nftables/nftables.spec

Name:           nftables
Version:        1.0.0
Release:        7
Epoch:          1
Summary:        A subsystem of the Linux kernel processing network data
License:        GPLv2
URL:            https://netfilter.org/projects/nftables/
Source0:        http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2
Source1:        nftables.service
Source2:        nftables.conf

Patch0:         backport-cache-validate-handle-string-length.patch
Patch1:         backport-evaluate-fix-segfault-when-adding-elements-to-invalid-set.patch
Patch2:         backport-segtree-split-prefix-and-range-creation-to-a-helper-function.patch
Patch3:         backport-segtree-add-string-range-reversal-support.patch
Patch4:         backport-segtree-fix-map-listing-with-interface-wildcard.patch
Patch5:         backport-src-Don-t-parse-string-as-verdict-in-map.patch
Patch6:         backport-parser_json-fix-device-parsing-in-netdev-family.patch
Patch7:         backport-iptopt-fix-crash-with-invalid-field-type-combo.patch
Patch8:         backport-evaluate-string-prefix-expression-must-retain-original-length.patch
Patch9:         backport-libnftables-release-top-level-scope.patch
Patch10:        backport-dump-locations-expressions-only-if-set.patch

Patch11:        backport-evaluate-allow-implicit-ether-vlan-dep.patch
Patch12:        backport-evaluate-datatype-memleak-after-binop-transfer.patch
Patch13:        backport-evaluate-bogus-datatype-assertion-in-binary-operation-evaluation.patch
Patch14:        backport-netlink_delinearize-do-not-transfer-binary-operation-to-non-anonymous-sets.patch
Patch15:        backport-payload-do-not-kill-dependency-for-proto_unknown.patch
Patch16:        backport-monitor-missing-cache-and-set-handle-initialization.patch
Patch17:        backport-netlink_linearize-fix-timeout-with-map-updates.patch

BuildRequires:  gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd
BuildRequires:  iptables-devel jansson-devel python3-devel
BuildRequires:  chrpath

%description
nftables is a subsystem of the Linux kernel providing filtering and classification of\
network packets/datagrams/frames. 

%package        devel
Summary:        Development library for nftables / libnftables
Requires:       %{name} = %{epoch}:%{version}-%{release}  pkgconfig

%description devel
Development tools and static libraries and header files for the libnftables library.

%package_help

%package -n     python3-nftables
Summary:        Python module providing an interface to libnftables
Requires:       %{name} = %{epoch}:%{version}-%{release}
%{?python_provide:%python_provide python3-nftables}

%description -n python3-nftables
The nftables python module providing an interface to libnftables via ctypes.

%prep
%autosetup -n %{name}-%{version} -p1

%build
%configure --disable-silent-rules --with-xtables --with-json \
        --enable-python --with-python-bin=%{__python3}
%make_build

%check
make check

%install
%make_install
%delete_la

chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*

install -d $RPM_BUILD_ROOT/%{_unitdir}
cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/

install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/

install -d $RPM_BUILD_ROOT/%{_sysconfdir}/nftables
mv $RPM_BUILD_ROOT/%{_datadir}/nftables/*.nft $RPM_BUILD_ROOT/%{_sysconfdir}/nftables/

chrpath -d %{buildroot}%{_sbindir}/nft

mkdir -p %{buildroot}/etc/ld.so.conf.d
echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf

%post
%systemd_post nftables.service
/sbin/ldconfig

%preun
%systemd_preun nftables.service

%postun
%systemd_postun_with_restart nftables.service
/sbin/ldconfig

%ldconfig_scriptlets devel

%files
%defattr(-,root,root)
%license COPYING
%config(noreplace) %{_sysconfdir}/nftables/
%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf
%config(noreplace) /etc/ld.so.conf.d/*
%{_sbindir}/nft
%{_libdir}/*.so.*
%{_unitdir}/nftables.service
%{_docdir}/nftables/examples/*.nft

%files devel
%defattr(-,root,root)
%{_includedir}/nftables/libnftables.h
%{_libdir}/*.a
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc

%files help
%defattr(-,root,root)
%{_mandir}/man8/nft*
%{_mandir}/man3/libnftables.3*
%{_mandir}/man5/libnftables-json*

