diff --git a/SOURCES/ebtables-2.0.10-lockdirfix.patch b/SOURCES/ebtables-2.0.10-lockdirfix.patch new file mode 100644 index 0000000..9fadf08 --- /dev/null +++ b/SOURCES/ebtables-2.0.10-lockdirfix.patch @@ -0,0 +1,50 @@ +diff -up ebtables-v2.0.10-4/ebtables.8.lockdirfix ebtables-v2.0.10-4/ebtables.8 +--- ebtables-v2.0.10-4/ebtables.8.lockdirfix 2016-01-18 11:13:21.707069702 -0500 ++++ ebtables-v2.0.10-4/ebtables.8 2016-01-18 11:13:40.554953365 -0500 +@@ -1103,7 +1103,7 @@ arp message and the hardware address len + .br + .SH FILES + .I /etc/ethertypes +-.I /var/lib/ebtables/lock ++.I /run/ebtables.lock + .SH ENVIRONMENT VARIABLES + .I EBTABLES_ATOMIC_FILE + .SH MAILINGLISTS +diff -up ebtables-v2.0.10-4/INSTALL.lockdirfix ebtables-v2.0.10-4/INSTALL +--- ebtables-v2.0.10-4/INSTALL.lockdirfix 2016-01-18 11:15:31.458268826 -0500 ++++ ebtables-v2.0.10-4/INSTALL 2016-01-18 11:15:53.890130367 -0500 +@@ -31,7 +31,7 @@ WHAT GETS INSTALLED AND WHAT OPTIONS ARE + copied to /etc/rc.d/init.d (change with option INITDIR) + - The ebtables configuration file (ebtables-config) is copied to /etc/sysconfig + - ebtables can use a lock file to enable concurrent execution of the ebtables +- tool. The standard location of the lock file is /var/lib/ebtables/lock. ++ tool. The standard location of the lock file is /run/ebtables.lock. + Include LOCKFILE=<> if you want to use another file. + + That's all +diff -up ebtables-v2.0.10-4/libebtc.c.lockdirfix ebtables-v2.0.10-4/libebtc.c +--- ebtables-v2.0.10-4/libebtc.c.lockdirfix 2016-01-18 11:12:14.347485472 -0500 ++++ ebtables-v2.0.10-4/libebtc.c 2016-01-18 11:13:06.515163472 -0500 +@@ -134,8 +134,8 @@ void ebt_list_extensions() + } + + #ifndef LOCKFILE +-#define LOCKDIR "/var/lib/ebtables" +-#define LOCKFILE LOCKDIR"/lock" ++#define LOCKDIR "/run" ++#define LOCKFILE LOCKDIR"/ebtables.lock" + #endif + static int lockfd = -1, locked; + int use_lockfd; +diff -up ebtables-v2.0.10-4/Makefile.lockdirfix ebtables-v2.0.10-4/Makefile +--- ebtables-v2.0.10-4/Makefile.lockdirfix 2016-01-18 11:14:10.715767201 -0500 ++++ ebtables-v2.0.10-4/Makefile 2016-01-18 11:15:20.506336425 -0500 +@@ -5,7 +5,7 @@ PROGRELEASE:=4 + PROGVERSION_:=2.0.10 + PROGVERSION:=$(PROGVERSION_)-$(PROGRELEASE) + PROGDATE:=December\ 2011 +-LOCKFILE?=/var/lib/ebtables/lock ++LOCKFILE?=/run/ebtables.lock + LOCKDIR:=$(shell echo $(LOCKFILE) | sed 's/\(.*\)\/.*/\1/')/ + + # default paths diff --git a/SOURCES/ebtables-2.0.10-noflush.patch b/SOURCES/ebtables-2.0.10-noflush.patch new file mode 100644 index 0000000..42d5611 --- /dev/null +++ b/SOURCES/ebtables-2.0.10-noflush.patch @@ -0,0 +1,69 @@ +commit 3a25ae2361da048f24524d8e63d70f4cd40444f3 +Author: Sanket Shah +Date: Wed Jul 31 21:40:08 2013 +0200 + + Add --noflush command line support for ebtables-restore + +diff --git a/ebtables-restore.c b/ebtables-restore.c +index ea02960..bb4d0cf 100644 +--- a/ebtables-restore.c ++++ b/ebtables-restore.c +@@ -22,13 +22,25 @@ + #include + #include + #include ++#include + #include "include/ebtables_u.h" + ++static const struct option options[] = { ++ {.name = "noflush", .has_arg = 0, .val = 'n'}, ++ { 0 } ++}; ++ + static struct ebt_u_replace replace[3]; + void ebt_early_init_once(); + + #define OPT_KERNELDATA 0x800 /* Also