rpms/iptables/devel iptables-1.4.5-cloexec.patch, NONE, 1.1 .cvsignore, 1.27, 1.28 iptables.spec, 1.79, 1.80 sources, 1.27, 1.28 iptables-1.4.1.1-cloexec.patch, 1.1, NONE iptables-1.4.3.1-cloexec.patch, 1.1, NONE
Thomas Woerner
twoerner at fedoraproject.org
Thu Sep 17 09:13:10 UTC 2009
- Previous message: rpms/usb_modeswitch/F-11 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 usb_modeswitch.spec, 1.3, 1.4 import.log, 1.1, NONE
- Next message: rpms/usb_modeswitch/F-10 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 usb_modeswitch.spec, 1.2, 1.3 import.log, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: twoerner
Update of /cvs/pkgs/rpms/iptables/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19941
Modified Files:
.cvsignore iptables.spec sources
Added Files:
iptables-1.4.5-cloexec.patch
Removed Files:
iptables-1.4.1.1-cloexec.patch iptables-1.4.3.1-cloexec.patch
Log Message:
- new version 1.4.5 with support for all new features of 2.6.31
- libxt_NFQUEUE: add new v1 version with queue-balance option
- xt_conntrack: revision 2 for enlarged state_mask member
- libxt_helper: fix invalid passed option to check_inverse
- libiptc: split v4 and v6
- extensions: collapse registration structures
- iptables: allow for parse-less extensions
- iptables: allow for help-less extensions
- extensions: remove empty help and parse functions
- xtables: add multi-registration functions
- extensions: collapse data variables to use multi-reg calls
- xtables: warn of missing version identifier in extensions
- multi binary: allow subcommand via argv[1]
- iptables: accept multiple IP address specifications for -s, -d
- several build fixes
- several man page fixes
- fixed two leaked file descriptors on sockets (rhbz#521397)
iptables-1.4.5-cloexec.patch:
extensions/libipt_realm.c | 4 ++--
extensions/libipt_set.h | 7 +++++++
ip6tables-restore.c | 2 +-
ip6tables-save.c | 2 +-
iptables-restore.c | 2 +-
iptables-save.c | 2 +-
iptables-xml.c | 2 +-
libiptc/libiptc.c | 8 ++++++++
xtables.c | 11 +++++++++++
9 files changed, 33 insertions(+), 7 deletions(-)
--- NEW FILE iptables-1.4.5-cloexec.patch ---
diff -up iptables-1.4.5/extensions/libipt_realm.c.cloexec iptables-1.4.5/extensions/libipt_realm.c
--- iptables-1.4.5/extensions/libipt_realm.c.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/extensions/libipt_realm.c 2009-09-17 10:52:00.000000000 +0200
@@ -49,7 +49,7 @@ static void load_realms(void)
int id;
struct realmname *oldnm = NULL, *newnm = NULL;
- fil = fopen(rfnm, "r");
+ fil = fopen(rfnm, "re");
if (!fil) {
rdberr = 1;
return;
@@ -248,7 +248,7 @@ static struct xtables_match realm_mt_reg
.extra_opts = realm_opts,
};
-void _init(void)
+void __attribute((constructor)) nf_ext_init(void)
{
xtables_register_match(&realm_mt_reg);
}
diff -up iptables-1.4.5/extensions/libipt_set.h.cloexec iptables-1.4.5/extensions/libipt_set.h
--- iptables-1.4.5/extensions/libipt_set.h.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/extensions/libipt_set.h 2009-09-17 11:02:07.000000000 +0200
@@ -2,6 +2,7 @@
#define _LIBIPT_SET_H
#include <unistd.h>
+#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
@@ -48,6 +49,12 @@ static int get_version(unsigned *version
xtables_error(OTHER_PROBLEM,
"Can't open socket to ipset.\n");
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ xtables_error(OTHER_PROBLEM,
+ "Could not set close on exec: %s\n",
+ strerror(errno));
+ }
+
req_version.op = IP_SET_OP_VERSION;
res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size);
if (res != 0)
diff -up iptables-1.4.5/ip6tables-restore.c.cloexec iptables-1.4.5/ip6tables-restore.c
--- iptables-1.4.5/ip6tables-restore.c.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/ip6tables-restore.c 2009-09-17 10:52:00.000000000 +0200
@@ -169,7 +169,7 @@ int main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff -up iptables-1.4.5/ip6tables-save.c.cloexec iptables-1.4.5/ip6tables-save.c
--- iptables-1.4.5/ip6tables-save.c.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/ip6tables-save.c 2009-09-17 10:52:00.000000000 +0200
@@ -41,7 +41,7 @@ static int for_each_table(int (*func)(co
FILE *procfile = NULL;
char tablename[IP6T_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip6_tables_names", "r");
+ procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
return ret;
diff -up iptables-1.4.5/iptables-restore.c.cloexec iptables-1.4.5/iptables-restore.c
--- iptables-1.4.5/iptables-restore.c.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/iptables-restore.c 2009-09-17 10:52:00.000000000 +0200
@@ -175,7 +175,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff -up iptables-1.4.5/iptables-save.c.cloexec iptables-1.4.5/iptables-save.c
--- iptables-1.4.5/iptables-save.c.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/iptables-save.c 2009-09-17 10:52:00.000000000 +0200
@@ -39,7 +39,7 @@ static int for_each_table(int (*func)(co
FILE *procfile = NULL;
char tablename[IPT_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip_tables_names", "r");
+ procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
return ret;
diff -up iptables-1.4.5/iptables-xml.c.cloexec iptables-1.4.5/iptables-xml.c
--- iptables-1.4.5/iptables-xml.c.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/iptables-xml.c 2009-09-17 10:52:00.000000000 +0200
@@ -653,7 +653,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s", argv[optind],
strerror(errno));
diff -up iptables-1.4.5/libiptc/libiptc.c.cloexec iptables-1.4.5/libiptc/libiptc.c
--- iptables-1.4.5/libiptc/libiptc.c.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/libiptc/libiptc.c 2009-09-17 11:02:16.000000000 +0200
@@ -29,6 +29,8 @@
* - performance work: speedup initial ruleset parsing.
