| Message ID | 20231218172911.2531726-4-adolf.belka@ipfire.org |
|---|---|
| State | Staged |
| Commit | c75d942a4d973d297d840227e6c7d11b3ba3f960 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Sv6JV3MLFz3wtx for <patchwork@web04.haj.ipfire.org>; Mon, 18 Dec 2023 17:29:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Sv6JT2KP6z1Np; Mon, 18 Dec 2023 17:29:29 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Sv6JT1jFDz30HB; Mon, 18 Dec 2023 17:29:29 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Sv6JJ6hNLz3093 for <development@lists.ipfire.org>; Mon, 18 Dec 2023 17:29:20 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Sv6JJ4Byyz1Gb; Mon, 18 Dec 2023 17:29:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1702920560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VmChEVnWUbrhSOgirz3XanL0OkB0Uu0vrcPZ1We9mo8=; b=atk4hgm4l4mEHGPBYdSFh0ecE5rAmg8tpiDvdgzsgbyXNbs/0wQ6eafx1rE5LEL0xieebM mSgss/8mkYU2MGpOoCI8gaTNjaaCb3GNmbO3VB5QtA8sAHjSaijgwusmGQU7aqzqQ8NPya nDzNOkxnZ05K7r7kQXh2hiHk66j21YCR6Hx8rQ+bh/kv0OeNrKdca9BfPhvEbayILH0F+r x0DP/r3rGk8vfVOtPIrwiMJnLrE5KhCabm3Puec/IwFxWnA92kkQ3i18PTzr4M0npsQmYx CoRGxlMHgUpC8zdlR4oCosh95kse/0e7o6D7zK7nRDLr1EhFwToKIypoCFf8IQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1702920560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VmChEVnWUbrhSOgirz3XanL0OkB0Uu0vrcPZ1We9mo8=; b=18IQz5GIQELKs3YBKDr5YrQu5RZtPgHcxpVGCU5EW9Rv3VVbo8TIXBuuHRzvcvnS4XijX0 plmiOnpK2S4HAgAA== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] iptables: Update to version 1.8.10 Date: Mon, 18 Dec 2023 18:28:55 +0100 Message-ID: <20231218172911.2531726-4-adolf.belka@ipfire.org> In-Reply-To: <20231218172911.2531726-1-adolf.belka@ipfire.org> References: <20231218172911.2531726-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: NXEAJAGABEF5GPYIPIDFSO75NQWXOB37 X-Message-ID-Hash: NXEAJAGABEF5GPYIPIDFSO75NQWXOB37 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> Archived-At: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/NXEAJAGABEF5GPYIPIDFSO75NQWXOB37/> List-Archive: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Owner: <mailto:development-owner@lists.ipfire.org> List-Post: <mailto:development@lists.ipfire.org> List-Subscribe: <mailto:development-join@lists.ipfire.org> List-Unsubscribe: <mailto:development-leave@lists.ipfire.org> |
| Series |
iptables: Update to version 1.8.10
|
|
Commit Message
Adolf Belka
Dec. 18, 2023, 5:28 p.m. UTC
- Update from version 1.8.9 to 1.8.10
- Update of rootfile not required
- Changelog
1.8.10
build: use pkg-config for libpcap
iptables-test.py: make explicit use of python3
xtables-eb: fix crash when opts isn't reallocated
iptables-nft: make builtin tables static
iptables-nft: remove unused function argument
include: update nf_tables uapi header
ebtables-nft: add broute table emulation
nft-ruleparse: parse meta mark set as MARK target
iptables: Fix setting of ipv6 counters
iptables: Fix handling of non-existent chains
xshared: dissolve should_load_proto
nft: move processing logic out of asserts
man: string: document BM false negatives
ip6tables: Fix checking existence of rule
nft: check for source and destination address in first place
nft: use payload matching for layer 4 protocol
nft-bridge: pass context structure to ops->add() to improve anonymous set support
configure: Bump version for 1.8.10 release
extensions: NAT: Fix for -Werror=format-security
etc: Drop xtables.conf
Proper fix for "unknown argument" error message
ebtables: Refuse unselected targets' options
ebtables-translate: Drop exec_style
ebtables-translate: Use OPT_* from xshared.h
ebtables-translate: Ignore '-j CONTINUE'
ebtables-translate: Print flush command after parsing is finished
tests: xlate: Support testing multiple individual files
tests: CLUSTERIP: Drop test file
nft-shared: Lookup matches in iptables_command_state
nft-shared: Use nft_create_match() in one more spot
nft-shared: Simplify using nft_create_match()
tests: xlate: Properly split input in replay mode
tests: xlate: Print file names even if specified
extensions: libebt_redirect: Fix target translation
extensions: libebt_redirect: Fix for wrong syntax in translation
extensions: libebt_ip: Do not use 'ip dscp' for translation
extensions: libebt_ip: Translation has to match on ether type
ebtables: ip and ip6 matches depend on protocol match
xtables-translate: Support insert with index
include: Add missing linux/netfilter/xt_LOG.h
nft-restore: Fix for deletion of new, referenced rule
tests: shell: Test for false-positive rule check
utils: nfbpf_compile: Replace pcap_compile_nopcap()
