From 82ce71e64d732f85000e0cb5e104cc3fa0b81542 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 5 Jul 2023 22:35:28 -0400 Subject: [PATCH] Resolves: rhbz#2132747 conntrack-tools-1.4.7 is available Add gpg source code verification Removed patches that were merged upstream --- .gitignore | 2 + ...mmented-out-macros-from-configure.ac.patch | 59 -- 0002-nfct-remove-lazy-binding.patch | 533 ------------------ NetfilterCoreTeam-OpenGPG-KEY.txt | 52 ++ conntrack-tools.spec | 36 +- sources | 3 +- 6 files changed, 77 insertions(+), 608 deletions(-) delete mode 100644 0001-build-remove-commented-out-macros-from-configure.ac.patch delete mode 100644 0002-nfct-remove-lazy-binding.patch create mode 100644 NetfilterCoreTeam-OpenGPG-KEY.txt diff --git a/.gitignore b/.gitignore index 3ed9fda..f3e30ba 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ conntrack-tools-0.9.14.tar.bz2 /conntrack-tools-1.4.4.tar.bz2 /conntrack-tools-1.4.5.tar.bz2 /conntrack-tools-1.4.6.tar.bz2 +/conntrack-tools-1.4.7.tar.bz2 +/conntrack-tools-1.4.7.tar.bz2.sig diff --git a/0001-build-remove-commented-out-macros-from-configure.ac.patch b/0001-build-remove-commented-out-macros-from-configure.ac.patch deleted file mode 100644 index aea5192..0000000 --- a/0001-build-remove-commented-out-macros-from-configure.ac.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 9ec53c524d1201e6a9b2feca796ffbe2e5d1b743 Mon Sep 17 00:00:00 2001 -From: Jeremy Sowden -Date: Sat, 25 Sep 2021 16:10:30 +0100 -Subject: [PATCH] build: remove commented-out macros from configure.ac - -This code has been commented out since at least 2007. - -Signed-off-by: Jeremy Sowden -Signed-off-by: Pablo Neira Ayuso -(cherry picked from commit 3184d9936329dafbc2a24f546224a44f66d975b5) ---- - configure.ac | 25 ------------------------- - 1 file changed, 25 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d0565bed3532e..5ff8921b6fc82 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -75,37 +75,12 @@ AM_CONDITIONAL([HAVE_SYSTEMD], [test "x$enable_systemd" = "xyes"]) - - AC_CHECK_HEADERS([linux/capability.h],, [AC_MSG_ERROR([Cannot find linux/capabibility.h])]) - --# Checks for libraries. --# FIXME: Replace `main' with a function in `-lc': --dnl AC_CHECK_LIB([c], [main]) --# FIXME: Replace `main' with a function in `-ldl': -- - AC_CHECK_HEADERS(arpa/inet.h) --dnl check for inet_pton - AC_CHECK_FUNCS(inet_pton) - --# Checks for header files. --dnl AC_HEADER_STDC --dnl AC_CHECK_HEADERS([netinet/in.h stdlib.h]) -- --# Checks for typedefs, structures, and compiler characteristics. --dnl AC_C_CONST --dnl AC_C_INLINE -- - # Let nfct use dlopen() on helper libraries without resolving all symbols. - AX_CHECK_LINK_FLAG([-Wl,-z,lazy], [AC_SUBST([LAZY_LDFLAGS], [-Wl,-z,lazy])]) - --# Checks for library functions. --dnl AC_FUNC_MALLOC --dnl AC_FUNC_VPRINTF --dnl AC_CHECK_FUNCS([memset]) -- --dnl AC_CONFIG_FILES([Makefile --dnl debug/Makefile --dnl debug/src/Makefile --dnl extensions/Makefile --dnl src/Makefile]) -- - if test ! -z "$libdir"; then - MODULE_DIR="\\\"$libdir/conntrack-tools/\\\"" - CFLAGS="$CFLAGS -DCONNTRACKD_LIB_DIR=$MODULE_DIR" --- -2.34.1 - diff --git a/0002-nfct-remove-lazy-binding.patch b/0002-nfct-remove-lazy-binding.patch deleted file mode 100644 index e14bc88..0000000 --- a/0002-nfct-remove-lazy-binding.patch +++ /dev/null @@ -1,533 +0,0 @@ -From 4527e4fec140ff5480d4fbfb2916001d64a0f72a Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Tue, 8 Mar 2022 23:05:39 +0100 -Subject: [PATCH] nfct: remove lazy binding - -Since cd5135377ac4 ("conntrackd: cthelper: Set up userspace helpers when -daemon starts"), userspace conntrack helpers do not depend on a previous -invocation of nfct to set up the userspace helpers. - -Move helper definitions to nfct-extensions/helper.c since existing -deployments might still invoke nfct, even if not required anymore. - -This patch was motivated by the removal of the lazy binding. - -Phil Sutter says: - -"For security purposes, distributions might want to pass -Wl,-z,now -linker flags to all builds, thereby disabling lazy binding globally. - -In the past, nfct relied upon lazy binding: It uses the helper objects' -parsing functions without but doesn't provide all symbols the objects -use." - -Acked-by: Phil Sutter -Signed-off-by: Pablo Neira Ayuso -(cherry picked from commit dc454a657f57a5cf143fddc5c1dd87a510c1790a) ---- - configure.ac | 5 +- - include/Makefile.am | 2 +- - include/helper.h | 1 + - include/helpers/Makefile.am | 1 + - include/helpers/ftp.h | 14 +++ - include/helpers/rpc.h | 15 +++ - include/helpers/sane.h | 13 +++ - include/helpers/tns.h | 9 ++ - src/Makefile.am | 2 - - src/helpers.c | 3 +- - src/helpers/Makefile.am | 2 +- - src/helpers/ftp.c | 12 +-- - src/helpers/rpc.c | 13 +-- - src/helpers/sane.c | 10 +- - src/helpers/tns.c | 7 +- - src/nfct-extensions/helper.c | 184 ++++++++++++++++++++++++++++++++++- - 16 files changed, 246 insertions(+), 47 deletions(-) - create mode 100644 include/helpers/Makefile.am - create mode 100644 include/helpers/ftp.h - create mode 100644 include/helpers/rpc.h - create mode 100644 include/helpers/sane.h - create mode 100644 include/helpers/tns.h - -diff --git a/configure.ac b/configure.ac -index 5ff8921b6fc82..0aeeb090db4b6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -78,15 +78,12 @@ AC_CHECK_HEADERS([linux/capability.h],, [AC_MSG_ERROR([Cannot find linux/capabib - AC_CHECK_HEADERS(arpa/inet.h) - AC_CHECK_FUNCS(inet_pton) - --# Let nfct use dlopen() on helper libraries without resolving all symbols. --AX_CHECK_LINK_FLAG([-Wl,-z,lazy], [AC_SUBST([LAZY_LDFLAGS], [-Wl,-z,lazy])]) -- - if test ! -z "$libdir"; then - MODULE_DIR="\\\"$libdir/conntrack-tools/\\\"" - CFLAGS="$CFLAGS -DCONNTRACKD_LIB_DIR=$MODULE_DIR" - fi - --AC_CONFIG_FILES([Makefile src/Makefile include/Makefile include/linux/Makefile include/linux/netfilter/Makefile extensions/Makefile src/helpers/Makefile]) -+AC_CONFIG_FILES([Makefile src/Makefile include/Makefile include/helpers/Makefile include/linux/Makefile include/linux/netfilter/Makefile extensions/Makefile src/helpers/Makefile]) - AC_OUTPUT - - echo " -diff --git a/include/Makefile.am b/include/Makefile.am -index 352054e9135bd..4741b50228eb9 100644 ---- a/include/Makefile.am -+++ b/include/Makefile.am -@@ -1,4 +1,4 @@ --SUBDIRS = linux -+SUBDIRS = linux helpers - - noinst_HEADERS = alarm.h jhash.h cache.h linux_list.h linux_rbtree.h \ - sync.h conntrackd.h local.h udp.h tcp.h \ -diff --git a/include/helper.h b/include/helper.h -index d5406674cb130..08d4cf4642802 100644 ---- a/include/helper.h -+++ b/include/helper.h -@@ -56,6 +56,7 @@ extern int in4_pton(const char *src, int srclen, uint8_t *dst, int delim, const - extern int in6_pton(const char *src, int srclen, uint8_t *dst, int delim, const char **end); - - extern void helper_register(struct ctd_helper *helper); -+struct ctd_helper *__helper_find(const char *helper_name, uint8_t l4proto); - struct ctd_helper *helper_find(const char *libdir_path, const char *name, uint8_t l4proto, int flags); - - #define min_t(type, x, y) ({ \ -diff --git a/include/helpers/Makefile.am b/include/helpers/Makefile.am -new file mode 100644 -index 0000000000000..99a4257d2d061 ---- /dev/null -+++ b/include/helpers/Makefile.am -@@ -0,0 +1 @@ -+noinst_HEADERS = ftp.h rpc.h sane.h tns.h -diff --git a/include/helpers/ftp.h b/include/helpers/ftp.h -new file mode 100644 -index 0000000000000..50e2d0c97946d ---- /dev/null -+++ b/include/helpers/ftp.h -@@ -0,0 +1,14 @@ -+#ifndef _CTD_FTP_H -+#define _CTD_FTP_H -+ -+#define NUM_SEQ_TO_REMEMBER 2 -+ -+/* This structure exists only once per master */ -+struct ftp_info { -+ /* Valid seq positions for cmd matching after newline */ -+ uint32_t seq_aft_nl[MYCT_DIR_MAX][NUM_SEQ_TO_REMEMBER]; -+ /* 0 means seq_match_aft_nl not set */ -+ int seq_aft_nl_num[MYCT_DIR_MAX]; -+}; -+ -+#endif -diff --git a/include/helpers/rpc.h b/include/helpers/rpc.h -new file mode 100644 -index 0000000000000..b0b8d176fb542 ---- /dev/null -+++ b/include/helpers/rpc.h -@@ -0,0 +1,15 @@ -+#ifndef _CTD_RPC_H -+#define _CTD_RPC_H -+ -+struct rpc_info { -+ /* XID */ -+ uint32_t xid; -+ /* program */ -+ uint32_t pm_prog; -+ /* program version */ -+ uint32_t pm_vers; -+ /* transport protocol: TCP|UDP */ -+ uint32_t pm_prot; -+}; -+ -+#endif -diff --git a/include/helpers/sane.h b/include/helpers/sane.h -new file mode 100644 -index 0000000000000..1e70ff636d60d ---- /dev/null -+++ b/include/helpers/sane.h -@@ -0,0 +1,13 @@ -+#ifndef _CTD_SANE_H -+#define _CTD_SANE_H -+ -+enum sane_state { -+ SANE_STATE_NORMAL, -+ SANE_STATE_START_REQUESTED, -+}; -+ -+struct nf_ct_sane_master { -+ enum sane_state state; -+}; -+ -+#endif -diff --git a/include/helpers/tns.h b/include/helpers/tns.h -new file mode 100644 -index 0000000000000..60dcf253657fc ---- /dev/null -+++ b/include/helpers/tns.h -@@ -0,0 +1,9 @@ -+#ifndef _CTD_TNS_H -+#define _CTD_TNS_H -+ -+struct tns_info { -+ /* Scan next DATA|REDIRECT packet */ -+ bool parse; -+}; -+ -+#endif -diff --git a/src/Makefile.am b/src/Makefile.am -index 2e66ee96b7095..b2c3884ffdf6b 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -35,8 +35,6 @@ if HAVE_CTHELPER - nfct_LDADD += ${LIBNETFILTER_CTHELPER_LIBS} - endif - --nfct_LDFLAGS = -export-dynamic ${LAZY_LDFLAGS} -- - conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c queue_tx.c rbtree.c \ - local.c log.c mcast.c udp.c netlink.c vector.c \ - filter.c fds.c event.c process.c origin.c date.c \ -diff --git a/src/helpers.c b/src/helpers.c -index 3e4e6c8553b8a..8ca78dc113fb7 100644 ---- a/src/helpers.c -+++ b/src/helpers.c -@@ -26,8 +26,7 @@ void helper_register(struct ctd_helper *helper) - list_add(&helper->head, &helper_list); - } - --static struct ctd_helper * --__helper_find(const char *helper_name, uint8_t l4proto) -+struct ctd_helper *__helper_find(const char *helper_name, uint8_t l4proto) - { - struct ctd_helper *cur, *helper = NULL; - -diff --git a/src/helpers/Makefile.am b/src/helpers/Makefile.am -index e4f10c974bb0f..e458ab467bb7e 100644 ---- a/src/helpers/Makefile.am -+++ b/src/helpers/Makefile.am -@@ -11,7 +11,7 @@ pkglib_LTLIBRARIES = ct_helper_amanda.la \ - ct_helper_slp.la \ - ct_helper_ssdp.la - --HELPER_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS) $(LAZY_LDFLAGS) -+HELPER_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS) - HELPER_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_CONNTRACK_CFLAGS) - - ct_helper_amanda_la_SOURCES = amanda.c -diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c -index c3aa28485b0f3..bd3f11788cc24 100644 ---- a/src/helpers/ftp.c -+++ b/src/helpers/ftp.c -@@ -35,17 +35,9 @@ - #include - #include - --static bool loose; /* XXX: export this as config option. */ -- --#define NUM_SEQ_TO_REMEMBER 2 -+#include "helpers/ftp.h" - --/* This structure exists only once per master */ --struct ftp_info { -- /* Valid seq positions for cmd matching after newline */ -- uint32_t seq_aft_nl[MYCT_DIR_MAX][NUM_SEQ_TO_REMEMBER]; -- /* 0 means seq_match_aft_nl not set */ -- int seq_aft_nl_num[MYCT_DIR_MAX]; --}; -+static bool loose; /* XXX: export this as config option. */ - - enum nf_ct_ftp_type { - /* PORT command from client */ -diff --git a/src/helpers/rpc.c b/src/helpers/rpc.c -index bd24dd3269c8e..83adf658521d4 100644 ---- a/src/helpers/rpc.c -+++ b/src/helpers/rpc.c -@@ -40,21 +40,12 @@ - #include - #include - -+#include "helpers/rpc.h" -+ - /* RFC 1050: RPC: Remote Procedure Call Protocol Specification Version 2 */ - /* RFC 1014: XDR: External Data Representation Standard */ - #define SUPPORTED_RPC_VERSION 2 - --struct rpc_info { -- /* XID */ -- uint32_t xid; -- /* program */ -- uint32_t pm_prog; -- /* program version */ -- uint32_t pm_vers; -- /* transport protocol: TCP|UDP */ -- uint32_t pm_prot; --}; -- - /* So, this packet has hit the connection tracking matching code. - Mangle it, and change the expectation to match the new version. */ - static unsigned int -diff --git a/src/helpers/sane.c b/src/helpers/sane.c -index c30f4ba18533e..5e02e4fc2c1c3 100644 ---- a/src/helpers/sane.c -+++ b/src/helpers/sane.c -@@ -38,11 +38,7 @@ - #include - #include - #include -- --enum sane_state { -- SANE_STATE_NORMAL, -- SANE_STATE_START_REQUESTED, --}; -+#include "helpers/sane.h" - - struct sane_request { - uint32_t RPC_code; -@@ -60,10 +56,6 @@ struct sane_reply_net_start { - /* other fields aren't interesting for conntrack */ - }; - --struct nf_ct_sane_master { -- enum sane_state state; --}; -- - static int - sane_helper_cb(struct pkt_buff *pkt, uint32_t protoff, - struct myct *myct, uint32_t ctinfo) -diff --git a/src/helpers/tns.c b/src/helpers/tns.c -index 2b4fed420afb0..d9c7ae693f3a7 100644 ---- a/src/helpers/tns.c -+++ b/src/helpers/tns.c -@@ -28,6 +28,8 @@ - #include - #include - -+#include "helpers/tns.h" -+ - /* TNS SQL*Net Version 2 */ - enum tns_types { - TNS_TYPE_CONNECT = 1, -@@ -57,11 +59,6 @@ struct tns_redirect { - uint16_t data_len; - }; - --struct tns_info { -- /* Scan next DATA|REDIRECT packet */ -- bool parse; --}; -- - static int try_number(const char *data, size_t dlen, uint32_t array[], - int array_size, char sep, char term) - { -diff --git a/src/nfct-extensions/helper.c b/src/nfct-extensions/helper.c -index e5d8d0a905df0..894bf269ad2bb 100644 ---- a/src/nfct-extensions/helper.c -+++ b/src/nfct-extensions/helper.c -@@ -180,7 +180,7 @@ static int nfct_cmd_helper_add(struct mnl_socket *nl, int argc, char *argv[]) - return -1; - } - -- helper = helper_find(CONNTRACKD_LIB_DIR, argv[3], l4proto, RTLD_LAZY); -+ helper = __helper_find(argv[3], l4proto); - if (helper == NULL) { - nfct_perror("that helper is not supported"); - return -1; -@@ -430,7 +430,7 @@ nfct_cmd_helper_disable(struct mnl_socket *nl, int argc, char *argv[]) - return -1; - } - -- helper = helper_find(CONNTRACKD_LIB_DIR, argv[3], l4proto, RTLD_LAZY); -+ helper = __helper_find(argv[3], l4proto); - if (helper == NULL) { - nfct_perror("that helper is not supported"); - return -1; -@@ -468,7 +468,187 @@ static struct nfct_extension helper = { - .parse_params = nfct_helper_parse_params, - }; - -+/* -+ * supported helpers: to set up helpers via nfct, the following definitions are -+ * provided for backward compatibility reasons since conntrackd does not depend -+ * on nfct anymore to set up the userspace helpers. -+ */ -+ -+static struct ctd_helper amanda_helper = { -+ .name = "amanda", -+ .l4proto = IPPROTO_UDP, -+ .policy = { -+ [0] = { -+ .name = "amanda", -+ .expect_max = 3, -+ .expect_timeout = 180, -+ }, -+ }, -+}; -+ -+static struct ctd_helper dhcpv6_helper = { -+ .name = "dhcpv6", -+ .l4proto = IPPROTO_UDP, -+ .policy = { -+ [0] = { -+ .name = "dhcpv6", -+ .expect_max = 1, -+ .expect_timeout = 300, -+ }, -+ }, -+}; -+ -+#include "helpers/ftp.h" -+ -+static struct ctd_helper ftp_helper = { -+ .name = "ftp", -+ .l4proto = IPPROTO_TCP, -+ .priv_data_len = sizeof(struct ftp_info), -+ .policy = { -+ [0] = { -+ .name = "ftp", -+ .expect_max = 1, -+ .expect_timeout = 300, -+ }, -+ }, -+}; -+ -+static struct ctd_helper mdns_helper = { -+ .name = "mdns", -+ .l4proto = IPPROTO_UDP, -+ .priv_data_len = 0, -+ .policy = { -+ [0] = { -+ .name = "mdns", -+ .expect_max = 8, -+ .expect_timeout = 30, -+ }, -+ }, -+}; -+ -+#include "helpers/rpc.h" -+ -+static struct ctd_helper rpc_helper_tcp = { -+ .name = "rpc", -+ .l4proto = IPPROTO_TCP, -+ .priv_data_len = sizeof(struct rpc_info), -+ .policy = { -+ { -+ .name = "rpc", -+ .expect_max = 1, -+ .expect_timeout = 300, -+ }, -+ }, -+}; -+ -+static struct ctd_helper rpc_helper_udp = { -+ .name = "rpc", -+ .l4proto = IPPROTO_UDP, -+ .priv_data_len = sizeof(struct rpc_info), -+ .policy = { -+ { -+ .name = "rpc", -+ .expect_max = 1, -+ .expect_timeout = 300, -+ }, -+ }, -+}; -+ -+#include "helpers/sane.h" -+ -+static struct ctd_helper sane_helper = { -+ .name = "sane", -+ .l4proto = IPPROTO_TCP, -+ .priv_data_len = sizeof(struct nf_ct_sane_master), -+ .policy = { -+ [0] = { -+ .name = "sane", -+ .expect_max = 1, -+ .expect_timeout = 5 * 60, -+ }, -+ }, -+}; -+ -+static struct ctd_helper slp_helper = { -+ .name = "slp", -+ .l4proto = IPPROTO_UDP, -+ .priv_data_len = 0, -+ .policy = { -+ [0] = { -+ .name = "slp", -+ .expect_max = 8, -+ .expect_timeout = 16, /* default CONFIG_MC_MAX + 1 */ -+ }, -+ }, -+}; -+ -+static struct ctd_helper ssdp_helper_udp = { -+ .name = "ssdp", -+ .l4proto = IPPROTO_UDP, -+ .priv_data_len = 0, -+ .policy = { -+ [0] = { -+ .name = "ssdp", -+ .expect_max = 8, -+ .expect_timeout = 5 * 60, -+ }, -+ }, -+}; -+ -+static struct ctd_helper ssdp_helper_tcp = { -+ .name = "ssdp", -+ .l4proto = IPPROTO_TCP, -+ .priv_data_len = 0, -+ .policy = { -+ [0] = { -+ .name = "ssdp", -+ .expect_max = 8, -+ .expect_timeout = 5 * 60, -+ }, -+ }, -+}; -+ -+static struct ctd_helper tftp_helper = { -+ .name = "tftp", -+ .l4proto = IPPROTO_UDP, -+ .policy = { -+ [0] = { -+ .name = "tftp", -+ .expect_max = 1, -+ .expect_timeout = 5 * 60, -+ }, -+ }, -+}; -+ -+#include "helpers/tns.h" -+ -+static struct ctd_helper tns_helper = { -+ .name = "tns", -+ .l4proto = IPPROTO_TCP, -+ .priv_data_len = sizeof(struct tns_info), -+ .policy = { -+ [0] = { -+ .name = "tns", -+ .expect_max = 1, -+ .expect_timeout = 300, -+ }, -+ }, -+}; -+ - static void __init helper_init(void) - { -+ helper_register(&amanda_helper); -+ helper_register(&dhcpv6_helper); -+ helper_register(&ftp_helper); -+ helper_register(&mdns_helper); -+ helper_register(&rpc_helper_tcp); -+ helper_register(&rpc_helper_udp); -+ helper_register(&sane_helper); -+ helper_register(&slp_helper); -+ helper_register(&ssdp_helper_udp); -+ helper_register(&ssdp_helper_tcp); -+ helper_register(&tftp_helper); -+ helper_register(&tns_helper); -+ - nfct_extension_register(&helper); - } --- -2.34.1 - diff --git a/NetfilterCoreTeam-OpenGPG-KEY.txt b/NetfilterCoreTeam-OpenGPG-KEY.txt new file mode 100644 index 0000000..db4707d --- /dev/null +++ b/NetfilterCoreTeam-OpenGPG-KEY.txt @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded +660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi +V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2 +zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t +Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh +KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3 +dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi +WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg +9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj ++IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR +U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB +tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC +VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ +CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6 ++ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd +RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6 +4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN +IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w +bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf +Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj +QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3 +wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb +4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET +tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP +n8Uvz12Xu/Qde+NicogLNWF90QJ2uQINBF+HdQgBEADSTGQKWM3ni63O0bOnxgyu +Gd3oxEk/mqu7zkU/WBKaUQRtUKFAwbjaHQBcSFjOkqcLze1/QGXiDC9hDow2mxeU +OkTR28Dg8iw2HMJqrVodDTaSvOX18A4HCzkFvnT4prJN54tXK14YY2YLOrMm/cjP +6Q4tE3+8MzWbdNKe9+s5aUDzDkXzvphYGnNBVbfxkLE3SMEwc2d+n3Fd1vIjx99+ +EqrGraete0fs/qtmpR/Fcp89doh4tqCRbZk8YYIQkTj3C1s91zCr/QOwX7mXhNJP +qSu8ZwSq6WcylJNY9rs0ys1dgarqORzQ7MvT4EJ9egZV1a8XR30Jwc9sOu2hzCpz +w/7/ivNaMbZ7pKcAQE/FqL5MstVUy4UB+RdMuW6UK1R/y8KtP6uNtYXw94jx7W9r +QtYXk/c3v7KpGKZXLRW/NX8d6PMXAab7iGkwd1EabX/CTb4eSoxE2RTELwHXavKG +KL6Crvmf+fObgqsDtBaIacPakcJoau1Abxg1QFYKOpCozFtmfVNzp34IKwwsrQiG +YfHizWoH0S9nLoqvEsfnBhrdc6Aj4YwzdTGjbfyh5vBsa/pT/kcR9xLd6RF+ppoU +gmlOMK9FuQX96YxLYjsJ6mo4rAUAh4ePTholfFYPbkDeRqS6T6W75xkuL6vI3Y+q +d4LIktheyTMuzsrARDQZFwARAQABiQI8BBgBCgAmFiEEN9lkrMBJgcdVAPub1V2X +iooUIOQFAl+HdQgCGwwFCQeEzgAACgkQ1V2XiooUIOTTCBAAgXcF8AzEQfK0Hqja +4W4e6Y2xxxZmoPGz75Jgqv4GBsfTEBChVBbRBjUgYepuaV6/YSfRw9ldeqvREW7g +XAOsKLM+Hn0BQW22oHu2UhAgjfsTC4q0BkVW06M7tnkvBV3nR9F/X9CViwxlsEYP +qQKkjrbhYx4WDI1acGx/7O9QYR/OMeUYFns4dgVi2z91LmOybVjQLwGnqOdybNnc +84Iw6KT4rOKmUay0fXExo6mumU3Pz5S32grJuqxgZTcf2xSY8++fsp+7zEGuO3zg +beKn64h1+xv04N7PMbEEixJtyARGIdu4aHPWQ+ORF4JvWYhgNtbfb9YwNu8k1WlK +z2wuNIg7/wjHEOzdmNbCUb5q3ftqSsbTTbrbo48IAYLqOWyitud0eR8tGvjcyti0 +nPxpkfBCSRMFte6+q6Gne0rOmCJgmRMXmPggFtBRM8EKZqnznZbrLyMpOMeK9diR +/EPDVhzM1N2Jv8qnaKZ/0gsAn1ybC+P3hywmlrsolo5YzWuzMDwyE8dmT0ROUBKg +qouIGg1l8lR7fJXhhNRt86FzSaIFoQ7MIddOVJ5WRBHzr2x22sYFj4y1f8ZLh4VZ +Wqncl20xMa4CulNsHrzUtN3QbkOm4zSGzCLfbpW4gVfDCVkdD2bZzSfefH9UFwuB +k/i9xRtYOSbc/q5W7u9J4dpEia4= +=m35R +-----END PGP PUBLIC KEY BLOCK----- diff --git a/conntrack-tools.spec b/conntrack-tools.spec index 3485a88..7f8f298 100644 --- a/conntrack-tools.spec +++ b/conntrack-tools.spec @@ -1,23 +1,23 @@ Name: conntrack-tools -Version: 1.4.6 -Release: 6%{?dist} +Version: 1.4.7 +Release: 1%{?dist} Summary: Manipulate netfilter connection tracking table and run High Availability License: GPLv2 URL: http://conntrack-tools.netfilter.org/ Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2 -Source1: conntrackd.service -Source2: conntrackd.conf - -Patch01: 0001-build-remove-commented-out-macros-from-configure.ac.patch -Patch02: 0002-nfct-remove-lazy-binding.patch -Patch3: conntrack-tools-c99.patch +Source1: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2.sig +Source2: NetfilterCoreTeam-OpenGPG-KEY.txt +Source3: conntrackd.service +Source4: conntrackd.conf +Patch1: conntrack-tools-c99.patch BuildRequires: autogen BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: gcc -BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7 +BuildRequires: gnupg2 +BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.9 BuildRequires: libnetfilter_cttimeout-devel >= 1.0.0, libnetfilter_cthelper-devel >= 1.0.0 BuildRequires: libmnl-devel >= 1.0.3, libnetfilter_queue-devel >= 1.0.2 BuildRequires: libtirpc-devel systemd-devel @@ -44,12 +44,13 @@ The conntrack-tools package contains two programs: conntrack is used to search, list, inspect and maintain the netfilter connection tracking subsystem of the Linux kernel. Using conntrack, you can dump a list of all (or a filtered selection of) -currently tracked connections, delete connections from the state table, +currently tracked connections, delete connections from the state table, and even add new ones. -In addition, you can also monitor connection tracking events, e.g. +In addition, you can also monitor connection tracking events, e.g. show an event message (one line) per newly established connection. %prep +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 %build @@ -64,8 +65,8 @@ rm -f doc/sync/notrack/conntrackd.conf.orig doc/sync/alarm/conntrackd.conf.orig find %{buildroot} -type f -name "*.la" -exec rm -f {} ';' mkdir -p %{buildroot}%{_sysconfdir}/conntrackd install -d -m 0755 %{buildroot}%{_unitdir} -install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ -install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/ +install -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/ +install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/conntrackd/ %files %license COPYING @@ -88,9 +89,14 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/ %systemd_preun conntrackd.service %postun -%systemd_postun conntrackd.service +%systemd_postun conntrackd.service %changelog +* Wed Jul 05 2023 Paul Wouters - 1.4.6-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild @@ -224,7 +230,7 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/ - Updated to 1.0.1 - Added daemon using systemd and configuration file - Removed legacy spec requirements -- Patch for: parse.c:240:34: error: 'NULL' undeclared +- Patch for: parse.c:240:34: error: 'NULL' undeclared * Thu Jan 12 2012 Fedora Release Engineering - 1.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild diff --git a/sources b/sources index ea9d422..b00f953 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (conntrack-tools-1.4.6.tar.bz2) = a48260308a12b11b584fcf4658ec2c4c1adb2801c9cf9a73fc259e5c30d2fbe401aca21e931972413f03e415f98fbf9bd678d2126faa6c6d5748e8a652e58f1a +SHA512 (conntrack-tools-1.4.7.tar.bz2) = 3d37a6b8cd13fd3c149ab80009d686d2184920ba2d0d5c1b57abed6e92e0dd92cba868bfe22f1a155479fe5ab2e291b8bb8a7e72123a73788032202ac142653b +SHA512 (conntrack-tools-1.4.7.tar.bz2.sig) = 5a2bcc6da792544029ddf0d3a4caf019b215907e66d491e5d98a4f1189fc9c03ec8aad5ad22166799c5f0c81273284cb757e9368c9d9d3049bc49da47c037e05