defined in ebtables.c */ + ++static void print_usage() ++{ ++ fprintf(stderr, "Usage: ebtables-restore [ --noflush ]\n"); ++ exit(1); ++} ++ + static void copy_table_names() + { + strcpy(replace[0].name, "filter"); +@@ -41,11 +53,20 @@ static void copy_table_names() + int main(int argc_, char *argv_[]) + { + char *argv[EBTD_ARGC_MAX], cmdline[EBTD_CMDLINE_MAXLN]; +- int i, offset, quotemode = 0, argc, table_nr = -1, line = 0, whitespace; ++ int i, offset, quotemode = 0, argc, table_nr = -1, line = 0, whitespace, c, flush = 1; + char ebtables_str[] = "ebtables"; + +- if (argc_ != 1) +- ebtrest_print_error("options are not supported"); ++ while ((c = getopt_long(argc_, argv_, "n", options, NULL)) != -1) { ++ switch(c) { ++ case 'n': ++ flush = 0; ++ break; ++ default: ++ print_usage(); ++ break; ++ } ++ } ++ + ebt_silent = 0; + copy_table_names(); + ebt_early_init_once(); +@@ -68,7 +89,7 @@ int main(int argc_, char *argv_[]) + ebtrest_print_error("table '%s' was not recognized", cmdline+1); + table_nr = i; + replace[table_nr].command = 11; +- ebt_get_kernel_table(&replace[table_nr], 1); ++ ebt_get_kernel_table(&replace[table_nr], flush); + replace[table_nr].command = 0; + replace[table_nr].flags = OPT_KERNELDATA; /* Prevent do_command from initialising replace */ + continue; diff --git a/SPECS/ebtables.spec b/SPECS/ebtables.spec index 453b637..3d27836 100644 --- a/SPECS/ebtables.spec +++ b/SPECS/ebtables.spec @@ -2,7 +2,7 @@ Name: ebtables Version: 2.0.10 -Release: 13%{?dist} +Release: 15%{?dist} Summary: Ethernet Bridge frame table administration tool License: GPLv2+ Group: System Environment/Base @@ -15,6 +15,8 @@ Patch0: ebtables-2.0.10-norootinst.patch Patch3: ebtables-2.0.9-lsb.patch Patch4: ebtables-2.0.10-linkfix.patch Patch5: ebtables-2.0.0-audit.patch +Patch6: ebtables-2.0.10-noflush.patch +Patch7: ebtables-2.0.10-lockdirfix.patch BuildRequires: systemd-units Requires(post): systemd Requires(preun): systemd @@ -38,6 +40,8 @@ like iptables. There are no known incompatibility issues. # extension modules need to link to libebtc.so for ebt_errormsg %patch4 -p1 -b .linkfix %patch5 -p1 -b .AUDIT +%patch6 -p1 -b .noflush +%patch7 -p1 -b .lockdir # Convert to UTF-8 f=THANKS; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f @@ -48,7 +52,7 @@ make %{?_smp_mflags} CFLAGS="${RPM_OPT_FLAGS}" LIBDIR="/%{_lib}/ebtables" BINDIR %install mkdir -p %{buildroot}%{_initrddir} mkdir -p %{buildroot}%{_unitdir} -install -p %{SOURCE3} %{buildroot}%{_unitdir}/ +install -m 644 -p %{SOURCE3} %{buildroot}%{_unitdir}/ mkdir -p %{buildroot}%{_libexecdir} install -m0755 %{SOURCE2} %{buildroot}%{_libexecdir}/ebtables mkdir -p %{buildroot}%{_sysconfdir}/sysconfig @@ -94,6 +98,13 @@ mv %{buildroot}/%{_lib}/ebtables/libebtc.so %{buildroot}/%{_lib}/ %ghost %{_sysconfdir}/sysconfig/ebtables.broute %changelog +* Thu Jun 30 2016 Thomas Woerner - 2.0.10-15 +- Backported lockdirfix to use (/var)/run from Fedora (RHBZ#1346376) + +* Tue May 17 2016 Thomas Woerner - 2.0.10-14 +- Fixed persmissions of ebtables.service (RHBZ#1288586) +- Added upstream patch to add noflush option to ebtables-restore (RHBZ#1334271) + * Tue Mar 04 2014 Jiri Popelka - 2.0.10-13 - do not eviscerate -fstack-protector(-strong) from CFLAGS (#1070801)