nft-shared: Drop unused include
arptables: Fix parsing of inverted 'arp operation' match
arptables: Don't omit standard matches if inverted
xshared: Fix parsing of option arguments in same word
nft: Introduce nft-ruleparse.{c,h}
nft: Extract rule parsing callbacks from nft_family_ops
nft: ruleparse: Create family-specific source files
tests: shell: Sanitize nft-only/0009-needless-bitwise_0
nft: Special casing for among match in compare_matches()
nft: More verbose extension comparison debugging
nft: Do not pass nft_rule_ctx to add_nft_among()
nft: Include sets in debug output
*tables-restore: Enforce correct counters syntax if present
*tables: Reject invalid chain names when renaming
ebtables: Improve invalid chain name detection
tests: shell: Fix and extend chain rename test
iptables-restore: Drop dead code
iptables-apply: Eliminate shellcheck warnings
extensions: libipt_icmp: Fix confusion between 255/255 and any
tests: libipt_icmp.t: Enable tests with numeric output
man: iptables.8: Extend exit code description
man: iptables.8: Trivial spelling fixes
man: iptables.8: Fix intra page reference
man: iptables.8: Clarify --goto description
man: Use HTTPS for links to netfilter.org
man: iptables.8: Trivial font fixes
man: iptables-restore.8: Fix --modprobe description
man: iptables-restore.8: Consistently document -w option
man: iptables-restore.8: Drop -W option from synopsis
man: iptables-restore.8: Put 'file' in italics in synopsis
man: iptables-restore.8: Start paragraphs in upper-case
man: Trivial: Missing space after comma
man: iptables-save.8: Clarify 'available tables'
man: iptables-save.8: Fix --modprobe description
man: iptables-save.8: Start paragraphs in upper-case
extensions: libip6t_icmp: Add names for mld-listener types
nft-ruleparse: Introduce nft_create_target()
tests: iptables-test: Fix command segfault reports
nft: Create builtin chains with counters enabled
Revert "libiptc: fix wrong maptype of base chain counters on restore"
tests: shell: Test chain policy counter behaviour
Use SOCK_CLOEXEC/O_CLOEXEC where available
nft: Pass nft_handle to add_{target,action}()
nft: Introduce and use bool nft_handle::compat
Add --compat option to *tables-nft and *-nft-restore commands
tests: Test compat mode
Revert --compat option related commits
tests: shell: Fix for ineffective 0007-mid-restore-flush_0
nft: Fix for useless meta expressions in rule
include: linux: Update kernel.h
build: Bump dependency on libnftnl
extensions: Fix checking of conntrack --ctproto 0
doc: fix example of xt_cpu
xt_sctp: add the missing chunk types in sctp_help
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
lfs/iptables | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > - Update from version 1.8.9 to 1.8.10 > - Update of rootfile not required > - Changelog > 1.8.10 > build: use pkg-config for libpcap > iptables-test.py: make explicit use of python3 > xtables-eb: fix crash when opts isn't reallocated > iptables-nft: make builtin tables static > iptables-nft: remove unused function argument > include: update nf_tables uapi header > ebtables-nft: add broute table emulation > nft-ruleparse: parse meta mark set as MARK target > iptables: Fix setting of ipv6 counters > iptables: Fix handling of non-existent chains > xshared: dissolve should_load_proto > nft: move processing logic out of asserts > man: string: document BM false negatives > ip6tables: Fix checking existence of rule > nft: check for source and destination address in first place > nft: use payload matching for layer 4 protocol > nft-bridge: pass context structure to ops->add() to improve anonymous set support > configure: Bump version for 1.8.10 release > extensions: NAT: Fix for -Werror=format-security > etc: Drop xtables.conf > Proper fix for "unknown argument" error message > ebtables: Refuse unselected targets' options > ebtables-translate: Drop exec_style > ebtables-translate: Use OPT_* from xshared.h > ebtables-translate: Ignore '-j CONTINUE' > ebtables-translate: Print flush command after parsing is finished > tests: xlate: Support testing multiple individual files > tests: CLUSTERIP: Drop test file > nft-shared: Lookup matches in iptables_command_state > nft-shared: Use nft_create_match() in one more spot > nft-shared: Simplify using nft_create_match() > tests: xlate: Properly split input in replay mode > tests: xlate: Print file names even if specified > extensions: libebt_redirect: Fix target translation > extensions: libebt_redirect: Fix for wrong syntax in translation > extensions: libebt_ip: Do not use 'ip dscp' for translation > extensions: libebt_ip: Translation has to match on ether type > ebtables: ip and ip6 matches depend on protocol match > xtables-translate: Support insert with index > include: Add missing linux/netfilter/xt_LOG.h > nft-restore: Fix for deletion of new, referenced rule > tests: shell: Test for false-positive rule check > utils: nfbpf_compile: Replace pcap_compile_nopcap() > nft-shared: Drop unused include > arptables: Fix parsing of inverted 'arp operation' match > arptables: Don't omit standard matches if inverted > xshared: Fix parsing of option arguments in same word > nft: Introduce nft-ruleparse.