- removed outdated grsecurity patch

diff --git a/iptables-stealth.patch b/iptables-stealth.patch
deleted file mode 100644 (file)
index 7f1f144..0000000
--- a/iptables-stealth.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-diff -urN iptables-1.2.11/extensions/libipt_stealth.c iptables-1.2.11/extensions/libipt_stealth.c
---- iptables-1.2.11/extensions/libipt_stealth.c        1969-12-31 19:00:00 -0500
-+++ iptables-1.2.11/extensions/libipt_stealth.c        2004-07-13 21:14:15 -0400
-@@ -0,0 +1,62 @@
-+/* Shared library add-on to iptables to add stealth support.
-+ * Copyright (C) 2002 Brad Spengler  <spender@grsecurity.net>
-+ * This netfilter module is licensed under the GNU GPL.
-+ */
-+
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <iptables.h>
-+
-+/* Function which prints out usage message. */
-+static void
-+help(void)
-+{
-+      printf("stealth v%s takes no options\n\n", XTABLES_VERSION);
-+}
-+
-+static struct option opts[] = {
-+      {0}
-+};
-+
-+/* Initialize the match. */
-+static void
-+init(struct ipt_entry_match *m, unsigned int *nfcache)
-+{
-+      *nfcache |= NFC_UNKNOWN;
-+}
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+      const void *entry, struct xt_entry_match **match)
-+{
-+      return 0;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+      return;
-+}
-+
-+static
-+struct xtables_match stealth = {
-+      .next           = NULL,
-+      .name           = "stealth",
-+      .version        = XTABLES_VERSION,
-+      .size           = XT_ALIGN(0),
-+      .userspacesize  = XT_ALIGN(0),
-+      .help           = &help,
-+      .init           = &init, 
-+      .parse          = &parse,
-+      .final_check    = &final_check,
-+      .print          = NULL,
-+      .save           = NULL,
-+      .extra_opts     = opts
-+};
-+
-+void _init(void)
-+{
-+      xtables_register_match(&stealth);
-+}

diff --git a/iptables.spec b/iptables.spec
index b886a4b2ab7db2b524c576684e97a05a1acd347c..e6f30bc093a8d5f9fdd5da4bc1682e7f7c4b5255 100644 (file)
--- a/iptables.spec
+++ b/iptables.spec
@@ -3,7 +3,6 @@
 # - update BR to real required llh version
 # - check if kernel-headers are still required to properly build iptabels for dist kernel
 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
-# - owner needs rewrite to xt
 #
 # Conditional build:
 %bcond_without doc             # without documentation (HOWTOS) which needed TeX
@@ -70,8 +69,6 @@ Patch13:      %{name}-imq.patch
 Patch14:       %{name}-owner-xid.patch
 # adjusts xt_owner for vserver-enabled kernel
 Patch15:       %{name}-owner-struct-size-vs.patch
-# ipt_stealth; currently disabled (broken, see below)
-Patch16:       %{name}-stealth.patch
 URL:           http://www.netfilter.org/
 BuildRequires: autoconf >= 2.50
 BuildRequires: automake
@@ -212,8 +209,6 @@ iptables(8).
 %patch14 -p1
 %patch15 -p1
 %endif
-# builds but init() api is broken, see warnings
-#patch16 -p1
 
 %build
 %{__libtoolize}
@@ -368,8 +363,6 @@ fi
 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
-# disabled, see above
-#%attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
 %attr(755,root,root) %{_libdir}/xtables/libip6t_DNAT.so
 %attr(755,root,root) %{_libdir}/xtables/libip6t_DNPT.so