SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for iptables-1.4.16.2-61.1.x86_64.rpm :
Tue Oct 4 14:00:00 2011 jengelhAATTmedozas.de
- Update to a newer git snapshot of the stable branch
(to v1.4.12.1-16-gd2b0eaa)

* resolve failure to load extensions that depend on libm.so
- rediff of iptables-batch due to fuzz
- relax runtime requires

Thu Sep 1 14:00:00 2011 jengelhAATTmedozas.de
- Update to new upstream release 1.4.12.1

* regression fixes for the new (stricter) command-line parser
- restore --includedir= in spec file
- Put libxtables into its own subpackage so that one does not need
a lockstep update of iproute2 on a new iptables package
- Remove redundant fields (Autoreqprov defaults to on, License is
inherited from main package)

Fri Aug 12 14:00:00 2011 drahtAATTsuse.de
- include path is /usr/include

Mon Aug 8 14:00:00 2011 jengelhAATTmedozas.de
- Put include files into a separate directory to flag up missing
CFLAGS. libipq.pc will now be provided.
- Enable build of nfnl_osf, a tool to upload OS fingerprints to
the kernel for use with xt_osf.

Fri Jul 22 14:00:00 2011 jengelhAATTmedozas.de
- Update to new upstream release 1.4.12

* Include lost match/target descriptions in manpage again

* libxt_LOG: fix ignorance of all but the last flag

* libxt_HL: restore hl-
* option names

* libxt_hashlimit: use a more obvious expiry value by default

* libxt_RATEEST: fix find-and-delete of rules with -j RATEEST

* ipv4: restore negation for the -f option

* Reject empty host specifications (e.g. -s \"\")

* libxt_conntrack: restore network byteordering for ABI v1 & v2

* Documentation updates

Wed Jun 8 14:00:00 2011 jengelhAATTmedozas.de
- Update to snapshot 1.4.11+git16

* libxt_owner: restore inversion support

* option: fix ignored negation before implicit extension loading

* build: fix installation of symlinks

* build: fix absence of xml translator in IPv6-only builds
- Drop merged patches

Sun May 29 14:00:00 2011 jengelhAATTmedozas.de
- Update to new upstream release 1.4.11

* stricter option parsing

* support for the current xt_SET target as contained in 2.6.39

* support for the new xt_devgroup match

* support for the new xt_AUDIT target

* support for a new NFQUEUE bypass option, allowing to bypass the
queue if no userspace listener is present

* a new iptables option \"-C\" to check for existence of a rules
- Fixes on top

* allow negation of --uid-owner/--gid-owner again

* fix installation of symlinks
- Run spec-beautifier

Fri Oct 29 14:00:00 2010 jengelhAATTmedozas.de
- Update to new upstream release 1.4.10

* this is the release for the Linux 2.6.36 kernel

* support for the cpu match, which can be used to improve cache
locality when running multiple server instances

* support for the IDLETIMER target, which can be used to notify
userspace of interfaces being idle

* support for the CHECKSUM target

* support for the ipvs match

* a fix for deletion of rules using the quota match

Mon Aug 9 14:00:00 2010 puzelAATTnovell.com
- update to new upstream release 1.4.9.1

* fixes a compilation problem with static linking in the 1.4.9
release

Wed Aug 4 14:00:00 2010 puzelAATTnovell.com
- update to new upstream release 1.4.9

* this is the release for the Linux 2.6.35 kernel

* support for the LED target

* a new version of the set extension for the upcoming release
supporting IPv6

* negation support for the quota match

* support for the SACK-IMMEDIATELY SCTP extension and
FORWARD_TSN chunk type in the sctp match

* documentation updates and various smaller bugfixes

Wed May 26 14:00:00 2010 jengelhAATTmedozas.de
- update to new upstream release 1.4.8

* this is the release for the Linux 2.6.34 kernel

* add support for the new xt_CT extension

* import the nfnl_osf program required for proper operation
of the xt_osf extension

Sat Apr 24 14:00:00 2010 cooloAATTnovell.com
- buildrequire pkg-config to fix provides

Mon Mar 1 13:00:00 2010 jengelhAATTmedozas.de
- update to new upstream release 1.4.7

* libipq is built as a shared library

* removal of some restrictions on interface names

* documentation updates
- rebase and fix linking of iptables-batch
- fix libdir->libexecdir

Mon Feb 22 13:00:00 2010 jengelhAATTmedozas.de
- only run configure when needed
- use %_smp_mflags
- use newer git snapshot to fix compile error due to missing
ipt_DSCP.h in newer linux-glibc-devel (>= 2.6.32)

Wed Dec 30 13:00:00 2009 puzelAATTnovell.com
- fix bnc#561793 - do not include unclean module documentation
in iptables manpage

Tue Dec 22 13:00:00 2009 jengelhAATTmedozas.de
- update specfile descriptions (bnc#553801)
- update to iptables 1.4.6:

