diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..85ddb15
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/libnftnl-1.1.5.tar.bz2
diff --git a/.libnftnl.metadata b/.libnftnl.metadata
new file mode 100644
index 0000000..701ec2c
--- /dev/null
+++ b/.libnftnl.metadata
@@ -0,0 +1 @@
+a923bae5b028a30c5c8aa4c0f71445885867274b SOURCES/libnftnl-1.1.5.tar.bz2
diff --git a/SOURCES/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch b/SOURCES/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch
new file mode 100644
index 0000000..441c656
--- /dev/null
+++ b/SOURCES/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch
@@ -0,0 +1,47 @@
+From 3f0616b15e32def6d01b4535ac0efb51caa07662 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Mon, 2 Dec 2019 18:55:39 +0100
+Subject: [PATCH] tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1717129
+Upstream Status: libnftnl commit b2388765e0c44
+
+commit b2388765e0c4405442faa13845419f6a35d0134c
+Author: Phil Sutter <phil@nwl.cc>
+Date: Mon Dec 2 18:29:56 2019 +0100
+
+ tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE
+
+ Marshalling code around that attribute has been dropped by commit
+ d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") so it's value is
+ lost during the test.
+
+ Assuming that NFTNL_FLOWTABLE_SIZE will receive kernel support at a
+ later point, leave the test code in place but just comment it out.
+
+ Fixes: d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE")
+ Signed-off-by: Phil Sutter <phil@nwl.cc>
+ Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ tests/nft-flowtable-test.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/nft-flowtable-test.c b/tests/nft-flowtable-test.c
+index 3edb00d..8ab8d4c 100644
+--- a/tests/nft-flowtable-test.c
++++ b/tests/nft-flowtable-test.c
+@@ -33,9 +33,11 @@ static void cmp_nftnl_flowtable(struct nftnl_flowtable *a, struct nftnl_flowtabl
+ if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_USE) !=
+ nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_USE))
+ print_err("Flowtable use mismatches");
++#if 0
+ if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_SIZE) !=
+ nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_SIZE))
+ print_err("Flowtable size mismatches");
++#endif
+ if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FLAGS) !=
+ nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FLAGS))
+ print_err("Flowtable flags mismatches");
+--
+1.8.3.1
+
diff --git a/SOURCES/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch b/SOURCES/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch
new file mode 100644
index 0000000..bfda34a
--- /dev/null
+++ b/SOURCES/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch
@@ -0,0 +1,39 @@
+From e744735b92ee312cd2ad08776f3c56962ab53710 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 6 Dec 2019 17:31:16 +0100
+Subject: [PATCH] flowtable: Fix memleak in error path of
+ nftnl_flowtable_parse_devs()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952
+Upstream Status: libnftnl commit ba1b02594e8d0
+
+commit ba1b02594e8d05e4c791925a50f9309f89b55c80
+Author: Phil Sutter <phil@nwl.cc>
+Date: Mon Dec 2 22:57:40 2019 +0100
+
+ flowtable: Fix memleak in error path of nftnl_flowtable_parse_devs()
+
+ In error case, allocated dev_array is not freed.
+
+ Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation")
+ Signed-off-by: Phil Sutter <phil@nwl.cc>
+ Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/flowtable.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/flowtable.c b/src/flowtable.c
+index 324e80f..db31943 100644
+--- a/src/flowtable.c
++++ b/src/flowtable.c
+@@ -419,6 +419,7 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest,
+ err:
+ while (len--)
+ xfree(dev_array[len]);
++ xfree(dev_array);
+ return -1;
+ }
+
+--
+1.8.3.1
+
diff --git a/SOURCES/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch b/SOURCES/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch
new file mode 100644
index 0000000..7d58f81
--- /dev/null
+++ b/SOURCES/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch
@@ -0,0 +1,38 @@
+From a5241b8fcd2f62d8e71bf9dfebfbcf27a8a61e46 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 6 Dec 2019 17:31:16 +0100
+Subject: [PATCH] chain: Fix memleak in error path of nftnl_chain_parse_devs()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952
+Upstream Status: libnftnl commit 32a8c5f52355e
+
+commit 32a8c5f52355ef69bf74c28e27345b2e03d948e7
+Author: Phil Sutter <phil@nwl.cc>
+Date: Mon Dec 2 23:00:20 2019 +0100
+
+ chain: Fix memleak in error path of nftnl_chain_parse_devs()
+
+ In error case, dev_array is not freed when it should.
+
+ Fixes: e3ac19b5ec162 ("chain: multi-device support")
+ Signed-off-by: Phil Sutter <phil@nwl.cc>
+ Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/chain.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/chain.c b/src/chain.c
+index d4050d2..9cc8735 100644
+--- a/src/chain.c
++++ b/src/chain.c
+@@ -636,6 +636,7 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c)
+ err:
+ while (len--)
+ xfree(dev_array[len]);
++ xfree(dev_array);
+ return -1;
+ }
+
+--
+1.8.3.1
+
diff --git a/SOURCES/0004-flowtable-Correctly-check-realloc-call.patch b/SOURCES/0004-flowtable-Correctly-check-realloc-call.patch
new file mode 100644
index 0000000..79c6264
--- /dev/null
+++ b/SOURCES/0004-flowtable-Correctly-check-realloc-call.patch
@@ -0,0 +1,61 @@
+From 8f24f6eed8d905fb6b64d003ae3f4f1e657301aa Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 6 Dec 2019 17:31:16 +0100
+Subject: [PATCH] flowtable: Correctly check realloc() call
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952
+Upstream Status: libnftnl commit 835d645f40525
+
+commit 835d645f4052551c5c1829c37a07c882f2260f65
+Author: Phil Sutter <phil@nwl.cc>
+Date: Mon Dec 2 23:08:07 2019 +0100
+
+ flowtable: Correctly check realloc() call
+
+ If realloc() fails, it returns NULL but the original pointer is
+ untouchted and therefore still has to be freed. Unconditionally
+ overwriting the old pointer is therefore a bad idea, use a temporary
+ variable instead.
