Blame SPECS/nftables.spec

3730f4
%define rpmversion 0.9.3
252916
%define specrelease 25
252916
%define libnftnl_ver 1.1.5-5
3730f4
9ff721
Name:           nftables
3730f4
Version:        %{rpmversion}
cf8614
Release:        %{specrelease}%{?dist}%{?buildid}
9ff721
# Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
9ff721
Epoch:          1
9ff721
Summary:        Netfilter Tables userspace utillites
9ff721
9ff721
License:        GPLv2
9ff721
URL:            http://netfilter.org/projects/nftables/
9ff721
Source0:        http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2
9ff721
Source1:        nftables.service
9ff721
Source2:        nftables.conf
3730f4
Source3:        main.nft
3730f4
Source4:        router.nft
3730f4
Source5:        nat.nft
9ff721
3730f4
Patch1:             0001-main-enforce-options-before-commands.patch
3730f4
Patch2:             0002-main-restore-debug.patch
3730f4
Patch3:             0003-monitor-Do-not-decompose-non-anonymous-sets.patch
3730f4
Patch4:             0004-monitor-Fix-output-for-ranges-in-anonymous-sets.patch
3730f4
Patch5:             0005-xfrm-spi-is-big-endian.patch
3730f4
Patch6:             0006-tests-shell-Search-diff-tool-once-and-for-all.patch
3730f4
Patch7:             0007-cache-Fix-for-doubled-output-after-reset-command.patch
3730f4
Patch8:             0008-netlink-Fix-leak-in-unterminated-string-deserializer.patch
3730f4
Patch9:             0009-netlink-Fix-leaks-in-netlink_parse_cmp.patch
3730f4
Patch10:            0010-netlink-Avoid-potential-NULL-pointer-deref-in-netlin.patch
3730f4
Patch11:            0011-tests-json_echo-Fix-for-Python3.patch
3730f4
Patch12:            0012-tests-json_echo-Support-testing-host-binaries.patch
3730f4
Patch13:            0013-tests-monitor-Support-running-individual-test-cases.patch
3730f4
Patch14:            0014-tests-monitor-Support-testing-host-s-nft-binary.patch
3730f4
Patch15:            0015-tests-py-Support-testing-host-binaries.patch
3730f4
Patch16:            0016-doc-nft.8-Mention-wildcard-interface-matching.patch
3730f4
Patch17:            0017-scanner-Extend-asteriskstring-definition.patch
3730f4
Patch18:            0018-parser-add-a-helper-for-concat-expression-handling.patch
3730f4
Patch19:            0019-include-resync-nf_tables.h-cache-copy.patch
3730f4
Patch20:            0020-src-Add-support-for-NFTNL_SET_DESC_CONCAT.patch
3730f4
Patch21:            0021-src-Add-support-for-concatenated-set-ranges.patch
3e48d9
Patch22:            0022-parser_json-Support-ranges-in-concat-expressions.patch
3e48d9
Patch23:            0023-doc-Document-notrack-statement.patch
3e48d9
Patch24:            0024-JSON-Improve-performance-of-json_events_cb.patch
3e48d9
Patch25:            0025-segtree-Fix-missing-expires-value-in-prefixes.patch
3e48d9
Patch26:            0026-segtree-Use-expr_clone-in-get_set_interval_.patch
3e48d9
Patch27:            0027-segtree-Merge-get_set_interval_find-and-get_set_inte.patch
3e48d9
Patch28:            0028-tests-0034get_element_0-do-not-discard-stderr.patch
3e48d9
Patch29:            0029-segtree-Fix-get-element-command-with-prefixes.patch
3e48d9
Patch30:            0030-include-Resync-nf_tables.h-cache-copy.patch
3e48d9
Patch31:            0031-src-Set-NFT_SET_CONCAT-flag-for-sets-with-concatenat.patch
fdae68
Patch32:            0032-src-store-expr-not-dtype-to-track-data-in-sets.patch
fdae68
Patch33:            0033-evaluate-Perform-set-evaluation-on-implicitly-declar.patch
fdae68
Patch34:            0034-evaluate-missing-datatype-definition-in-implicit_set.patch
fdae68
Patch35:            0035-mergesort-unbreak-listing-with-binops.patch
fdae68
Patch36:            0036-proto-add-sctp-crc32-checksum-fixup.patch
fdae68
Patch37:            0037-proto-Fix-ARP-header-field-ordering.patch
fdae68
Patch38:            0038-json-echo-Speedup-seqnum_to_json.patch
fdae68