%files -n python3-nftables
%{python3_sitelib}/nftables-*.egg-info
%{python3_sitelib}/nftables/

%changelog
* Tue Mar 21 2023 zhanghao <zhanghao383@huawei.com> - 1:1.0.0-7
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:evaluate allow implicit ether vlan dep
evaluate datatype memleak after binop transfer
evaluate bogus datatype assertion in binary operation evaluation
netlink delinearize do not transfer binary operation to non anonymous sets
payload do not kill dependency for proto unknown
monitor missing cache and set handle initialization
netlink linearize fix timeout with map updates

* Thu Dec 15 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix dump locations expressions only if set

* Tue Dec 13 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix string prefix expression must retain original length
fix release top level scope

* Mon Nov 21 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-4
- Type:feature
- ID:NA
- SUG:NA
- DESC:enabled DT testcase

* Fri Sep 30 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix nft desribe ip option rr value coredump

* Sat Sep 03 2022 xinghe <xinghe2@h-partners.com> - 1:1.0.0-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix cache prepare nft_cache evaluate to return error
       fix cache validate handle string length
       add src support for implicit chain bindings
       fix cache release pending rules
       fix segtree map listing
       parser_json fix device parsing in netdev family
       fix src Don't parse string as verdict in map

* Sat Dec 04 2021 yanglu <yanglu72@huawei.com> - 1:1.0.0-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update nftables to 1.0.0

* Tue Sep 07 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-3
- Type:requirement
- ID:NA
- SUG:NA
- DESC:remove rpath of nft

* Tue Aug 24 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-2
- json: fix base chain output 

* Fri Jul 23 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-1
- update to 0.9.9

* Thu Jul 30 2020 cuibaobao <buildteam@openeuler.org> - 1:0.9.6-2
- Add python3-nftables sub-package

* Thu Jul 23 2020 cuibaobao <buildteam@openeuler.org> - 1:0.9.6-1
- update to 0.9.6

* Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:0.9.0-3
- Package init
Package init 2019-09-30 11:09:52 -04:00			`Name: nftables`
update nftables to 1.0.0 2021-12-04 17:17:42 +08:00			`Version: 1.0.0`
nftables:fix some pathces from commity 2023-03-21 20:15:14 +08:00			`Release: 7`
Package init 2019-09-30 11:09:52 -04:00			`Epoch: 1`
			`Summary: A subsystem of the Linux kernel processing network data`
			`License: GPLv2`
			`URL: https://netfilter.org/projects/nftables/`
			`Source0: http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2`
			`Source1: nftables.service`
			`Source2: nftables.conf`

fix Community bugs (cherry picked from commit ed367f95d96406f99a5198c53760e8d7202640aa) 2022-09-03 16:08:12 +08:00			`Patch0: backport-cache-validate-handle-string-length.patch`
			`Patch1: backport-evaluate-fix-segfault-when-adding-elements-to-invalid-set.patch`
			`Patch2: backport-segtree-split-prefix-and-range-creation-to-a-helper-function.patch`
			`Patch3: backport-segtree-add-string-range-reversal-support.patch`
			`Patch4: backport-segtree-fix-map-listing-with-interface-wildcard.patch`
			`Patch5: backport-src-Don-t-parse-string-as-verdict-in-map.patch`
			`Patch6: backport-parser_json-fix-device-parsing-in-netdev-family.patch`
sync: fix some patches from commity 2022-12-13 21:40:54 +08:00			`Patch7: backport-iptopt-fix-crash-with-invalid-field-type-combo.patch`
			`Patch8: backport-evaluate-string-prefix-expression-must-retain-original-length.patch`
			`Patch9: backport-libnftables-release-top-level-scope.patch`
sync: fix one patches from commity 2022-12-15 09:52:43 +08:00			`Patch10: backport-dump-locations-expressions-only-if-set.patch`
fix Community bugs (cherry picked from commit ed367f95d96406f99a5198c53760e8d7202640aa) 2022-09-03 16:08:12 +08:00
nftables:fix some pathces from commity 2023-03-21 20:15:14 +08:00			`Patch11: backport-evaluate-allow-implicit-ether-vlan-dep.patch`
			`Patch12: backport-evaluate-datatype-memleak-after-binop-transfer.patch`
			`Patch13: backport-evaluate-bogus-datatype-assertion-in-binary-operation-evaluation.patch`
			`Patch14: backport-netlink_delinearize-do-not-transfer-binary-operation-to-non-anonymous-sets.patch`
			`Patch15: backport-payload-do-not-kill-dependency-for-proto_unknown.patch`
			`Patch16: backport-monitor-missing-cache-and-set-handle-initialization.patch`
			`Patch17: backport-netlink_linearize-fix-timeout-with-map-updates.patch`

