[iptables] libxt_conntrack: properly output negation symbol
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sun Apr 5 12:21:39 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=093d5fc9d1826b8f0ccfbb3160c98a3c844d0273
commit 093d5fc9d1826b8f0ccfbb3160c98a3c844d0273
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sun Apr 5 00:05:30 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sun Apr 5 00:05:30 2009 +0200
libxt_conntrack: properly output negation symbol
Because the wrong flag was checked, the "!" was either wrongly
printed, or not printed at all.
This was broken since v1.4.0-29-ga8ad34c.
Reported-by: Steven Jan Springl <steven at springl.ukfsn.org>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c9ccba543b52cb443f110670420967ac6a41c302
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Apr 4 18:43:15 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Apr 4 18:45:11 2009 +0200
CLASSIFY: document non-standard interpretation behavior
Most other extensions use strtoul (by means of xtables_strtoui)
and would abide by the standard convention of hex/octal prefixes
0x/0, and decimal otherwise, but CLASSIFY is an exception.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ea6f406fa77aa7b4fc52ccc9b572ae96196e570d
Merge: 517de3d... b1d968c...
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Apr 4 14:10:49 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Apr 4 14:10:51 2009 +0200
Merge branch 'plus'
commit 517de3d32e3eb261cfa7fce33751f9e37bae7112
Merge: ca6ccdb... 3fb2e4a...
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Apr 4 14:03:50 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Apr 4 14:04:21 2009 +0200
Merge commit 'v1.4.3'
Connect history to the tag.
commit b1d968c30dde563c2738fdacb723c18232fb5ccb
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Apr 4 13:28:40 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Apr 4 13:38:10 2009 +0200
iptables: print negation extrapositioned
This patch combines the two referenced ones by Peter. I did a quick
extra audit to spot and fix the missing ip6tables parts. (People like
to forget ip6tables it seems.) Extension modules were, to the best of
my knowledge, already audited in v1.4.3-rc1-10-gcea9f71.
Reported-by: Yar Odin <yarodin at gmail.com>
References: http://bugs.gentoo.org/264089
Reported-by: Peter Volkov <pva at gentoo.org>
References: http://marc.info/?l=netfilter-devel&m=123883867907935&w=2
References: http://marc.info/?l=netfilter-devel&m=123883992508943&w=2
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9c0fa7d8c84dc2478bd36d31b328b697fbe4d0af
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Apr 3 22:40:35 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Fri Apr 3 22:40:35 2009 +0200
libxtables: provide IPv6 zero address variable
µClibc may not provide the in6addr_any variable when IPv6 is
disabled. So just provide it ourselves.
Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=569
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit a094eb0f2a57592b6f3cf42fdbb9d49fead2d57c
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Apr 3 22:37:49 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Fri Apr 3 22:37:49 2009 +0200
build: add configure option to disable ipv4 iptables
This patch complements the previous one.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 8e58613df53f5f83e8ab92dec61d8065c68d967d
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Apr 3 22:28:34 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Fri Apr 3 22:29:39 2009 +0200
build: add configure option to disable ip6tables
This also skips building the IPv6 extensions. It does not #ifdef out
all code however, I think that would make it too ugly.
Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c7f70f1b16ac9395bb13d1832b5c83b09594224f
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Mon Mar 30 01:28:44 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Fri Apr 3 20:51:32 2009 +0200
build: do not run ldconfig for DESTDIR installations
Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=560
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c4edfa63eda06f02cc5bc1a65d366c55bd2eda30
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Mon Mar 30 00:44:46 2009 +0200
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Fri Apr 3 20:51:31 2009 +0200
libxtables: reorder .version member
When the structure's layout changes, as it did between v1.4.1 and
v1.4.2, trying to compare the version string makes iptables segfault
while it tries to determine whether the module is compatible in the
first place.
By moving the member to a known offset in the struct and keeping it
there, objects (both iptables and 3rd party) compiled from this
commit onwards will avoid the segfault.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 3fb2e4a1607cbe186d20d35b45dd92b031c0be02
Author: Patrick McHardy <kaber at trash.net>
AuthorDate: Mon Mar 23 14:39:16 2009 +0100
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Mon Mar 23 14:39:16 2009 +0100
Bump version to 1.4.3
Signed-off-by: Patrick McHardy <kaber at trash.net>
via 093d5fc9d1826b8f0ccfbb3160c98a3c844d0273 (commit)
via c9ccba543b52cb443f110670420967ac6a41c302 (commit)
via ea6f406fa77aa7b4fc52ccc9b572ae96196e570d (commit)
via 517de3d32e3eb261cfa7fce33751f9e37bae7112 (commit)
via b1d968c30dde563c2738fdacb723c18232fb5ccb (commit)
via 9c0fa7d8c84dc2478bd36d31b328b697fbe4d0af (commit)
via a094eb0f2a57592b6f3cf42fdbb9d49fead2d57c (commit)
via 8e58613df53f5f83e8ab92dec61d8065c68d967d (commit)
via c7f70f1b16ac9395bb13d1832b5c83b09594224f (commit)
via c4edfa63eda06f02cc5bc1a65d366c55bd2eda30 (commit)
via 3fb2e4a1607cbe186d20d35b45dd92b031c0be02 (commit)
from cdf51d0183213c4bcac9ef4818155c1d3fbb897e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 093d5fc9d1826b8f0ccfbb3160c98a3c844d0273
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Apr 5 00:05:30 2009 +0200
libxt_conntrack: properly output negation symbol
Because the wrong flag was checked, the "!" was either wrongly
printed, or not printed at all.
