. The test had to be
migrated to cgroups v2 in order to pass.

Related: RHEL-14147
2023-10-27 18:59:35 +00:00
Phil Sutter
4274fcf999 iptables-1.8.10-1.el9
* Fri Oct 27 2023 Phil Sutter <psutter@redhat.com> [1.8.10-1.el9]
- spec: Support for _excludedocs macro in alternatives installation (Phil Sutter) [RHEL-5810]
- Rebase onto version 1.8.10 (Phil Sutter) [RHEL-14147]
Resolves: RHEL-14147, RHEL-5810
2023-10-27 18:59:35 +00:00
Phil Sutter
979b61fb74 iptables-1.8.8-6.el9
- Add expected testsuite result

Related: rhbz#2136584
2022-12-16 21:34:22 +01:00
Phil Sutter
de14b081d8 iptables-1.8.8-5.el9
- nft: un-break among match with concatenation
- nft: fix ebtables among match when mac+ip addresses are used

Resolves: rhbz#2136584
2022-12-06 17:38:06 +01:00
Phil Sutter
3c61c034bd iptables-1.8.8-4.el9
- libxtables: Fix unsupported extension warning corner case

Resolves: rhbz#2103988
2022-07-05 15:49:16 +02:00
Phil Sutter
7d8e51ef99 iptables-1.8.8-3.el9
- arptables: Support -x/--exact flag

Related: rhbz#2084543
2022-06-08 18:35:59 +02:00
Phil Sutter
73cb621bac iptables-1.8.8-2.el9
- tests: shell: Check overhead in iptables-save and -restore

Related: rhbz#2065330
2022-06-02 14:49:22 +02:00
Phil Sutter
08d57e3b00 iptables-1.8.8-1.el9
- new version

Resolves: rhbz#2084543
2022-05-13 17:53:42 +02:00
Phil Sutter
21c02e6c1a iptables-1.8.7-30.el9
- Use proto_to_name() from xshared in more places

Resolves: rhbz#2065330
2022-03-18 14:47:28 +01:00
Phil Sutter
a556128cb3 iptables-1.8.7-29.el9
- libxtables: Boost rule target checks by announcing chain names
- libxtables: Implement notargets hash table
- nft: Reject standard targets as chain names when restoring
- xshared: Merge and share parse_chain()
- xshared: Prefer xtables_chain_protos lookup over getprotoent
- nft: Speed up immediate parsing
- nft: Simplify immediate parsing

Resolves: rhbz#2065330
2022-03-18 11:37:11 +01:00
Phil Sutter
63c9e2ff10 iptables-1.8.7-28.el9
- extensions: SECMARK: Use a better context in test case

Related: rhbz#2047558
2022-02-16 12:44:11 +01:00
Phil Sutter
55e20eb624 iptables-1.8.7-27.el9
- extensions: SECMARK: Implement revision 1

Resolves: rhbz#2047558
2022-01-28 23:26:47 +01:00
Phil Sutter
17f0287b89 iptables-1.8.7-26.el9
- tests/shell: Assert non-verbose mode is silent
- nft: Fix for non-verbose check command

Resolves: rhbz#1989466
2021-10-11 17:31:01 +02:00
Phil Sutter
0c31aae58c iptables-1.8.7-25.el9
- ebtables: Dump atomic waste
- doc: ebtables-nft.8: Adjust for missing atomic-options
- nft: Use xtables_malloc() in mnl_err_list_node_add()

Resolves: rhbz#1995473, rhbz#2011406
2021-10-06 17:06:16 +02:00
Phil Sutter
87d774601e iptables-1.8.7-24.el9
- Add missing readlink required for iptables-nft(post)

Resolves: rhbz#2009742
2021-10-01 15:53:29 +02:00
Mohan Boddu
43aebb774a Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 20:59:20 +00:00
Phil Sutter
4816cd15af iptables-1.8.7-22.el9
- nft-services must not depend on specific arch's build

Related: rhbz#1986982
2021-08-05 15:57:36 +02:00
Phil Sutter
38177fbc58 iptables-1.8.7-21.el9
- Build services sub-packages as noarch

Resolves: rhbz#1986982
2021-08-05 15:27:44 +02:00
Phil Sutter
5141adf17e iptables-1.8.7-20.el9
- Make nft-services obsolete nft-compat to fix upgrade path

Related: rhbz#1951074
2021-07-30 16:05:58 +02:00
Phil Sutter
85c22b3c9c iptables-1.8.7-19.el9
- Build iptables-services on C9S only
- Use systemd_ordering in nft-services, too
- Drop compat package, nft-services serves well for that purpose
- Make legacy unconditionally provide iptables, it's not built on RHEL

Resolves: rhbz#1951074
2021-07-29 18:14:24 +02:00
Phil Sutter
b67311577f iptables-1.8.7-18.el9
- Make iptables-nft-services require iptables-services to avoid confusion
- Add deprecation notice to iptables-extensions man page as well

Resolves: rhbz#1985422, rhbz#1951074
2021-07-28 17:33:46 +02:00
Phil Sutter
41665c6c90 iptables-1.8.7-17.el9
- Provide a compat package to fix upgrade path from RHEL8

Resolves: rhbz#1951074
2021-07-12 13:08:50 +02:00
Phil Sutter
1dd5f70a68 iptables-1.8.7-16.el9
- Review systemd unit file

Resolves: rhbz#1977212
2021-07-05 14:15:52 +02:00
Phil Sutter
d5f1528238 iptables-1.8.7-15.el9
- doc: Improve deprecation notices a bit
- nft: cache: Sort chains on demand only
- nft: Increase BATCH_PAGE_SIZE to support huge rulesets

Related: rhbz#1945151
Resolves: rhbz#1978362
2021-07-02 18:26:15 +02:00
Štěpán Němec
629e39ce05 gating.yaml: don't gate on osci.brew-build.tier0.functional
It's currently just noise that we have to waive manually: the tests
(inherited from Fedora) are out of date, unmaintained and duplicate
other (internal RHEL) tests.

