269 lines
8.9 KiB
RPMSpec
269 lines
8.9 KiB
RPMSpec
Name: nftables
|
|
Version: 0.9.0
|
|
Release: 8%{?dist}
|
|
# Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
|
|
Epoch: 1
|
|
Summary: Netfilter Tables userspace utillites
|
|
|
|
License: GPLv2
|
|
URL: http://netfilter.org/projects/nftables/
|
|
Source0: http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2
|
|
Source1: nftables.service
|
|
Source2: nftables.conf
|
|
|
|
Patch1: 0001-evaluate-reject-Allow-icmpx-in-inet-bridge-families.patch
|
|
Patch2: 0002-monitor-Drop-fake-XML-support.patch
|
|
Patch3: 0003-monitor-Drop-update-table-and-update-chain-cases.patch
|
|
Patch4: 0004-monitor-Fix-printing-of-ct-objects.patch
|
|
Patch5: 0005-monitor-Use-libnftables-JSON-output.patch
|
|
Patch6: 0006-tests-monitor-Test-JSON-output-as-well.patch
|
|
Patch7: 0007-segtree-bogus-range-via-get-set-element-on-existing-.patch
|
|
Patch8: 0008-segtree-disantangle-get_set_interval_end.patch
|
|
Patch9: 0009-segtree-memleak-in-get_set_decompose.patch
|
|
Patch10: 0010-segtree-stop-iteration-on-existing-elements-in-case-.patch
|
|
Patch11: 0011-segtree-incorrect-handling-of-last-element-in-get_se.patch
|
|
Patch12: 0012-segtree-set-proper-error-cause-on-existing-elements.patch
|
|
Patch13: 0013-rule-fix-memleak-in-do_get_setelems.patch
|
|
Patch14: 0014-Fix-memleak-in-netlink_parse_fwd-error-path.patch
|
|
Patch15: 0015-libnftables-Fix-memleak-in-nft_parse_bison_filename.patch
|
|
Patch16: 0016-src-pass-struct-nft_ctx-through-struct-eval_ctx.patch
|
|
Patch17: 0017-src-trace-fix-policy-printing.patch
|
|
Patch18: 0018-rule-list-only-the-table-containing-object.patch
|
|
Patch19: 0019-src-pass-struct-nft_ctx-through-struct-netlink_ctx.patch
|
|
Patch20: 0020-netlink-reset-mnl_socket-field-in-struct-nft_ctx-on-.patch
|
|
Patch21: 0021-src-remove-opts-field-from-struct-xt_stmt.patch
|
|
Patch22: 0022-JSON-Support-latest-enhancements-of-fwd-statement.patch
|
|
Patch23: 0023-parser_json-Fix-for-ineffective-family-value-checks.patch
|
|
Patch24: 0024-json-Fix-memleak-in-dup_stmt_json.patch
|
|
Patch25: 0025-json-Fix-for-recent-changes-to-context-structs.patch
|
|
Patch26: 0026-parser_bison-Fix-for-ECN-keyword-in-LHS-of-relationa.patch
|
|
Patch27: 0027-nft.8-Update-meta-pkt_type-value-description.patch
|
|
Patch28: 0028-json-Work-around-segfault-when-encountering-xt-stmt.patch
|
|
Patch29: 0029-nft.8-Document-log-level-audit.patch
|
|
Patch30: 0030-nft.8-Clarify-index-option-of-add-rule-command.patch
|
|
Patch31: 0031-src-Reject-export-vm-json-command.patch
|
|
|
|
|
|
#BuildRequires: autogen
|
|
#BuildRequires: autoconf
|
|
#BuildRequires: automake
|
|
#BuildRequires: libtool
|
|
BuildRequires: gcc
|
|
BuildRequires: flex
|
|
BuildRequires: bison
|
|
BuildRequires: libmnl-devel
|
|
BuildRequires: gmp-devel
|
|
BuildRequires: readline-devel
|
|
BuildRequires: libnftnl-devel
|
|
BuildRequires: docbook2X
|
|
BuildRequires: systemd
|
|
BuildRequires: jansson-devel
|
|
BuildRequires: iptables-devel
|
|
|
|
%description
|
|
Netfilter Tables userspace utilities.