+
+ Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation")
+ Signed-off-by: Phil Sutter <phil@nwl.cc>
+ Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/flowtable.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/src/flowtable.c b/src/flowtable.c
+index db31943..9ba3b6d 100644
+--- a/src/flowtable.c
++++ b/src/flowtable.c
+@@ -388,7 +388,7 @@ static int nftnl_flowtable_parse_hook_cb(const struct nlattr *attr, void *data)
+ static int nftnl_flowtable_parse_devs(struct nlattr *nest,
+ struct nftnl_flowtable *c)
+ {
+- const char **dev_array;
++ const char **dev_array, **tmp;
+ int len = 0, size = 8;
+ struct nlattr *attr;
+
+@@ -401,14 +401,13 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest,
+ goto err;
+ dev_array[len++] = strdup(mnl_attr_get_str(attr));
+ if (len >= size) {
+- dev_array = realloc(dev_array,
+- size * 2 * sizeof(char *));
+- if (!dev_array)
++ tmp = realloc(dev_array, size * 2 * sizeof(char *));
++ if (!tmp)
+ goto err;
+
+ size *= 2;
+- memset(&dev_array[len], 0,
+- (size - len) * sizeof(char *));
++ memset(&tmp[len], 0, (size - len) * sizeof(char *));
++ dev_array = tmp;
+ }
+ }
+
+--
+1.8.3.1
+
diff --git a/SOURCES/0005-chain-Correctly-check-realloc-call.patch b/SOURCES/0005-chain-Correctly-check-realloc-call.patch
new file mode 100644
index 0000000..41f068b
--- /dev/null
+++ b/SOURCES/0005-chain-Correctly-check-realloc-call.patch
@@ -0,0 +1,61 @@
+From 2facd747b6bbcd3716841e6213b7b9e9b94c556a Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Fri, 6 Dec 2019 17:31:16 +0100
+Subject: [PATCH] chain: Correctly check realloc() call
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952
+Upstream Status: libnftnl commit d95a703746d53
+
+commit d95a703746d5394d56a9f464e343594e4882da0d
+Author: Phil Sutter <phil@nwl.cc>
+Date: Mon Dec 2 23:12:34 2019 +0100
+
+ chain: Correctly check realloc() call
+
+ If realloc() fails, it returns NULL but the original pointer is
+ untouchted and therefore still has to be freed. Unconditionally
+ overwriting the old pointer is therefore a bad idea, use a temporary
+ variable instead.
+
+ Fixes: e3ac19b5ec162 ("chain: multi-device support")
+ Signed-off-by: Phil Sutter <phil@nwl.cc>
+ Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/chain.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/src/chain.c b/src/chain.c
+index 9cc8735..b9a16fc 100644
+--- a/src/chain.c
++++ b/src/chain.c
+@@ -605,7 +605,7 @@ static int nftnl_chain_parse_hook_cb(const struct nlattr *attr, void *data)
+
+ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c)
+ {
+- const char **dev_array;
++ const char **dev_array, **tmp;
+ int len = 0, size = 8;
+ struct nlattr *attr;
+
+@@ -618,14 +618,13 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c)
+ goto err;
+ dev_array[len++] = strdup(mnl_attr_get_str(attr));
+ if (len >= size) {
+- dev_array = realloc(dev_array,
+- size * 2 * sizeof(char *));
+- if (!dev_array)
++ tmp = realloc(dev_array, size * 2 * sizeof(char *));
++ if (!tmp)
+ goto err;
+
+ size *= 2;
+- memset(&dev_array[len], 0,
+- (size - len) * sizeof(char *));
++ memset(&tmp[len], 0, (size - len) * sizeof(char *));
++ dev_array = tmp;
+ }
+ }
+
+--
+1.8.3.1
+
diff --git a/SOURCES/0006-include-resync-nf_tables.h-cache-copy.patch b/SOURCES/0006-include-resync-nf_tables.h-cache-copy.patch
new file mode 100644
index 0000000..8cc1998
--- /dev/null
+++ b/SOURCES/0006-include-resync-nf_tables.h-cache-copy.patch
@@ -0,0 +1,84 @@
+From 83cc5382243253156b5813f0d6b9527cbede5aa3 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 13 Feb 2020 17:47:45 +0100
+Subject: [PATCH] include: resync nf_tables.h cache copy
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795223
+Upstream Status: libnftnl commit 131a6c2fa4ccc
+
+commit 131a6c2fa4cccaa04a7b93b686f10f5ba6f11b3d
+Author: Stefano Brivio <sbrivio@redhat.com>
+Date: Thu Jan 30 01:16:32 2020 +0100
+
+ include: resync nf_tables.h cache copy
+
+ Get this header in sync with nf-next as of merge commit
+ b3a608222336 (5.6-rc1-ish).