This was broken since v1.4.0-29-ga8ad34c.
Reported-by: Steven Jan Springl <steven at springl.ukfsn.org>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c9ccba543b52cb443f110670420967ac6a41c302
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Apr 4 18:43:15 2009 +0200
CLASSIFY: document non-standard interpretation behavior
Most other extensions use strtoul (by means of xtables_strtoui)
and would abide by the standard convention of hex/octal prefixes
0x/0, and decimal otherwise, but CLASSIFY is an exception.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ea6f406fa77aa7b4fc52ccc9b572ae96196e570d
Merge: 517de3d32e3eb261cfa7fce33751f9e37bae7112 b1d968c30dde563c2738fdacb723c18232fb5ccb
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Apr 4 14:10:49 2009 +0200
Merge branch 'plus'
commit 517de3d32e3eb261cfa7fce33751f9e37bae7112
Merge: ca6ccdb172b1846152dea421c215122759b84d29 3fb2e4a1607cbe186d20d35b45dd92b031c0be02
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Apr 4 14:03:50 2009 +0200
Merge commit 'v1.4.3'
Connect history to the tag.
commit b1d968c30dde563c2738fdacb723c18232fb5ccb
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Apr 4 13:28:40 2009 +0200
iptables: print negation extrapositioned
This patch combines the two referenced ones by Peter. I did a quick
extra audit to spot and fix the missing ip6tables parts. (People like
to forget ip6tables it seems.) Extension modules were, to the best of
my knowledge, already audited in v1.4.3-rc1-10-gcea9f71.
Reported-by: Yar Odin <yarodin at gmail.com>
References: http://bugs.gentoo.org/264089
Reported-by: Peter Volkov <pva at gentoo.org>
References: http://marc.info/?l=netfilter-devel&m=123883867907935&w=2
References: http://marc.info/?l=netfilter-devel&m=123883992508943&w=2
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9c0fa7d8c84dc2478bd36d31b328b697fbe4d0af
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Apr 3 22:40:35 2009 +0200
libxtables: provide IPv6 zero address variable
µClibc may not provide the in6addr_any variable when IPv6 is
disabled. So just provide it ourselves.
Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=569
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit a094eb0f2a57592b6f3cf42fdbb9d49fead2d57c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Apr 3 22:37:49 2009 +0200
build: add configure option to disable ipv4 iptables
This patch complements the previous one.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 8e58613df53f5f83e8ab92dec61d8065c68d967d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Apr 3 22:28:34 2009 +0200
build: add configure option to disable ip6tables
This also skips building the IPv6 extensions. It does not #ifdef out
all code however, I think that would make it too ugly.
Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c7f70f1b16ac9395bb13d1832b5c83b09594224f
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Mar 30 01:28:44 2009 +0200
build: do not run ldconfig for DESTDIR installations
Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=560
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c4edfa63eda06f02cc5bc1a65d366c55bd2eda30
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Mar 30 00:44:46 2009 +0200
libxtables: reorder .version member
When the structure's layout changes, as it did between v1.4.1 and
v1.4.2, trying to compare the version string makes iptables segfault
while it tries to determine whether the module is compatible in the
first place.
By moving the member to a known offset in the struct and keeping it
there, objects (both iptables and 3rd party) compiled from this
commit onwards will avoid the segfault.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 3fb2e4a1607cbe186d20d35b45dd92b031c0be02
Author: Patrick McHardy <kaber at trash.net>
Date: Mon Mar 23 14:39:16 2009 +0100
Bump version to 1.4.3
Signed-off-by: Patrick McHardy <kaber at trash.net>
-----------------------------------------------------------------------
Makefile.am | 20 ++++++++++++++------
configure.ac | 10 +++++++++-
extensions/GNUmakefile.in | 4 ++--
extensions/libxt_CLASSIFY.c | 2 +-
extensions/libxt_CLASSIFY.man | 3 ++-
extensions/libxt_conntrack.c | 8 ++++----
include/xtables.h.in | 16 +++++++++++++---
ip6tables.c | 12 ++++++------
iptables.c | 12 ++++++------
xtables.c | 3 ++-
10 files changed, 59 insertions(+), 31 deletions(-)
Signed-off-by: Patrick McHardy <kaber at trash.net>
diff --git a/configure.ac b/configure.ac
index 55569bd..2680d92 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
-AC_INIT([iptables], [1.4.3-rc1])
+AC_INIT([iptables], [1.4.3])
# See libtool.info "Libtool's versioning system"
libxtables_vcurrent=1
diff --git a/release.sh b/release.sh
index 8998348..c60edad 100644
--- a/release.sh
+++ b/release.sh
@@ -2,7 +2,7 @@
#
set -e
-VERSION=1.4.3-rc1
+VERSION=1.4.3
PREV_VERSION=1.4.2
TMPDIR=/tmp/ipt-release
IPTDIR="$TMPDIR/iptables-$VERSION"
More information about the netfilter-cvslog
mailing list