From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] iptables: Update to version 1.8.10
Date: Sat, 30 Dec 2023 07:36:00 +0000
Message-ID: <2effa323-0cac-462f-8742-106123917450@ipfire.org>
In-Reply-To: <20231218172911.2531726-4-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2041765519124785649=="
List-Id: <development.lists.ipfire.org>

--===============2041765519124785649==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

> - Update from version 1.8.9 to 1.8.10
> - Update of rootfile not required
> - Changelog
>     1.8.10
>       build: use pkg-config for libpcap
>       iptables-test.py: make explicit use of python3
>       xtables-eb: fix crash when opts isn't reallocated
>       iptables-nft: make builtin tables static
>       iptables-nft: remove unused function argument
>       include: update nf_tables uapi header
>       ebtables-nft: add broute table emulation
>       nft-ruleparse: parse meta mark set as MARK target
>       iptables: Fix setting of ipv6 counters
>       iptables: Fix handling of non-existent chains
>       xshared: dissolve should_load_proto
>       nft: move processing logic out of asserts
>       man: string: document BM false negatives
>       ip6tables: Fix checking existence of rule
>       nft: check for source and destination address in first place
>       nft: use payload matching for layer 4 protocol
>       nft-bridge: pass context structure to ops->add() to improve anonymous=
 set support
>       configure: Bump version for 1.8.10 release
>       extensions: NAT: Fix for -Werror=3Dformat-security
>       etc: Drop xtables.conf
>       Proper fix for "unknown argument" error message
>       ebtables: Refuse unselected targets' options
>       ebtables-translate: Drop exec_style
>       ebtables-translate: Use OPT_* from xshared.h
>       ebtables-translate: Ignore '-j CONTINUE'
>       ebtables-translate: Print flush command after parsing is finished
>       tests: xlate: Support testing multiple individual files
>       tests: CLUSTERIP: Drop test file
>       nft-shared: Lookup matches in iptables_command_state
>       nft-shared: Use nft_create_match() in one more spot
>       nft-shared: Simplify using nft_create_match()
>       tests: xlate: Properly split input in replay mode
>       tests: xlate: Print file names even if specified
>       extensions: libebt_redirect: Fix target translation
>       extensions: libebt_redirect: Fix for wrong syntax in translation
>       extensions: libebt_ip: Do not use 'ip dscp' for translation
>       extensions: libebt_ip: Translation has to match on ether type
>       ebtables: ip and ip6 matches depend on protocol match
>       xtables-translate: Support insert with index
>       include: Add missing linux/netfilter/xt_LOG.h
>       nft-restore: Fix for deletion of new, referenced rule
>       tests: shell: Test for false-positive rule check
>       utils: nfbpf_compile: Replace pcap_compile_nopcap()
>       nft-shared: Drop unused include
>       arptables: Fix parsing of inverted 'arp operation' match
>       arptables: Don't omit standard matches if inverted
>       xshared: Fix parsing of option arguments in same word
>       nft: Introduce nft-ruleparse.{c,h}
>       nft: Extract rule parsing callbacks from nft_family_ops
>       nft: ruleparse: Create family-specific source files
>       tests: shell: Sanitize nft-only/0009-needless-bitwise_0
>       nft: Special casing for among match in compare_matches()
>       nft: More verbose extension comparison debugging
>       nft: Do not pass nft_rule_ctx to add_nft_among()
>       nft: Include sets in debug output
>       *tables-restore: Enforce correct counters syntax if present
>       *tables: Reject invalid chain names when renaming
>       ebtables: Improve invalid chain name detection
>       tests: shell: Fix and extend chain rename test
>       iptables-restore: Drop dead code
>       iptables-apply: Eliminate shellcheck warnings
>       extensions: libipt_icmp: Fix confusion between 255/255 and any
>       tests: libipt_icmp.t: Enable tests with numeric output
>       man: iptables.8: Extend exit code description
>       man: iptables.8: Trivial spelling fixes
>       man: iptables.8: Fix intra page reference
>       man: iptables.8: Clarify --goto description
>       man: Use HTTPS for links to netfilter.org
>       man: iptables.8: Trivial font fixes
>       man: iptables-restore.8: Fix --modprobe description
>       man: iptables-restore.8: Consistently document -w option
>       man: iptables-restore.8: Drop -W option from synopsis
>       man: iptables-restore.8: Put 'file' in italics in synopsis
>       man: iptables-restore.8: Start paragraphs in upper-case
>       man: Trivial: Missing space after comma
>       man: iptables-save.8: Clarify 'available tables'
>       man: iptables-save.8: Fix --modprobe description
>       man: iptables-save.8: Start paragraphs in upper-case
>       extensions: libip6t_icmp: Add names for mld-listener types
>       nft-ruleparse: Introduce nft_create_target()
>       tests: iptables-test: Fix command segfault reports
>       nft: Create builtin chains with counters enabled
>       Revert "libiptc: fix wrong maptype of base chain counters on restore"
>       tests: shell: Test chain policy counter behaviour
>       Use SOCK_CLOEXEC/O_CLOEXEC where available
>       nft: Pass nft_handle to add_{target,action}()
>       nft: Introduce and use bool nft_handle::compat
>       Add --compat option to *tables-nft and *-nft-restore commands
>       tests: Test compat mode
>       Revert --compat option related commits
>       tests: shell: Fix for ineffective 0007-mid-restore-flush_0
>       nft: Fix for useless meta expressions in rule
>       include: linux: Update kernel.h
>       build: Bump dependency on libnftnl
>       extensions: Fix checking of conntrack --ctproto 0
>       doc: fix example of xt_cpu
>       xt_sctp: add the missing chunk types in sctp_help
>=20
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>  lfs/iptables | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>=20
> diff --git a/lfs/iptables b/lfs/iptables
> index 30c6e1d94..572d9f212 100644
> --- a/lfs/iptables
> +++ b/lfs/iptables
> @@ -1,7 +1,7 @@
>  ##########################################################################=
#####
>  #                                                                         =
    #
>  # IPFire.org - A linux based firewall                                     =
    #
> -# Copyright (C) 2007-2019  IPFire Team  <info(a)ipfire.org>               =
      #
> +# Copyright (C) 2007-2023  IPFire Team  <info(a)ipfire.org>               =
      #
>  #                                                                         =
    #
>  # This program is free software: you can redistribute it and/or modify    =
    #
>  # it under the terms of the GNU General Public License as published by    =
    #
> @@ -24,7 +24,7 @@
> =20
>  include Config
> =20
> -VER        =3D 1.8.9
> +VER        =3D 1.8.10
> =20
>  THISAPP    =3D iptables-$(VER)
>  DL_FILE    =3D $(THISAPP).tar.xz
> @@ -41,7 +41,7 @@ objects =3D $(DL_FILE) \
>  $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>  netfilter-layer7-v2.23.tar.gz =3D $(URL_IPFIRE)/netfilter-layer7-v2.23.tar=
.gz
> =20
> -$(DL_FILE)_BLAKE2 =3D 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e8697=
6b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1
> +$(DL_FILE)_BLAKE2 =3D 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c1=
0b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520
>  netfilter-layer7-v2.23.tar.gz_BLAKE2 =3D 5c8ab722f6fbc126f2f65ecf401de5fc4=
0560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc3=
5c39345617fa7a8fdc
> =20
>  install : $(TARGET)

--===============2041765519124785649==--