+
+ Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/linux/netfilter/nf_tables.h | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
+index bb9b049..312c7b2 100644
+--- a/include/linux/netfilter/nf_tables.h
++++ b/include/linux/netfilter/nf_tables.h
+@@ -48,6 +48,7 @@ enum nft_registers {
+
+ #define NFT_REG_SIZE 16
+ #define NFT_REG32_SIZE 4
++#define NFT_REG32_COUNT (NFT_REG32_15 - NFT_REG32_00 + 1)
+
+ /**
+ * enum nft_verdicts - nf_tables internal verdicts
+@@ -301,15 +302,29 @@ enum nft_set_policies {
+ * enum nft_set_desc_attributes - set element description
+ *
+ * @NFTA_SET_DESC_SIZE: number of elements in set (NLA_U32)
++ * @NFTA_SET_DESC_CONCAT: description of field concatenation (NLA_NESTED)
+ */
+ enum nft_set_desc_attributes {
+ NFTA_SET_DESC_UNSPEC,
+ NFTA_SET_DESC_SIZE,
++ NFTA_SET_DESC_CONCAT,
+ __NFTA_SET_DESC_MAX
+ };
+ #define NFTA_SET_DESC_MAX (__NFTA_SET_DESC_MAX - 1)
+
+ /**
++ * enum nft_set_field_attributes - attributes of concatenated fields
++ *
++ * @NFTA_SET_FIELD_LEN: length of single field, in bits (NLA_U32)
++ */
++enum nft_set_field_attributes {
++ NFTA_SET_FIELD_UNSPEC,
++ NFTA_SET_FIELD_LEN,
++ __NFTA_SET_FIELD_MAX
++};
++#define NFTA_SET_FIELD_MAX (__NFTA_SET_FIELD_MAX - 1)
++
++/**
+ * enum nft_set_attributes - nf_tables set netlink attributes
+ *
+ * @NFTA_SET_TABLE: table name (NLA_STRING)
+@@ -370,6 +385,7 @@ enum nft_set_elem_flags {
+ * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
+ * @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes)
+ * @NFTA_SET_ELEM_OBJREF: stateful object reference (NLA_STRING)
++ * @NFTA_SET_ELEM_KEY_END: closing key value (NLA_NESTED: nft_data)
+ */
+ enum nft_set_elem_attributes {
+ NFTA_SET_ELEM_UNSPEC,
+@@ -382,6 +398,7 @@ enum nft_set_elem_attributes {
+ NFTA_SET_ELEM_EXPR,
+ NFTA_SET_ELEM_PAD,
+ NFTA_SET_ELEM_OBJREF,
++ NFTA_SET_ELEM_KEY_END,
+ __NFTA_SET_ELEM_MAX
+ };
+ #define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1)
+--
+1.8.3.1
+
diff --git a/SOURCES/0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch b/SOURCES/0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch
new file mode 100644
index 0000000..d2db93d
--- /dev/null
+++ b/SOURCES/0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch
@@ -0,0 +1,252 @@
+From db234c0c95ac45b5ff8602d8686d2bb1bbaa7883 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 13 Feb 2020 17:47:45 +0100
+Subject: [PATCH] set: Add support for NFTA_SET_DESC_CONCAT attributes
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795223
+Upstream Status: libnftnl commit 7cd41b5387acf
+
+commit 7cd41b5387acf84088e9299a796f7c2c72339a1a
+Author: Stefano Brivio <sbrivio@redhat.com>
+Date: Thu Jan 30 01:16:33 2020 +0100
+
+ set: Add support for NFTA_SET_DESC_CONCAT attributes
+
+ If NFTNL_SET_DESC_CONCAT data is passed, pass that to the kernel
+ as NFTA_SET_DESC_CONCAT attributes: it describes the length of
+ single concatenated fields, in bytes.
+
+ Similarly, parse NFTA_SET_DESC_CONCAT attributes if received
+ from the kernel.