* combine iptables subprograms into a new multi-purpose binary

* support for new implementations: NFQUEUE v1, conntrack v2

* helper: fix invalid passed option to check_inverse

* iprange accepts single host specifications again

* iprange: do accept non-ranges for xt_iprange v1

* iprange: warn on reverse range

* libiptc: fix wrong maptype of base chain counters on restore

* iptables: fix undersized deletion mask creation

* iptables/extensions: make bundled options work again

* iptables: take masks into consideration for replace command

* xtables: warn of missing version identifier in extensions

* documentation updates
- refresh iptables-batch

Thu Nov 12 13:00:00 2009 puzelAATTnovell.com
- remove outdated howtos (bnc#551748)

Wed Jul 15 14:00:00 2009 kay.sieversAATTnovell.com
- fix libdir/libexecdir on 64bit installation

Wed Jun 17 14:00:00 2009 puzelAATTnovell.com
- install iptables-apply

Wed Jun 17 14:00:00 2009 puzelAATTsuse.cz
- update to iptables-1.4.4

* support for the new features in the 2.6.30 kernel, namely the
cluster match and persistent multi-range NAT mappings

* support for the ipset set match and target

* various minor fixes and cleanups

* documentation updates

Mon May 11 14:00:00 2009 puzelAATTsuse.cz
- make explicit \'commit\' in iptables-batch do nothing (bnc#500990)

Tue Apr 21 14:00:00 2009 puzelAATTsuse.cz
- update to 1.4.3.2
- numerous documentation updates and bugfixes
- set of changes to move some of the iptables functionality to a shared
library for tc and m_ipt
- make libiptc available as shared library (closes bnc#487629)
- IPv6 support for the recent match
- TPROXY support
- SCTP/DCCP NAT support
- INCOMPATIBILITY: This release starts enforcing the deprecation of NAT
filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will
cause an error instead of a warning from now on.
- rework iptables-batch.patch (libiptc interface has changed)
- update howtos

Fri Jan 16 13:00:00 2009 prusnakAATTsuse.cz
- updated to 1.4.2

* remove dependency on libiptc headers

* fix segmentation fault with -tanything

* warn about use of DROP in nat table

* do allow --rttl for --update

* run ldconfig on `make install`

* fix invalid iptables-save output

* fix hashlimit output

Wed Sep 10 14:00:00 2008 prusnakAATTsuse.cz
- updated to 1.4.2-rc1

* libxt_TOS: make sure --set-tos value/mask is recognized

* libiptc: fix scalability performance issue during initial ruleset parsing

* xt_string: string extension case insensitive matching

* ip6tables: add --goto support

Wed Sep 10 14:00:00 2008 prusnakAATTsuse.cz
- updated to 1.4.1.1

* iptables: fix printing of line numbers with --line-numbers arg

* ip6tables: fix printing of ipv6 network masks

* build: fix `make install` when --disable-shared is used

* iprange: kernel flags were not set

Wed Sep 10 14:00:00 2008 prusnakAATTsuse.cz
- updated to 1.4.1

* iptables: use C99 lists for struct options

* Make iptables-restore usable over a pipe

* Add support for --set-counters to iptables -P

* iptables --list-rules command

* iptables --list chain rulenum

* Make --set-counters (-c) accept comma separated counters

* libxt_iprange: Fix IP validation logic

* fix ip6tables dest address printing

* Converts the iptables build infrastructure to autotools.

* Introduce strtonum(), which works like string_to_number(), but passes

* print warning when dlopen fails

* libxt_owner: UID/GID range support

* Fix compilation of iptables-static build

* xtables.h: move non-exported parts to internal.h

* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR

* manpages: fix broken markup (missing close tags)

* manpages: update to reflect fine-grained control

* configure: split --enable-libipq from --enable-devel

* Add all necessary header files - compilation fix for various cases

* Install libiptc header files because xtables.h depends on it

* Implement AF_UNSPEC as a wildcard for extensions

* Combine ipt and ip6t manpages

* Resolve warnings on 64-bit compile

* Wrap dlopen code into NO_SHARED_LIBS

* Remove support for compilation of conditional extensions

* Resolve libipt_set warnings

* Update documentation about building the package

* configure.ac: AC_SUBST must be separate

* Dynamically create xtables.h.in with version

* configure.ac: remove already-defined variables

* Remove old functions, constants

* Makefile.am: use PACKAGE_TARNAME

* iptables out-of-tree build directory

* Introduce a counter for number of user defined chains.

* Solving scalability issue: for chain list \"name\" searching.

* REDIRECT: Allow symbolic port in REDIRECT --to-port

* Fix iptables-save output of libxt_owner match

* allow empty strings in argument parser

* Fix define value of SCTP chunk type.

* cleanup several code wraparounds

* Add RATEEST target extension

* Add rateest match extension

* Properly initialize revision for ip6tables targets

* Resync header files with kernel

* libiptc: move variable definitions to head of function

* Fix CONNMARK mask initialisation

* iptables-save:remove unnecessary code.

* Don\'t assume /bin/sh is bash

* Add xtables version defines.