Package init 2019-09-30 11:09:52 -04:00			`BuildRequires: gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd`
add python3-nftables 2020-07-30 15:20:48 +08:00			`BuildRequires: iptables-devel jansson-devel python3-devel`
remove rpath of nft 2021-09-07 15:06:22 +08:00			`BuildRequires: chrpath`
Package init 2019-09-30 11:09:52 -04:00
			`%description`
			`nftables is a subsystem of the Linux kernel providing filtering and classification of\`
			`network packets/datagrams/frames.`

			`%package devel`
			`Summary: Development library for nftables / libnftables`
			`Requires: %{name} = %{epoch}:%{version}-%{release} pkgconfig`

			`%description devel`
			`Development tools and static libraries and header files for the libnftables library.`

			`%package_help`

add python3-nftables 2020-07-30 15:20:48 +08:00			`%package -n python3-nftables`
			`Summary: Python module providing an interface to libnftables`
			`Requires: %{name} = %{epoch}:%{version}-%{release}`
			`%{?python_provide:%python_provide python3-nftables}`

			`%description -n python3-nftables`
			`The nftables python module providing an interface to libnftables via ctypes.`

Package init 2019-09-30 11:09:52 -04:00			`%prep`
json: fix base chain output 2021-08-24 11:46:25 +08:00			`%autosetup -n %{name}-%{version} -p1`
Package init 2019-09-30 11:09:52 -04:00
			`%build`
add python3-nftables 2020-07-30 15:20:48 +08:00			`%configure --disable-silent-rules --with-xtables --with-json \`
			`--enable-python --with-python-bin=%{__python3}`
Package init 2019-09-30 11:09:52 -04:00			`%make_build`

nftables:Enabled DT testcase Signed-off-by: huangyu <huangyu106@huawei.com> 2022-11-21 15:18:15 +08:00			`%check`
			`make check`

Package init 2019-09-30 11:09:52 -04:00			`%install`
			`%make_install`
			`%delete_la`

			`chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*`

			`install -d $RPM_BUILD_ROOT/%{_unitdir}`
			`cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/`

			`install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig`
			`cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/`

			`install -d $RPM_BUILD_ROOT/%{_sysconfdir}/nftables`
update to 0.9.9 2021-07-23 15:40:08 +08:00			`mv $RPM_BUILD_ROOT/%{_datadir}/nftables/*.nft $RPM_BUILD_ROOT/%{_sysconfdir}/nftables/`
Package init 2019-09-30 11:09:52 -04:00
remove rpath of nft 2021-09-07 15:06:22 +08:00			`chrpath -d %{buildroot}%{_sbindir}/nft`

			`mkdir -p %{buildroot}/etc/ld.so.conf.d`
			`echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf`

Package init 2019-09-30 11:09:52 -04:00			`%post`
			`%systemd_post nftables.service`
remove rpath of nft 2021-09-07 15:06:22 +08:00			`/sbin/ldconfig`
Package init 2019-09-30 11:09:52 -04:00
			`%preun`
			`%systemd_preun nftables.service`

			`%postun`
			`%systemd_postun_with_restart nftables.service`
remove rpath of nft 2021-09-07 15:06:22 +08:00			`/sbin/ldconfig`
Package init 2019-09-30 11:09:52 -04:00
			`%ldconfig_scriptlets devel`

			`%files`
			`%defattr(-,root,root)`
			`%license COPYING`
			`%config(noreplace) %{_sysconfdir}/nftables/`
			`%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf`
remove rpath of nft 2021-09-07 15:06:22 +08:00			`%config(noreplace) /etc/ld.so.conf.d/*`
Package init 2019-09-30 11:09:52 -04:00			`%{_sbindir}/nft`
			`%{_libdir}/.so.`
			`%{_unitdir}/nftables.service`
update to 0.9.6 2020-07-23 17:48:57 +08:00			`%{_docdir}/nftables/examples/*.nft`
Package init 2019-09-30 11:09:52 -04:00
			`%files devel`
			`%defattr(-,root,root)`
			`%{_includedir}/nftables/libnftables.h`
			`%{_libdir}/*.a`
			`%{_libdir}/*.so`
			`%{_libdir}/pkgconfig/*.pc`

