rpms/conntrack-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: rhbz#2132747 conntrack-tools-1.4.7 is available

Browse Source 
Add gpg source code verification
Removed patches that were merged upstream
This commit is contained in:
Paul Wouters 2023-07-05 22:35:28 -04:00
parent 6a65af4dd8
commit 82ce71e64d
No known key found for this signature in database
GPG Key ID: DB48D2E5122468BF
6 changed files with 77 additions and 608 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -8,3 +8,5 @@ conntrack-tools-0.9.14.tar.bz2
/conntrack-tools-1.4.4.tar.bz2
/conntrack-tools-1.4.5.tar.bz2
/conntrack-tools-1.4.6.tar.bz2
/conntrack-tools-1.4.7.tar.bz2
/conntrack-tools-1.4.7.tar.bz2.sig

59
0001-build-remove-commented-out-macros-from-configure.ac.patch
View File

@ -1,59 +0,0 @@
From 9ec53c524d1201e6a9b2feca796ffbe2e5d1b743 Mon Sep 17 00:00:00 2001
From: Jeremy Sowden <jeremy@azazel.net>
Date: Sat, 25 Sep 2021 16:10:30 +0100
Subject: [PATCH] build: remove commented-out macros from configure.ac
This code has been commented out since at least 2007.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 3184d9936329dafbc2a24f546224a44f66d975b5)
---
configure.ac | 25 -------------------------
1 file changed, 25 deletions(-)
diff --git a/configure.ac b/configure.ac
index d0565bed3532e..5ff8921b6fc82 100644
--- a/configure.ac
+++ b/configure.ac
@@ -75,37 +75,12 @@ AM_CONDITIONAL([HAVE_SYSTEMD], [test "x$enable_systemd" = "xyes"])
AC_CHECK_HEADERS([linux/capability.h],, [AC_MSG_ERROR([Cannot find linux/capabibility.h])])
-# Checks for libraries.
-# FIXME: Replace `main' with a function in `-lc':
-dnl AC_CHECK_LIB([c], [main])
-# FIXME: Replace `main' with a function in `-ldl':
-
AC_CHECK_HEADERS(arpa/inet.h)
-dnl check for inet_pton
AC_CHECK_FUNCS(inet_pton)
-# Checks for header files.
-dnl AC_HEADER_STDC
-dnl AC_CHECK_HEADERS([netinet/in.h stdlib.h])
-
-# Checks for typedefs, structures, and compiler characteristics.
-dnl AC_C_CONST
-dnl AC_C_INLINE
-
# Let nfct use dlopen() on helper libraries without resolving all symbols.
AX_CHECK_LINK_FLAG([-Wl,-z,lazy], [AC_SUBST([LAZY_LDFLAGS], [-Wl,-z,lazy])])
-# Checks for library functions.
-dnl AC_FUNC_MALLOC
-dnl AC_FUNC_VPRINTF
-dnl AC_CHECK_FUNCS([memset])
-
-dnl AC_CONFIG_FILES([Makefile
-dnl debug/Makefile
-dnl debug/src/Makefile
-dnl extensions/Makefile
-dnl src/Makefile])
-
if test ! -z "$libdir"; then
MODULE_DIR="\\\"$libdir/conntrack-tools/\\\""
CFLAGS="$CFLAGS -DCONNTRACKD_LIB_DIR=$MODULE_DIR"
--
2.34.1

533
0002-nfct-remove-lazy-binding.patch
View File

@ -1,533 +0,0 @@
From 4527e4fec140ff5480d4fbfb2916001d64a0f72a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 8 Mar 2022 23:05:39 +0100
Subject: [PATCH] nfct: remove lazy binding
Since cd5135377ac4 ("conntrackd: cthelper: Set up userspace helpers when
daemon starts"), userspace conntrack helpers do not depend on a previous
invocation of nfct to set up the userspace helpers.
Move helper definitions to nfct-extensions/helper.c since existing
deployments might still invoke nfct, even if not required anymore.
This patch was motivated by the removal of the lazy binding.
Phil Sutter says:
"For security purposes, distributions might want to pass -Wl,-z,now
linker flags to all builds, thereby disabling lazy binding globally.
