diff --git a/backport-src-Don-t-parse-string-as-verdict-in-map.patch b/backport-src-Don-t-parse-string-as-verdict-in-map.patch
deleted file mode 100644
index c8264ee0e8d5e267367253e5e05d1543a0711fc8..0000000000000000000000000000000000000000
--- a/backport-src-Don-t-parse-string-as-verdict-in-map.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From 9a20f17a7a82ce5ba47047e6c3d2fc921cc1087d Mon Sep 17 00:00:00 2001
-From: Xiao Liang <shaw.leon@gmail.com>
-Date: Fri, 19 Aug 2022 10:40:23 +0800
-Subject: [PATCH] src: Don't parse string as verdict in map
-
-In verdict map, string values are accidentally treated as verdicts.
-
-For example:
-
-table t {
-    map foo {
-        type ipv4_addr : verdict
-        elements = {
-            192.168.0.1 : bar
-        }
-    }
-    chain output {
-        type filter hook output priority mangle;
-        ip daddr vmap @foo
-    }
-}
-
-Though "bar" is not a valid verdict (should be "jump bar" or something),
-the string is taken as the element value. Then NFTA_DATA_VALUE is sent
-to the kernel instead of NFTA_DATA_VERDICT. This would be rejected by
-recent kernels. On older ones (e.g. v5.4.x) that don't validate the
-type, a warning can be seen when the rule is hit, because of the
-corrupted verdict value:
-
-[5120263.467627] WARNING: CPU: 12 PID: 303303 at net/netfilter/nf_tables_core.c:229 nft_do_chain+0x394/0x500 [nf_tables]
-
-Indeed, we don't parse verdicts during evaluation, but only chain names,
-which is of type string rather than verdict. For example, "jump $var" is
-a verdict while "$var" is a string.
-
-Conflict: NA
-Reference: https://git.netfilter.org/nftables/commit?id=9a20f17a7a82ce5ba47047e6c3d2fc921cc1087d
-
-Fixes: c64457cff967 ("src: Allow goto and jump to a variable")
-Signed-off-by: Xiao Liang <shaw.leon@gmail.com>
-Signed-off-by: Florian Westphal <fw@strlen.de>
----
- src/datatype.c                                | 12 -----------
- src/evaluate.c                                |  3 ++-
- tests/shell/testcases/nft-f/0031vmap_string_0 | 21 +++++++++++++++++++
- 3 files changed, 23 insertions(+), 13 deletions(-)
- create mode 100755 tests/shell/testcases/nft-f/0031vmap_string_0
-
-diff --git a/src/datatype.c b/src/datatype.c
-index 7267d60..120da6d 100644
---- a/src/datatype.c
-+++ b/src/datatype.c
-@@ -321,23 +321,11 @@ static void verdict_type_print(const struct expr *expr, struct output_ctx *octx)
- 	}
- }
- 
--static struct error_record *verdict_type_parse(struct parse_ctx *ctx,
--					       const struct expr *sym,
--					       struct expr **res)
--{
--	*res = constant_expr_alloc(&sym->location, &string_type,
--				   BYTEORDER_HOST_ENDIAN,
--				   (strlen(sym->identifier) + 1) * BITS_PER_BYTE,
--				   sym->identifier);
--	return NULL;
--}
--
- const struct datatype verdict_type = {
- 	.type		= TYPE_VERDICT,
- 	.name		= "verdict",
- 	.desc		= "netfilter verdict",
- 	.print		= verdict_type_print,
--	.parse		= verdict_type_parse,
- };
- 
- static const struct symbol_table nfproto_tbl = {
-diff --git a/src/evaluate.c b/src/evaluate.c
-index c6332a1..66ba6a4 100644
---- a/src/evaluate.c
-+++ b/src/evaluate.c
-@@ -2426,7 +2426,8 @@ static int stmt_evaluate_verdict(struct eval_ctx *ctx, struct stmt *stmt)
- 		if (stmt->expr->verdict != NFT_CONTINUE)
- 			stmt->flags |= STMT_F_TERMINAL;
- 		if (stmt->expr->chain != NULL) {
--			if (expr_evaluate(ctx, &stmt->expr->chain) < 0)
-+			if (stmt_evaluate_arg(ctx, stmt, &string_type, 0, 0,
-+					      &stmt->expr->chain) < 0)
- 				return -1;
- 			if (stmt->expr->chain->etype != EXPR_VALUE) {
- 				return expr_error(ctx->msgs, stmt->expr->chain,
-diff --git a/tests/shell/testcases/nft-f/0031vmap_string_0 b/tests/shell/testcases/nft-f/0031vmap_string_0
-new file mode 100755
-index 0000000..2af846a
---- /dev/null
-+++ b/tests/shell/testcases/nft-f/0031vmap_string_0
-@@ -0,0 +1,21 @@
-+#!/bin/bash
-+
-+# Tests parse of corrupted verdicts
-+
-+set -e
-+
-+RULESET="
-+table ip foo {
-+	map bar {
-+		type ipv4_addr : verdict
-+		elements = {
-+			192.168.0.1 : ber
-+		}
-+	}
-+
-+	chain ber {
-+	}
-+}"
-+
-+$NFT -f - <<< "$RULESET" && exit 1
-+exit 0
--- 
-2.33.0
-
diff --git a/nftables-1.0.5.tar.bz2 b/nftables-1.0.5.tar.bz2
deleted file mode 100644
index fea7d2661f8a6f343a9f8023217e955e3e864027..0000000000000000000000000000000000000000
Binary files a/nftables-1.0.5.tar.bz2 and /dev/null differ
diff --git a/nftables-1.0.8.tar.bz2 b/nftables-1.0.8.tar.bz2
new file mode 100644
index 0000000000000000000000000000000000000000..7d004f9429daf8b2e343ff3f088f996b5469e7ad
Binary files /dev/null and b/nftables-1.0.8.tar.bz2 differ
diff --git a/nftables.spec b/nftables.spec
index 3ddab7c4900d4f5600f6a0fafb9b7feba5a6983a..62588c3b070447998d714aabbdb67ad48fe0e673 100644
--- a/nftables.spec
+++ b/nftables.spec
@@ -1,6 +1,6 @@
 Name:           nftables
-Version:        1.0.5
-Release:        2
+Version:        1.0.8
+Release:        1
 Epoch:          1
 Summary:        A subsystem of the Linux kernel processing network data
 License:        GPLv2
@@ -9,7 +9,6 @@ Source0:        http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz
 Source1:        nftables.service
 Source2:        nftables.conf
 
-Patch6001:      backport-src-Don-t-parse-string-as-verdict-in-map.patch
 
 BuildRequires:  gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd
 BuildRequires:  iptables-devel jansson-devel python3-devel
@@ -109,6 +108,9 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %{python3_sitelib}/nftables/
 
 %changelog
+* Tue Jul 25 2023 chenzixuan <chenzixuan@kylinos.cn> - 1:1.0.8-1
+- update to 1.0.8
+
 * Wed Feb 15 2023 zhanghao <zhanghao383@huawei.com> - 1:1.0.5-2
 - Type:requirement
 - ID:NA