.gitignore

@@ -1 +1 @@
-SOURCES/libnetfilter_conntrack-1.0.6.tar.bz2
+SOURCES/libnetfilter_conntrack-1.0.9.tar.bz2

.libnetfilter_conntrack.metadata

@@ -1 +1 @@
-015f985a8e171889a67769ba02d070eca53bac07 SOURCES/libnetfilter_conntrack-1.0.6.tar.bz2
+5e27ae89897080aa83eb32b836c4fbe16920db29 SOURCES/libnetfilter_conntrack-1.0.9.tar.bz2

SOURCES/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch

@@ -0,0 +1,57 @@
+From 8ee1e27facf598a1362b29b794e51271b5be4db7 Mon Sep 17 00:00:00 2001
+From: Robert Marko <robimarko@gmail.com>
+Date: Thu, 24 Feb 2022 15:01:11 +0100
+Subject: [PATCH] conntrack: fix build with kernel 5.15 and musl
+
+Currently, with kernel 5.15 headers and musl building is failing with
+redefinition errors due to a conflict between the kernel and musl headers.
+
+Musl is able to suppres the conflicting kernel header definitions if they
+are included after the standard libc ones, however since ICMP definitions
+were moved into a separate internal header to avoid duplication this has
+stopped working and is breaking the builds.
+
+It seems that the issue is that <netinet/in.h> which contains the UAPI
+suppression defines is included in the internal.h header and not in the
+proto.h which actually includes the kernel ICMP headers and thus UAPI
+supression defines are not present.
+
+Solve this by moving the <netinet/in.h> include before the ICMP kernel
+includes in the proto.h
+
+Fixes: bc1cb4b11403 ("conntrack: Move icmp request>reply type mapping to common file")
+Signed-off-by: Robert Marko <robimarko@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+(cherry picked from commit 21ee35dde73aec5eba35290587d479218c6dd824)
+---
+ include/internal/internal.h | 1 -
+ include/internal/proto.h    | 1 +
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/internal/internal.h b/include/internal/internal.h
+index 2ef8a9057628b..7cd7c44bf8336 100644
+--- a/include/internal/internal.h
++++ b/include/internal/internal.h
+@@ -14,7 +14,6 @@
+ #include <arpa/inet.h>
+ #include <time.h>
+ #include <errno.h>
+-#include <netinet/in.h>
+ 
+ #include <libnfnetlink/libnfnetlink.h>
+ #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+diff --git a/include/internal/proto.h b/include/internal/proto.h
+index 40e7bfe63cc77..60a5f4e4ff8e0 100644
+--- a/include/internal/proto.h
++++ b/include/internal/proto.h
+@@ -2,6 +2,7 @@
+ #define _NFCT_PROTO_H_
+ 
+ #include <stdint.h>
++#include <netinet/in.h>
+ #include <linux/icmp.h>
+ #include <linux/icmpv6.h>
+ 
+-- 
+2.38.0
+

SOURCES/0002-expect-conntrack-Avoid-spurious-covscan-overrun-warn.patch

@@ -0,0 +1,92 @@
+From 883bc7739f467000f1ccb00b5d0e383c7289dcc0 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 25 Mar 2022 14:55:53 +0100
+Subject: [PATCH] expect/conntrack: Avoid spurious covscan overrun warning
+
+It doesn't like how memset() is called for a struct nfnlhdr pointer with
+large size value. Pass void pointers instead. This also removes the call
+from __build_{expect,conntrack}() which is duplicate in
+__build_query_{exp,ct}() code-path.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 86f5bdc2a85b208053e7361ccd575e4eb3c853a3)
+---
+ src/conntrack/api.c   | 4 +++-
+ src/conntrack/build.c | 2 --
+ src/expect/api.c      | 4 +++-
+ src/expect/build.c    | 2 --
+ 4 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/conntrack/api.c b/src/conntrack/api.c
+index b7f64fb43ce83..7f72d07f2e7f6 100644
+--- a/src/conntrack/api.c
++++ b/src/conntrack/api.c
+@@ -779,6 +779,8 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
+ 	assert(req != NULL);
+ 	assert(ct != NULL);
+ 
++	memset(req, 0, size);
++
+ 	return __build_conntrack(ssh, req, size, type, flags, ct);
+ }
+ 
+@@ -812,7 +814,7 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
+ 	assert(data != NULL);
+ 	assert(req != NULL);
+ 
+-	memset(req, 0, size);
++	memset(buffer, 0, size);
+ 
+ 	switch(qt) {
+ 	case NFCT_Q_CREATE:
+diff --git a/src/conntrack/build.c b/src/conntrack/build.c
+index b5a7061d53698..f80cfc12d5e38 100644
+--- a/src/conntrack/build.c
++++ b/src/conntrack/build.c
+@@ -27,8 +27,6 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
+ 		return -1;
+ 	}
+ 
+-	memset(req, 0, size);
+-
+ 	buf = (char *)&req->nlh;
+ 	nlh = mnl_nlmsg_put_header(buf);
+ 	nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | type;
+diff --git a/src/expect/api.c b/src/expect/api.c
+index 39cd09249684c..b100c72ded50e 100644
+--- a/src/expect/api.c
++++ b/src/expect/api.c
+@@ -513,6 +513,8 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
+ 	assert(req != NULL);
+ 	assert(exp != NULL);
+ 
++	memset(req, 0, size);
++
+ 	return __build_expect(ssh, req, size, type, flags, exp);
+ }
+ 
+@@ -546,7 +548,7 @@ __build_query_exp(struct nfnl_subsys_handle *ssh,
+ 	assert(data != NULL);
+ 	assert(req != NULL);
+ 
+-	memset(req, 0, size);
++	memset(buffer, 0, size);
+ 
+ 	switch(qt) {
+ 	case NFCT_Q_CREATE:
+diff --git a/src/expect/build.c b/src/expect/build.c
+index 2e0f968f36dad..1807adce26f62 100644
+--- a/src/expect/build.c
++++ b/src/expect/build.c
+@@ -29,8 +29,6 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
+ 	else
+ 		return -1;
+ 
+-	memset(req, 0, size);
+-
+ 	buf = (char *)&req->nlh;
+ 	nlh = mnl_nlmsg_put_header(buf);
+ 	nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK_EXP << 8) | type;
+-- 
+2.38.0
+

