diff --git a/backport-cache-validate-handle-string-length.patch b/backport-cache-validate-handle-string-length.patch deleted file mode 100644 index 90b05fe9c133c96e6ac997148004274c26bdeead..0000000000000000000000000000000000000000 --- a/backport-cache-validate-handle-string-length.patch +++ /dev/null @@ -1,157 +0,0 @@ -From 649b8ce38fc8d90127e8c3d5d62a494a86fb1a01 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Mon, 18 Jul 2022 16:18:33 +0200 -Subject: [PATCH] cache: validate handle string length - -Maximum supported string length for handle is NFT_NAME_MAXLEN, report an -error if user is exceeding this limit. - -By validating from the cache evaluation phase, input is validated for the -native and json parsers. - -Conflict: add struct list_head *msgs; -Reference: https://git.netfilter.org/nftables/commit?id=649b8ce38fc8d90127e8c3d5d62a494a86fb1a01 - -Signed-off-by: Pablo Neira Ayuso ---- - src/cache.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 108 insertions(+) - -diff --git a/src/cache.c b/src/cache.c -index c1f0972..828e4cc 100644 ---- a/src/cache.c -+++ b/src/cache.c -@@ -16,6 +16,7 @@ - #include - #include - #include -+#include - - static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) - { -@@ -58,6 +59,109 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) - return flags; - } - -+static int nft_handle_validate(const struct cmd *cmd, struct list_head *msgs) -+{ -+ const struct handle *h = &cmd->handle; -+ const struct location *loc; -+ -+ switch (cmd->obj) { -+ case CMD_OBJ_TABLE: -+ if (h->table.name && -+ strlen(h->table.name) > NFT_NAME_MAXLEN) { -+ loc = &h->table.location; -+ goto err_name_too_long; -+ } -+ break; -+ case CMD_OBJ_RULE: -+ case CMD_OBJ_CHAIN: -+ case CMD_OBJ_CHAINS: -+ if (h->table.name && -+ strlen(h->table.name) > NFT_NAME_MAXLEN) { -+ loc = &h->table.location; -+ goto err_name_too_long; -+ } -+ if (h->chain.name && -+ strlen(h->chain.name) > NFT_NAME_MAXLEN) { -+ loc = &h->chain.location; -+ goto err_name_too_long; -+ } -+ break; -+ case CMD_OBJ_ELEMENTS: -+ case CMD_OBJ_SET: -+ case CMD_OBJ_SETS: -+ case CMD_OBJ_MAP: -+ case CMD_OBJ_MAPS: -+ case CMD_OBJ_METER: -+ case CMD_OBJ_METERS: -+ if (h->table.name && -+ strlen(h->table.name) > NFT_NAME_MAXLEN) { -+ loc = &h->table.location; -+ goto err_name_too_long; -+ } -+ if (h->set.name && -+ strlen(h->set.name) > NFT_NAME_MAXLEN) { -+ loc = &h->set.location; -+ goto err_name_too_long; -+ } -+ break; -+ case CMD_OBJ_FLOWTABLE: -+ case CMD_OBJ_FLOWTABLES: -+ if (h->table.name && -+ strlen(h->table.name) > NFT_NAME_MAXLEN) { -+ loc = &h->table.location; -+ goto err_name_too_long; -+ } -+ if (h->flowtable.name && -+ strlen(h->flowtable.name) > NFT_NAME_MAXLEN) { -+ loc = &h->flowtable.location; -+ goto err_name_too_long; -+ } -+ break; -+ case CMD_OBJ_INVALID: -+ case CMD_OBJ_EXPR: -+ case CMD_OBJ_RULESET: -+ case CMD_OBJ_MARKUP: -+ case CMD_OBJ_MONITOR: -+ case CMD_OBJ_SETELEMS: -+ case CMD_OBJ_HOOKS: -+ break; -+ case CMD_OBJ_COUNTER: -+ case CMD_OBJ_COUNTERS: -+ case CMD_OBJ_QUOTA: -+ case CMD_OBJ_QUOTAS: -+ case CMD_OBJ_LIMIT: -+ case CMD_OBJ_LIMITS: -+ case CMD_OBJ_SECMARK: -+ case CMD_OBJ_SECMARKS: -+ case CMD_OBJ_SYNPROXY: -+ case CMD_OBJ_SYNPROXYS: -+ case CMD_OBJ_CT_HELPER: -+ case CMD_OBJ_CT_HELPERS: -+ case CMD_OBJ_CT_TIMEOUT: -+ case CMD_OBJ_CT_EXPECT: -+ if (h->table.name && -+ strlen(h->table.name) > NFT_NAME_MAXLEN) { -+ loc = &h->table.location; -+ goto err_name_too_long; -+ } -+ if (h->obj.name && -+ strlen(h->obj.name) > NFT_NAME_MAXLEN) { -+ loc = &h->obj.location; -+ goto err_name_too_long; -+ } -+ break; -+ } -+ -+ return 0; -+ -+err_name_too_long: -+ erec_queue(error(loc, "name too long, %d characters maximum allowed", -+ NFT_NAME_MAXLEN), -+ msgs); -+ return -1; -+} -+ -+ - static unsigned int evaluate_cache_del(struct cmd *cmd, unsigned int flags) - { - switch (cmd->obj) { -@@ -121,8 +225,12 @@ unsigned int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds) - { - unsigned int flags = NFT_CACHE_EMPTY; - struct cmd *cmd; -+ struct list_head *msgs; - - list_for_each_entry(cmd, cmds, list) { -+ if (nft_handle_validate(cmd, msgs) < 0) -+ return -1; -+ - switch (cmd->op) { - case CMD_ADD: - case CMD_INSERT: --- -2.33.0 - diff --git a/backport-evaluate-fix-segfault-when-adding-elements-to-invalid-set.patch b/backport-evaluate-fix-segfault-when-adding-elements-to-invalid-set.patch deleted file mode 100644 index 9e51e947390e6c6f292a484e07312904c991b179..0000000000000000000000000000000000000000 --- a/backport-evaluate-fix-segfault-when-adding-elements-to-invalid-set.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 27107b4932b1bd1a39c21e0d7865f3bf220a3857 Mon Sep 17 00:00:00 2001 -From: Peter Tirsek -Date: Sun, 26 Jun 2022 00:47:07 -0500 -Subject: [PATCH] evaluate: fix segfault when adding elements to invalid set - -Adding elements to a set or map with an invalid definition causes nft to -segfault. The following nftables.conf triggers the crash: - - flush ruleset - create table inet filter - set inet filter foo {} - add element inet filter foo { foobar } - -Simply parsing and checking the config will trigger it: - - $ nft -c -f nftables.conf.crash - Segmentation fault - -The error in the set/map definition is correctly caught and queued, but -because the set is invalid and does not contain a key type, adding to it -causes a NULL pointer dereference of set->key within setelem_evaluate(). - -I don't think it's necessary to queue another error since the underlying -problem is correctly detected and reported when parsing the definition -of the set. Simply checking the validity of set->key before using it -seems to fix it, causing the error in the definition of the set to be -reported properly. The element type error isn't caught, but that seems -reasonable since the key type is invalid or unknown anyway: - - $ ./nft -c -f ~/nftables.conf.crash - /home/pti/nftables.conf.crash:3:21-21: Error: set definition does not specify key - set inet filter foo {} - ^ - -[ Add tests to cover this case --pablo ] - -Conflict: remove tests/shell/testcases/sets/errors_0 -Reference: https://git.netfilter.org/nftables/commit?id=27107b4932b1bd1a39c21e0d7865f3bf220a3857 - -Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1597 -Signed-off-by: Peter Tirsek -Signed-off-by: Pablo Neira Ayuso ---- - src/evaluate.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/evaluate.c b/src/evaluate.c -index 8de8351..a7c2722 100644 ---- a/src/evaluate.c -+++ b/src/evaluate.c -@@ -3853,6 +3853,9 @@ static int setelem_evaluate(struct eval_ctx *ctx, struct cmd *cmd) - return set_not_found(ctx, &ctx->cmd->handle.set.location, - ctx->cmd->handle.set.name); - -+ if (set->key == NULL) -+ return -1; -+ - ctx->set = set; - expr_set_context(&ctx->ectx, set->key->dtype, set->key->len); - if (expr_evaluate(ctx, &cmd->expr) < 0) --- -2.33.0 - diff --git a/backport-parser_json-fix-device-parsing-in-netdev-family.patch b/backport-parser_json-fix-device-parsing-in-netdev-family.patch deleted file mode 100644 index b891355e8398096e1d80feb71a35a91da7934ce5..0000000000000000000000000000000000000000 --- a/backport-parser_json-fix-device-parsing-in-netdev-family.