Skip to content

GitLab

Commit d0f191fa authored by Arturo Borrero Gonzalez's avatar Arturo Borrero Gonzalez
Browse files

d/patches: refresh 0101-changelog.patch 



Update the Changelog file with latest changes in 1.6.0.

I'm not a big fan of this 'copy-pasted' changelog, but users of the
iptables package may be acclimated to this.
Signed-off-by: default avatarArturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
parent 9ae565fa
Show whitespace changes
Inline Side-by-side
debian/patches/0101-changelog.patch
View file @ d0f191fa
...@@ -5,7 +5,438 @@ Description: iptables source doesn't include a changelog. ...@@ -5,7 +5,438 @@ Description: iptables source doesn't include a changelog.
--- /dev/null --- /dev/null
+++ b/Changelog +++ b/Changelog
@@ -0,0 +1,3505 @@ @@ -0,0 +1,3936 @@
+iptables v1.6.0 Changelog:
+======================================================================
+Changes from 1.4.21:
+
+Ana Rey (7):
+ xtables-standalone: call nft_fini in the error path
+ nft: fix memory leaks in nft_xtables_config_load
+ iptables: nft: fix memory leaks in nft_fini
+ extensions: libxt_devgroup: Fix the path of the group mappings file
+ iptables-compat: homogenize error messages
+ extensions: devgroup: fix showing and saving of dst-group
+ iptables-compat: homogenize error messages with 'R' option
+
+Andreas Herz (3):
+ extension: libip6t_ipv6header: fix wrong headername in ipv6header for protocols
+ extensions: icmp6: added missing icmpv6 dest-unreach codes
+ added missing icmpv6 codes in REJECT
+
+Anton Danilov (1):
+ xtables: SET target: Add mapping of meta informations (skbinfo ipset extension)
+
+Arturo Borrero (38):
+ iptables-compat: kill add_*() invflags parameter
+ nft-compat: create a separated object update type to rename chains
+ nft-bridge: fix printing of inverted protocols, addresses
+ nft-bridge: fix inversion of builtin matches
+ iptables: xtables-eb: delete extra 'policy' printf
+ iptables: xtables-eb: user-defined chains default policy is always RETURN
+ iptables: xtables-eb: fix renaming of chains
+ extensions: add ebt 802_3 extension
+ ebtables-compat: fix counter listing
+ ebtables-compat: fix printing of extension
+ ebtables-compat: fix segfault in rules w/o target
+ ebtables-compat: include /etc/ethertypes in tarball
+ ebtables-compat: fix ACCEPT printing by simplifying logic
+ include: cache copy of Linux header uapi/linux/netfilter_bridge/ebt_802_3.h
+ ebtables-compat: add nft rule compat information to bridge rules
+ ebtables-compat: prevent options overwrite
+ ebtables-compat: prevent same matches to be included multiple times
+ ebtables-compat: include rule counters in ebtables rules
+ ebtables-compat: fix nft payload bases
+ ebtables-compat: add 'ip' match extension
+ ebtables-compat: add mark_m match extension
+ extensions: cleanup commented code in ebtables-compat extensions
+ libxtables: search first for AF-specific extension
+ ebtables-compat: call extensions final checks
+ ebtables-compat: finish target infrastructure
+ ebtables-compat: add mark target extension
+ ebtables-compat: add watchers support
+ ebtables-compat: add log watcher extension
+ arptables-compat: add mangle target extension
+ libxt_quota: fix _save() invert syntax
+ ebtables-compat: support nflog extension
+ arptables-compat: add support for the CLASSIFY target
+ arptables-compat: delete extra space in target printing
+ ebtables-compat: add support for limit extension
+ ebtables-compat: add a bridge-specific exit_error function
+ ebtables-compat: fix rule deleting with -D in rules with no target
+ list: fix prefetch dummy
+ libxtables: find extensions based on family too
+
+Arturo Borrero Gonzalez (1):
+ ebtables-compat: fix misplaced function attribute on ebt_print_error()
+
+Dan Wilder (1):
+ libxtables: move some code to avoid cautions in vfork man page
+
+Daniel Borkmann (4):
+ iptables: snat: add randomize-full support
+ iptables: add libxt_cgroup frontend