+
+ This is the libnftnl counterpart for nftables patch:
+ src: Add support for NFTNL_SET_DESC_CONCAT
+
+ v4:
+ - move NFTNL_SET_DESC_CONCAT to the end of enum nftnl_set_attr
+ to avoid ABI breakage (Pablo Neira Ayuso)
+ v3:
+ - use NFTNL_SET_DESC_CONCAT and NFTA_SET_DESC_CONCAT instead of a
+ stand-alone NFTA_SET_SUBKEY attribute (Pablo Neira Ayuso)
+ - pass field length in bytes instead of bits, fields would get
+ unnecessarily big otherwise
+ v2:
+ - fixed grammar in commit message
+ - removed copy of array bytes in nftnl_set_nlmsg_build_subkey_payload(),
+ we're simply passing values to htonl() (Phil Sutter)
+
+ Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/libnftnl/set.h | 1 +
+ include/set.h | 2 +
+ src/set.c | 111 ++++++++++++++++++++++++++++++++++++++++---------
+ 3 files changed, 95 insertions(+), 19 deletions(-)
+
+diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h
+index db3fa68..bbbf58d 100644
+--- a/include/libnftnl/set.h
++++ b/include/libnftnl/set.h
+@@ -29,6 +29,7 @@ enum nftnl_set_attr {
+ NFTNL_SET_USERDATA,
+ NFTNL_SET_OBJ_TYPE,
+ NFTNL_SET_HANDLE,
++ NFTNL_SET_DESC_CONCAT,
+ __NFTNL_SET_MAX
+ };
+ #define NFTNL_SET_MAX (__NFTNL_SET_MAX - 1)
+diff --git a/include/set.h b/include/set.h
+index 446acd2..895ffdb 100644
+--- a/include/set.h
++++ b/include/set.h
+@@ -25,6 +25,8 @@ struct nftnl_set {
+ enum nft_set_policies policy;
+ struct {
+ uint32_t size;
++ uint8_t field_len[NFT_REG32_COUNT];
++ uint8_t field_count;
+ } desc;
+ struct list_head element_list;
+
+diff --git a/src/set.c b/src/set.c
+index 78447c6..651dcfa 100644
+--- a/src/set.c
++++ b/src/set.c
+@@ -89,6 +89,7 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr)
+ case NFTNL_SET_ID:
+ case NFTNL_SET_POLICY:
+ case NFTNL_SET_DESC_SIZE:
++ case NFTNL_SET_DESC_CONCAT:
+ case NFTNL_SET_TIMEOUT:
+ case NFTNL_SET_GC_INTERVAL:
+ break;
+@@ -174,6 +175,10 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
+ case NFTNL_SET_DESC_SIZE:
+ memcpy(&s->desc.size, data, sizeof(s->desc.size));
+ break;
++ case NFTNL_SET_DESC_CONCAT:
++ memcpy(&s->desc.field_len, data, data_len);
++ while (s->desc.field_len[++s->desc.field_count]);
++ break;
+ case NFTNL_SET_TIMEOUT:
+ memcpy(&s->timeout, data, sizeof(s->timeout));
+ break;
+@@ -266,6 +271,9 @@ const void *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr,
+ case NFTNL_SET_DESC_SIZE:
+ *data_len = sizeof(uint32_t);
+ return &s->desc.size;
++ case NFTNL_SET_DESC_CONCAT:
++ *data_len = s->desc.field_count;
++ return s->desc.field_len;
+ case NFTNL_SET_TIMEOUT:
+ *data_len = sizeof(uint64_t);
+ return &s->timeout;
+@@ -351,13 +359,42 @@ err:
+ return NULL;
+ }
+
++static void nftnl_set_nlmsg_build_desc_size_payload(struct nlmsghdr *nlh,
++ struct nftnl_set *s)
++{
++ mnl_attr_put_u32(nlh, NFTA_SET_DESC_SIZE, htonl(s->desc.size));
++}
++
++static void nftnl_set_nlmsg_build_desc_concat_payload(struct nlmsghdr *nlh,
++ struct nftnl_set *s)
++{
++ struct nlattr *nest;
++ int i;
++
++ nest = mnl_attr_nest_start(nlh, NFTA_SET_DESC_CONCAT);
++ for (i = 0; i < NFT_REG32_COUNT && i < s->desc.field_count; i++) {
++ struct nlattr *nest_elem;
++
++ nest_elem = mnl_attr_nest_start(nlh, NFTA_LIST_ELEM);
++ mnl_attr_put_u32(nlh, NFTA_SET_FIELD_LEN,
++ htonl(s->desc.field_len[i]));
++ mnl_attr_nest_end(nlh, nest_elem);
++ }
++ mnl_attr_nest_end(nlh, nest);
++}
++
+ static void
+ nftnl_set_nlmsg_build_desc_payload(struct nlmsghdr *nlh, struct nftnl_set *s)
+ {
+ struct nlattr *nest;
+
+ nest = mnl_attr_nest_start(nlh, NFTA_SET_DESC);
+- mnl_attr_put_u32(nlh, NFTA_SET_DESC_SIZE, htonl(s->desc.size));
++
++ if (s->flags & (1 << NFTNL_SET_DESC_SIZE))
++ nftnl_set_nlmsg_build_desc_size_payload(nlh, s);
++ if (s->flags & (1 << NFTNL_SET_DESC_CONCAT))
++ nftnl_set_nlmsg_build_desc_concat_payload(nlh, s);
++
+ mnl_attr_nest_end(nlh, nest);
+ }
+
+@@ -387,7 +424,7 @@ void nftnl_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s)