In the past, nfct relied upon lazy binding: It uses the helper objects'
parsing functions without but doesn't provide all symbols the objects
use."
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit dc454a657f57a5cf143fddc5c1dd87a510c1790a)
---
configure.ac | 5 +-
include/Makefile.am | 2 +-
include/helper.h | 1 +
include/helpers/Makefile.am | 1 +
include/helpers/ftp.h | 14 +++
include/helpers/rpc.h | 15 +++
include/helpers/sane.h | 13 +++
include/helpers/tns.h | 9 ++
src/Makefile.am | 2 -
src/helpers.c | 3 +-
src/helpers/Makefile.am | 2 +-
src/helpers/ftp.c | 12 +--
src/helpers/rpc.c | 13 +--
src/helpers/sane.c | 10 +-
src/helpers/tns.c | 7 +-
src/nfct-extensions/helper.c | 184 ++++++++++++++++++++++++++++++++++-
16 files changed, 246 insertions(+), 47 deletions(-)
create mode 100644 include/helpers/Makefile.am
create mode 100644 include/helpers/ftp.h
create mode 100644 include/helpers/rpc.h
create mode 100644 include/helpers/sane.h
create mode 100644 include/helpers/tns.h
diff --git a/configure.ac b/configure.ac
index 5ff8921b6fc82..0aeeb090db4b6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -78,15 +78,12 @@ AC_CHECK_HEADERS([linux/capability.h],, [AC_MSG_ERROR([Cannot find linux/capabib
AC_CHECK_HEADERS(arpa/inet.h)
AC_CHECK_FUNCS(inet_pton)
-# Let nfct use dlopen() on helper libraries without resolving all symbols.
-AX_CHECK_LINK_FLAG([-Wl,-z,lazy], [AC_SUBST([LAZY_LDFLAGS], [-Wl,-z,lazy])])
-
if test ! -z "$libdir"; then
MODULE_DIR="\\\"$libdir/conntrack-tools/\\\""
CFLAGS="$CFLAGS -DCONNTRACKD_LIB_DIR=$MODULE_DIR"
fi
-AC_CONFIG_FILES([Makefile src/Makefile include/Makefile include/linux/Makefile include/linux/netfilter/Makefile extensions/Makefile src/helpers/Makefile])
+AC_CONFIG_FILES([Makefile src/Makefile include/Makefile include/helpers/Makefile include/linux/Makefile include/linux/netfilter/Makefile extensions/Makefile src/helpers/Makefile])
AC_OUTPUT
echo "
diff --git a/include/Makefile.am b/include/Makefile.am
index 352054e9135bd..4741b50228eb9 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1,4 +1,4 @@
-SUBDIRS = linux
+SUBDIRS = linux helpers
noinst_HEADERS = alarm.h jhash.h cache.h linux_list.h linux_rbtree.h \
sync.h conntrackd.h local.h udp.h tcp.h \
diff --git a/include/helper.h b/include/helper.h
index d5406674cb130..08d4cf4642802 100644
--- a/include/helper.h
+++ b/include/helper.h
@@ -56,6 +56,7 @@ extern int in4_pton(const char *src, int srclen, uint8_t *dst, int delim, const
extern int in6_pton(const char *src, int srclen, uint8_t *dst, int delim, const char **end);
extern void helper_register(struct ctd_helper *helper);
+struct ctd_helper *__helper_find(const char *helper_name, uint8_t l4proto);
struct ctd_helper *helper_find(const char *libdir_path, const char *name, uint8_t l4proto, int flags);
#define min_t(type, x, y) ({ \
diff --git a/include/helpers/Makefile.am b/include/helpers/Makefile.am
new file mode 100644
index 0000000000000..99a4257d2d061
--- /dev/null
+++ b/include/helpers/Makefile.am
@@ -0,0 +1 @@
+noinst_HEADERS = ftp.h rpc.h sane.h tns.h
diff --git a/include/helpers/ftp.h b/include/helpers/ftp.h
new file mode 100644
index 0000000000000..50e2d0c97946d
--- /dev/null
+++ b/include/helpers/ftp.h
@@ -0,0 +1,14 @@
+#ifndef _CTD_FTP_H
+#define _CTD_FTP_H
+
+#define NUM_SEQ_TO_REMEMBER 2
+
+/* This structure exists only once per master */
+struct ftp_info {
+ /* Valid seq positions for cmd matching after newline */
+ uint32_t seq_aft_nl[MYCT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
+ /* 0 means seq_match_aft_nl not set */
+ int seq_aft_nl_num[MYCT_DIR_MAX];
+};
+
+#endif
diff --git a/include/helpers/rpc.h b/include/helpers/rpc.h
new file mode 100644
index 0000000000000..b0b8d176fb542
--- /dev/null
+++ b/include/helpers/rpc.h