+ cgroup, man: improve man-page bits
+ libxt_CT: add support for recently introduced zone options
+
+Domen Puncer (1):
+ libxtables: fix getaddrinfo return value usage
+
+Felix Janda (5):
+ consistently use <errno.h>
+ include: remove libc5 support code
+ include: Sync with ethernetdb.h from ebtables
+ include Use <stdint.h> types from xtables.h
+ include: Sync with upstream kernel headers
+
+Florian Westphal (15):
+ Merge branch 'stable-1.4.20'
+ iptables.8: --policy is either ACCEPT or DROP
+ extensions: libxt_connlabel: do not open config file from _init hook
+ man: string: document icase
+ tests: split into family and table specific files
+ tests: add test case for xt_recent regression
+ extensions: remove MIRROR
+ extensions: remove SAME target
+ extensions: remove 'unclean' match
+ extensions: add more test cases for iptables-test.py
+ extensions: SNPT,DNPT: fix save/print output
+ extensions/libxt_recent.t: add test case for 3.19 regression
+ extensions: libip6t_dst: make inversion work
+ tests: remove old test cases
+ man: using physdev match in OUTPUT is not supported anymore
+
+Giuseppe Longo (33):
+ nft: fix leak of rule and chain iterators
+ nft: fix leak of chain iterator in nft_rule_list
+ xtables: allow to zero chains via -Z
+ nft: break loop after found matching chain
+ nft: print counter issues
+ nft: fix another memleak in nft_rule_list_cb
+ xtables: nft: display rule by number via -L
+ nft: associate table configuration to handle via nft_init
+ nft: fix family operation lookup
+ nft: load only the tables of the current family
+ nft: refactoring parse operations for more genericity
+ xtables: bootstrap ARP compatibility layer for nftables
+ xtables: nft-arp: implements is_same op for ARP family
+ xtables: arp: add rule replacement support
+ xtables: arp: add delete operation
+ xtables: arp: zeroing chain counters
+ nft: arp: initialize flags in nft_arp_parse_meta
+ nft: arp: add parse_target to nft_family_ops_arp
+ nft: arp: fix possible string overflow
+ nft: adds save_matches_and_target
+ nft-arp: adds nft_arp_save_firewall
+ xtables-events: prints arp rules
+ nft-arp: fix is_same_interfaces arguments
+ nft-arp: wrong condition in parse_payload
+ nft: replace nft_rule_attr_get_u8
+ nft: save: fix the printing of the counters
+ nft-arp: remove wrong conditions
+ nft: compare layer 4 protocol in first place
+ nft: add nft_xt_ctx struct
+ nft: fix syntax error in nft_parse_cmp()
+ nft-ipv46: replace offset var with ctx->payload.offset
+ ebtables-compat: fix print_header
+ ebtables-compat: build ebtables extensions
+
+Gustavo Zacarias (1):
+ iptables-save: remove dlfcn.h include
+
+Harout Hedeshian (2):
+ extensions: libxt_socket: add --restore-skmark option
+ extensions: libxt_socket: update man pages and tests for --restore-skmark
+
+Jan Engelhardt (3):
+ iptables: link against libnetfilter_conntrack
+ build: resolve build error involving libnftnl
+ extensions: restore matching any SPI id by default
+
+Jiri Popelka (9):
+ iptables: fix version in iptables(8)
+ update FSF address in license text
+ iptables: missing bracket in iptables-save(8)
+ iptables-restore.8: missing -T in synopsis
+ iptables-restore.8: file to read from can be specified as argument
+ iptables-{save,restore}: warn that -b/--binary isn't implemented
+ iptables-save: actually parse -M/--modprobe option
+ iptables: add optional [seconds] argument to -w
+ libxt_tcp: manpage correction
+
+Jozsef Kadlecsik (1):
+ Alignment problem between 64bit kernel 32bit userspace
+
+Loganaden Velvindron (1):
+ extensions: libxt_TEE: Trim kernel struct to allow deletion
+
+Mart Frauenlob (2):
+ extensions: libxt_set: Add missing hyphen to --bytes-eq synopsis in manpage
+ libxtables: Print meaningful error message for an invalid MAC address string
+
+Martin Topholm (1):
+ extensions: libxt_SYNPROXY: initial manual page
+
+Mike Frysinger (4):
+ configure: fix 3rd arg w/AC_ARG_ENABLE
+ build: add finer module blacklisting