			`%files help`
			`%defattr(-,root,root)`
			`%{_mandir}/man8/nft*`
update to 0.9.6 2020-07-23 17:48:57 +08:00			`%{_mandir}/man3/libnftables.3*`
			`%{_mandir}/man5/libnftables-json*`
Package init 2019-09-30 11:09:52 -04:00
add python3-nftables 2020-07-30 15:20:48 +08:00			`%files -n python3-nftables`
			`%{python3_sitelib}/nftables-*.egg-info`
			`%{python3_sitelib}/nftables/`

Package init 2019-09-30 11:09:52 -04:00			`%changelog`
nftables:fix some pathces from commity 2023-03-21 20:15:14 +08:00			`* Tue Mar 21 2023 zhanghao <zhanghao383@huawei.com> - 1:1.0.0-7`
			`- Type:bugfix`
			`- CVE:NA`
			`- SUG:NA`
			`- DESC:evaluate allow implicit ether vlan dep`
			`evaluate datatype memleak after binop transfer`
			`evaluate bogus datatype assertion in binary operation evaluation`
			`netlink delinearize do not transfer binary operation to non anonymous sets`
			`payload do not kill dependency for proto unknown`
			`monitor missing cache and set handle initialization`
			`netlink linearize fix timeout with map updates`

sync: fix one patches from commity 2022-12-15 09:52:43 +08:00			`* Thu Dec 15 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-6`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:fix dump locations expressions only if set`

sync: fix some patches from commity 2022-12-13 21:40:54 +08:00			`* Tue Dec 13 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-5`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:fix string prefix expression must retain original length`
			`fix release top level scope`

			`* Mon Nov 21 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-4`
nftables:Enabled DT testcase Signed-off-by: huangyu <huangyu106@huawei.com> 2022-11-21 15:18:15 +08:00			`- Type:feature`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:enabled DT testcase`

sync: fix some patches from commity 2022-12-13 21:40:54 +08:00			`* Fri Sep 30 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-3`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:fix nft desribe ip option rr value coredump`

fix Community bugs (cherry picked from commit ed367f95d96406f99a5198c53760e8d7202640aa) 2022-09-03 16:08:12 +08:00			`* Sat Sep 03 2022 xinghe <xinghe2@h-partners.com> - 1:1.0.0-2`
			`- Type:bugfix`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:fix cache prepare nft_cache evaluate to return error`
			`fix cache validate handle string length`
			`add src support for implicit chain bindings`
			`fix cache release pending rules`
			`fix segtree map listing`
			`parser_json fix device parsing in netdev family`
			`fix src Don't parse string as verdict in map`

update nftables to 1.0.0 2021-12-04 17:17:42 +08:00			`* Sat Dec 04 2021 yanglu <yanglu72@huawei.com> - 1:1.0.0-1`
			`- Type:requirement`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:update nftables to 1.0.0`

remove rpath of nft 2021-09-07 15:06:22 +08:00			`* Tue Sep 07 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-3`
			`- Type:requirement`
			`- ID:NA`
			`- SUG:NA`
			`- DESC:remove rpath of nft`

json: fix base chain output 2021-08-24 11:46:25 +08:00			`* Tue Aug 24 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-2`
			`- json: fix base chain output`

update to 0.9.9 2021-07-23 15:40:08 +08:00			`* Fri Jul 23 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-1`
			`- update to 0.9.9`

add python3-nftables 2020-07-30 15:20:48 +08:00			`* Thu Jul 30 2020 cuibaobao <buildteam@openeuler.org> - 1:0.9.6-2`
			`- Add python3-nftables sub-package`

update to 0.9.6 2020-07-23 17:48:57 +08:00			`* Thu Jul 23 2020 cuibaobao <buildteam@openeuler.org> - 1:0.9.6-1`
			`- update to 0.9.6`

Package init 2019-09-30 11:09:52 -04:00			`* Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:0.9.0-3`
			`- Package init`