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 8efab5527cbcb15cd9bff462b7549c0d6181c003 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Mon, 1 Aug 2022 16:15:08 +0200 -Subject: [PATCH] parser_json: fix device parsing in netdev family - -json_unpack() function is not designed to take a pre-allocated buffer. - -Conflict: NA -Reference: https://git.netfilter.org/nftables/commit?id=8efab5527cbcb15cd9bff462b7549c0d6181c003 - -Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1612 -Fixes: 3fdc7541fba0 ("src: add multidevice support for netdev chain") -Signed-off-by: Pablo Neira Ayuso ---- - src/parser_json.c | 3 +-- - tests/shell/testcases/json/netdev | 19 +++++++++++++++++++ - 2 files changed, 20 insertions(+), 2 deletions(-) - create mode 100755 tests/shell/testcases/json/netdev - -diff --git a/src/parser_json.c b/src/parser_json.c -index 666aa2f..d434839 100644 ---- a/src/parser_json.c -+++ b/src/parser_json.c -@@ -2746,8 +2746,7 @@ static struct cmd *json_parse_cmd_add_chain(struct json_ctx *ctx, json_t *root, - struct handle h = { - .table.location = *int_loc, - }; -- const char *family = "", *policy = "", *type, *hookstr; -- const char name[IFNAMSIZ]; -+ const char *family = "", *policy = "", *type, *hookstr, *name; - struct chain *chain; - int prio; - -diff --git a/tests/shell/testcases/json/netdev b/tests/shell/testcases/json/netdev -new file mode 100755 -index 0000000..a16a4f5 ---- /dev/null -+++ b/tests/shell/testcases/json/netdev -@@ -0,0 +1,19 @@ -+#!/bin/bash -+ -+ip link add d0 type dummy || { -+ echo "Skipping, no dummy interface available" -+ exit 0 -+} -+trap "ip link del d0" EXIT -+ -+set -e -+ -+$NFT flush ruleset -+$NFT add table inet test -+$NFT add chain inet test c -+ -+$NFT flush ruleset -+ -+RULESET='{"nftables":[{"flush":{"ruleset":null}},{"add":{"table":{"family":"netdev","name":"test_table"}}},{"add":{"chain":{"family":"netdev","table":"test_table","name":"test_chain","type":"filter","hook":"ingress","prio":0,"dev":"d0","policy":"accept"}}}]}' -+ -+$NFT -j -f - <<< $RULESET --- -2.33.0 - diff --git a/backport-segtree-add-string-range-reversal-support.patch b/backport-segtree-add-string-range-reversal-support.patch deleted file mode 100644 index 63c81ffeec4aa6f6da6e4ffd7e8fdf3f535193a5..0000000000000000000000000000000000000000 --- a/backport-segtree-add-string-range-reversal-support.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 5e393ea1fc0ad6b59e90103bf83e93b2449d519e Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Sat, 9 Apr 2022 15:58:29 +0200 -Subject: segtree: add string "range" reversal support - -Previous commits allows to use set key as a range, i.e. - - key ifname - flags interval - elements = { eth* } - -and then have it match on any interface starting with 'eth'. - -Listing is broken however, we need to reverse-translate the (128bit) -number back to a string. - -'eth*' is stored as interval -00687465 0000000 .. 