------------------------------------------------------------------- Fri Sep 29 11:32:56 UTC 2023 - Jan Engelhardt - Update to release 1.4.8 * Fix spurious EOPNOSUPP and ENOBUFS errors with -U/--update command. * Fix spurious ENOENT -D/--delete. ------------------------------------------------------------------- Thu Oct 6 19:02:32 UTC 2022 - Jan Engelhardt - Update to release 1.4.7 * Changes to the "conntrack" program: * "clash_resolve" and "chaintoolong" stats counters * Defaults to the `unspec` family if the `-f` flag is absent, so as to improve support for dual-stack setups. * Support filtering events by IP address family. * Support flushing per IP address family. * Added the `save` output format representing data in conntrack parameters, and support for loading such files back. * Remove the `-o userspace` flag and always tag user space triggered events. * Introduce the `-A` flags, a variant of `-I` which does not fail if the entry exists already. ------------------------------------------------------------------- Mon Aug 30 08:34:07 UTC 2021 - Johannes Segitz - Added hardening to systemd service(s). Modified: * conntrackd.service ------------------------------------------------------------------- Wed Apr 1 18:55:00 UTC 2020 - Jan Engelhardt - Update to release 1.4.6 * conntrackd: fix UDP IPv6 destination address not being usable * conntrack: Allow protocol number zero * conntrackd: cthelper: Add new SLP helper - Drop conntrackd-Use-strdup-in-lexer.patch, conntrackd-use-strncpy-to-unix-path.patch, conntrackd-cthelper-Add-new-SLP-helper.patch, conntrackd-use-correct-max-unix-path-length.patch (merged) - Drop require on systemd, since it can run in a namespace without. ------------------------------------------------------------------- Tue Jul 23 06:43:55 UTC 2019 - Michal Kubeček - conntrackd-cthelper-Add-new-SLP-helper.patch: userspace conntrack helper for SLP (Service Location Protocol) to replace SUSE specific kernel helper (rejected by upstream) from openSUSE / SLE kernel packages (FATE#324143 bsc#1127886) - run autoreconf before build (patch above touches Makefile.am) - add commented out conntrack helper config example to default conntrackd.conf - drop deprecated (and ignored) options Nice and UNIX/Backlog from default conntrackd.conf ------------------------------------------------------------------- Mon Jul 15 11:20:59 UTC 2019 - Michal Kubeček - Fix 1.4.5 parser issues (bsc#1141480): conntrackd-use-strncpy-to-unix-path.patch conntrackd-Use-strdup-in-lexer.patch conntrackd-use-correct-max-unix-path-length.patch ------------------------------------------------------------------- Tue May 1 12:39:52 UTC 2018 - jengelh@inai.de - Update to new upstream release 1.4.5 * new synproxy support * improved logging support (both stdout/stderr and log files) * new mDNS ct helper * deprecate unix backlog configuration * drop old/obsolete/deprecated conntrackd.conf config options * improved support for UPnP in the SSDP ct helper * add stronger TCP flags support * conntrack CLI tool: new support for IPv6 NAT * nfct CLI tool: some improvements to the build (-z lazy) ------------------------------------------------------------------- Fri Mar 16 23:53:12 UTC 2018 - jengelh@inai.de - Add tirpc for openSUSE 15 and onwards. ------------------------------------------------------------------- Tue Jan 16 13:47:25 UTC 2018 - jengelh@inai.de - submission from lars@linux-schulserver.de, partially applied - split out new subpackage "conntrackd" for the eponymous daemon (has systemd dependencies) - add systemd service, logrotate config, sample sysconfig, and sample config file. ------------------------------------------------------------------- Mon Aug 22 11:33:28 UTC 2016 - jengelh@inai.de - Update to new upstream release 1.4.4 * conntrackd: add systemd support * conntrack: support delete by label * conntrack: add support for netmask filtering * conntrack: add support for CIDR notation * conntrack: Add missing tables "dying" and "unconfirmed" to usage output. ------------------------------------------------------------------- Wed Sep 9 16:27:05 UTC 2015 - jengelh@inai.de - Update to new upstream release 1.4.3 * conntrack: fix expectation entry creation * expect: Fix wrong memset usage * cthelper: don't pass up a 0 length queue * conntrackd: allow strings with underscore from flex scanner * conntrack: fix setting labels in updates ------------------------------------------------------------------- Thu Jan 8 19:14:05 UTC 2015 - jengelh@inai.de - Update to new git snapshot 1.4.2.g26 * Chromecast/SSDP support, SSDP userspace helper * TFTP userspace helper support * Support for attaching expectations via nfqueue * Fix directory lookup for helper plugins * Fixes a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. [bnc#942419, CVE-2015-6496] ------------------------------------------------------------------- Tue Sep 23 15:16:24 UTC 2014 - jengelh@inai.de - Drop gpg-offline build-time requirement; this is now handled by the local source validator ------------------------------------------------------------------- Wed Aug 7 13:13:50 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.2 * This release includes bugfixes and the connlabel support. ------------------------------------------------------------------- Mon Mar 4 19:59:14 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.1 * conntrack: add support to dump the dying and unconfirmed list via ctnetlink * conntrackd: fix deadlock due to wrong nested signal blocking ------------------------------------------------------------------- Tue Nov 20 17:37:55 CET 2012 - sbrabec@suse.cz - Verify GPG signature ------------------------------------------------------------------- Mon Oct 8 12:32:55 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.0 * This release adds the user-space helper infrastructure which includes the RPC portmapper (to support NFSv3) and Oracle*TNS helpers. ------------------------------------------------------------------- Tue Jul 31 12:10:49 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.2.2 * conntrackd: commit operation has to be synchronous * conntrackd: implement selective flushing for -t and -F commands ------------------------------------------------------------------- Thu May 31 12:03:49 UTC 2012 - jengelh@inai.de - Resolve compilation failure due to missing #include ------------------------------------------------------------------- Sat May 26 18:38:34 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.2.1 * Add support for NAT expectations, synchronization of expectation class, helper names and expect functions. Filtering by mark is now allowed. ------------------------------------------------------------------- Wed Jan 4 20:16:48 UTC 2012 - jengelh@medozas.de - Update to new upstream release 1.0.1 * add support for mark masks ------------------------------------------------------------------- Sat Sep 17 23:49:42 UTC 2011 - jengelh@medozas.de - Remove redundant tags/sections from specfile ------------------------------------------------------------------- Sun Feb 27 04:33:13 UTC 2011 - jengelh@medozas.de - new upstream release 1.0.0 * SYN_SENT2 support for the command line tool conntrack (which was added in Linux kernel >= 2.6.31). * allow to listen to update and destroy expectation events (it requires a Linux kernel >= 2.6.37). * conntrack timestamping support with -o ktimestamp (this support requires the upcoming Linux 2.6.38). * one fix for conntrackd: two very consecutive commit invocations with option -c may result in the hang of the second commit invocation if the first commit did not finish yet. As a result the second commit invocation required a manual SIGTERM. - Remove redundant %clean section ------------------------------------------------------------------- Thu Jul 15 19:47:42 UTC 2010 - jengelh@medozas.de - new upstream release 0.9.15 * support for conntrack zones * support for TCP window scale synchronization * fixes to option parsing and printouts ------------------------------------------------------------------- Tue Feb 23 22:08:54 UTC 2010 - jengelh@medozas.de - new upstream release: 0.9.14 - use %_smp_mflags - wrap description at col 70 ------------------------------------------------------------------- Sun Sep 20 17:01:40 UTC 2009 - bitshuffler #suse@irc.freenode.org - Updated to 0.9.13