* Use s6_addr32 to access bits in int6_addr instead of incompatible name

Tue Jan 8 13:00:00 2008 prusnakAATTsuse.cz
- updated to 1.4.0:

* Add support for generic xtables infrastructure (improved IPv6 support!)

* Deletes empty ->final_check() functions

* Fix sparse warnings: non-C99 array declaration, incorrect function prototypes

* Remove last vestiges of NFC

* Make AATTmsg argument a const char
*, just like printf

* Makes it possible to omit extra_opts of matches/targets if unnecessary

* Fix \"iptables getsockopt failed strangely\" when querying revisions
for non-existant matches and targets

* Introduces DEST_IPT_LIBDIR in Makefile

* Change default KERNEL_DIR location and add KBUILD_OUTPUT

* Removes obsolete KERNEL_64_USERSPACE_32 definitions

* Fix unused function warning

* Don\'t use dlfcn.h if NO_SHARED_LIBS is defined

* Fix showing help text for matches/targets with revision as user

* Print warnings to stderr

* Fix sscanf type errors

* Always print mask in iptables-save

* Don\'t silenty exit on failure to open /proc/net/{ip,ip6}_tables_names

* Adds --table to iptables-restore

* Make DO_MULTI=1 work for ip6tables
* binaries

* Add ip6tables-{save,restore} to non-experimental target,
fix strict aliasing warnings

* Introducing libxt_
*.man files. Sorted matches and modules

* Install ip6tables-{save,restore} manpages

* Performance optimization in sorting chain during pull-out

* Fix sockfd use accounting for kernels without autoloading

* use

* Fix make/compile error for iptables-1.4.0rc1

* Fix for --random option in DNAT and REDIRECT

* Document xt_statistic

* sctp: fix - mistake to pass a pointer where array is required

* Fix connlimit output for inverted --connlimit-above:
! > is <=, not <

* Add NFLOG manpage

* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8

* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man

* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8

* fix check_inverse() call
- removed obsolete patch:

* strict-aliasing-fix.diff (included in update)

Tue Jul 31 14:00:00 2007 prusnakAATTsuse.cz
- removed sed scripts in %prep section from last update

* not needed anymore

Thu Jul 26 14:00:00 2007 prusnakAATTsuse.cz
- updated to 1.3.8

* Fix build error of conntrack match

* Remove whitespace in ip6tables.c

* `-p all\' and `-p 0\' should be allowed in ip6tables

* hashlimit doc update

* add --random option to DNAT and REDIRECT

* Makefile uses POSIX conform directory check

* Fix missing newlines in iptables-save/restore output

* Update quota manpage for SMP

* Output for unspecified proto is `all\' instead of `0\'

* Fix iptables-save with --random option

* Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs

* Remove libnsl from LDLIBS

* Fix problem with iptables-restore and quotes

* Remove unnecessary includes

* Fix --modprobe parameter

* ip6tables-restore should output error of modprobe after failed to load

* Add random option to SNAT

* Fix missing space in error message

* Fixes for manpages of tcp, udp, and icmp{,6}

* Add ip6tables mh extension

* Fix tcpmss manpage

* Add ip6tables TCPMSS extension

* Add UDPLITE multiport support

* Fix missing space in ruleset listing

* Remove extensions for unmaintained/obsolete patchlets

* Fix greedy debug grep

* Fix type in manpage

* Fix compile/install error for iptables-xml with DO_MULTI=1
- dropped obsolete patches:

* newlines.diff (included in update)

* shlibs.diff (done by sed in %prep section)

* extensions.diff

Wed May 9 14:00:00 2007 prusnakAATTsuse.cz
- added newlines to error messages (newlines.diff) [#271847]

Tue Mar 13 13:00:00 2007 prusnakAATTsuse.cz
- added initial setting of KERNEL_DIR variable in %install section of spec file

Tue Jan 9 13:00:00 2007 prusnakAATTsuse.cz
- added experimental tools and extensions (removed by last update)

Wed Jan 3 13:00:00 2007 prusnakAATTsuse.cz
- updated to 1.3.7

* Add revision support for ip6tables

* Add port range support for ip6tables multiport match

* Add sctp match extension for ip6tables

* Add iptables-xml tool

* Add hashlimit support for ip6tables (needs kernel > 2.6.19)

* Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)

* Bugfixes
- updated debian-docs and moved into tar.bz2

Thu Nov 16 13:00:00 2006 mjancarAATTsuse.cz
- allow setting KERNEL_DIR on commandline for build (#220851)

Tue Oct 17 14:00:00 2006 anosekAATTsuse.cz
- updated to version 1.3.6

* Support multiple matches of the same type within a single rule

* DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)

* SELinux SECMARK target (needs kernel >= 2.6.18)

* SELinux CONNSECMARK target (needs kernel >= 2.6.18)

* Add support for statistic match (needs kernel >= 2.6.18)

* Optionally read realm values from /etc/iproute2/rt_realms

* Bugfixes


 
ICM