Patch39:            0039-json-Fix-seqnum_to_json-functionality.patch
fdae68
Patch40:            0040-json-don-t-leave-dangling-pointers-on-hlist.patch
fdae68
Patch41:            0041-json-init-parser-state-for-every-new-buffer-file.patch
cf8614
Patch42:            0042-tests-Disable-tests-known-to-fail-on-RHEL8.patch
cf8614
Patch43:            0043-monitor-Fix-for-use-after-free-when-printing-map-ele.patch
cf8614
Patch44:            0044-tests-monitor-use-correct-nft-value-in-EXIT-trap.patch
cf8614
Patch45:            0045-evaluate-Reject-quoted-strings-containing-only-wildc.patch
cf8614
Patch46:            0046-src-Support-odd-sized-payload-matches.patch
cf8614
Patch47:            0047-src-Optimize-prefix-matches-on-byte-boundaries.patch
cf8614
Patch48:            0048-tests-py-Move-tcpopt.t-to-any-directory.patch
cf8614
Patch49:            0049-parser-merge-sack-perm-sack-permitted-and-maxseg-mss.patch
cf8614
Patch50:            0050-tcpopts-clean-up-parser-tcpopt.c-plumbing.patch
cf8614
Patch51:            0051-tcpopt-rename-noop-to-nop.patch
cf8614
Patch52:            0052-tcpopt-split-tcpopt_hdr_fields-into-per-option-enum.patch
cf8614
Patch53:            0053-tcpopt-allow-to-check-for-presence-of-any-tcp-option.patch
cf8614
Patch54:            0054-tcp-add-raw-tcp-option-match-support.patch
cf8614
Patch55:            0055-json-tcp-add-raw-tcp-option-match-support.patch
cf8614
Patch56:            0056-json-Simplify-non-tcpopt-exthdr-printing-a-bit.patch
cf8614
Patch57:            0057-scanner-introduce-start-condition-stack.patch
cf8614
Patch58:            0058-scanner-sctp-Move-to-own-scope.patch
cf8614
Patch59:            0059-exthdr-Implement-SCTP-Chunk-matching.patch
cf8614
Patch60:            0060-include-missing-sctp_chunk.h-in-Makefile.am.patch
cf8614
Patch61:            0061-doc-nft.8-Extend-monitor-description-by-trace.patch
cf8614
Patch62:            0062-tests-shell-Fix-bogus-testsuite-failure-with-100Hz.patch
252916
Patch63:            0063-parser_json-Fix-error-reporting-for-invalid-syntax.patch
252916
Patch64:            0064-parser_bison-Fix-for-implicit-declaration-of-isalnum.patch
252916
Patch65:            0065-parser_json-Fix-for-memleak-in-tcp-option-error-path.patch
252916
Patch66:            0066-json-Drop-pointless-assignment-in-exthdr_expr_json.patch
252916
Patch67:            0067-segtree-Fix-segfault-when-restoring-a-huge-interval-.patch
252916
Patch68:            0068-tests-cover-baecd1cf2685-segtree-Fix-segfault-when-r.patch
252916
Patch69:            0069-tests-shell-NFT-needs-to-be-invoked-unquoted.patch
252916
Patch70:            0070-tests-shell-better-parameters-for-the-interval-stack.patch
252916
Patch71:            0071-netlink-remove-unused-parameter-from-netlink_gen_stm.patch
252916
Patch72:            0072-src-support-for-restoring-element-counters.patch
252916
Patch73:            0073-evaluate-attempt-to-set_eval-flag-if-dynamic-updates.patch
252916
Patch74:            0074-evaluate-fix-inet-nat-with-no-layer-3-info.patch
252916
Patch75:            0075-tests-py-add-dnat-to-port-without-defining-destinati.patch
252916
Patch76:            0076-mnl-do-not-build-nftnl_set-element-list.patch
bacbc8
bacbc8
BuildRequires: autogen
bacbc8
BuildRequires: autoconf
bacbc8
BuildRequires: automake
bacbc8
BuildRequires: libtool
bacbc8
BuildRequires: gcc
9ff721
BuildRequires: flex
9ff721
BuildRequires: bison
9ff721
BuildRequires: libmnl-devel
9ff721
BuildRequires: gmp-devel
9ff721
BuildRequires: readline-devel
252916
BuildRequires: pkgconfig(libnftnl) >= %{libnftnl_ver}
9ff721
BuildRequires: systemd
3730f4
BuildRequires: asciidoc
9ff721
BuildRequires: iptables-devel
3730f4
BuildRequires: jansson-devel
3730f4
BuildRequires: python3-devel
3730f4
252916
Requires: libnftnl >= %{libnftnl_ver}
9ff721
9ff721
%description
9ff721
Netfilter Tables userspace utilities.