00697465 0000000, i.e. "eth-eti", -this adds the needed endianess fixups. - -Conflict: NA -Reference: https://git.netfilter.org/nftables/patch/?id=5e393ea1fc0ad6b59e90103bf83e93b2449d519e - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - src/segtree.c | 47 +++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 41 insertions(+), 6 deletions(-) - -diff --git a/src/segtree.c b/src/segtree.c -index b4e76bf5..bed8bbcf 100644 ---- a/src/segtree.c -+++ b/src/segtree.c -@@ -1032,6 +1032,33 @@ static struct expr *interval_to_prefix(struct expr *low, struct expr *i, const m - return __expr_to_set_elem(low, prefix); - } - -+static struct expr *interval_to_string(struct expr *low, struct expr *i, const mpz_t range) -+{ -+ unsigned int len = div_round_up(i->len, BITS_PER_BYTE); -+ unsigned int prefix_len, str_len; -+ char data[len + 2]; -+ struct expr *expr; -+ -+ prefix_len = expr_value(i)->len - mpz_scan0(range, 0); -+ -+ if (prefix_len > i->len || prefix_len % BITS_PER_BYTE) -+ return interval_to_prefix(low, i, range); -+ -+ mpz_export_data(data, expr_value(low)->value, BYTEORDER_BIG_ENDIAN, len); -+ -+ str_len = strnlen(data, len); -+ if (str_len >= len || str_len == 0) -+ return interval_to_prefix(low, i, range); -+ -+ data[str_len] = '*'; -+ -+ expr = constant_expr_alloc(&low->location, low->dtype, -+ BYTEORDER_HOST_ENDIAN, -+ (str_len + 1) * BITS_PER_BYTE, data); -+ -+ return __expr_to_set_elem(low, expr); -+} -+ - static struct expr *interval_to_range(struct expr *low, struct expr *i, mpz_t range) - { - struct expr *tmp; -@@ -1130,16 +1157,24 @@ void interval_map_decompose(struct expr *set) - - mpz_and(p, expr_value(low)->value, range); - -- if (!mpz_cmp_ui(range, 0)) -+ if (!mpz_cmp_ui(range, 0)) { -+ if (expr_basetype(low)->type == TYPE_STRING) -+ mpz_switch_byteorder(expr_value(low)->value, low->len / BITS_PER_BYTE); -+ - compound_expr_add(set, expr_get(low)); -- else if ((!range_is_prefix(range) || -- !(i->dtype->flags & DTYPE_F_PREFIX)) || -- mpz_cmp_ui(p, 0)) { -- struct expr *expr = interval_to_range(low, i, range); -+ } else if (range_is_prefix(range) && !mpz_cmp_ui(p, 0)) { -+ struct expr *expr; -+ -+ if (i->dtype->flags & DTYPE_F_PREFIX) -+ expr = interval_to_prefix(low, i, range); -+ else if (expr_basetype(i)->type == TYPE_STRING) -+ expr = interval_to_string(low, i, range); -+ else -+ expr = interval_to_range(low, i, range); - - compound_expr_add(set, expr); - } else { -- struct expr *expr = interval_to_prefix(low, i, range); -+ struct expr *expr = interval_to_range(low, i, range); - - compound_expr_add(set, expr); - } --- -cgit v1.2.3 diff --git a/backport-segtree-fix-map-listing-with-interface-wildcard.patch b/backport-segtree-fix-map-listing-with-interface-wildcard.patch deleted file mode 100644 index 8f6b5779268d33a111c74e5289e05362d3540fb9..0000000000000000000000000000000000000000 --- a/backport-segtree-fix-map-listing-with-interface-wildcard.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 6c23bfa512187d509ecc188653a6f232b0695d1d Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Mon, 27 Jun 2022 12:54:23 +0200 -Subject: [PATCH] segtree: fix map listing with interface wildcard - - # nft -f - <<'EOF' - table inet filter { - chain INPUT { - iifname vmap { - "eth0" : jump input_lan, - "wg*" : jump input_vpn - } - } - chain input_lan {} - chain input_vpn {} - } - EOF - # nft list ruleset - nft: segtree.c:578: interval_map_decompose: Assertion `low->len / 8 > 0' failed. - -Conflict: remove tests/shell/testcases/sets/dumps/sets_with_ifnames.nft -Reference: https://git.netfilter.org/nftables/commit?id=6c23bfa512187d509ecc188653a6f232b0695d1d - -Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1617 -Fixes: 5e393ea1fc0a ("segtree: add string "range" reversal support") -Signed-off-by: Pablo Neira Ayuso ---- - src/segtree.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/segtree.c b/src/segtree.c -index 0135a07..cc60879 100644 ---- a/src/segtree.c -+++ b/src/segtree.c -@@ -1160,7 +1160,7 @@ void interval_map_decompose(struct expr *set) - - if (!mpz_cmp_ui(range, 0)) { - if (expr_basetype(low)->type == TYPE_STRING) -- mpz_switch_byteorder(expr_value(low)->value, low->len / BITS_PER_BYTE); -+ mpz_switch_byteorder(expr_value(low)->value, expr_value(low)->len / BITS_PER_BYTE); - - compound_expr_add(set, expr_get(low)); - } else if (range_is_prefix(range) && !mpz_cmp_ui(p, 0)) { --- -2.33.0 - diff --git a/backport-segtree-split-prefix-and-range-creation-to-a-helper-function.patch b/backport-segtree-split-prefix-and-range-creation-to-a-helper-function.patch deleted file mode 100644 index e948bdb6f086510fe9ee393b0e07b8dca4afc5ff..0000000000000000000000000000000000000000 --- a/backport-segtree-split-prefix-and-range-creation-to-a-helper-function.patch +++ /dev/null @@ -1,143 +0,0 @@ -From ada50f84bf5a1475549f3f372834812e7cd8d675 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Sat, 9 Apr 2022 15:58:26 +0200 -Subject: segtree: split prefix and range creation to a helper function - -No functional change intended. - -Conflict: NA -Reference: https://git.netfilter.org/nftables/patch/src/segtree.c?id=ada50f84bf5a1475549f3f372834812e7cd8d675 - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - src/segtree.c | 95 ++++++++++++++++++++++++++++++++--------------------------- - 1 file changed, 52 insertions(+), 43 deletions(-) - -(limited to 'src/segtree.c') - -diff --git a/src/segtree.c b/src/segtree.c -index a61ea3d2..188cafed 100644 ---- a/src/segtree.c -+++ b/src/segtree.c -@@ -773,6 +773,22 @@ out: - return range; - } - -+static struct expr *__expr_to_set_elem(struct expr *low, struct expr *expr) -+{ -+ struct expr *elem = set_elem_expr_alloc(&low->location, expr); -+ -+ if (low->etype == EXPR_MAPPING) { -+ interval_expr_copy(elem, low->left); -+ -+ elem = mapping_expr_alloc(&low->location, elem, -+ expr_clone(low->right)); -+ } else { -+ interval_expr_copy(elem, low); -+ } -+ -+ return elem; -+} -+ - int get_set_decompose(struct set *cache_set, struct set *set) - { - struct expr *i, *next, *range; -@@ -980,6 +996,38 @@ next: - } - } - -+static struct expr *interval_to_prefix(struct expr *low, struct expr *i, const mpz_t range) -+{ -+ unsigned int prefix_len; -+ struct expr *prefix; -+ -+ prefix_len = expr_value(i)->len - mpz_scan0(range, 0); -+ prefix = prefix_expr_alloc(&low->location, -+ expr_clone(expr_value(low)), -+ prefix_len); -+ prefix->len = expr_value(i)->len; -+ -+ return __expr_to_set_elem(low, prefix); -+} -+ -+static struct expr *interval_to_range(struct expr *low, struct expr *i, mpz_t range) -+{ -+ struct expr *tmp; -+ -+ tmp = constant_expr_alloc(&low->location, low->dtype, -+ low->byteorder, expr_value(low)->len, -+ NULL); -+ -+ mpz_add(range, range, expr_value(low)->value); -+ mpz_set(tmp->value, range); -+ -+ tmp = range_expr_alloc(&low->location, -+ expr_clone(expr_value(low)), -+ tmp); -+ -+ return __expr_to_set_elem(low, tmp); -+} -+ - void interval_map_decompose(struct expr *set) - { - struct expr *i, *next, *low = NULL, *end, *catchall = NULL, *key; -@@ -1065,52 +1113,13 @@ void interval_map_decompose(struct expr *set) - else if ((!range_is_prefix(range) || - !