+ mnl_attr_put_u32(nlh, NFTA_SET_ID, htonl(s->id));
+ if (s->flags & (1 << NFTNL_SET_POLICY))
+ mnl_attr_put_u32(nlh, NFTA_SET_POLICY, htonl(s->policy));
+- if (s->flags & (1 << NFTNL_SET_DESC_SIZE))
++ if (s->flags & (1 << NFTNL_SET_DESC_SIZE | 1 << NFTNL_SET_DESC_CONCAT))
+ nftnl_set_nlmsg_build_desc_payload(nlh, s);
+ if (s->flags & (1 << NFTNL_SET_TIMEOUT))
+ mnl_attr_put_u64(nlh, NFTA_SET_TIMEOUT, htobe64(s->timeout));
+@@ -445,39 +482,75 @@ static int nftnl_set_parse_attr_cb(const struct nlattr *attr, void *data)
+ return MNL_CB_OK;
+ }
+
+-static int nftnl_set_desc_parse_attr_cb(const struct nlattr *attr, void *data)
++static int
++nftnl_set_desc_concat_field_parse_attr_cb(const struct nlattr *attr, void *data)
++{
++ int type = mnl_attr_get_type(attr);
++ struct nftnl_set *s = data;
++
++ if (type != NFTA_SET_FIELD_LEN)
++ return MNL_CB_OK;
++
++ if (mnl_attr_validate(attr, MNL_TYPE_U32))
++ return MNL_CB_ERROR;
++
++ s->desc.field_len[s->desc.field_count] = ntohl(mnl_attr_get_u32(attr));
++ s->desc.field_count++;
++
++ return MNL_CB_OK;
++}
++
++static int
++nftnl_set_desc_concat_parse_attr_cb(const struct nlattr *attr, void *data)
+ {
+- const struct nlattr **tb = data;
+ int type = mnl_attr_get_type(attr);
++ struct nftnl_set *s = data;
++
++ if (type != NFTA_LIST_ELEM)
++ return MNL_CB_OK;
++
++ return mnl_attr_parse_nested(attr,
++ nftnl_set_desc_concat_field_parse_attr_cb,
++ s);
++}
++
++static int nftnl_set_desc_parse_attr_cb(const struct nlattr *attr, void *data)
++{
++ int type = mnl_attr_get_type(attr), err;
++ struct nftnl_set *s = data;
+
+ if (mnl_attr_type_valid(attr, NFTA_SET_DESC_MAX) < 0)
+ return MNL_CB_OK;
+
+ switch (type) {
+ case NFTA_SET_DESC_SIZE:
+- if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
++ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
+ abi_breakage();
++ break;
++ }
++
++ s->desc.size = ntohl(mnl_attr_get_u32(attr));
++ s->flags |= (1 << NFTNL_SET_DESC_SIZE);
++ break;
++ case NFTA_SET_DESC_CONCAT:
++ err = mnl_attr_parse_nested(attr,
++ nftnl_set_desc_concat_parse_attr_cb,
++ s);
++ if (err != MNL_CB_OK)
++ abi_breakage();
++
++ s->flags |= (1 << NFTNL_SET_DESC_CONCAT);
++ break;
++ default:
+ break;
+ }
+
+- tb[type] = attr;
+ return MNL_CB_OK;
+ }
+
+-static int nftnl_set_desc_parse(struct nftnl_set *s,
+- const struct nlattr *attr)
++static int nftnl_set_desc_parse(struct nftnl_set *s, const struct nlattr *attr)
+ {
+- struct nlattr *tb[NFTA_SET_DESC_MAX + 1] = {};
+-
+- if (mnl_attr_parse_nested(attr, nftnl_set_desc_parse_attr_cb, tb) < 0)
+- return -1;
+-
+- if (tb[NFTA_SET_DESC_SIZE]) {
+- s->desc.size = ntohl(mnl_attr_get_u32(tb[NFTA_SET_DESC_SIZE]));
+- s->flags |= (1 << NFTNL_SET_DESC_SIZE);
+- }
+-
+- return 0;
++ return mnl_attr_parse_nested(attr, nftnl_set_desc_parse_attr_cb, s);
+ }
+
+ EXPORT_SYMBOL(nftnl_set_nlmsg_parse);
+--
+1.8.3.1
+
diff --git a/SOURCES/0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch b/SOURCES/0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch
new file mode 100644
index 0000000..c57b126
--- /dev/null
+++ b/SOURCES/0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch
@@ -0,0 +1,125 @@
+From 0ac992b8118bce817e0f1da3e2581c4cde95ca80 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 13 Feb 2020 17:47:45 +0100
+Subject: [PATCH] set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795223
+Upstream Status: libnftnl commit 04cc28d8d6923
+
+commit 04cc28d8d6923ea66b08ae9a74d81d8b6ac5b2d7
+Author: Stefano Brivio <sbrivio@redhat.com>
+Date: Thu Jan 30 01:16:34 2020 +0100
+
+ set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END
+
+ The new set element attribute maps to the netlink attribute
+ NFTA_SET_ELEM_KEY_END in the same way as NFTNL_SET_ELEM_KEY
+ maps to NFTA_SET_ELEM_KEY, and represents the key data used
+ to express the upper bound of a range, in concatenations.