|
|
|
|
%package devel
|
|
Summary: Development library for nftables / libnftables
|
|
Group: Development/Libraries
|
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
|
Requires: pkgconfig
|
|
|
|
%description devel
|
|
Development tools and static libraries and header files for the libnftables library.
|
|
|
|
%prep
|
|
%autosetup -p1
|
|
|
|
%build
|
|
#./autogen.sh
|
|
%configure --disable-silent-rules --with-json --with-xtables
|
|
make %{?_smp_mflags}
|
|
|
|
%install
|
|
%make_install
|
|
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
|
|
|
|
# Don't ship static lib (for now at least)
|
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libnftables.a
|
|
|
|
chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
|
|
cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
|
|
cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/nftables
|
|
|
|
%post
|
|
%systemd_post nftables.service
|
|
|
|
%preun
|
|
%systemd_preun nftables.service
|
|
|
|
%postun
|
|
%systemd_postun_with_restart nftables.service
|
|
|
|
%post devel
|
|
%ldconfig_post
|
|
|
|
%postun devel
|
|
%ldconfig_postun
|
|
|
|
%files
|
|
%license COPYING
|
|
%config(noreplace) %{_sysconfdir}/nftables/
|
|
%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf
|
|
%{_sbindir}/nft
|
|
%{_libdir}/libnftables.so.*
|
|
%{_mandir}/man8/nft*
|
|
%{_unitdir}/nftables.service
|
|
|
|
%files devel
|
|
%{_libdir}/libnftables.so
|
|
%{_libdir}/pkgconfig/libnftables.pc
|
|
%{_includedir}/nftables/libnftables.h
|
|
|
|
%changelog
|
|
* Fri Mar 01 2019 Phil Sutter - 1:0.9.0-8
|
|
- Add missing patch to spec file
|
|
|
|
* Fri Dec 21 2018 Phil Sutter - 1:0.9.0-7
|
|
- src: Reject 'export vm json' command
|
|
|
|
* Tue Dec 18 2018 Phil Sutter - 1:0.9.0-6
|
|
- Rebuild for updated libnftnl
|
|
|
|
* Thu Dec 13 2018 Phil Sutter - 1:0.9.0-5
|
|
- nft.8: Document log level audit
|
|
- nft.8: Clarify 'index' option of add rule command
|
|
|
|
* Thu Oct 25 2018 Phil Sutter - 1:0.9.0-4
|
|
- Add fixes for covscan report
|
|
- Fix for ECN keyword in LHS of relational
|
|
- Update meta pkt_type value description
|
|
- Fix for segfault with JSON output if xt expression is present
|
|
- Add missing nft suffix to files included from /etc/sysconfig/nftables.conf
|
|
- Use native JSON API in nft monitor
|
|
|
|
* Thu Oct 11 2018 Phil Sutter - 1:0.9.0-3
|
|
- Enable xtables support
|
|
- Enable JSON support
|
|
|
|
* Mon Sep 10 2018 Phil Sutter - 1:0.9.0-2
|
|
- Allow icmpx in inet/bridge families
|
|
|
|
* Tue Aug 14 2018 Phil Sutter - 1:0.9.0-1
|
|
- New version 0.9.0
|
|
- Install libnftables
|
|
- Add devel sub-package
|
|
- Add gcc BuildRequires
|
|
|
|
* Sat Mar 03 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.3-1
|
|
- Update to 0.8.3. Fixes bug #1551207
|
|
|
|
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.8.2-2
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
|
* Mon Feb 05 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.2-1
|
|
- Update to 0.8.2. Fixes bug #1541582
|
|
|
|
* Tue Jan 16 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.1-1
|
|
- Update to 0.8.1. Fixes bug #1534982
|
|
|
|
* Sun Oct 22 2017 Kevin Fenzi <kevin@scrye.com> - 0.8-1
|
|
- Update to 0.8.