{c,h} > nft: Extract rule parsing callbacks from nft_family_ops > nft: ruleparse: Create family-specific source files > tests: shell: Sanitize nft-only/0009-needless-bitwise_0 > nft: Special casing for among match in compare_matches() > nft: More verbose extension comparison debugging > nft: Do not pass nft_rule_ctx to add_nft_among() > nft: Include sets in debug output > *tables-restore: Enforce correct counters syntax if present > *tables: Reject invalid chain names when renaming > ebtables: Improve invalid chain name detection > tests: shell: Fix and extend chain rename test > iptables-restore: Drop dead code > iptables-apply: Eliminate shellcheck warnings > extensions: libipt_icmp: Fix confusion between 255/255 and any > tests: libipt_icmp.t: Enable tests with numeric output > man: iptables.8: Extend exit code description > man: iptables.8: Trivial spelling fixes > man: iptables.8: Fix intra page reference > man: iptables.8: Clarify --goto description > man: Use HTTPS for links to netfilter.org > man: iptables.8: Trivial font fixes > man: iptables-restore.8: Fix --modprobe description > man: iptables-restore.8: Consistently document -w option > man: iptables-restore.8: Drop -W option from synopsis > man: iptables-restore.8: Put 'file' in italics in synopsis > man: iptables-restore.8: Start paragraphs in upper-case > man: Trivial: Missing space after comma > man: iptables-save.8: Clarify 'available tables' > man: iptables-save.8: Fix --modprobe description > man: iptables-save.8: Start paragraphs in upper-case > extensions: libip6t_icmp: Add names for mld-listener types > nft-ruleparse: Introduce nft_create_target() > tests: iptables-test: Fix command segfault reports > nft: Create builtin chains with counters enabled > Revert "libiptc: fix wrong maptype of base chain counters on restore" > tests: shell: Test chain policy counter behaviour > Use SOCK_CLOEXEC/O_CLOEXEC where available > nft: Pass nft_handle to add_{target,action}() > nft: Introduce and use bool nft_handle::compat > Add --compat option to *tables-nft and *-nft-restore commands > tests: Test compat mode > Revert --compat option related commits > tests: shell: Fix for ineffective 0007-mid-restore-flush_0 > nft: Fix for useless meta expressions in rule > include: linux: Update kernel.h > build: Bump dependency on libnftnl > extensions: Fix checking of conntrack --ctproto 0 > doc: fix example of xt_cpu > xt_sctp: add the missing chunk types in sctp_help > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > lfs/iptables | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/iptables b/lfs/iptables > index 30c6e1d94..572d9f212 100644 > --- a/lfs/iptables > +++ b/lfs/iptables > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> # > +# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 1.8.9 > +VER = 1.8.10 > > THISAPP = iptables-$(VER) > DL_FILE = $(THISAPP).tar.xz > @@ -41,7 +41,7 @@ objects = $(DL_FILE) \ > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz > > -$(DL_FILE)_BLAKE2 = 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 > +$(DL_FILE)_BLAKE2 = 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 > netfilter-layer7-v2.23.tar.gz_BLAKE2 = 5c8ab722f6fbc126f2f65ecf401de5fc40560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc35c39345617fa7a8fdc > > install : $(TARGET)
diff --git a/lfs/iptables b/lfs/iptables index 30c6e1d94..572d9f212 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> # +# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.8.9 +VER = 1.8.10 THISAPP = iptables-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE) \ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz -$(DL_FILE)_BLAKE2 = 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 +$(DL_FILE)_BLAKE2 = 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 netfilter-layer7-v2.23.tar.gz_BLAKE2 = 5c8ab722f6fbc126f2f65ecf401de5fc40560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc35c39345617fa7a8fdc install : $(TARGET)