* - sponsored by ComX Networks A/S (http://www.comx.dk/)
*/
+#include <unistd.h>
+#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <xtables.h>
@@ -1326,6 +1328,12 @@ TC_INIT(const char *tablename)
if (sockfd < 0)
return NULL;
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ abort();
+ }
+
retry:
s = sizeof(info);
diff -up iptables-1.4.5/xtables.c.cloexec iptables-1.4.5/xtables.c
--- iptables-1.4.5/xtables.c.cloexec 2009-09-14 18:36:55.000000000 +0200
+++ iptables-1.4.5/xtables.c 2009-09-17 10:52:00.000000000 +0200
@@ -292,6 +292,11 @@ static char *get_modprobe(void)
procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
if (procfile < 0)
return NULL;
+ if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
ret = (char *) malloc(PROCFILE_BUFSIZ);
if (ret) {
@@ -684,6 +689,12 @@ static int compatible_revision(const cha
exit(1);
}
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
xtables_load_ko(xtables_modprobe_program, true);
strcpy(rev.name, name);
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/.cvsignore,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- .cvsignore 25 Aug 2009 13:45:18 -0000 1.27
+++ .cvsignore 17 Sep 2009 09:13:08 -0000 1.28
@@ -6,3 +6,4 @@ iptables-1.4.2.tar.bz2
iptables-1.4.3.1.tar.bz2
iptables-1.4.3.2.tar.bz2
iptables-1.4.4.tar.bz2
+iptables-1.4.5.tar.bz2
Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.spec,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -p -r1.79 -r1.80
--- iptables.spec 25 Aug 2009 13:45:19 -0000 1.79
+++ iptables.spec 17 Sep 2009 09:13:09 -0000 1.80
@@ -1,11 +1,11 @@
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.4.4
+Version: 1.4.5
Release: 1%{?dist}
Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
-Patch5: iptables-1.4.3.1-cloexec.patch
+Patch5: iptables-1.4.5-cloexec.patch
Group: System Environment/Base
URL: http://www.netfilter.org/
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -122,6 +122,8 @@ fi
/%{_lib}/xtables/libipt*
/%{_lib}/xtables/libxt*
%{_libdir}/libiptc.so.*
+%{_libdir}/libip4tc.so.*
+%{_libdir}/libip6tc.so.*
%{_libdir}/libxtables.so.*
%files ipv6
@@ -144,12 +146,31 @@ fi
%{_includedir}/libipulog/*.h
%{_libdir}/libipq.a
%{_mandir}/man3/*
-%{_libdir}/libiptc.so
+%{_libdir}/libip*tc.so
%{_libdir}/libxtables.so
%{_libdir}/pkgconfig/libiptc.pc
%{_libdir}/pkgconfig/xtables.pc
%changelog
+* Thu Sep 17 2009 Thomas Woerner <twoerner at redhat.com> 1.4.5-1
+- new version 1.4.5 with support for all new features of 2.6.31
+ - libxt_NFQUEUE: add new v1 version with queue-balance option
+ - xt_conntrack: revision 2 for enlarged state_mask member
+ - libxt_helper: fix invalid passed option to check_inverse
+ - libiptc: split v4 and v6
+ - extensions: collapse registration structures
+ - iptables: allow for parse-less extensions
+ - iptables: allow for help-less extensions
+ - extensions: remove empty help and parse functions
+ - xtables: add multi-registration functions
+ - extensions: collapse data variables to use multi-reg calls
+ - xtables: warn of missing version identifier in extensions
+ - multi binary: allow subcommand via argv[1]
+ - iptables: accept multiple IP address specifications for -s, -d
+ - several build fixes
+ - several man page fixes
+- fixed two leaked file descriptors on sockets (rhbz#521397)
+
* Mon Aug 24 2009 Thomas Woerner <twoerner at redhat.com> 1.4.4-1
- new version 1.4.4 with support for all new features of 2.6.30
- several man page fixes
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/sources,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- sources 25 Aug 2009 13:45:19 -0000 1.27
+++ sources 17 Sep 2009 09:13:09 -0000 1.28
@@ -1 +1 @@
-08cd9196881657ea0615d926334cb7e9 iptables-1.4.4.tar.bz2
+44f13990132c20299c1994cd6f425140 iptables-1.4.5.tar.bz2
--- iptables-1.4.1.1-cloexec.patch DELETED ---
--- iptables-1.4.3.1-cloexec.patch DELETED ---
- Previous message: rpms/usb_modeswitch/F-11 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 usb_modeswitch.spec, 1.3, 1.4 import.log, 1.1, NONE
- Next message: rpms/usb_modeswitch/F-10 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 usb_modeswitch.spec, 1.2, 1.3 import.log, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list