@@ -0,0 +1,15 @@
+#ifndef _CTD_RPC_H
+#define _CTD_RPC_H
+
+struct rpc_info {
+ /* XID */
+ uint32_t xid;
+ /* program */
+ uint32_t pm_prog;
+ /* program version */
+ uint32_t pm_vers;
+ /* transport protocol: TCP|UDP */
+ uint32_t pm_prot;
+};
+
+#endif
diff --git a/include/helpers/sane.h b/include/helpers/sane.h
new file mode 100644
index 0000000000000..1e70ff636d60d
--- /dev/null
+++ b/include/helpers/sane.h
@@ -0,0 +1,13 @@
+#ifndef _CTD_SANE_H
+#define _CTD_SANE_H
+
+enum sane_state {
+ SANE_STATE_NORMAL,
+ SANE_STATE_START_REQUESTED,
+};
+
+struct nf_ct_sane_master {
+ enum sane_state state;
+};
+
+#endif
diff --git a/include/helpers/tns.h b/include/helpers/tns.h
new file mode 100644
index 0000000000000..60dcf253657fc
--- /dev/null
+++ b/include/helpers/tns.h
@@ -0,0 +1,9 @@
+#ifndef _CTD_TNS_H
+#define _CTD_TNS_H
+
+struct tns_info {
+ /* Scan next DATA|REDIRECT packet */
+ bool parse;
+};
+
+#endif
diff --git a/src/Makefile.am b/src/Makefile.am
index 2e66ee96b7095..b2c3884ffdf6b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -35,8 +35,6 @@ if HAVE_CTHELPER
nfct_LDADD += ${LIBNETFILTER_CTHELPER_LIBS}
endif
-nfct_LDFLAGS = -export-dynamic ${LAZY_LDFLAGS}
-
conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c queue_tx.c rbtree.c \
local.c log.c mcast.c udp.c netlink.c vector.c \
filter.c fds.c event.c process.c origin.c date.c \
diff --git a/src/helpers.c b/src/helpers.c
index 3e4e6c8553b8a..8ca78dc113fb7 100644
--- a/src/helpers.c
+++ b/src/helpers.c
@@ -26,8 +26,7 @@ void helper_register(struct ctd_helper *helper)
list_add(&helper->head, &helper_list);
}
-static struct ctd_helper *
-__helper_find(const char *helper_name, uint8_t l4proto)
+struct ctd_helper *__helper_find(const char *helper_name, uint8_t l4proto)
{
struct ctd_helper *cur, *helper = NULL;
diff --git a/src/helpers/Makefile.am b/src/helpers/Makefile.am
index e4f10c974bb0f..e458ab467bb7e 100644
--- a/src/helpers/Makefile.am
+++ b/src/helpers/Makefile.am
@@ -11,7 +11,7 @@ pkglib_LTLIBRARIES = ct_helper_amanda.la \
ct_helper_slp.la \
ct_helper_ssdp.la
-HELPER_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS) $(LAZY_LDFLAGS)
+HELPER_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS)
HELPER_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_CONNTRACK_CFLAGS)
ct_helper_amanda_la_SOURCES = amanda.c
diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c
index c3aa28485b0f3..bd3f11788cc24 100644
--- a/src/helpers/ftp.c
+++ b/src/helpers/ftp.c
@@ -35,17 +35,9 @@
#include <libnetfilter_queue/pktbuff.h>
#include <linux/netfilter.h>
-static bool loose; /* XXX: export this as config option. */
-
-#define NUM_SEQ_TO_REMEMBER 2
+#include "helpers/ftp.h"
-/* This structure exists only once per master */
-struct ftp_info {
- /* Valid seq positions for cmd matching after newline */
- uint32_t seq_aft_nl[MYCT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
- /* 0 means seq_match_aft_nl not set */
- int seq_aft_nl_num[MYCT_DIR_MAX];
-};
+static bool loose; /* XXX: export this as config option. */
enum nf_ct_ftp_type {
/* PORT command from client */
diff --git a/src/helpers/rpc.c b/src/helpers/rpc.c
index bd24dd3269c8e..83adf658521d4 100644
--- a/src/helpers/rpc.c
+++ b/src/helpers/rpc.c
@@ -40,21 +40,12 @@
#include <libnetfilter_queue/pktbuff.h>
#include <linux/netfilter.h>
+#include "helpers/rpc.h"
+
/* RFC 1050: RPC: Remote Procedure Call Protocol Specification Version 2 */
/* RFC 1014: XDR: External Data Representation Standard */
#define SUPPORTED_RPC_VERSION 2
-struct rpc_info {
- /* XID */
- uint32_t xid;
- /* program */
- uint32_t pm_prog;
- /* program version */
- uint32_t pm_vers;
- /* transport protocol: TCP|UDP */
- uint32_t pm_prot;
-};
-
/* So, this packet has hit the connection tracking matching code.