9ff721
9ff721
%package        devel
9ff721
Summary:        Development library for nftables / libnftables
9ff721
Group:          Development/Libraries
9ff721
Requires:       %{name} = %{epoch}:%{version}-%{release}
9ff721
Requires:       pkgconfig
9ff721
9ff721
%description devel
9ff721
Development tools and static libraries and header files for the libnftables library.
9ff721
3730f4
%package -n     python3-nftables
3730f4
Summary:        Python module providing an interface to libnftables
3730f4
Requires:       %{name} = %{epoch}:%{version}-%{release}
3730f4
3730f4
%description -n python3-nftables
3730f4
The nftables python module provides an interface to libnftables via ctypes.
3730f4
9ff721
%prep
9ff721
%autosetup -p1
9ff721
9ff721
%build
bacbc8
autoreconf -fi
bacbc8
rm -Rf autom4te*.cache config.h.in~
3730f4
%configure --disable-silent-rules --with-json --with-xtables \
3730f4
	--enable-python --with-python-bin=%{__python3}
9ff721
make %{?_smp_mflags}
9ff721
9ff721
%install
9ff721
%make_install
9ff721
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
9ff721
9ff721
# Don't ship static lib (for now at least)
9ff721
rm -f $RPM_BUILD_ROOT/%{_libdir}/libnftables.a
9ff721
9ff721
chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*
9ff721
9ff721
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
9ff721
cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/
9ff721
9ff721
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
9ff721
cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/
9ff721
3730f4
rm $RPM_BUILD_ROOT/%{_sysconfdir}/nftables/*.nft
3730f4
cp %{SOURCE3} %{SOURCE4} %{SOURCE5} \
3730f4
	$RPM_BUILD_ROOT/%{_sysconfdir}/nftables/
3730f4
3730f4
find $RPM_BUILD_ROOT/%{_sysconfdir} \
3730f4
	\( -type d -exec chmod 0700 {} \; \) , \
3730f4
	\( -type f -exec chmod 0600 {} \; \)
3730f4
3730f4
# make nftables.py use the real library file name
3730f4
# to avoid nftables-devel package dependency
3730f4
sofile=$(readlink $RPM_BUILD_ROOT/%{_libdir}/libnftables.so)
3730f4
sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
3730f4
	$RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py
3730f4
touch -r %{SOURCE2} $RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py
9ff721
9ff721
%post
9ff721
%systemd_post nftables.service
9ff721
9ff721
%preun
9ff721
%systemd_preun nftables.service
9ff721
9ff721
%postun
9ff721
%systemd_postun_with_restart nftables.service
9ff721
9ff721
%post devel
9ff721
%ldconfig_post
9ff721
9ff721
%postun devel
9ff721
%ldconfig_postun
9ff721
9ff721
%files
9ff721
%license COPYING
9ff721
%config(noreplace) %{_sysconfdir}/nftables/
9ff721
%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf
9ff721
%{_sbindir}/nft
9ff721
%{_libdir}/libnftables.so.*
3730f4
%{_mandir}/man5/libnftables-json.5*
9ff721
%{_mandir}/man8/nft*
9ff721
%{_unitdir}/nftables.service
3730f4
%{_docdir}/nftables/examples/*.nft
9ff721
9ff721
%files devel
9ff721
%{_libdir}/libnftables.so
9ff721
%{_libdir}/pkgconfig/libnftables.pc
9ff721
%{_includedir}/nftables/libnftables.h
3730f4
%{_mandir}/man3/libnftables.3*
3730f4
3730f4
%files -n python3-nftables
3730f4
%{python3_sitelib}/nftables-*.egg-info
3730f4
%{python3_sitelib}/nftables/
9ff721
9ff721
%changelog
252916
* Fri Feb 04 2022 Phil Sutter <psutter@redhat.com> [0.9.3-25.el8]
252916
- mnl: do not build nftnl_set element list (Phil Sutter) [2047821]
252916
- tests: py: add dnat to port without defining destination address (Phil Sutter) [2030773]
252916
- evaluate: fix inet nat with no layer 3 info (Phil Sutter) [2030773]
252916
- evaluate: attempt to set_eval flag if dynamic updates requested (Phil Sutter) [2039594]
252916
- src: support for restoring element counters (Phil Sutter) [2039594]
252916
- netlink: remove unused parameter from netlink_gen_stmt_stateful() (Phil Sutter) [2039594]
252916
252916
* Wed Dec 08 2021 Phil Sutter <psutter@redhat.com> [0.9.3-24.el8]
252916
- tests: shell: better parameters for the interval stack overflow test (Phil Sutter) [1908127]
252916
- tests: shell: $NFT needs to be invoked unquoted (Phil Sutter) [1908127]
252916
252916
* Fri Nov 05 2021 Phil Sutter <psutter@redhat.com> [0.9.3-23.el8]
252916
- tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set") (Phil Sutter) [1908127]
252916
- segtree: Fix segfault when restoring a huge interval set (Phil Sutter) [1908127]
252916
252916
* Wed Oct 06 2021 Phil Sutter <psutter@redhat.com> [0.9.3-22.el8]
252916
- json: Drop pointless assignment in exthdr_expr_json() (Phil Sutter) [1999059]
252916
- parser_json: Fix for memleak in tcp option error path (Phil Sutter) [1999059]
252916
- parser_bison: Fix for implicit declaration of isalnum (Phil Sutter) [1999059]
252916
- parser_json: Fix error reporting for invalid syntax (Phil Sutter) [1994141]
252916
cf8614
* Mon Aug 02 2021 Phil Sutter <psutter@redhat.com> [0.9.3-21.el8]
cf8614
- tests: shell: Fix bogus testsuite failure with 100Hz (Phil Sutter) [1919203]
cf8614
- doc: nft.8: Extend monitor description by trace (Phil Sutter) [1820365]
cf8614
- include: missing sctp_chunk.h in Makefile.am (Phil Sutter) [1979334]
cf8614
- exthdr: Implement SCTP Chunk matching (Phil Sutter) [1979334]
cf8614
- scanner: sctp: Move to own scope (Phil Sutter) [1979334]
cf8614
- scanner: introduce start condition stack (Phil Sutter) [1979334]
cf8614
- json: Simplify non-tcpopt exthdr printing a bit (Phil Sutter) [1979334]
cf8614
- json: tcp: add raw tcp option match support (Phil Sutter) [1979334]
cf8614
- tcp: add raw tcp option match support (Phil Sutter) [1979334]
cf8614
- tcpopt: allow to check for presence of any tcp option (Phil Sutter) [1979334]
cf8614
- tcpopt: split tcpopt_hdr_fields into per-option enum (Phil Sutter) [1979334]
cf8614
- tcpopt: rename noop to nop (Phil Sutter) [1979334]
cf8614
- tcpopts: clean up parser -> tcpopt.c plumbing (Phil Sutter) [1979334]
cf8614
- parser: merge sack-perm/sack-permitted and maxseg/mss (Phil Sutter) [1979334]
cf8614
- tests/py: Move tcpopt.t to any/ directory (Phil Sutter) [1979334]
cf8614
cf8614
* Thu May 20 2021 Phil Sutter <psutter@redhat.com> [0.9.3-20.el8]
cf8614
- src: Optimize prefix matches on byte-boundaries (Phil Sutter) [1934926]
cf8614
- src: Support odd-sized payload matches (Phil Sutter) [1934926]
cf8614
- spec: Add an rpminspect.yaml file to steer rpminspect (Phil Sutter) [1962184]
cf8614
- spec: Explicitly state dist string in Release tag (Phil Sutter) [1962184]
cf8614
cf8614
* Wed May 19 2021 Phil Sutter <psutter@redhat.com> [0.9.3-19.el8]
cf8614
- evaluate: Reject quoted strings containing only wildcard (Phil Sutter) [1818117]
cf8614
- tests: monitor: use correct $nft value in EXIT trap (Phil Sutter) [1919203]
cf8614
- monitor: Fix for use after free when printing map elements (Phil Sutter) [1919203]
cf8614
- tests: Disable tests known to fail on RHEL8 (Phil Sutter) [1919203]
cf8614
fdae68
* Sat Feb 20 2021 Phil Sutter <psutter@redhat.com> [0.9.3-18.el8]
fdae68
- json: init parser state for every new buffer/file (Phil Sutter) [1930873]
