Accepting request 812117 from security:netfilter

- Update to release 0.9.5

OBS-URL: https://build.opensuse.org/request/show/812117
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nftables?expand=0&rev=20

anonset-crashfix.patch

@@ -1,42 +0,0 @@
-From pablo@netfilter.org Thu May  7 13:29:26 2020
-Date: Thu, 7 May 2020 13:29:19
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-To: netfilter-devel@vger.kernel.org
-Cc: jengelh@inai.de
-Subject: [PATCH nft] mnl: fix error rule reporting with missing table/chain and anonymous sets
-
-Program received signal SIGSEGV, Segmentation fault.
-0x00007ffff7f64f1e in erec_print (octx=0x55555555d2c0, erec=0x55555555fcf0, debug_mask=0) at erec.c:95
-95              switch (indesc->type) {
-(gdb) bt
-    buf=0x55555555db20 "add rule inet traffic-filter input tcp dport { 22, 80, 443 } accept") at libnftables.c:459
-(gdb) p indesc
-$1 = (const struct input_descriptor *) 0x0
-
-Closes: http://bugzilla.opensuse.org/show_bug.cgi?id=1171321
-Fixes: 086ec6f30c96 ("mnl: extended error support for create command")
-Reported-by: Jan Engelhardt <jengelh@inai.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- src/mnl.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/mnl.c b/src/mnl.c
-index 94e80261afb7..9ce4072859b1 100644
---- a/src/mnl.c
-+++ b/src/mnl.c
-@@ -1048,7 +1048,10 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd,
- 
- 	cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location);
- 	mnl_attr_put_strz(nlh, NFTA_SET_TABLE, h->table.name);
--	cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location);
-+	if (set_is_anonymous(set->flags))
-+		cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->location);
-+	else
-+		cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location);
- 	mnl_attr_put_strz(nlh, NFTA_SET_NAME, h->set.name);
- 
- 	nftnl_set_nlmsg_build_payload(nlh, nls);
--- 
-2.20.1
-

nftables-0.9.4.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08b8683a9db5fba980bc092b75288af98d218bbe8ab446daf2338570d0730f9a
-size 792788

nftables-0.9.5.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f2c1957eabc370057c4576b8f33a71d91a6ad019b8b335abafe61c9c42cc7e16
+size 855740

nftables.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Sat Jun  6 12:03:35 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 0.9.5
+  * Support for set counters.
+  * Support for restoring set element counters via nft -f.
+  * Counter support for flowtables.
+  * typeof concatenations support for sets.
+  * Support for concatenated ranges in anonymous sets.
+  * Allow to reject packets with 802.1q from the bridge family.
+  * Support for matching on the conntrack ID.
+- Drop anonset-crashfix.patch (upstream solved differently)
+
 -------------------------------------------------------------------
 Thu May  7 11:41:07 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
 

nftables.spec

@@ -17,7 +17,7 @@
 
 
 Name:           nftables
-Version:        0.9.4
+Version:        0.9.5
 Release:        0
 Summary:        Userspace utility to access the nf_tables packet filter
 License:        GPL-2.0-only
@@ -28,7 +28,6 @@ URL:            https://netfilter.org/projects/nftables/
 Source:         http://ftp.netfilter.org/pub/nftables/nftables-%version.tar.bz2
 Source2:        http://ftp.netfilter.org/pub/nftables/nftables-%version.tar.bz2.sig
 Source3:        %name.keyring
-Patch1:         anonset-crashfix.patch
 BuildRequires:  asciidoc
 BuildRequires:  bison
 BuildRequires:  flex
@@ -38,7 +37,7 @@ BuildRequires:  python3-base
 BuildRequires:  readline-devel
 BuildRequires:  pkgconfig(jansson)
 BuildRequires:  pkgconfig(libmnl) >= 1.0.3
-BuildRequires:  pkgconfig(libnftnl) >= 1.1.6
+BuildRequires:  pkgconfig(libnftnl) >= 1.1.7
 BuildRequires:  pkgconfig(xtables) >= 1.6.1
 
 %description