Mangle it, and change the expectation to match the new version. */
static unsigned int
diff --git a/src/helpers/sane.c b/src/helpers/sane.c
index c30f4ba18533e..5e02e4fc2c1c3 100644
--- a/src/helpers/sane.c
+++ b/src/helpers/sane.c
@@ -38,11 +38,7 @@
#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
#include <libnetfilter_queue/pktbuff.h>
#include <linux/netfilter.h>
-
-enum sane_state {
- SANE_STATE_NORMAL,
- SANE_STATE_START_REQUESTED,
-};
+#include "helpers/sane.h"
struct sane_request {
uint32_t RPC_code;
@@ -60,10 +56,6 @@ struct sane_reply_net_start {
/* other fields aren't interesting for conntrack */
};
-struct nf_ct_sane_master {
- enum sane_state state;
-};
-
static int
sane_helper_cb(struct pkt_buff *pkt, uint32_t protoff,
struct myct *myct, uint32_t ctinfo)
diff --git a/src/helpers/tns.c b/src/helpers/tns.c
index 2b4fed420afb0..d9c7ae693f3a7 100644
--- a/src/helpers/tns.c
+++ b/src/helpers/tns.c
@@ -28,6 +28,8 @@
#include <libnetfilter_queue/pktbuff.h>
#include <linux/netfilter.h>
+#include "helpers/tns.h"
+
/* TNS SQL*Net Version 2 */
enum tns_types {
TNS_TYPE_CONNECT = 1,
@@ -57,11 +59,6 @@ struct tns_redirect {
uint16_t data_len;
};
-struct tns_info {
- /* Scan next DATA|REDIRECT packet */
- bool parse;
-};
-
static int try_number(const char *data, size_t dlen, uint32_t array[],
int array_size, char sep, char term)
{
diff --git a/src/nfct-extensions/helper.c b/src/nfct-extensions/helper.c
index e5d8d0a905df0..894bf269ad2bb 100644
--- a/src/nfct-extensions/helper.c
+++ b/src/nfct-extensions/helper.c
@@ -180,7 +180,7 @@ static int nfct_cmd_helper_add(struct mnl_socket *nl, int argc, char *argv[])
return -1;
}
- helper = helper_find(CONNTRACKD_LIB_DIR, argv[3], l4proto, RTLD_LAZY);
+ helper = __helper_find(argv[3], l4proto);
if (helper == NULL) {
nfct_perror("that helper is not supported");
return -1;
@@ -430,7 +430,7 @@ nfct_cmd_helper_disable(struct mnl_socket *nl, int argc, char *argv[])
return -1;
}
- helper = helper_find(CONNTRACKD_LIB_DIR, argv[3], l4proto, RTLD_LAZY);
+ helper = __helper_find(argv[3], l4proto);
if (helper == NULL) {
nfct_perror("that helper is not supported");
return -1;
@@ -468,7 +468,187 @@ static struct nfct_extension helper = {
.parse_params = nfct_helper_parse_params,
};
+/*
+ * supported helpers: to set up helpers via nfct, the following definitions are
+ * provided for backward compatibility reasons since conntrackd does not depend
+ * on nfct anymore to set up the userspace helpers.