+ libiptc: fix fortify errors in debug code
+ iptables: update gitignore list
+
+Nicolas Dichtel (1):
+ iptables: fix compilation when lib[mnl|nftables] are not in standard path
+
+Pablo Neira Ayuso (186):
+ add iptables unit test infrastructure
+ extensions: libipt_ah: add unit test
+ extensions: libip6t_ah: add unit test
+ extensions: libipt_LOG: add unit test
+ extensions: libxt_addrtype: add unit test
+ extensions: libip6t_LOG: add unit test
+ extensions: libxt_cluster: add unit test
+ extensions: libxt_comment: add unit test
+ extensions: libxt_AUDIT: add unit test
+ extensions: libxt_CHECKSUM: add unit test
+ extensions: libxt_CLASSIFY: add unit test
+ extensions: libxt_connbytes: add unit test
+ extensions: libxt_connlimit: add unit test
+ extensions: libxt_connmark: add unit test
+ extensions: libxt_CONNMARK: add unit test
+ extensions: libxt_hashlimit: add unit test
+ extensions: libxt_time: add unit test
+ extensions: libxt_length: add unit test
+ extensions: libxt_udp: add unit test
+ extensions: libxt_tcp: add unit test
+ extensions: libxt_tos: add unit test
+ extensions: libxt_NFLOG: add unit test
+ extensions: libxt_dccp: add unit test
+ extensions: libxt_esp: add unit test
+ extensions: libxt_helper: add unit test
+ extensions: libipt_icmp: add unit test
+ extensions: libxt_NFQUEUE: add unit test
+ extensions: libipt_ttl.t: add unit test
+ extensions: libxt_pkttype: add unit test
+ extensions: libxt_CT: add unit test
+ extensions: libxt_state: add unit test
+ extensions: libxt_string: add unit test
+ extensions: libxt_rateest: add unit test
+ extensions: libxt_nfacct: add unit test
+ extensions: libxt_mark: add unit test
+ extensions: libipt_REJECT: add unit test
+ extensions: libxt_sctp: add unit test
+ extensions: libxt_NOTRACK: add unit test
+ extensions: libipt_MASQUERADE: add unit test
+ extensions: libxt_standard: add unit test
+ extensions: libipt_ECN: add unit test
+ extensions: libxt_TRACE: add unit test
+ extensions: libxt_TOS: add unit test
+ extensions: libxt_DSCP: add unit test
+ extensions: libip6t_eui64: add unit test
+ extensions: libxt_limit: add unit test
+ extensions: libxt_conntrack: add unit test
+ extensions: libipt_ULOG: add unit test
+ extensions: libxt_multiport: add unit test
+ extensions: libip6t_REJECT: add unit test
+ extensions: libxt_dscp: add unit test
+ extensions: libxt_cpu: add unit test
+ extensions: libxt_quota: add unit test
+ extensions: libxt_iprange: add unit test
+ extensions: libxt_physdev: add unit test
+ extensions: libxt_TEE: add unit test
+ extensions: libipt_SNAT: add unit test
+ extensions: libip6t_DNAT: add unit test
+ extensions: libxt_owner: add unit test
+ extensions: libxt_MARK: add unit test
+ build: don't include tests in released tarball
+ use nf_tables and nf_tables compatibility interface
+ automatic creation of built-in table and chains
+ rework automatic creation of built-in table and chains
+ iptables: nft: add -f support
+ nft: fix missing rule listing in custom chains with -L
+ headers: remove unused compatibility definitions
+ iptables: nft: move priority to chain instead of table
+ iptables: nft: remove __nft_check_rule
+ iptables: nft: use 64-bits handle
+ iptables: nft: use chain types
+ xtables-restore: add support for dormant tables
+ nft: adapt chain rename to recent Patrick's updates
+ xtables: fix crash due to using wrong globals
+ xtables-restore: fix custom user chain restoration
+ xtables: fix compilation warning
+ xtables: purge out user-define chains from the kernel
+ xtables-restore: support atomic commit
+ xtables: nft: add protocol and flags for xtables over nf_tables
+ xtables-restore: support test option `-t'
+ nft: fix crash if TRACE is used
+ xtables: ipv6: fix wrong error if -p is used
+ xtables: ipv6: add missing break in nft_parse_payload_ipv6
+ xtables: ipv6: fix -D with -p
+ add xtables-events
+ xtables-restore: add -4 and -6 support
+ xtables-save: add -4 and -6 support
