Name: nftables Version: 0.9.0 Release: 8%{?dist} # Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track. Epoch: 1 Summary: Netfilter Tables userspace utillites License: GPLv2 URL: http://netfilter.org/projects/nftables/ Source0: http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2 Source1: nftables.service Source2: nftables.conf Patch1: 0001-evaluate-reject-Allow-icmpx-in-inet-bridge-families.patch Patch2: 0002-monitor-Drop-fake-XML-support.patch Patch3: 0003-monitor-Drop-update-table-and-update-chain-cases.patch Patch4: 0004-monitor-Fix-printing-of-ct-objects.patch Patch5: 0005-monitor-Use-libnftables-JSON-output.patch Patch6: 0006-tests-monitor-Test-JSON-output-as-well.patch Patch7: 0007-segtree-bogus-range-via-get-set-element-on-existing-.patch Patch8: 0008-segtree-disantangle-get_set_interval_end.patch Patch9: 0009-segtree-memleak-in-get_set_decompose.patch Patch10: 0010-segtree-stop-iteration-on-existing-elements-in-case-.patch Patch11: 0011-segtree-incorrect-handling-of-last-element-in-get_se.patch Patch12: 0012-segtree-set-proper-error-cause-on-existing-elements.patch Patch13: 0013-rule-fix-memleak-in-do_get_setelems.patch Patch14: 0014-Fix-memleak-in-netlink_parse_fwd-error-path.patch Patch15: 0015-libnftables-Fix-memleak-in-nft_parse_bison_filename.patch Patch16: 0016-src-pass-struct-nft_ctx-through-struct-eval_ctx.patch Patch17: 0017-src-trace-fix-policy-printing.patch Patch18: 0018-rule-list-only-the-table-containing-object.patch Patch19: 0019-src-pass-struct-nft_ctx-through-struct-netlink_ctx.patch Patch20: 0020-netlink-reset-mnl_socket-field-in-struct-nft_ctx-on-.patch Patch21: 0021-src-remove-opts-field-from-struct-xt_stmt.patch Patch22: 0022-JSON-Support-latest-enhancements-of-fwd-statement.patch Patch23: 0023-parser_json-Fix-for-ineffective-family-value-checks.patch Patch24: 0024-json-Fix-memleak-in-dup_stmt_json.patch Patch25: 0025-json-Fix-for-recent-changes-to-context-structs.patch Patch26: 0026-parser_bison-Fix-for-ECN-keyword-in-LHS-of-relationa.patch Patch27: 0027-nft.8-Update-meta-pkt_type-value-description.patch Patch28: 0028-json-Work-around-segfault-when-encountering-xt-stmt.patch Patch29: 0029-nft.8-Document-log-level-audit.patch Patch30: 0030-nft.8-Clarify-index-option-of-add-rule-command.patch Patch31: 0031-src-Reject-export-vm-json-command.patch #BuildRequires: autogen #BuildRequires: autoconf #BuildRequires: automake #BuildRequires: libtool BuildRequires: gcc BuildRequires: flex BuildRequires: bison BuildRequires: libmnl-devel BuildRequires: gmp-devel BuildRequires: readline-devel BuildRequires: libnftnl-devel BuildRequires: docbook2X BuildRequires: systemd BuildRequires: jansson-devel BuildRequires: iptables-devel %description Netfilter Tables userspace utilities. %package devel Summary: Development library for nftables / libnftables Group: Development/Libraries Requires: %{name} = %{epoch}:%{version}-%{release} Requires: pkgconfig %description devel Development tools and static libraries and header files for the libnftables library. %prep %autosetup -p1 %build #./autogen.sh %configure --disable-silent-rules --with-json --with-xtables make %{?_smp_mflags} %install %make_install find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' # Don't ship static lib (for now at least) rm -f $RPM_BUILD_ROOT/%{_libdir}/libnftables.a chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft* mkdir -p $RPM_BUILD_ROOT/%{_unitdir} cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/nftables %post %systemd_post nftables.service %preun %systemd_preun nftables.service %postun %systemd_postun_with_restart nftables.service %post devel %ldconfig_post %postun devel %ldconfig_postun %files %license COPYING %config(noreplace) %{_sysconfdir}/nftables/ %config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf %{_sbindir}/nft %{_libdir}/libnftables.so.