SPECS/libnetfilter_conntrack.spec

@@ -1,13 +1,20 @@
 Name:           libnetfilter_conntrack
-Version:        1.0.6
-Release:        5%{?dist}
+Version:        1.0.9
+Release:        1%{?dist}
 Summary:        Netfilter conntrack userspace library
-Group:          System Environment/Libraries
 License:        GPLv2+
 URL:            http://netfilter.org
 Source0:        http://netfilter.org/projects/libnetfilter_conntrack/files/%{name}-%{version}.tar.bz2
 
-BuildRequires:  libnfnetlink-devel >= 1.0.1, pkgconfig, kernel-headers, libmnl-devel >= 1.0.3
+Patch01:        0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch
+Patch02:        0002-expect-conntrack-Avoid-spurious-covscan-overrun-warn.patch
+
+BuildRequires:  gcc
+BuildRequires:  kernel-headers
+BuildRequires:  libmnl-devel >= 1.0.3
+BuildRequires:  libnfnetlink-devel >= 1.0.1
+BuildRequires:  make
+BuildRequires:  pkgconfig
 
 %description
 libnetfilter_conntrack is a userspace library providing a programming 
@@ -15,7 +22,6 @@ interface (API) to the in-kernel connection tracking state table.
 
 %package        devel
 Summary:        Netfilter conntrack userspace library
-Group:          Development/Libraries
 Requires:       %{name} = %{version}-%{release}, libnfnetlink-devel >= 1.0.1
 Requires:       kernel-headers
 
@@ -24,42 +30,70 @@ libnetfilter_conntrack is a userspace library providing a programming
 interface (API) to the in-kernel connection tracking state table.
 
 %prep
-%setup -q
-
-# (valid for 1.0.3, may break newer releases)
-# Remove outdated files that confuse various helper scripts.
-rm compile config.guess config.sub depcomp install-sh ltmain.sh missing
+%autosetup -p1
 
 %build
 %configure --disable-static --disable-rpath
 
-make %{?_smp_mflags}
+%{make_build}
 
 %install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT
-find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
+%{make_install}
+find $RPM_BUILD_ROOT -type f -name "*.la" -delete
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%post -p /sbin/ldconfig
-%postun -p /sbin/ldconfig
+%ldconfig_scriptlets
 
 %files
-%defattr(-,root,root,-)
-%{!?_licensedir:%global license %%doc}
 %license COPYING
 %{_libdir}/*.so.*
 
 %files devel
-%defattr(-,root,root,-)
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/*.pc
 %dir %{_includedir}/libnetfilter_conntrack
 %{_includedir}/libnetfilter_conntrack/*.h
 
 %changelog
+* Thu Dec 08 2022 Phil Sutter <psutter@redhat.com> - 1.0.9-1
+- expect/conntrack: Avoid spurious covscan overrun warning
+- conntrack: fix build with kernel 5.15 and musl
+- New version 1.0.9
+
+* Wed Dec 07 2022 Phil Sutter <psutter@redhat.com> - 1.0.8-5
+- conntrack: don't cancel nest on unknown layer 4 protocols
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.8-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.8-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sun Jan 17 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 1.0.8-1
+- Update to 1.0.8
+- Cleanup spec
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Dec 06 2018 Paul Wouters <pwouters@redhat.com> - 1.0.7-1
+- Updated to 1.0.7
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild