diff -r 000000000000 -r 4f133201e207 iptables/iptables.spec --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/iptables/iptables.spec Fri Mar 11 21:30:26 2011 +0100 @@ -0,0 +1,405 @@ +Name: iptables +Summary: Tools for managing Linux kernel packet filtering capabilities +Version: 1.4.1.1 +Release: 5.6 +Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 +Source1: iptables.init +Source2: iptables-config +Patch4: iptables-1.3.8-typo_latter.patch +Patch5: iptables-1.4.1.1-cloexec.patch +Patch8: iptables-1.4.1-nf_ext_init.patch +Patch9: iptables-1.4.1.1-tos_value_mask.patch +Group: System/Base +URL: http://www.netfilter.org/ +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +License: GPLv2 +BuildRequires: kernel-headers +Conflicts: kernel < 2.4.20 +Requires(post): chkconfig +Requires(preun): chkconfig + +%description +The iptables utility controls the network packet filtering code in the +Linux kernel. If you need to set up firewalls and/or IP masquerading, +you should install this package. + +%package ipv6 +Summary: IPv6 support for iptables +Group: System/Base +Requires: %{name} = %{version}-%{release} +Requires(post): chkconfig +Requires(preun): chkconfig + +%description ipv6 +The iptables package contains IPv6 (the next version of the IP +protocol) support for iptables. Iptables controls the Linux kernel +network packet filtering code, allowing you to set up firewalls and IP +masquerading. + +Install iptables-ipv6 if you need to set up firewalling for your +network and you are using ipv6. + +%package devel +Summary: Development package for iptables +Group: System/Base +Requires: %{name} = %{version}-%{release} + +%description devel +iptables development headers and libraries. + +The iptc interface is upstream marked as not public. The interface is not +stable and may change with every new version. It is therefore unsupported. + +%prep +%setup -q +%patch4 -p1 -b .typo_latter +%patch5 -p1 -b .cloexec +%patch8 -p1 -b .nf_ext_init +%patch9 -p1 -b .tos_value_mask + +# fix constructor names, see also nf_ext_init patch +perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c +perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c + +%build +./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr +make + +%install +rm -rf %{buildroot} + +make install DESTDIR=%{buildroot} + +# install iptc devel library +install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir} + +# install init scripts and configuration files +install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d +install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables +sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init +install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables +install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig +install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config +sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config +install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%doc COPYING INSTALL INCOMPATIBILITIES +%attr(0755,root,root) /etc/rc.d/init.d/iptables +%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config +/sbin/iptables* +%{_mandir}/man8/iptables* +%dir /%{_lib}/xtables +/%{_lib}/xtables/libipt* +/%{_lib}/xtables/libxt* + +%files ipv6 +%defattr(-,root,root) +%attr(0755,root,root) /etc/rc.d/init.d/ip6tables +%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config +/sbin/ip6tables* +/bin/iptables-xml +%{_mandir}/man8/ip6tables* +/%{_lib}/xtables/libip6t* + +%files devel +%defattr(-,root,root) +%{_includedir}/*.h +%dir %{_includedir}/libiptc +%{_includedir}/libiptc/*.h +%{_libdir}/libipq.a +%{_libdir}/libiptc.a +%{_mandir}/man3/* + +%changelog +* Tue Jan 19 2010 Auke Kok - 1.4.1.1 +- remove startup symlinks, do not start iptables{,6} up by default +* Tue Jan 27 2009 Anas Nashif 1.4.1.1 +- Initial import into Moblin +* Tue Jul 22 2008 Thomas Woerner 1.4.1.1-2 +- fixed TOS value mask problem (rhbz#456244) (upstream patch) +- two more cloexec fixes +* Tue Jul 1 2008 Thomas Woerner 1.4.1.1-1 +- upstream bug fix release 1.4.1.1 +- dropped extra patch for 1.4.1 - not needed anymore +* Tue Jun 10 2008 Thomas Woerner 1.4.1-1 +- new version 1.4.1 with new build environment +- additional ipv6 network mask patch from Jan Engelhardt +- spec file cleanup +- removed old patches +* Fri Jun 6 2008 Tom "spot" Callaway 1.4.0-5 +- use normal kernel headers, not linux/compiler.h +- change BuildRequires: kernel-devel to kernel-headers +- We need to do this to be able to build for both sparcv9 and sparc64 + (there is no kernel-devel.sparcv9) +* Thu Mar 20 2008 Thomas Woerner 1.4.0-4 +- use O_CLOEXEC for all opened files in all applications (rhbz#438189) +* Mon Mar 3 2008 Thomas Woerner 1.4.0-3 +- use the kernel headers from the build tree for iptables for now to be able to + compile this package, but this makes the package more kernel dependant +- use s6_addr32 instead of in6_u.u6_addr32 +* Wed Feb 20 2008 Fedora Release Engineering - 1.4.0-2 +- Autorebuild for GCC 4.3 +* Mon Feb 11 2008 Thomas Woerner 1.4.0-1 +- new version 1.4.0 +- fixed condrestart (rhbz#428148) +- report the module in rmmod_r if there is an error +- use nf_ext_init instead of my_init for extension constructors +* Mon Nov 5 2007 Thomas Woerner 1.3.8-6 +- fixed leaked file descriptor before fork/exec (rhbz#312191) +- blacklisting is not working, use "install X /bin/(true|false)" test instead +- return private exit code 150 for disabled ipv6 support +- use script name for output messages +* Tue Oct 16 2007 Thomas Woerner 1.3.8-5 +- fixed error code for stopping a already stopped firewall (rhbz#321751) +- moved blacklist test into start +* Wed Sep 26 2007 Thomas Woerner 1.3.8-4.1 +- do not start ip6tables if ipv6 is blacklisted (rhbz#236888) +- use simpler fix for (rhbz#295611) + Thanks to Linus Torvalds for the patch. +* Mon Sep 24 2007 Thomas Woerner 1.3.8-4 +- fixed IPv6 reject type (rhbz#295181) +- fixed init script: start, stop and status +- support netfilter compiled into kernel in init script (rhbz#295611) +- dropped inversion for limit modules from man pages (rhbz#220780) +- fixed typo in ip6tables man page (rhbz#236185) +* Wed Sep 19 2007 Thomas Woerner 1.3.8-3 +- do not depend on local_fs in lsb header - this delayes start after network +- fixed exit code for initscript usage +* Mon Sep 17 2007 Thomas Woerner 1.3.8-2.1 +- do not use lock file for condrestart test +* Thu Aug 23 2007 Thomas Woerner 1.3.8-2 +- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459) +- provide iptc interface again, but unsupported (rhbz#216733) +- compile all extension, which are supported by the kernel-headers package +- review fixes (rhbz#225906) +* Tue Jul 31 2007 Thomas Woerner +- reverted ipv6 fix, because it disables the ipv6 at all (rhbz#236888) +* Fri Jul 13 2007 Steve Conklin - 1.3.8-1 +- New version 1.3.8 +* Mon Apr 23 2007 Jeremy Katz - 1.3.7-2 +- fix error when ipv6 support isn't loaded in the kernel (#236888) +* Wed Jan 10 2007 Thomas Woerner 1.3.7-1.1 +- fixed installation of secmark modules +* Tue Jan 9 2007 Thomas Woerner 1.3.7-1 +- new verison 1.3.7 +- iptc is not a public interface and therefore not installed anymore +- dropped upstream secmark patch +* Tue Sep 19 2006 Thomas Woerner 1.3.5-2 +- added secmark iptables patches (#201573) +* Wed Jul 12 2006 Jesse Keating - 1.3.5-1.2.1 +- rebuild +* Fri Feb 10 2006 Jesse Keating - 1.3.5-1.2 +- bump again for double-long bug on ppc(64) +* Tue Feb 7 2006 Jesse Keating - 1.3.5-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes +* Thu Feb 2 2006 Thomas Woerner 1.3.5-1 +- new version 1.3.5 +- fixed init script to set policy for raw tables, too (#179094) +* Tue Jan 24 2006 Thomas Woerner 1.3.4-3 +- added important iptables header files to devel package +* Fri Dec 9 2005 Jesse Keating +- rebuilt +* Fri Nov 25 2005 Thomas Woerner 1.3.4-2 +- fix for plugin problem: link with "gcc -shared" instead of "ld -shared" and + replace "_init" with "__attribute((constructor)) my_init" +* Fri Nov 25 2005 Thomas Woerner 1.3.4-1.1 +- rebuild due to unresolved symbols in shared libraries +* Fri Nov 18 2005 Thomas Woerner 1.3.4-1 +- new version 1.3.4 +- dropped free_opts patch (upstream fixed) +- made libipq PIC (#158623) +- additional configuration options for iptables startup script (#172929) + Thanks to Jan Gruenwald for the patch +- spec file cleanup (dropped linux_header define and usage) +* Mon Jul 18 2005 Thomas Woerner 1.3.2-1 +- new version 1.3.2 with additional patch for the misplaced free_opts call + from Marcus Sundberg +* Wed May 11 2005 Thomas Woerner 1.3.1-1 +- new version 1.3.1 +* Fri Mar 18 2005 Thomas Woerner 1.3.0-2 +- Remove unnecessary explicit kernel dep (#146142) +- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb + for the patch +- Adapted iptables-config to reference to modprobe.conf (#150143) +- Remove misleading message (#140154): Thanks to Ulrich Drepper + for the patch +* Mon Feb 21 2005 Thomas Woerner 1.3.0-1 +- new version 1.3.0 +* Thu Nov 11 2004 Thomas Woerner 1.2.11-3.2 +- fixed autoload problem in iptables and ip6tables (CAN-2004-0986) +* Fri Sep 17 2004 Thomas Woerner 1.2.11-3.1 +- changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731) +- modified config file to match this change and un-commented variables with + default values +* Thu Sep 16 2004 Thomas Woerner 1.2.11-3 +- applied second part of cleanup patch from (#131848): thanks to Steve Grubb + for the patch +* Wed Aug 25 2004 Thomas Woerner 1.2.11-2 +- fixed free bug in iptables (#128322) +* Tue Jun 22 2004 Thomas Woerner 1.2.11-1 +- new version 1.2.11 +* Thu Jun 17 2004 Thomas Woerner 1.2.10-1 +- new version 1.2.10 +* Tue Jun 15 2004 Elliot Lee +- rebuilt +* Tue Mar 2 2004 Elliot Lee +- rebuilt +* Thu Feb 26 2004 Thomas Woerner 1.2.9-2.3 +- fixed iptables-restore -c fault if there are no counters (#116421) +* Fri Feb 13 2004 Elliot Lee +- rebuilt +* Sun Jan 25 2004 Dan Walsh 1.2.9-1.2 +- Close File descriptors to prevent SELinux error message +* Wed Jan 7 2004 Thomas Woerner 1.2.9-1.1 +- rebuild +* Wed Dec 17 2003 Thomas Woerner 1.2.9-1 +- vew version 1.2.9 +- new config options in ipXtables-config: + IPTABLES_MODULES_UNLOAD +- more documentation in ipXtables-config +- fix for netlink security issue in libipq (devel package) +- print fix for libipt_icmp (#109546) +* Thu Oct 23 2003 Thomas Woerner 1.2.8-13 +- marked all messages in iptables init script for translation (#107462) +- enabled devel package (#105884, #106101) +- bumped build for fedora for libipt_recent.so (#106002) +* Tue Sep 23 2003 Thomas Woerner 1.2.8-12.1 +- fixed lost udp port range in ip6tables-save (#104484) +- fixed non numeric multiport port output in ipXtables-savs +* Mon Sep 22 2003 Florian La Roche 1.2.8-11 +- do not link against -lnsl +* Wed Sep 17 2003 Thomas Woerner 1.2.8-10 +- made variables in rmmod_r local +* Tue Jul 22 2003 Thomas Woerner 1.2.8-9 +- fixed permission for init script +* Sat Jul 19 2003 Thomas Woerner 1.2.8-8 +- fixed save when iptables file is missing and iptables-config permissions +* Tue Jul 8 2003 Thomas Woerner 1.2.8-7 +- fixes for ip6tables: module unloading, setting policy only for existing + tables +* Thu Jul 3 2003 Thomas Woerner 1.2.8-6 +- IPTABLES_SAVE_COUNTER defaults to no, now +- install config file in /etc/sysconfig +- exchange unload of ip_tables and ip_conntrack +- fixed start function +* Wed Jul 2 2003 Thomas Woerner 1.2.8-5 +- new config option IPTABLES_SAVE_ON_RESTART +- init script: new status, save and restart +- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374 +* Mon Jun 30 2003 Thomas Woerner 1.2.8-4 +- new config option IPTABLES_STATUS_NUMERIC +- cleared IPTABLES_MODULES in iptables-config +* Mon Jun 30 2003 Thomas Woerner 1.2.8-3 +- new init scripts +* Sat Jun 28 2003 Florian La Roche +- remove check for very old kernel versions in init scripts +- sync up both init scripts and remove some further ugly things +- add some docu into rpm +* Thu Jun 26 2003 Thomas Woerner 1.2.8-2 +- rebuild +* Mon Jun 16 2003 Thomas Woerner 1.2.8-1 +- update to 1.2.8 +* Wed Jan 22 2003 Tim Powers +- rebuilt +* Mon Jan 13 2003 Bill Nottingham 1.2.7a-1 +- update to 1.2.7a +- add a plethora of bugfixes courtesy Michael Schwendt +* Fri Dec 13 2002 Elliot Lee 1.2.6a-3 +- Fix multilib +* Wed Aug 7 2002 Karsten Hopp +- fixed iptables and ip6tables initscript output, based on #70511 +- check return status of all iptables calls, not just the last one + in a 'for' loop. +* Mon Jul 29 2002 Bernhard Rosenkraenzer 1.2.6a-1 +- 1.2.6a (bugfix release, #69747) +* Fri Jun 21 2002 Tim Powers +- automated rebuild +* Thu May 23 2002 Tim Powers +- automated rebuild +* Mon Mar 4 2002 Bernhard Rosenkraenzer 1.2.5-3 +- Add some fixes from CVS, fixing bug #60465 +* Tue Feb 12 2002 Bernhard Rosenkraenzer 1.2.5-2 +- Merge ip6tables improvements from Ian Prowell + [#59402] +- Update URL (#59354) +- Use /sbin/chkconfig rather than chkconfig in %%%%postun script +* Fri Jan 11 2002 Bernhard Rosenkraenzer 1.2.5-1 +- 1.2.5 +* Wed Jan 9 2002 Tim Powers +- automated rebuild +* Mon Nov 5 2001 Bernhard Rosenkraenzer 1.2.4-2 +- Fix %%%%preun script +* Tue Oct 30 2001 Bernhard Rosenkraenzer 1.2.4-1 +- Update to 1.2.4 (various fixes, including security fixes; among others: + [#42990], #50500, #53325, #54280) +- Fix init script (#31133) +* Mon Sep 3 2001 Bernhard Rosenkraenzer 1.2.3-1 +- 1.2.3 (5 security fixes, some other fixes) +- Fix updating (#53032) +* Mon Aug 27 2001 Bernhard Rosenkraenzer 1.2.2-4 +- Fix #50990 +- Add some fixes from current CVS; should fix #52620 +* Mon Jul 16 2001 Bernhard Rosenkraenzer 1.2.2-3 +- Add some fixes from the current CVS tree; fixes #49154 and some IPv6 + issues +* Tue Jun 26 2001 Bernhard Rosenkraenzer 1.2.2-2 +- Fix iptables-save reject-with (#45632), Patch from Michael Schwendt + +* Tue May 8 2001 Bernhard Rosenkraenzer 1.2.2-1 +- 1.2.2 +* Wed Mar 21 2001 Bernhard Rosenkraenzer +- 1.2.1a, fixes #28412, #31136, #31460, #31133 +* Thu Mar 1 2001 Bernhard Rosenkraenzer +- Yet another initscript fix (#30173) +- Fix the fixes; they fixed some issues but broke more important + stuff :/ (#30176) +* Tue Feb 27 2001 Bernhard Rosenkraenzer +- Fix up initscript (#27962) +- Add fixes from CVS to iptables-{restore,save}, fixing #28412 +* Fri Feb 9 2001 Karsten Hopp +- create /etc/sysconfig/iptables mode 600 (same problem as #24245) +* Mon Feb 5 2001 Karsten Hopp +- fix bugzilla #25986 (initscript not marked as config file) +- fix bugzilla #25962 (iptables-restore) +- mv chkconfig --del from postun to preun +* Thu Feb 1 2001 Trond Eivind Glomsrød +- Fix check for ipchains +* Mon Jan 29 2001 Bernhard Rosenkraenzer +- Some fixes to init scripts +* Wed Jan 24 2001 Bernhard Rosenkraenzer +- Add some fixes from CVS, fixes among other things Bug #24732 +* Wed Jan 17 2001 Bernhard Rosenkraenzer +- Add missing man pages, fix up init script (Bug #17676) +* Mon Jan 15 2001 Bill Nottingham +- add init script +* Mon Jan 15 2001 Bernhard Rosenkraenzer +- 1.2 +- fix up ipv6 split +- add init script +- Move the plugins from /usr/lib/iptables to /lib/iptables. + This needs to work before /usr is mounted... +- Use -O1 on alpha (compiler bug) +* Sat Jan 6 2001 Bernhard Rosenkraenzer +- 1.1.2 +- Add IPv6 support (in separate package) +* Thu Aug 17 2000 Bill Nottingham +- build everywhere +* Tue Jul 25 2000 Bernhard Rosenkraenzer +- 1.1.1 +* Thu Jul 13 2000 Prospector +- automatic rebuild +* Tue Jun 27 2000 Preston Brown +- move iptables to /sbin. +- excludearch alpha for now, not building there because of compiler bug(?) +* Fri Jun 9 2000 Bill Nottingham +- don't obsolete ipchains either +- update to 1.1.0 +* Sun Jun 4 2000 Bill Nottingham +- remove explicit kernel requirement +* Tue May 2 2000 Bernhard Rosenkränzer +- initial package