* %{_mandir}/man8/nft* %{_unitdir}/nftables.service %files devel %{_libdir}/libnftables.so %{_libdir}/pkgconfig/libnftables.pc %{_includedir}/nftables/libnftables.h %changelog * Fri Mar 01 2019 Phil Sutter - 1:0.9.0-8 - Add missing patch to spec file * Fri Dec 21 2018 Phil Sutter - 1:0.9.0-7 - src: Reject 'export vm json' command * Tue Dec 18 2018 Phil Sutter - 1:0.9.0-6 - Rebuild for updated libnftnl * Thu Dec 13 2018 Phil Sutter - 1:0.9.0-5 - nft.8: Document log level audit - nft.8: Clarify 'index' option of add rule command * Thu Oct 25 2018 Phil Sutter - 1:0.9.0-4 - Add fixes for covscan report - Fix for ECN keyword in LHS of relational - Update meta pkt_type value description - Fix for segfault with JSON output if xt expression is present - Add missing nft suffix to files included from /etc/sysconfig/nftables.conf - Use native JSON API in nft monitor * Thu Oct 11 2018 Phil Sutter - 1:0.9.0-3 - Enable xtables support - Enable JSON support * Mon Sep 10 2018 Phil Sutter - 1:0.9.0-2 - Allow icmpx in inet/bridge families * Tue Aug 14 2018 Phil Sutter - 1:0.9.0-1 - New version 0.9.0 - Install libnftables - Add devel sub-package - Add gcc BuildRequires * Sat Mar 03 2018 Kevin Fenzi - 0.8.3-1 - Update to 0.8.3. Fixes bug #1551207 * Thu Feb 08 2018 Fedora Release Engineering - 1:0.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Mon Feb 05 2018 Kevin Fenzi - 0.8.2-1 - Update to 0.8.2. Fixes bug #1541582 * Tue Jan 16 2018 Kevin Fenzi - 0.8.1-1 - Update to 0.8.1. Fixes bug #1534982 * Sun Oct 22 2017 Kevin Fenzi - 0.8-1 - Update to 0.8. * Thu Aug 03 2017 Fedora Release Engineering - 1:0.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering - 1:0.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering - 1:0.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Thu Jan 12 2017 Igor Gnatenko - 1:0.7-2 - Rebuild for readline 7.x * Thu Dec 22 2016 Kevin Fenzi - 0.7-1 - Update to 0.7 * Fri Jul 15 2016 Kevin Fenzi - 0.6-2 - Rebuild for new glibc symbols * Thu Jun 02 2016 Kevin Fenzi - 0.6-1 - Update to 0.6. * Sun Apr 10 2016 Kevin Fenzi - 0.5-4 - Add example config files and move config to /etc/sysconfig. Fixes bug #1313936 * Fri Mar 25 2016 Kevin Fenzi - 0.5-3 - Add systemd unit file. Fixes bug #1313936 * Thu Feb 04 2016 Fedora Release Engineering - 1:0.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Thu Sep 17 2015 Kevin Fenzi 0.5-1 - Update to 0.5 * Wed Jun 17 2015 Fedora Release Engineering - 1:0.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat Jan 10 2015 Kevin Fenzi 0.4-2 - Add patch to fix nft -f dep gen. * Fri Dec 26 2014 Kevin Fenzi 0.4-1 - Update to 0.4 - Add Epoch to fix versioning. * Wed Sep 03 2014 Kevin Fenzi 0.100-4.20140903git - Update to 20140903 snapshot * Sun Aug 17 2014 Fedora Release Engineering - 0.100-4.20140704git - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jul 04 2014 Kevin Fenzi 0.100-3.20140704git - Update to new snapshot * Sat Jun 07 2014 Fedora Release Engineering - 0.100-2.20140426git - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Apr 26 2014 Kevin Fenzi 0.100-1.20140426git - Update t0 20140426 * Sun Mar 30 2014 Kevin Fenzi 0.100-1.20140330git - Update to 20140330 snapshot - Sync versions to be post 0.100 release. * Wed Mar 26 2014 Kevin Fenzi 0-0.7.20140326git - Update to 20140326 snapshot - Fix permissions on man pages. * Mon Mar 24 2014 Kevin Fenzi 0-0.6.20140324git - Update to 20140324 snapshot * Fri Mar 07 2014 Kevin Fenzi 0-0.5.20140307git - Update to 20140307 * Sat Jan 25 2014 Kevin Fenzi 0-0.4.20140125git - Update to 20140125 snapshot * Sat Jan 18 2014 Kevin Fenzi 0-0.3.20140118git - Update to 20140118 snapshot - Fixed License tag to be correct - Fixed changelog - nft scripts now use full path for nft - Fixed man page building - Dropped unneeded rm in install - Patched build to not be silent. * Tue Dec 03 2013 Kevin Fenzi 0-0.2.20131202git - Use upstream snapshots for source. - Use 0 for version. * Sat Nov 30 2013 Kevin Fenzi 0-0.1 - initial version for Fedora review