+ */
+
+static struct ctd_helper amanda_helper = {
+ .name = "amanda",
+ .l4proto = IPPROTO_UDP,
+ .policy = {
+ [0] = {
+ .name = "amanda",
+ .expect_max = 3,
+ .expect_timeout = 180,
+ },
+ },
+};
+
+static struct ctd_helper dhcpv6_helper = {
+ .name = "dhcpv6",
+ .l4proto = IPPROTO_UDP,
+ .policy = {
+ [0] = {
+ .name = "dhcpv6",
+ .expect_max = 1,
+ .expect_timeout = 300,
+ },
+ },
+};
+
+#include "helpers/ftp.h"
+
+static struct ctd_helper ftp_helper = {
+ .name = "ftp",
+ .l4proto = IPPROTO_TCP,
+ .priv_data_len = sizeof(struct ftp_info),
+ .policy = {
+ [0] = {
+ .name = "ftp",
+ .expect_max = 1,
+ .expect_timeout = 300,
+ },
+ },
+};
+
+static struct ctd_helper mdns_helper = {
+ .name = "mdns",
+ .l4proto = IPPROTO_UDP,
+ .priv_data_len = 0,
+ .policy = {
+ [0] = {
+ .name = "mdns",
+ .expect_max = 8,
+ .expect_timeout = 30,
+ },
+ },
+};
+
+#include "helpers/rpc.h"
+
+static struct ctd_helper rpc_helper_tcp = {
+ .name = "rpc",
+ .l4proto = IPPROTO_TCP,
+ .priv_data_len = sizeof(struct rpc_info),
+ .policy = {
+ {
+ .name = "rpc",
+ .expect_max = 1,
+ .expect_timeout = 300,
+ },
+ },
+};
+
+static struct ctd_helper rpc_helper_udp = {
+ .name = "rpc",
+ .l4proto = IPPROTO_UDP,
+ .priv_data_len = sizeof(struct rpc_info),
+ .policy = {
+ {
+ .name = "rpc",
+ .expect_max = 1,
+ .expect_timeout = 300,
+ },
+ },
+};
+
+#include "helpers/sane.h"
+
+static struct ctd_helper sane_helper = {
+ .name = "sane",
+ .l4proto = IPPROTO_TCP,
+ .priv_data_len = sizeof(struct nf_ct_sane_master),
+ .policy = {
+ [0] = {
+ .name = "sane",
+ .expect_max = 1,
+ .expect_timeout = 5 * 60,
+ },
+ },
+};
+
+static struct ctd_helper slp_helper = {
+ .name = "slp",
+ .l4proto = IPPROTO_UDP,
+ .priv_data_len = 0,
+ .policy = {
+ [0] = {
+ .name = "slp",
+ .expect_max = 8,
+ .expect_timeout = 16, /* default CONFIG_MC_MAX + 1 */
+ },
+ },
+};
+
+static struct ctd_helper ssdp_helper_udp = {
+ .name = "ssdp",
+ .l4proto = IPPROTO_UDP,
+ .priv_data_len = 0,
+ .policy = {
+ [0] = {
+ .name = "ssdp",
+ .expect_max = 8,
+ .expect_timeout = 5 * 60,
+ },
+ },
+};
+
+static struct ctd_helper ssdp_helper_tcp = {
+ .name = "ssdp",
+ .l4proto = IPPROTO_TCP,
+ .priv_data_len = 0,
+ .policy = {
+ [0] = {
+ .name = "ssdp",
+ .expect_max = 8,
+ .expect_timeout = 5 * 60,
+ },
+ },
+};
+
+static struct ctd_helper tftp_helper = {
+ .name = "tftp",
+ .l4proto = IPPROTO_UDP,
+ .policy = {
+ [0] = {
+ .name = "tftp",
+ .expect_max = 1,
+ .expect_timeout = 5 * 60,
+ },
+ },
+};
+
+#include "helpers/tns.h"
+
+static struct ctd_helper tns_helper = {
+ .name = "tns",
+ .l4proto = IPPROTO_TCP,
+ .priv_data_len = sizeof(struct tns_info),
+ .policy = {
+ [0] = {
+ .name = "tns",
+ .expect_max = 1,
+ .expect_timeout = 300,
+ },
+ },
+};
+
static void __init helper_init(void)
{
+ helper_register(&amanda_helper);
+ helper_register(&dhcpv6_helper);