fdae68
fdae68
* Tue Jan 12 2021 Phil Sutter <psutter@redhat.com> [0.9.3-17.el8]
fdae68
- json: don't leave dangling pointers on hlist (Phil Sutter) [1900565]
fdae68
- json: Fix seqnum_to_json() functionality (Phil Sutter) [1900565]
fdae68
- json: echo: Speedup seqnum_to_json() (Phil Sutter) [1900565]
fdae68
- proto: Fix ARP header field ordering (Phil Sutter) [1896334]
fdae68
- proto: add sctp crc32 checksum fixup (Phil Sutter) [1895804]
fdae68
- mergesort: unbreak listing with binops (Phil Sutter) [1891790]
fdae68
- evaluate: missing datatype definition in implicit_set_declaration() (Phil Sutter) [1877022]
fdae68
- evaluate: Perform set evaluation on implicitly declared (anonymous) sets (Phil Sutter) [1877022]
fdae68
- src: store expr, not dtype to track data in sets (Phil Sutter) [1877022]
fdae68
3e48d9
* Sat Aug 08 2020 Phil Sutter <psutter@redhat.com> [0.9.3-16.el8]
3e48d9
- src: Set NFT_SET_CONCAT flag for sets with concatenated ranges (Phil Sutter) [1820684]
3e48d9
- include: Resync nf_tables.h cache copy (Phil Sutter) [1820684]
3e48d9
3e48d9
* Tue Jun 30 2020 Phil Sutter <psutter@redhat.com> [0.9.3-15.el8]
3e48d9
- segtree: Fix get element command with prefixes (Phil Sutter) [1832235]
3e48d9
- tests: 0034get_element_0: do not discard stderr (Phil Sutter) [1832235]
3e48d9
- segtree: Merge get_set_interval_find() and get_set_interval_end() (Phil Sutter) [1832235]
3e48d9
- segtree: Use expr_clone in get_set_interval_*() (Phil Sutter) [1832235]
3e48d9
- segtree: Fix missing expires value in prefixes (Phil Sutter) [1832235]
3e48d9
3e48d9
* Wed Jun 24 2020 Phil Sutter <psutter@redhat.com> [0.9.3-14.el8]
3e48d9
- JSON: Improve performance of json_events_cb() (Phil Sutter) [1835300]
3e48d9
- doc: Document notrack statement (Phil Sutter) [1841292]
3e48d9
3e48d9
* Wed May 27 2020 Phil Sutter <psutter@redhat.com> [0.9.3-13.el8]
3e48d9
- parser_json: Support ranges in concat expressions (Phil Sutter) [1805798]
5b069d
3730f4
* Thu Mar 26 2020 Phil Sutter <psutter@redhat.com> [0.9.3-12.el8]
3730f4
- Restore default config to be empty (Phil Sutter) [1694723]
3730f4
3730f4
* Mon Feb 17 2020 Phil Sutter <psutter@redhat.com> [0.9.3-11.el8]
3730f4
- Package requires libnftnl-1.1.5-3 (Phil Sutter) [1795224]
3730f4
- src: Add support for concatenated set ranges (Phil Sutter) [1795224]
3730f4
- src: Add support for NFTNL_SET_DESC_CONCAT (Phil Sutter) [1795224]
3730f4
- include: resync nf_tables.h cache copy (Phil Sutter) [1795224]
3730f4
- parser: add a helper for concat expression handling (Phil Sutter) [1795224]
3730f4
3730f4
* Wed Feb 12 2020 Phil Sutter <psutter@redhat.com> [0.9.3-10.el8]
3730f4
- scanner: Extend asteriskstring definition (Phil Sutter) [1763652]
3730f4
- doc: nft.8: Mention wildcard interface matching (Phil Sutter) [1763652]
3730f4
- tests: py: Support testing host binaries (Phil Sutter) [1754047]
3730f4
- tests: monitor: Support testing host's nft binary (Phil Sutter) [1754047]
3730f4
- tests: monitor: Support running individual test cases (Phil Sutter) [1754047]
3730f4
- tests: json_echo: Support testing host binaries (Phil Sutter) [1754047]
3730f4
- tests: json_echo: Fix for Python3 (Phil Sutter) [1754047]
3730f4
3730f4
* Mon Jan 27 2020 Phil Sutter <psutter@redhat.com> [0.9.3-9.el8]
3730f4
- netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt() (Phil Sutter) [1793030]
3730f4
- netlink: Fix leaks in netlink_parse_cmp() (Phil Sutter) [1793030]
3730f4