(i->dtype->flags & DTYPE_F_PREFIX)) || - mpz_cmp_ui(p, 0)) { -- struct expr *tmp; -- -- tmp = constant_expr_alloc(&low->location, low->dtype, -- low->byteorder, expr_value(low)->len, -- NULL); -- -- mpz_add(range, range, expr_value(low)->value); -- mpz_set(tmp->value, range); -+ struct expr *expr = interval_to_range(low, i, range); - -- tmp = range_expr_alloc(&low->location, -- expr_clone(expr_value(low)), -- tmp); -- tmp = set_elem_expr_alloc(&low->location, tmp); -- -- if (low->etype == EXPR_MAPPING) { -- interval_expr_copy(tmp, low->left); -- -- tmp = mapping_expr_alloc(&tmp->location, tmp, -- expr_clone(low->right)); -- } else { -- interval_expr_copy(tmp, low); -- } -- -- compound_expr_add(set, tmp); -+ compound_expr_add(set, expr); - } else { -- struct expr *prefix; -- unsigned int prefix_len; -- -- prefix_len = expr_value(i)->len - mpz_scan0(range, 0); -- prefix = prefix_expr_alloc(&low->location, -- expr_clone(expr_value(low)), -- prefix_len); -- prefix->len = expr_value(i)->len; -- -- prefix = set_elem_expr_alloc(&low->location, prefix); -- -- if (low->etype == EXPR_MAPPING) { -- interval_expr_copy(prefix, low->left); -- -- prefix = mapping_expr_alloc(&low->location, prefix, -- expr_clone(low->right)); -- } else { -- interval_expr_copy(prefix, low); -- } -+ struct expr *expr = interval_to_prefix(low, i, range); - -- compound_expr_add(set, prefix); -+ compound_expr_add(set, expr); - } - - if (i->flags & EXPR_F_INTERVAL_END) { --- -cgit v1.2.3 diff --git a/nftables-1.0.0.tar.bz2 b/nftables-1.0.0.tar.bz2 deleted file mode 100644 index 41a061283fa0891240232cc277ce66456413a44f..0000000000000000000000000000000000000000 Binary files a/nftables-1.0.0.tar.bz2 and /dev/null differ diff --git a/nftables-1.0.5.tar.bz2 b/nftables-1.0.5.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..fea7d2661f8a6f343a9f8023217e955e3e864027 Binary files /dev/null and b/nftables-1.0.5.tar.bz2 differ diff --git a/nftables.spec b/nftables.spec index 4c41193e4c444ee25e9241c9295923110f933a4a..3ddab7c4900d4f5600f6a0fafb9b7feba5a6983a 100644 --- a/nftables.spec +++ b/nftables.spec @@ -1,6 +1,6 @@ Name: nftables -Version: 1.0.0 -Release: 4 +Version: 1.0.5 +Release: 2 Epoch: 1 Summary: A subsystem of the Linux kernel processing network data License: GPLv2 @@ -9,17 +9,11 @@ Source0: http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz Source1: nftables.service Source2: nftables.conf -Patch0: backport-cache-validate-handle-string-length.patch -Patch1: backport-evaluate-fix-segfault-when-adding-elements-to-invalid-set.patch -Patch2: backport-segtree-split-prefix-and-range-creation-to-a-helper-function.patch -Patch3: backport-segtree-add-string-range-reversal-support.patch -Patch4: backport-segtree-fix-map-listing-with-interface-wildcard.patch -Patch5: backport-src-Don-t-parse-string-as-verdict-in-map.patch -Patch6: backport-parser_json-fix-device-parsing-in-netdev-family.patch +Patch6001: backport-src-Don-t-parse-string-as-verdict-in-map.patch BuildRequires: gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd BuildRequires: iptables-devel jansson-devel python3-devel -BuildRequires: chrpath +BuildRequires: chrpath libedit-devel %description nftables is a subsystem of the Linux kernel providing filtering and classification of\ @@ -101,7 +95,6 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf %files devel %defattr(-,root,root) %{_includedir}/nftables/libnftables.h -%{_libdir}/*.a %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc @@ -116,6 +109,18 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf %{python3_sitelib}/nftables/ %changelog +* Wed Feb 15 2023 zhanghao - 1:1.0.5-2 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:fix one patch from 1.0.0 and delete useless Patches + +* Wed Feb 08 2023 zhanghao - 1:1.0.5-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:update to 1.0.5 + * Mon Nov 21 2022 huangyu - 1:1.0.0-4 - Type:feature - ID:NA