From patchwork Mon Dec 18 17:28:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7397 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Sv6JV3MLFz3wtx for ; Mon, 18 Dec 2023 17:29:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Sv6JT2KP6z1Np; Mon, 18 Dec 2023 17:29:29 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Sv6JT1jFDz30HB; Mon, 18 Dec 2023 17:29:29 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Sv6JJ6hNLz3093 for ; Mon, 18 Dec 2023 17:29:20 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Sv6JJ4Byyz1Gb; Mon, 18 Dec 2023 17:29:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1702920560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VmChEVnWUbrhSOgirz3XanL0OkB0Uu0vrcPZ1We9mo8=; b=atk4hgm4l4mEHGPBYdSFh0ecE5rAmg8tpiDvdgzsgbyXNbs/0wQ6eafx1rE5LEL0xieebM mSgss/8mkYU2MGpOoCI8gaTNjaaCb3GNmbO3VB5QtA8sAHjSaijgwusmGQU7aqzqQ8NPya nDzNOkxnZ05K7r7kQXh2hiHk66j21YCR6Hx8rQ+bh/kv0OeNrKdca9BfPhvEbayILH0F+r x0DP/r3rGk8vfVOtPIrwiMJnLrE5KhCabm3Puec/IwFxWnA92kkQ3i18PTzr4M0npsQmYx CoRGxlMHgUpC8zdlR4oCosh95kse/0e7o6D7zK7nRDLr1EhFwToKIypoCFf8IQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1702920560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VmChEVnWUbrhSOgirz3XanL0OkB0Uu0vrcPZ1We9mo8=; b=18IQz5GIQELKs3YBKDr5YrQu5RZtPgHcxpVGCU5EW9Rv3VVbo8TIXBuuHRzvcvnS4XijX0 plmiOnpK2S4HAgAA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] iptables: Update to version 1.8.10 Date: Mon, 18 Dec 2023 18:28:55 +0100 Message-ID: <20231218172911.2531726-4-adolf.belka@ipfire.org> In-Reply-To: <20231218172911.2531726-1-adolf.belka@ipfire.org> References: <20231218172911.2531726-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: NXEAJAGABEF5GPYIPIDFSO75NQWXOB37 X-Message-ID-Hash: NXEAJAGABEF5GPYIPIDFSO75NQWXOB37 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 1.8.9 to 1.8.10 - Update of rootfile not required - Changelog 1.8.10 build: use pkg-config for libpcap iptables-test.py: make explicit use of python3 xtables-eb: fix crash when opts isn't reallocated iptables-nft: make builtin tables static iptables-nft: remove unused function argument include: update nf_tables uapi header ebtables-nft: add broute table emulation nft-ruleparse: parse meta mark set as MARK target iptables: Fix setting of ipv6 counters iptables: Fix handling of non-existent chains xshared: dissolve should_load_proto nft: move processing logic out of asserts man: string: document BM false negatives ip6tables: Fix checking existence of rule nft: check for source and destination address in first place nft: use payload matching for layer 4 protocol nft-bridge: pass context structure to ops->add() to improve anonymous set support configure: Bump version for 1.8.10 release extensions: NAT: Fix for -Werror=format-security etc: Drop xtables.conf Proper fix for "unknown argument" error message ebtables: Refuse unselected targets' options ebtables-translate: Drop exec_style ebtables-translate: Use OPT_* from xshared.h ebtables-translate: Ignore '-j CONTINUE' ebtables-translate: Print flush command after parsing is finished tests: xlate: Support testing multiple individual files tests: CLUSTERIP: Drop test file nft-shared: Lookup matches in iptables_command_state nft-shared: Use nft_create_match() in one more spot nft-shared: Simplify using nft_create_match() tests: xlate: Properly split input in replay mode tests: xlate: Print file names even if specified extensions: libebt_redirect: Fix target translation extensions: libebt_redirect: Fix for wrong syntax in translation extensions: libebt_ip: Do not use 'ip dscp' for translation extensions: libebt_ip: Translation has to match on ether type ebtables: ip and ip6 matches depend on protocol match xtables-translate: Support insert with index include: Add missing linux/netfilter/xt_LOG.h nft-restore: Fix for deletion of new, referenced rule tests: shell: Test for false-positive rule check utils: nfbpf_compile: Replace pcap_compile_nopcap() nft-shared: Drop unused include arptables: Fix parsing of inverted 'arp operation' match arptables: Don't omit standard matches if inverted xshared: Fix parsing of option arguments in same word nft: Introduce nft-ruleparse.{c,h} nft: Extract rule parsing callbacks from nft_family_ops nft: ruleparse: Create family-specific source files tests: shell: Sanitize nft-only/0009-needless-bitwise_0 nft: Special casing for among match in compare_matches() nft: More verbose extension comparison debugging nft: Do not pass nft_rule_ctx to add_nft_among() nft: Include sets in debug output *tables-restore: Enforce correct counters syntax if present *tables: Reject invalid chain names when renaming ebtables: Improve invalid chain name detection tests: shell: Fix and extend chain rename test iptables-restore: Drop dead code iptables-apply: Eliminate shellcheck warnings extensions: libipt_icmp: Fix confusion between 255/255 and any tests: libipt_icmp.t: Enable tests with numeric output man: iptables.8: Extend exit code description man: iptables.8: Trivial spelling fixes man: iptables.8: Fix intra page reference man: iptables.8: Clarify --goto description man: Use HTTPS for links to netfilter.org man: iptables.8: Trivial font fixes man: iptables-restore.8: Fix --modprobe description man: iptables-restore.8: Consistently document -w option man: iptables-restore.8: Drop -W option from synopsis man: iptables-restore.8: Put 'file' in italics in synopsis man: iptables-restore.8: Start paragraphs in upper-case man: Trivial: Missing space after comma man: iptables-save.8: Clarify 'available tables' man: iptables-save.8: Fix --modprobe description man: iptables-save.8: Start paragraphs in upper-case extensions: libip6t_icmp: Add names for mld-listener types nft-ruleparse: Introduce nft_create_target() tests: iptables-test: Fix command segfault reports nft: Create builtin chains with counters enabled Revert "libiptc: fix wrong maptype of base chain counters on restore" tests: shell: Test chain policy counter behaviour Use SOCK_CLOEXEC/O_CLOEXEC where available nft: Pass nft_handle to add_{target,action}() nft: Introduce and use bool nft_handle::compat Add --compat option to *tables-nft and *-nft-restore commands tests: Test compat mode Revert --compat option related commits tests: shell: Fix for ineffective 0007-mid-restore-flush_0 nft: Fix for useless meta expressions in rule include: linux: Update kernel.h build: Bump dependency on libnftnl extensions: Fix checking of conntrack --ctproto 0 doc: fix example of xt_cpu xt_sctp: add the missing chunk types in sctp_help Signed-off-by: Adolf Belka Reviewed-by: Peter Müller --- lfs/iptables | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/iptables b/lfs/iptables index 30c6e1d94..572d9f212 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.8.9 +VER = 1.8.10 THISAPP = iptables-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE) \ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz -$(DL_FILE)_BLAKE2 = 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 +$(DL_FILE)_BLAKE2 = 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 netfilter-layer7-v2.23.tar.gz_BLAKE2 = 5c8ab722f6fbc126f2f65ecf401de5fc40560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc35c39345617fa7a8fdc install : $(TARGET)