|
|
|
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-5
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-4
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-3
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
|
* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 1:0.7-2
|
|
- Rebuild for readline 7.x
|
|
|
|
* Thu Dec 22 2016 Kevin Fenzi <kevin@scrye.com> - 0.7-1
|
|
- Update to 0.7
|
|
|
|
* Fri Jul 15 2016 Kevin Fenzi <kevin@scrye.com> - 0.6-2
|
|
- Rebuild for new glibc symbols
|
|
|
|
* Thu Jun 02 2016 Kevin Fenzi <kevin@scrye.com> - 0.6-1
|
|
- Update to 0.6.
|
|
|
|
* Sun Apr 10 2016 Kevin Fenzi <kevin@scrye.com> - 0.5-4
|
|
- Add example config files and move config to /etc/sysconfig. Fixes bug #1313936
|
|
|
|
* Fri Mar 25 2016 Kevin Fenzi <kevin@scrye.com> - 0.5-3
|
|
- Add systemd unit file. Fixes bug #1313936
|
|
|
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.5-2
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
|
* Thu Sep 17 2015 Kevin Fenzi <kevin@scrye.com> 0.5-1
|
|
- Update to 0.5
|
|
|
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.4-3
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
|
* Sat Jan 10 2015 Kevin Fenzi <kevin@scrye.com> 0.4-2
|
|
- Add patch to fix nft -f dep gen.
|
|
|
|
* Fri Dec 26 2014 Kevin Fenzi <kevin@scrye.com> 0.4-1
|
|
- Update to 0.4
|
|
- Add Epoch to fix versioning.
|
|
|
|
* Wed Sep 03 2014 Kevin Fenzi <kevin@scrye.com> 0.100-4.20140903git
|
|
- Update to 20140903 snapshot
|
|
|
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.100-4.20140704git
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
|
* Fri Jul 04 2014 Kevin Fenzi <kevin@scrye.com> 0.100-3.20140704git
|
|
- Update to new snapshot
|
|
|
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.100-2.20140426git
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
|
* Sat Apr 26 2014 Kevin Fenzi <kevin@scrye.com> 0.100-1.20140426git
|
|
- Update t0 20140426
|
|
|
|
* Sun Mar 30 2014 Kevin Fenzi <kevin@scrye.com> 0.100-1.20140330git
|
|
- Update to 20140330 snapshot
|
|
- Sync versions to be post 0.100 release.
|
|
|
|
* Wed Mar 26 2014 Kevin Fenzi <kevin@scrye.com> 0-0.7.20140326git
|
|
- Update to 20140326 snapshot
|
|
- Fix permissions on man pages.
|
|
|
|
* Mon Mar 24 2014 Kevin Fenzi <kevin@scrye.com> 0-0.6.20140324git
|
|
- Update to 20140324 snapshot
|
|
|
|
* Fri Mar 07 2014 Kevin Fenzi <kevin@scrye.com> 0-0.5.20140307git
|
|
- Update to 20140307
|
|
|
|
* Sat Jan 25 2014 Kevin Fenzi <kevin@scrye.com> 0-0.4.20140125git
|
|
- Update to 20140125 snapshot
|
|
|
|
* Sat Jan 18 2014 Kevin Fenzi <kevin@scrye.com> 0-0.3.20140118git
|
|
- Update to 20140118 snapshot
|
|
- Fixed License tag to be correct
|
|
- Fixed changelog
|
|
- nft scripts now use full path for nft
|
|
- Fixed man page building
|
|
- Dropped unneeded rm in install
|
|
- Patched build to not be silent.
|
|
|
|
* Tue Dec 03 2013 Kevin Fenzi <kevin@scrye.com> 0-0.2.20131202git
|
|
- Use upstream snapshots for source.
|
|
- Use 0 for version.
|
|
|
|
* Sat Nov 30 2013 Kevin Fenzi <kevin@scrye.com> 0-0.1
|
|
- initial version for Fedora review
|