+ nft: remove license for header file
+ xtables: fix missing xtables_exit_error definition
+ xtables-standalone: fix error message
+ xtables-config: priority has to be per-chain to support
+ nft: load tables and chains based on /etc/xtables.conf
+ xtables: support family in /etc/xtables.conf file
+ xtables-config: fix off by one in parsed strings from /etc/xtables.conf
+ xtables: fix missing protocol and invflags
+ xtables-config-parser: fix compilation warning
+ iptables: update .gitignore
+ xtables: add new container xtables_args structure
+ xtables: add new nft_ops->post_parse hook
+ xtables: remove unused leftover definitions
+ xtables: fix compilation due to missing autogenerated header
+ nft: don't call nft_init in nft_xtables_config_load
+ xtables-restore: output the same error message that iptables-restore uses
+ xtables: fix -p protocol
+ nft: fix leaks in nft_xtables_config_load
+ xtables: remove bogus comment on chain rename
+ xtables: nft: remove lots of useless debugging messages
+ xtables: do not proceed if nft_init fails
+ xtables: fix missing afinfo configuration
+ xtables: nft: display rule number via -S
+ xtables-events: print usage on wrong arguments
+ xtables-events: fix missing newline in table and chain events
+ nft: fix built-in chain ordering of the nat table
+ src: use nft_*_list_add_tail
+ nft: break chain listing if only one if looked for
+ nft: fix selective chain display via -S
+ xtables: add -I chain rulenum
+ xtables: remove bogus comment regarding rule replacement
+ nft: no need for rule lookup if no position specified via -I
+ xtables: fix typo in add_entry for the IPv6 case
+ nft: fix match revision lookup for IPv6
+ etc: add default IPv6 table and chain definitions
+ xtables: use xtables_rule_matches_free
+ nft: fix wrong flags handling in print_firewall_details
+ nft: use xtables_print_num
+ nft: generalize rule addition family hook
+ xtables: nft-arp: fix endianess in nft_arp_parse_payload
+ nft: consolidate nft_rule_find for ARP, IPv4 and IPv6
+ nft: consolidate nft_rule_new to support ARP
+ nft: consolidate nft_rule_* functions to support ARP
+ include: cache netfilter_arp kernel headers
+ nft: adapt nft_rule_expr_get to use uint32_t instead of size_t
+ xtables: batch rule-set updates into one single netlink message
+ xtables: fix missing ipt_entry for MASQUERADE target
+ nft: pass ipt_entry to ->save_firewall hook
+ nft: fix bad length when comparing extension data area
+ nft: fix interface wildcard matching
+ xtables-events: fix compilation due change in libnftables
+ nft: fix inversion of built-in selectors
+ nft: fix out of bound memory copy
+ nft: fix wrong function to release iterator
+ nft: fix inconsistent data type in NFT_EXPR_CMP_OP and NFT_EXPR_META_KEY
+ configure: fix wrong reference to the conntrack-tools
+ configure: rename --disable-xtables to --disable-nftables
+ configure: conditional dependencies for nftables-compat
+ xtables-restore: remove dependency with libip4tc
+ xtables: add xtables-compat-multi for the nftables compatibility layer
+ nft-compat: fix IP6T_F_GOTO flag handling
+ nft-compat: fix wrong protocol context in initialization
+ Merge branch 'nft-compat'
+ iptables.8: update coreteam members from manpage
+ Merge branch 'next-3.14'
+ iptables: nft: generalize batch infrastructure
+ iptables: nft: remove unused code
+ iptables: nft: add tables and chains to the batch
+ Makefile: fix static compilation iptables-compat without shared libraries
+ iptables-compat: fix address prefix
+ iptables-compat: nft: use nft_batch_begin and nft_batch_end from libnftnl
+ iptables-compat: fix use after free in the batch send path
+ iptables-compat: get rid of error reporting via perror
+ Merge branch 'tests'
+ iptables-compat: nft: fix user chain addition, deletion and rename
+ iptables-compat: nft: fix error reporting
+ arptables-compat: fix missing error reporting
+ arptables-compat: allow to not specify a target