- netlink: Fix leak in unterminated string deserializer (Phil Sutter) [1793030]
3730f4
3730f4
* Fri Jan 17 2020 Phil Sutter <psutter@redhat.com> [0.9.3-8.el8]
3730f4
- cache: Fix for doubled output after reset command (Phil Sutter) [1790793]
3730f4
- tests: shell: Search diff tool once and for all (Phil Sutter) [1790793]
3730f4
- xfrm: spi is big-endian (Phil Sutter) [1790963]
3730f4
3730f4
* Mon Jan 13 2020 Phil Sutter <psutter@redhat.com> [0.9.3-7.el8]
3730f4
- monitor: Fix output for ranges in anonymous sets (Phil Sutter) [1774742]
3730f4
3730f4
* Fri Jan 10 2020 Phil Sutter <psutter@redhat.com> [0.9.3-6.el8]
3730f4
- monitor: Do not decompose non-anonymous sets (Phil Sutter) [1774742]
3730f4
- main: restore --debug (Phil Sutter) [1778883]
3730f4
- main: enforce options before commands (Phil Sutter) [1778883]
3730f4
3730f4
* Fri Jan 10 2020 Phil Sutter <psutter@redhat.com> [0.9.3-5.el8]
3730f4
- Install an improved sample config (Phil Sutter) [1694723]
3730f4
3730f4
* Wed Dec 04 2019 Phil Sutter <psutter@redhat.com> [0.9.3-4.el8]
3730f4
- Explicitly depend on newer libnftl version (Phil Sutter) [1643192]
3730f4
3730f4
* Tue Dec 03 2019 Phil Sutter <psutter@redhat.com> [0.9.3-3.el8]
3730f4
- Fix permissions of osf-related configs (Phil Sutter) [1776462]
3730f4
3730f4
* Tue Dec 03 2019 Phil Sutter <psutter@redhat.com> [0.9.3-2.el8]
3730f4
- Add example scripts to nftables package (Phil Sutter) [1643192]
3730f4
3730f4
* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> [0.9.3-1.el8]
3730f4
- Rebase onto upstream release 0.9.3 (Phil Sutter) [1643192]
3730f4
3730f4
* Mon Oct 21 2019 Phil Sutter <psutter@redhat.com> [0.9.2-4.el8]
3730f4
- tproxy: Add missing error checking when parsing from netlink (Phil Sutter) [1643192]
3730f4
- parser_json: Fix checking of parse_policy() return code (Phil Sutter) [1643192]
3730f4
3730f4
* Fri Oct 18 2019 Phil Sutter <psutter@redhat.com> [0.9.2-3.el8]
3730f4
- spec: Avoid multilib problems due to updated nftables.py (Phil Sutter) [1643192]
3730f4
3730f4
* Fri Oct 18 2019 Phil Sutter <psutter@redhat.com> [0.9.2-2.el8]
3730f4
- rule: Fix for single line ct timeout printing (Phil Sutter) [1643192]
3730f4
- tests/monitor: Fix for changed ct timeout format (Phil Sutter) [1643192]
3730f4
- monitor: Add missing newline to error message (Phil Sutter) [1643192]
3730f4
- src: restore --echo with anonymous sets (Phil Sutter) [1643192]
3730f4
3730f4
* Tue Oct 15 2019 Phil Sutter <psutter@redhat.com> [0.9.2-1.el8]
3730f4
- src: obj: fix memleak in handle_free() (Phil Sutter) [1643192]
3730f4
- libnftables: memleak when list of commands is empty (Phil Sutter) [1643192]
3730f4
- mnl: do not cache sender buffer size (Phil Sutter) [1643192]
3730f4
- src: meter: avoid double-space in list ruleset output (Phil Sutter) [1643192]
3730f4
- src: parser_json: fix crash while restoring secmark object (Phil Sutter) [1643192]
3730f4
- nftables: don't crash in 'list ruleset' if policy is not set (Phil Sutter) [1643192]
3730f4
- json: tests: fix typo in ct expectation json test (Phil Sutter) [1643192]
3730f4
- parser_bison: Fix 'exists' keyword on Big Endian (Phil Sutter) [1643192]
3730f4
- json: fix type mismatch on "ct expect" json exporting (Phil Sutter) [1643192]
3730f4
- libnftables: use-after-free in exit path (Phil Sutter) [1643192]
3730f4
- netlink_delinearize: fix wrong conversion to "list" in ct mark (Phil Sutter) [1643192]
3730f4
- mnl: fix --echo buffer size again (Phil Sutter) [1643192]
3730f4
- parser_json: fix crash on insert rule to bad references (Phil Sutter) [1643192]
3730f4
- evaluate: flag fwd and queue statements as terminal (Phil Sutter) [1643192]
3730f4
- tests: shell: check that rule add with index works with echo (Phil Sutter) [1643192]
3730f4
- cache: fix --echo with index/position (Phil Sutter) [1643192]
3730f4
- src: secmark: fix brace indentation and missing quotes in selctx output (Phil Sutter) [1643192]
3730f4
- Add python3-nftables sub-package (Phil Sutter) [1643192]
3730f4
- Rebase onto upstream version 0.9.2 (Phil Sutter) [1643192]
cc550a
bacbc8
* Mon Aug 12 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-14
bacbc8
- src: fix jumps on bigendian arches
bacbc8
- src: json: fix constant parsing on bigendian
bacbc8
bacbc8
* Thu Aug 08 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-13
bacbc8
- Fix for adding a rule with index and set reference
bacbc8
bacbc8
* Wed Jul 31 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-12
bacbc8
- Fix permissions of /etc/nftables directory
bacbc8
bacbc8
* Wed Jun 26 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-11
bacbc8
- Fix segfault with xtables support
bacbc8
bacbc8
* Wed Jun 26 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-10
bacbc8
- Fix typo in spec file
bacbc8
bacbc8
* Wed Jun 26 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-9
bacbc8
- Allow variables in jump statement
bacbc8
- Make example configs readable only by root
bacbc8
- Document nft list parameters
bacbc8
- Document vmap statement
bacbc8
- Install netdev-ingress.nft sample config in the right spot
bacbc8
- Backport upstream fixes since last release
bacbc8
9ff721
* Fri Mar 01 2019 Phil Sutter - 1:0.9.0-8
9ff721
- Add missing patch to spec file
9ff721
9ff721
* Fri Dec 21 2018 Phil Sutter - 1:0.9.0-7
9ff721
- src: Reject 'export vm json' command
9ff721
9ff721
* Tue Dec 18 2018 Phil Sutter - 1:0.9.0-6
9ff721
- Rebuild for updated libnftnl
9ff721
9ff721
* Thu Dec 13 2018 Phil Sutter - 1:0.9.0-5
9ff721
- nft.8: Document log level audit
9ff721
- nft.8: Clarify 'index' option of add rule command
9ff721
9ff721
* Thu Oct 25 2018 Phil Sutter - 1:0.9.0-4
9ff721
- Add fixes for covscan report
9ff721
- Fix for ECN keyword in LHS of relational
9ff721
- Update meta pkt_type value description
9ff721
- Fix for segfault with JSON output if xt expression is present
9ff721
- Add missing nft suffix to files included from /etc/sysconfig/nftables.conf
9ff721
- Use native JSON API in nft monitor
9ff721
9ff721
* Thu Oct 11 2018 Phil Sutter - 1:0.9.0-3
9ff721
- Enable xtables support
9ff721
- Enable JSON support
9ff721
9ff721
* Mon Sep 10 2018 Phil Sutter - 1:0.9.0-2
9ff721
- Allow icmpx in inet/bridge families
9ff721
9ff721
* Tue Aug 14 2018 Phil Sutter - 1:0.9.0-1
9ff721
- New version 0.9.0
9ff721
- Install libnftables
9ff721
- Add devel sub-package
9ff721
- Add gcc BuildRequires
9ff721
9ff721
* Sat Mar 03 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.3-1
9ff721
- Update to 0.8.3. Fixes bug #1551207
9ff721
9ff721
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.8.2-2
9ff721
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
9ff721
9ff721
* Mon Feb 05 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.2-1
9ff721
- Update to 0.8.2. Fixes bug #1541582
9ff721
9ff721
* Tue Jan 16 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.1-1
9ff721
- Update to 0.8.1. Fixes bug #1534982
9ff721
9ff721
* Sun Oct 22 2017 Kevin Fenzi <kevin@scrye.com> - 0.8-1
9ff721
- Update to 0.8. 
9ff721
9ff721
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-5
9ff721
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
9ff721
9ff721
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-4
9ff721
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
9ff721
9ff721
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-3
9ff721
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
9ff721
9ff721
* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 1:0.7-2
9ff721
- Rebuild for readline 7.x
9ff721
9ff721
* Thu Dec 22 2016 Kevin Fenzi <kevin@scrye.com> - 0.7-1
9ff721
- Update to 0.7
9ff721
9ff721
* Fri Jul 15 2016 Kevin Fenzi <kevin@scrye.com> - 0.6-2
9ff721
- Rebuild for new glibc symbols
9ff721
9ff721
* Thu Jun 02 2016 Kevin Fenzi <kevin@scrye.com> - 0.6-1
9ff721
- Update to 0.6.
9ff721
9ff721
* Sun Apr 10 2016 Kevin Fenzi <kevin@scrye.com> - 0.5-4
9ff721
- Add example config files and move config to /etc/sysconfig. Fixes bug #1313936
9ff721
9ff721
* Fri Mar 25 2016 Kevin Fenzi <kevin@scrye.com> - 0.5-3
9ff721
- Add systemd unit file. Fixes bug #1313936
9ff721
9ff721
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.5-2
9ff721
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
9ff721
9ff721
* Thu Sep 17 2015 Kevin Fenzi <kevin@scrye.com> 0.5-1
9ff721
- Update to 0.5
9ff721
9ff721
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.4-3
9ff721
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
9ff721
9ff721
* Sat Jan 10 2015 Kevin Fenzi <kevin@scrye.com> 0.4-2
9ff721
- Add patch to fix nft -f dep gen.
9ff721
9ff721
* Fri Dec 26 2014 Kevin Fenzi <kevin@scrye.com> 0.4-1
9ff721
- Update to 0.4
9ff721
- Add Epoch to fix versioning. 
9ff721
9ff721
* Wed Sep 03 2014 Kevin Fenzi <kevin@scrye.com> 0.100-4.20140903git
9ff721
- Update to 20140903 snapshot
9ff721
9ff721
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.100-4.20140704git
9ff721
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
9ff721
9ff721
* Fri Jul 04 2014 Kevin Fenzi <kevin@scrye.com> 0.100-3.20140704git
9ff721
- Update to new snapshot
9ff721
9ff721
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.100-2.20140426git
9ff721
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
9ff721
9ff721
* Sat Apr 26 2014 Kevin Fenzi <kevin@scrye.com> 0.100-1.20140426git
9ff721
- Update t0 20140426
9ff721
9ff721
* Sun Mar 30 2014 Kevin Fenzi <kevin@scrye.com> 0.100-1.20140330git
9ff721
- Update to 20140330 snapshot
9ff721
- Sync versions to be post 0.100 release.
9ff721
9ff721
* Wed Mar 26 2014 Kevin Fenzi <kevin@scrye.com> 0-0.7.20140326git
9ff721
- Update to 20140326 snapshot
9ff721
- Fix permissions on man pages. 
9ff721
9ff721
* Mon Mar 24 2014 Kevin Fenzi <kevin@scrye.com> 0-0.6.20140324git
9ff721
- Update to 20140324 snapshot
9ff721
9ff721
* Fri Mar 07 2014 Kevin Fenzi <kevin@scrye.com> 0-0.5.20140307git
9ff721
- Update to 20140307
9ff721
9ff721
* Sat Jan 25 2014 Kevin Fenzi <kevin@scrye.com> 0-0.4.20140125git
9ff721
- Update to 20140125 snapshot
9ff721
9ff721
* Sat Jan 18 2014 Kevin Fenzi <kevin@scrye.com> 0-0.3.20140118git
9ff721
- Update to 20140118 snapshot
9ff721
- Fixed License tag to be correct
9ff721
- Fixed changelog
9ff721
- nft scripts now use full path for nft
9ff721
- Fixed man page building
9ff721
- Dropped unneeded rm in install
9ff721
- Patched build to not be silent. 
9ff721
9ff721
* Tue Dec 03 2013 Kevin Fenzi <kevin@scrye.com> 0-0.2.20131202git
9ff721
- Use upstream snapshots for source.
9ff721
- Use 0 for version. 
9ff721
9ff721
* Sat Nov 30 2013 Kevin Fenzi <kevin@scrye.com> 0-0.1
9ff721
- initial version for Fedora review