+ helper_register(&ftp_helper);
+ helper_register(&mdns_helper);
+ helper_register(&rpc_helper_tcp);
+ helper_register(&rpc_helper_udp);
+ helper_register(&sane_helper);
+ helper_register(&slp_helper);
+ helper_register(&ssdp_helper_udp);
+ helper_register(&ssdp_helper_tcp);
+ helper_register(&tftp_helper);
+ helper_register(&tns_helper);
+
nfct_extension_register(&helper);
}
--
2.34.1

52
NetfilterCoreTeam-OpenGPG-KEY.txt Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
n8Uvz12Xu/Qde+NicogLNWF90QJ2uQINBF+HdQgBEADSTGQKWM3ni63O0bOnxgyu
Gd3oxEk/mqu7zkU/WBKaUQRtUKFAwbjaHQBcSFjOkqcLze1/QGXiDC9hDow2mxeU
OkTR28Dg8iw2HMJqrVodDTaSvOX18A4HCzkFvnT4prJN54tXK14YY2YLOrMm/cjP
6Q4tE3+8MzWbdNKe9+s5aUDzDkXzvphYGnNBVbfxkLE3SMEwc2d+n3Fd1vIjx99+
EqrGraete0fs/qtmpR/Fcp89doh4tqCRbZk8YYIQkTj3C1s91zCr/QOwX7mXhNJP
qSu8ZwSq6WcylJNY9rs0ys1dgarqORzQ7MvT4EJ9egZV1a8XR30Jwc9sOu2hzCpz
w/7/ivNaMbZ7pKcAQE/FqL5MstVUy4UB+RdMuW6UK1R/y8KtP6uNtYXw94jx7W9r
QtYXk/c3v7KpGKZXLRW/NX8d6PMXAab7iGkwd1EabX/CTb4eSoxE2RTELwHXavKG
KL6Crvmf+fObgqsDtBaIacPakcJoau1Abxg1QFYKOpCozFtmfVNzp34IKwwsrQiG
YfHizWoH0S9nLoqvEsfnBhrdc6Aj4YwzdTGjbfyh5vBsa/pT/kcR9xLd6RF+ppoU
gmlOMK9FuQX96YxLYjsJ6mo4rAUAh4ePTholfFYPbkDeRqS6T6W75xkuL6vI3Y+q
d4LIktheyTMuzsrARDQZFwARAQABiQI8BBgBCgAmFiEEN9lkrMBJgcdVAPub1V2X
iooUIOQFAl+HdQgCGwwFCQeEzgAACgkQ1V2XiooUIOTTCBAAgXcF8AzEQfK0Hqja
4W4e6Y2xxxZmoPGz75Jgqv4GBsfTEBChVBbRBjUgYepuaV6/YSfRw9ldeqvREW7g
XAOsKLM+Hn0BQW22oHu2UhAgjfsTC4q0BkVW06M7tnkvBV3nR9F/X9CViwxlsEYP
qQKkjrbhYx4WDI1acGx/7O9QYR/OMeUYFns4dgVi2z91LmOybVjQLwGnqOdybNnc
84Iw6KT4rOKmUay0fXExo6mumU3Pz5S32grJuqxgZTcf2xSY8++fsp+7zEGuO3zg
beKn64h1+xv04N7PMbEEixJtyARGIdu4aHPWQ+ORF4JvWYhgNtbfb9YwNu8k1WlK
z2wuNIg7/wjHEOzdmNbCUb5q3ftqSsbTTbrbo48IAYLqOWyitud0eR8tGvjcyti0
nPxpkfBCSRMFte6+q6Gne0rOmCJgmRMXmPggFtBRM8EKZqnznZbrLyMpOMeK9diR
/EPDVhzM1N2Jv8qnaKZ/0gsAn1ybC+P3hywmlrsolo5YzWuzMDwyE8dmT0ROUBKg
qouIGg1l8lR7fJXhhNRt86FzSaIFoQ7MIddOVJ5WRBHzr2x22sYFj4y1f8ZLh4VZ
Wqncl20xMa4CulNsHrzUtN3QbkOm4zSGzCLfbpW4gVfDCVkdD2bZzSfefH9UFwuB
k/i9xRtYOSbc/q5W7u9J4dpEia4=
=m35R
-----END PGP PUBLIC KEY BLOCK-----

36
conntrack-tools.spec
View File

@ -1,23 +1,23 @@
Name: conntrack-tools
Version: 1.4.6
Release: 6%{?dist}
Version: 1.4.7
Release: 1%{?dist}
Summary: Manipulate netfilter connection tracking table and run High Availability
License: GPLv2
URL: http://conntrack-tools.netfilter.org/
Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2
Source1: conntrackd.service
Source2: conntrackd.conf
Patch01: 0001-build-remove-commented-out-macros-from-configure.ac.patch
Patch02: 0002-nfct-remove-lazy-binding.patch
Patch3: conntrack-tools-c99.patch
Source1: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2.sig
Source2: NetfilterCoreTeam-OpenGPG-KEY.txt
Source3: conntrackd.service
Source4: conntrackd.conf
Patch1: conntrack-tools-c99.patch
BuildRequires: autogen
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: gcc
BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7
BuildRequires: gnupg2
BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.9
BuildRequires: libnetfilter_cttimeout-devel >= 1.0.0, libnetfilter_cthelper-devel >= 1.0.0
BuildRequires: libmnl-devel >= 1.0.3, libnetfilter_queue-devel >= 1.0.2
BuildRequires: libtirpc-devel systemd-devel
@ -44,12 +44,13 @@ The conntrack-tools package contains two programs:
conntrack is used to search, list, inspect and maintain the netfilter
connection tracking subsystem of the Linux kernel.
Using conntrack, you can dump a list of all (or a filtered selection of)
currently tracked connections, delete connections from the state table,
currently tracked connections, delete connections from the state table,
and even add new ones.
In addition, you can also monitor connection tracking events, e.g.
In addition, you can also monitor connection tracking events, e.g.
show an event message (one line) per newly established connection.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1
%build
@ -64,8 +65,8 @@ rm -f doc/sync/notrack/conntrackd.conf.orig doc/sync/alarm/conntrackd.conf.orig
find %{buildroot} -type f -name "*.la" -exec rm -f {} ';'
mkdir -p %{buildroot}%{_sysconfdir}/conntrackd
install -d -m 0755 %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
install -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/
install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/conntrackd/
%files
%license COPYING
@ -88,9 +89,14 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
%systemd_preun conntrackd.service
%postun
%systemd_postun conntrackd.service
%systemd_postun conntrackd.service
%changelog
* Wed Jul 05 2023 Paul Wouters <paul.wouters@aiven.io - 1.4.7-1
- Resolves: rhbz#2132747 conntrack-tools-1.4.7 is available
- Add gpg source code verification
- Removed patches that were merged upstream
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.6-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
@ -224,7 +230,7 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
- Updated to 1.0.1
- Added daemon using systemd and configuration file
- Removed legacy spec requirements
- Patch for: parse.c:240:34: error: 'NULL' undeclared
- Patch for: parse.c:240:34: error: 'NULL' undeclared
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

3
sources
View File

@ -1 +1,2 @@
SHA512 (conntrack-tools-1.4.6.tar.bz2) = a48260308a12b11b584fcf4658ec2c4c1adb2801c9cf9a73fc259e5c30d2fbe401aca21e931972413f03e415f98fbf9bd678d2126faa6c6d5748e8a652e58f1a
SHA512 (conntrack-tools-1.4.7.tar.bz2) = 3d37a6b8cd13fd3c149ab80009d686d2184920ba2d0d5c1b57abed6e92e0dd92cba868bfe22f1a155479fe5ab2e291b8bb8a7e72123a73788032202ac142653b
SHA512 (conntrack-tools-1.4.7.tar.bz2.sig) = 5a2bcc6da792544029ddf0d3a4caf019b215907e66d491e5d98a4f1189fc9c03ec8aad5ad22166799c5f0c81273284cb757e9368c9d9d3049bc49da47c037e05