+
+ Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
+ Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/libnftnl/set.h | 1 +
+ include/set_elem.h | 1 +
+ src/set_elem.c | 24 ++++++++++++++++++++++++
+ 3 files changed, 26 insertions(+)
+
+diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h
+index bbbf58d..6843adf 100644
+--- a/include/libnftnl/set.h
++++ b/include/libnftnl/set.h
+@@ -105,6 +105,7 @@ enum {
+ NFTNL_SET_ELEM_USERDATA,
+ NFTNL_SET_ELEM_EXPR,
+ NFTNL_SET_ELEM_OBJREF,
++ NFTNL_SET_ELEM_KEY_END,
+ __NFTNL_SET_ELEM_MAX
+ };
+ #define NFTNL_SET_ELEM_MAX (__NFTNL_SET_ELEM_MAX - 1)
+diff --git a/include/set_elem.h b/include/set_elem.h
+index cc4d529..52f185a 100644
+--- a/include/set_elem.h
++++ b/include/set_elem.h
+@@ -8,6 +8,7 @@ struct nftnl_set_elem {
+ uint32_t set_elem_flags;
+ uint32_t flags;
+ union nftnl_data_reg key;
++ union nftnl_data_reg key_end;
+ union nftnl_data_reg data;
+ struct nftnl_expr *expr;
+ uint64_t timeout;
+diff --git a/src/set_elem.c b/src/set_elem.c
+index d3ce807..2203193 100644
+--- a/src/set_elem.c
++++ b/src/set_elem.c
+@@ -75,6 +75,7 @@ void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr)
+ break;
+ case NFTNL_SET_ELEM_FLAGS:
+ case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */
++ case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */
+ case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */
+ case NFTNL_SET_ELEM_DATA: /* NFTA_SET_ELEM_DATA */
+ case NFTNL_SET_ELEM_TIMEOUT: /* NFTA_SET_ELEM_TIMEOUT */
+@@ -118,6 +119,10 @@ int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr,
+ memcpy(&s->key.val, data, data_len);
+ s->key.len = data_len;
+ break;
++ case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */
++ memcpy(&s->key_end.val, data, data_len);
++ s->key_end.len = data_len;
++ break;
+ case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */
+ memcpy(&s->data.verdict, data, sizeof(s->data.verdict));
+ break;
+@@ -193,6 +198,9 @@ const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t
+ case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */
+ *data_len = s->key.len;
+ return &s->key.val;
++ case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */
++ *data_len = s->key_end.len;
++ return &s->key_end.val;
+ case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */
+ *data_len = sizeof(s->data.verdict);
+ return &s->data.verdict;
+@@ -287,6 +295,14 @@ void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh,
+ mnl_attr_put(nlh, NFTA_DATA_VALUE, e->key.len, e->key.val);
+ mnl_attr_nest_end(nlh, nest1);
+ }
++ if (e->flags & (1 << NFTNL_SET_ELEM_KEY_END)) {
++ struct nlattr *nest1;
++
++ nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_KEY_END);
++ mnl_attr_put(nlh, NFTA_DATA_VALUE, e->key_end.len,
++ e->key_end.val);
++ mnl_attr_nest_end(nlh, nest1);
++ }
+ if (e->flags & (1 << NFTNL_SET_ELEM_VERDICT)) {
+ struct nlattr *nest1, *nest2;
+
+@@ -373,6 +389,7 @@ static int nftnl_set_elem_parse_attr_cb(const struct nlattr *attr, void *data)
+ abi_breakage();
+ break;
+ case NFTA_SET_ELEM_KEY:
++ case NFTA_SET_ELEM_KEY_END:
+ case NFTA_SET_ELEM_DATA:
+ case NFTA_SET_ELEM_EXPR:
+ if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
+@@ -421,6 +438,13 @@ static int nftnl_set_elems_parse2(struct nftnl_set *s, const struct nlattr *nest
+ goto out_set_elem;
+ e->flags |= (1 << NFTNL_SET_ELEM_KEY);
+ }
++ if (tb[NFTA_SET_ELEM_KEY_END]) {
++ ret = nftnl_parse_data(&e->key_end, tb[NFTA_SET_ELEM_KEY_END],
++ &type);
++ if (ret < 0)
++ goto out_set_elem;
++ e->flags |= (1 << NFTNL_SET_ELEM_KEY_END);
++ }
+ if (tb[NFTA_SET_ELEM_DATA]) {
+ ret = nftnl_parse_data(&e->data, tb[NFTA_SET_ELEM_DATA], &type);
+ if (ret < 0)
+--
+1.8.3.1
+
diff --git a/SOURCES/0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch b/SOURCES/0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch
new file mode 100644
index 0000000..9bb2500
--- /dev/null
+++ b/SOURCES/0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch
@@ -0,0 +1,57 @@
+From 6854ec003b42cf02d4b40c0942d49ede9f6d94c0 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Wed, 19 Feb 2020 12:00:31 +0100
+Subject: [PATCH] src: Fix for reading garbage in nftnl_chain getters
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1758673
+Upstream Status: libnftnl commit 629ee38dca486
+
+commit 629ee38dca48651bc8c0eedf2f3a0066a6c0aa5b
+Author: Phil Sutter <phil@nwl.cc>
+Date: Fri Feb 14 18:20:29 2020 +0100
+
+ src: Fix for reading garbage in nftnl_chain getters
+
+ In {s,u}{32,64} type getters nftnl_assert() is called to make sure
+ returned data length matches expectations. Therefore all attributes must
+ set data_len, which NFTNL_CHAIN_DEVICES didn't.
+
+ While being at it, do the same change for NFTNL_FLOWTABLE_DEVICES as
+ well to make code a bit more consistent although the problem was fixed
+ for flowtables with commit f8eed54150fd4 ("flowtable: Fix for reading
+ garbage") already (but in the other direction).
+
+ Fixes: e3ac19b5ec162 ("chain: multi-device support")
+ Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ src/chain.c | 1 +
+ src/flowtable.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/src/chain.c b/src/chain.c
+index b9a16fc..6e90763 100644
+--- a/src/chain.c
++++ b/src/chain.c
+@@ -365,6 +365,7 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr,
+ *data_len = strlen(c->dev) + 1;
+ return c->dev;
+ case NFTNL_CHAIN_DEVICES:
++ *data_len = 0;
+ return &c->dev_array[0];
+ }
+ return NULL;
+diff --git a/src/flowtable.c b/src/flowtable.c
+index 9ba3b6d..bf3e443 100644
+--- a/src/flowtable.c
++++ b/src/flowtable.c
+@@ -231,6 +231,7 @@ const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c,
+ *data_len = sizeof(int32_t);
+ return &c->family;
+ case NFTNL_FLOWTABLE_DEVICES:
++ *data_len = 0;
+ return &c->dev_array[0];
+ case NFTNL_FLOWTABLE_SIZE:
+ *data_len = sizeof(int32_t);
+--
+1.8.3.1
+
diff --git a/SPECS/libnftnl.spec b/SPECS/libnftnl.spec
new file mode 100644
index 0000000..4769895
--- /dev/null
+++ b/SPECS/libnftnl.spec
@@ -0,0 +1,214 @@
+%define rpmversion 1.1.5
+%define specrelease 4%{?dist}
+
+Name: libnftnl
+Version: %{rpmversion}
+Release: %{specrelease}%{?buildid}
+Summary: Library for low-level interaction with nftables Netlink's API over libmnl
+License: GPLv2+
+URL: http://netfilter.org/projects/libnftnl/
+Source0: http://ftp.netfilter.org/pub/libnftnl/libnftnl-%{version}.tar.bz2
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+BuildRequires: libmnl-devel
+Patch0: 0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch
+Patch1: 0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch
+Patch2: 0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch
+Patch3: 0004-flowtable-Correctly-check-realloc-call.patch
+Patch4: 0005-chain-Correctly-check-realloc-call.patch
+Patch5: 0006-include-resync-nf_tables.h-cache-copy.patch
+Patch6: 0007-set-Add-support-for-NFTA_SET_DESC_CONCAT-attributes.patch
+Patch7: 0008-set_elem-Introduce-support-for-NFTNL_SET_ELEM_KEY_EN.patch
+Patch8: 0009-src-Fix-for-reading-garbage-in-nftnl_chain-getters.patch
+
+%description
+A library for low-level interaction with nftables Netlink's API over libmnl.
+
+%package devel
+Summary: Development files for %{name}
+Requires: %{name}%{_isa} = %{version}-%{release}
+
+%description devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%prep
+%autosetup -p1
+
+%build
+# This is what autogen.sh (only in git repo) does - without it, patches changing
+# Makefile.am cause the build system to regenerate Makefile.in and trying to use
+# automake-1.14 for that which is not available in RHEL.
+autoreconf -fi
+rm -rf autom4te*.cache
+
+%configure --disable-static --disable-silent-rules
+make %{?_smp_mflags}
+
+%check
+make %{?_smp_mflags} check
+
+%install
+%make_install
+find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%doc COPYING
+%{_libdir}/*.so.*
+
+%files devel
+%{_libdir}/libnft*.so
+%{_libdir}/pkgconfig/libnftnl.pc
+%{_includedir}/libnftnl
+
+%changelog
+* Wed Feb 19 2020 Phil Sutter <psutter@redhat.com> [1.1.5-4.el8]
+- src: Fix for reading garbage in nftnl_chain getters (Phil Sutter) [1758673]
+
+* Fri Feb 14 2020 Phil Sutter <psutter@redhat.com> [1.1.5-3.el8]
+- set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END (Phil Sutter) [1795223]
+- set: Add support for NFTA_SET_DESC_CONCAT attributes (Phil Sutter) [1795223]
+- include: resync nf_tables.h cache copy (Phil Sutter) [1795223]
+
+* Fri Dec 06 2019 Phil Sutter <psutter@redhat.com> [1.1.5-2.el8]
+- chain: Correctly check realloc() call (Phil Sutter) [1778952]
+- flowtable: Correctly check realloc() call (Phil Sutter) [1778952]
+- chain: Fix memleak in error path of nftnl_chain_parse_devs() (Phil Sutter) [1778952]
+- flowtable: Fix memleak in error path of nftnl_flowtable_parse_devs() (Phil Sutter) [1778952]
+
+* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> [1.1.5-1.el8]
+- Rebase onto upstream version 1.1.5 (Phil Sutter) [1717129]
+
+* Thu Oct 24 2019 Phil Sutter <psutter@redhat.com> [1.1.4-3.el8]
+- set: Export nftnl_set_list_lookup_byname() (Phil Sutter) [1762563]
+
+* Thu Oct 17 2019 Phil Sutter <psutter@redhat.com> [1.1.4-2.el8]
+- obj/ct_timeout: Fix NFTA_CT_TIMEOUT_DATA parser (Phil Sutter) [1758673]
+- set_elem: Validate nftnl_set_elem_set() parameters (Phil Sutter) [1758673]
+- obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data() (Phil Sutter) [1758673]
+- set: Don't bypass checks in nftnl_set_set_u{32,64}() (Phil Sutter) [1758673]
+- obj/tunnel: Fix for undefined behaviour (Phil Sutter) [1758673]
+- set_elem: Fix return code of nftnl_set_elem_set() (Phil Sutter) [1758673]
+- obj: ct_timeout: Check return code of mnl_attr_parse_nested() (Phil Sutter) [1758673]
+
+* Fri Oct 04 2019 Phil Sutter <psutter@redhat.com> [1.1.4-1.el8]
+- Rebase to upstream version 1.1.4 (Phil Sutter) [1717129]
+
+* Thu Jan 31 2019 Phil Sutter <psutter@redhat.com> [1.1.1-4.el8]
+- src: rule: Support NFTA_RULE_POSITION_ID attribute (Phil Sutter) [1670565]
+
+* Tue Jan 29 2019 Phil Sutter <psutter@redhat.com> [1.1.1-3.el8]
+- src: chain: Fix nftnl_chain_rule_insert_at() (Phil Sutter) [1666495]
+- src: chain: Add missing nftnl_chain_rule_del() (Phil Sutter) [1666495]
+- flowtable: Fix for reading garbage (Phil Sutter) [1661327]
+- flowtable: Fix memleak in nftnl_flowtable_parse_devs() (Phil Sutter) [1661327]
+- flowtable: Fix use after free in two spots (Phil Sutter) [1661327]
+- flowtable: Add missing break (Phil Sutter) [1661327]
+- object: Avoid obj_ops array overrun (Phil Sutter) [1661327]
+
+* Mon Dec 17 2018 Phil Sutter <psutter@redhat.com> [1.1.1-2.el8]
+- chain: Hash chain list by name (Phil Sutter) [1658533]
+- chain: Add lookup functions for chain list and rules in chain (Phil Sutter) [1658533]
+- chain: Support per chain rules list (Phil Sutter) [1658533]
+- src: remove nftnl_rule_cmp() and nftnl_expr_cmp() (Phil Sutter) [1658533]
+
+* Thu Jul 12 2018 Phil Sutter <psutter@redhat.com> [1.1.1-1.el8]
+- Rebase onto upstream version 1.1.1
+- Sync spec file with RHEL7
+- Disable JSON parsing, deprecated by upstream
+- Make use of builtin testsuite
+
+* Sat Jun 23 2018 Phil Sutter - 1.0.9-3
+- Drop leftover mxml dependency [1594917]
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Jan 08 2018 Kevin Fenzi <kevin@scrye.com> - 1.0.9-1
+- Update to 1.0.9. Fixes bug #1531004
+
+* Sat Oct 21 2017 Kevin Fenzi <kevin@scrye.com> - 1.0.8-4
+- Update to 1.0.8. Fixes bug #1504350
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Dec 22 2016 Kevin Fenzi <kevin@scrye.com> - 1.0.7-1
+- Update to 1.0.7. Fixes bug #1406201
+
+* Wed Jun 01 2016 Kevin Fenzi <kevin@scrye.com> - 1.0.6-1
+- Update to 1.0.6. Fixes bug #1341384
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Sep 17 2015 Kevin Fenzi <kevin@scrye.com> 1.0.5-1
+- Update to 1.0.5. Fixes bug #1263684
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Dec 26 2014 Kevin Fenzi <kevin@scrye.com> 1.0.3-1
+- Update to final 1.0.3
+
+* Wed Sep 03 2014 Kevin Fenzi <kevin@scrye.com> 1.0.3-0.1.20140903git
+- Update to 20140903 git snapshot
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Wed Jun 25 2014 Kevin Fenzi <kevin@scrye.com> 1.0.2-1
+- Update to 1.0.2
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu Apr 24 2014 Kevin Fenzi <kevin@scrye.com> 1.0.1-1.
+- Update to 1.0.1
+
+* Sun Mar 30 2014 Kevin Fenzi <kevin@scrye.com> 1.0.0-1.20140330git
+- Update to 20140330 snapshot
+- Sync version to be a post 1.0.0 snapshot
+
+* Wed Mar 26 2014 Kevin Fenzi <kevin@scrye.com> 0-0.10.20140326git
+- Update to 20140326 snapshot
+
+* Fri Mar 07 2014 Kevin Fenzi <kevin@scrye.com> 0-0.9.20140307git
+- Update to 20140307 snapshot
+
+* Sat Jan 25 2014 Kevin Fenzi <kevin@scrye.com> 0-0.8.20140125git
+- Update to 20140125
+
+* Thu Jan 23 2014 Kevin Fenzi <kevin@scrye.com> 0-0.7.20140122git
+- Add obsoletes/provides to devel subpackage as well.
+
+* Wed Jan 22 2014 Kevin Fenzi <kevin@scrye.com> 0-0.6.20140122git
+- Renamed libnftnl
+- Update to 20140122 snapshot.
+
+* Sat Jan 18 2014 Kevin Fenzi <kevin@scrye.com> 0-0.5.20140118git
+- Update to 20140118 snapshot.
+
+* Sat Jan 11 2014 Kevin Fenzi <kevin@scrye.com> 0-0.4.20140111git
+- Update to 20140111 snapshot.
+- Enable xml (some tests stll fail, but it otherwise builds ok)
+
+* Mon Dec 02 2013 Kevin Fenzi <kevin@scrye.com> 0-0.3.20131202git
+- Update to 20131202 snapshot, switch to upstream snapshot repo instead of git checkouts.
+
+* Mon Dec 02 2013 Kevin Fenzi <kevin@scrye.com> 0-0.2
+- Fixes from review.
+
+* Sat Nov 30 2013 Kevin Fenzi <kevin@scrye.com> 0-0.1
+- initial version for Fedora review