Longer-term solution yet to be worked out.
2021-06-28 09:39:00 +02:00
Phil Sutter
44ad65d496 iptables-1.8.7-14.el9
- doc: Add deprecation notices to all relevant man pages

Resolves: rhbz#1945151
2021-06-25 11:12:09 +02:00
Phil Sutter
d65c79ab67 iptables-1.8.7-13.el9
- extensions: sctp: Fix nftables translation
- nft: Fix bitwise expression avoidance detection
- iptables-nft: fix -Z option
- Do not build legacy sub-packages on RHEL

Resolves: rhbz#1927721
2021-06-16 15:16:36 +02:00
Phil Sutter
0f36a69aec tests: Fix bridge-utils replacement
Typo in 'ip link add', 'type' argument was missing. Also update
'Requires:' line in Makefile.

Related: RHBZ#1954581
2021-06-16 11:35:10 +02:00
Phil Sutter
099ca6a1b5 tests: Drop dependency on non-existing bridge-utils
Replace the calls by equivalent ones to 'ip'.

Related: RHBZ#1954581
2021-06-14 13:42:25 +02:00
Phil Sutter
18fd73d348 iptables-1.8.7-12.el9
- arptables-nft-helper: Remove bashisms
- ebtables-helper: Drop unused variable, add a missing quote
- extensions: libxt_string: Avoid buffer size warning for strncpy()
- libxtables: Introduce xtables_strdup() and use it everywhere
- extensions: libebt_ip6: Use xtables_ip6parse_any()
- iptables-apply: Drop unused variable
- nft: Avoid buffer size warnings copying iface names
- nft: Avoid memleak in error path of nft_cmd_new()
- libxtables: Fix memleak in xtopt_parse_hostmask()
- extensions: libebt_ip6: Drop unused variables
- libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()

Resolves: RHBZ#1938745
2021-06-10 18:38:53 +02:00
Štěpán Němec
c842cc8e23 Enable RHEL 9 gating (equivalent to RHEL 8) 2021-06-10 10:33:19 +02:00
Phil Sutter
4a68e9f94a iptables-1.8.7-11.el9
- Fix License name in spec file
- Eliminate inet_aton() and inet_ntoa()
- nft-arp: Make use of ipv4_addr_to_string()
- Make legacy sub-packages obsolete older non-legacy ones
- Fix dates in changelog
- iptables.init: Fix functionality for iptables-nft
- iptables.init: Ignore sysctl files not suffixed '.conf'
- iptables.init: Drop unused NEW_MODUTILS check
- iptables.init: Drop some trailing whitespace

Resolves: RHBZ#1954581, RHBZ#1958262
2021-05-12 12:13:44 +02:00
Phil Sutter
b6b32fa391 iptables-1.8.7-10
- Add provides to iptables-nft-services

Related: RHBZ#1951074
2021-04-23 17:09:48 +02:00
Phil Sutter
5d9bdbf66a iptables-1.8.7-9
- Add nft-services subpackage

Resolves: RHBZ#1951074
2021-04-21 18:30:44 +02:00
Phil Sutter
3c640d04d2 iptables-1.8.7-8
- Drop hacks to maintain upgrade path

Related: RHBZ#1927721
2021-04-19 15:33:15 +02:00
Mohan Boddu
724cb78453 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 00:36:59 +00:00
Robert Scheck
6e213cbdf7 iptables-1.8.7-6
This patch combines changes from f34 since iptables-1.8.7-3:

- Spec file cleanup
- Restore alternatives configuration after upgrade
- Fix license location
- Fix upgrade path with package rename
- Add missing dependencies to iptables-nft package
- Drop bootstrap code again
- Drop workarounds for F24 and lower
- Fix iptables-utils summary
- Ship iptables-apply with iptables-utils
- Reduce files sections by use of globbing
- Ship common man pages with iptables-libs
- Ship *-translate man pages with iptables-nft
- Move legacy iptables binaries, libraries and headers into sub-packages
- Introduce compat sub-package to help with above transitions
- Drop libipulog header from devel package, this belongs to libnetfilter_log
- Do not ship internal headers in devel package

Resolves: RHBZ#1927721
2021-04-15 16:56:49 +02:00
DistroBaker
b95090f5f5 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/iptables.git#648ffbc31613acd9f9015892c0820df9be00cb89
2021-01-28 14:21:56 +00:00
DistroBaker
78e6451c8f Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/iptables.git#1c2b75e472ee9d0aa4807a450d61f4bec138b664
2021-01-16 21:59:11 +00:00
DistroBaker
376a021a21 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/iptables.git#706150b129c945e887c203d96492d03046199bd2
2020-11-22 17:23:18 +00:00
Troy Dawson
701b94829c RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/iptables#4ef8aaebbe6d2223197a3ce86a056949368aca86
2020-11-18 09:49:59 -08:00