+ arptables-compat: get output in sync with arptables -L -n --line-numbers
+ arptables-compat: remove save code
+ refresh nf_tables.h cached copy
+ iptables-compat: fix chain policy reset with iptables -L -n
+ iptables-compat: statify unused built-in table/chain functions
+ iptables-compat: assume chain policy NF_ACCEPT when creating built-in chains
+ iptables-compat: fix empty chains after first invocation of iptables-compat -L
+ Merge branch 'ipset'
+ nft: bootstrap ebtables-compat
+ ebtables-compat: use ebtables_command_state in bootstrap code
+ iptables: use flock() instead of abstract unix sockets
+ Merge branch 'ebtables-compat'
+ xshared: calm down compilation warning
+ xtables-compat: remove unused fields from bridge and arp families
+ iptables-compat: unset context flags in netlink delinearize step
+ Merge branch 'ipset-next'
+ extensions: fix several test errors
+ iptables-compat: use new symbols in libnftnl
+ iptables-compat: Keep xtables-config and xtables-events out from tree
+ iptables 1.6.0 release
+ iptables: fix static builds
+
+Phil Oester (1):
+ iptables-xml: fix segfault if missing space after -A
+
+Ronald Wahl (1):
+ libxtables: fix two off-by-one memory corruption bugs
+
+Thomas Woerner (2):
+ iptables-compat: Allow to insert into rule_count+1 position
+ iptables-compat: Increase rule number only for the selected table and chain
+
+Tomasz Bursztyka (41):
+ headers: Make nf_tables.h up to date
+ nft: Add support for chain rename options (-E)
+ iptables: nft: Fix -D chain rulenum option
+ iptables: nft: Refactor __nft_rule_check to return rule handle when relevant
+ iptables: nft: Add support for -R option
+ xtables: add IPv6 support
+ nft: Split nft core to become family independant
+ xtables: initialize xtables defaults even on listing rules
+ xtables: policy can be changed only on builtin chain
+ nft: Set the rule family when creating a new one
+ nft: Handle error on adding rule expressions
+ xtables: Remove useless parameter to nft_chain_list_find
+ nft: add function to test for a builtin chain
+ nft: Fix small memory leaks
+ xtables: Do not dump before command parsing has been finished
+ nft: Remove useless function
+ nft: Optimize rule listing when chain and rulenum are provided
+ nft: Make internal rule listing callback more generic
+ nft: Remove useless test on rulenum in nft_rule_list()
+ nft: Generalize nft_rule_list() against current family
+ nft: Print unknown target data only when relevant
+ nft: convert rule into a command state structure
+ xtables: allow to reset the counters of an existing rule
+ nft: Fix a minor compilation warning
+ nft: skip unset tables on table configuration emulation
+ xtables: arp: Store target entry properly and compare them relevantly
+ extensions: add arptables' libxt_mangle.c for xtables-arp
+ extensions: libxt_mangle: Fixes option issues
+ nft: Header inclusion missing
+ xtables: arp: Parse properly target options
+ nft: fix wrong target size
+ xtables: arp: Fix a compilation warning
+ xtables: arp: inhibit -l option so only a fixed 6 bytes length arhln can be used
+ include: Update nftables API header in sync with kernel's one
+ nft: Use new libnftnl library name against former libnftables
+ xtables: Add backward compatibility with -w option
+ nft: Add useful debug output when a builtin table is created
+ nft: A builtin chain might be created when restoring
+ nft: Initialize a table only once
+ nft: Remove useless error message
+ nft: Pass a line after printing out a debug message
+
+Ville Skyttä (1):
+ iptables: Spelling fixes
+
+Willem de Bruijn (1):
+ include: add linux/filter.h
+
+fan.du (1):
+ iptables: Add IPv4/6 IPcomp match support
+
+
+iptables v1.4.21 Changelog: +iptables v1.4.21 Changelog:
+====================================================================== +======================================================================
+Changes from 1.4.20: +Changes from 1.4.20:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment