From a4748a4344ddd7c0cbf9d21cca9bb5fc7fa33d379bb0fae3e38383371091c233 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Sat, 6 Jun 2020 12:11:13 +0000
Subject: [PATCH 1/2] - Update to release 0.9.5

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/nftables?expand=0&rev=52
---
 anonset-crashfix.patch     |  42 -------------------------------------
 nftables-0.9.4.tar.bz2     |   3 ---
 nftables-0.9.4.tar.bz2.sig | Bin 590 -> 0 bytes
 nftables-0.9.5.tar.bz2     |   3 +++
 nftables-0.9.5.tar.bz2.sig | Bin 0 -> 590 bytes
 nftables.changes           |  13 ++++++++++++
 nftables.spec              |   3 +--
 7 files changed, 17 insertions(+), 47 deletions(-)
 delete mode 100644 anonset-crashfix.patch
 delete mode 100644 nftables-0.9.4.tar.bz2
 delete mode 100644 nftables-0.9.4.tar.bz2.sig
 create mode 100644 nftables-0.9.5.tar.bz2
 create mode 100644 nftables-0.9.5.tar.bz2.sig

diff --git a/anonset-crashfix.patch b/anonset-crashfix.patch
deleted file mode 100644
index ed51b5a..0000000
--- a/anonset-crashfix.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From pablo@netfilter.org Thu May  7 13:29:26 2020
-Date: Thu, 7 May 2020 13:29:19
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-To: netfilter-devel@vger.kernel.org
-Cc: jengelh@inai.de
-Subject: [PATCH nft] mnl: fix error rule reporting with missing table/chain and anonymous sets
-
-Program received signal SIGSEGV, Segmentation fault.
-0x00007ffff7f64f1e in erec_print (octx=0x55555555d2c0, erec=0x55555555fcf0, debug_mask=0) at erec.c:95
-95              switch (indesc->type) {
-(gdb) bt
-    buf=0x55555555db20 "add rule inet traffic-filter input tcp dport { 22, 80, 443 } accept") at libnftables.c:459
-(gdb) p indesc
-$1 = (const struct input_descriptor *) 0x0
-
-Closes: http://bugzilla.opensuse.org/show_bug.cgi?id=1171321
-Fixes: 086ec6f30c96 ("mnl: extended error support for create command")
-Reported-by: Jan Engelhardt <jengelh@inai.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- src/mnl.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/mnl.c b/src/mnl.c
-index 94e80261afb7..9ce4072859b1 100644
---- a/src/mnl.c
-+++ b/src/mnl.c
-@@ -1048,7 +1048,10 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd,
- 
- 	cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location);
- 	mnl_attr_put_strz(nlh, NFTA_SET_TABLE, h->table.name);
--	cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location);
-+	if (set_is_anonymous(set->flags))
-+		cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->location);
-+	else
-+		cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location);
- 	mnl_attr_put_strz(nlh, NFTA_SET_NAME, h->set.name);
- 
- 	nftnl_set_nlmsg_build_payload(nlh, nls);
--- 
-2.20.1
-
diff --git a/nftables-0.9.4.tar.bz2 b/nftables-0.9.4.tar.bz2
deleted file mode 100644
index f95cdc4..0000000
--- a/nftables-0.9.4.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08b8683a9db5fba980bc092b75288af98d218bbe8ab446daf2338570d0730f9a
-size 792788
diff --git a/nftables-0.9.4.tar.bz2.sig b/nftables-0.9.4.tar.bz2.sig
deleted file mode 100644
index 201ccc93effa139cb94595ea6a24bb56292db12e08baab5f34074a624100d074..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 590
zcmV-U0<ryx0!st{0SEv!79j+{ow5c$9dI<dVN$KDMpdCE(vsu_0$zl4`4=2xZ*paH
zWnpbVZe?_4X>4?5axQOjX8;Nb5UWO2p(fIj<l{mQ|7=Q$9Q-fuY&vNm^Tz;FKdDbi
zO7NL?_*JPjJ`)TK*Zzlyp>(ECWx`h}rWERUIDhBAXUCQ;20lp|7aBiK>m0U|OsY}X
zfmdrw3&s~U*`g^zoHLNeV6X7F>f|T2^$hr1rcV+831r>Cl5^TPFQ7d9(Em*@8O0k{
zW_o*h#x@rDlAC69Dn;IF<!j(aGzP8KO6{*};xv^?;RQO9Rr}jf50h$wT&TYc=;Lq8
zXXML_QJUIjlz?F%UeWr-<p2E0=>)Jgr8(0~hJY+diUj@Y5z2Emx-FkII$HpW_}zQZ
z2^yNt7F#{KzZVX0;h+G&`OPCyhgDsH;*h-=3D-cNnei>UCVOcHNXkE@2kcxYu1<_a
z=lw9%!BiHUdIM*t<|<46O{3U5jcr(n{L2ePu2rsn$lP$O8RJ*^0f9kh;Nc}|WJtqT
zl8C!MJj~aH*wW@}v~Fzf?&9#mnq5*y3Ddwp0?)lW9&CaE&r`vl{q(<LC&Tr4JJ0dU
z;u-~ZqBX)dtKID?2u-Zhx^C#2qP7XYSnbCeQh%YA#G4X*vYU>)X{#k-1PS_#5D&WL
zM;A9XPHpYsF7$lsiGFl4IgRqCuZG7zon#Vw38^#|^ZhWKsZ79=bWd<WkBgB1xbsm!
ci!X(*-7P&hu+LB73^od`=XWCkL=A%`AFSdVX8-^I

diff --git a/nftables-0.9.5.tar.bz2 b/nftables-0.9.5.tar.bz2
new file mode 100644
index 0000000..9033f1f
--- /dev/null
+++ b/nftables-0.9.5.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f2c1957eabc370057c4576b8f33a71d91a6ad019b8b335abafe61c9c42cc7e16
+size 855740
diff --git a/nftables-0.9.5.tar.bz2.sig b/nftables-0.9.5.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..1797339c4c8c51d4fb3a0dd2c3f272b33671434dc24ae62c16460ad220c7f5b5
GIT binary patch
literal 590
zcmV-U0<ryx0!st{0SW*$79j+{ow5c$9dI<dVN$KDMpdCE(vsu_0$$r`g%=!SZ*paH
zWnpbVZe?_4X>4?5axQOjX8;Nb5UWO2p(fIj<QyOm|5H<9+Zy$=gj%iy5Eo5alz^A=
zv%fKRRY?VfNT#U&qS?lG9=pFhm_G^zm|UHqWD)+gX~5)<2o9qkA2_sJ_YUi)q3rV*
zc!)ew%XB*Yws6|yHNKbkMC(5#-I!9;PqQ<lsK6la(#%f_TFeyL%7&}#fP3i_hpO~E
zI?gv&c<Rq~PUR3)<(I=63qOGeNLz`_1Vzg~0kw`jpQfx;OMHY0hId{2o?)7Q5nw3p
zEv$1fN#E-S<C0?(nT|6j2@-^1yr}cdt2i>dv0L9<futb|`DpfF1*Gx=7yO|5Zm)C}
z!=QL48*1R7Eb0egoqI@w`Qw8$JCp@|`s~}imoBHz^|Jn-{u7n7MIztUf)D~)Pe(a#
z+TjnP06p764_9(u8$Z0FYuCU*njXh=-wEQ+nzICq6X(P7!5it)ibjuEh}ooc8fnd!
z`VT2<<G=}zO%C5*JVS{XdOounGT#$55p1K4#qoRH1EQuQ(&9p2FolsJ<TNtr=|(zI
zwoMJPY_ylLzhdaIW!!D;gY!D8IOJ%>g}3!M!~N3sM#M5L?U?w&Scz-wd5NkDK<>y%
zR0wJ^C%!5A;t8xQex8qPVgIPN94xQRLSI~tfHuQb8Nm)A{jW;Po+{g`SyY$|an4gS
c{Z@}OR$UX_lpf$L)MQmea`>QkLj*1VF=JXA6aWAK

literal 0
HcmV?d00001

diff --git a/nftables.changes b/nftables.changes
index a489b94..28ba3a4 100644
--- a/nftables.changes
+++ b/nftables.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Sat Jun  6 12:03:35 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 0.9.5
+  * Support for set counters.
+  * Support for restoring set element counters via nft -f.
+  * Counter support for flowtables.
+  * typeof concatenations support for sets.
+  * Support for concatenated ranges in anonymous sets.
+  * Allow to reject packets with 802.1q from the bridge family.
+  * Support for matching on the conntrack ID.
+- Drop anonset-crashfix.patch (upstream solved differently)
+
 -------------------------------------------------------------------
 Thu May  7 11:41:07 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/nftables.spec b/nftables.spec
index 9ac12c8..be7c955 100644
--- a/nftables.spec
+++ b/nftables.spec
@@ -17,7 +17,7 @@
 
 
 Name:           nftables
-Version:        0.9.4
+Version:        0.9.5
 Release:        0
 Summary:        Userspace utility to access the nf_tables packet filter
 License:        GPL-2.0-only
@@ -28,7 +28,6 @@ URL:            https://netfilter.org/projects/nftables/
 Source:         http://ftp.netfilter.org/pub/nftables/nftables-%version.tar.bz2
 Source2:        http://ftp.netfilter.org/pub/nftables/nftables-%version.tar.bz2.sig
 Source3:        %name.keyring
-Patch1:         anonset-crashfix.patch
 BuildRequires:  asciidoc
 BuildRequires:  bison
 BuildRequires:  flex

From 7cb7ab28104c06102618e5d6dfddce5bca8467d71b18ec726c7180d0b3b4b099 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Sat, 6 Jun 2020 23:03:50 +0000
Subject: [PATCH 2/2] OBS-URL:
 https://build.opensuse.org/package/show/security:netfilter/nftables?expand=0&rev=53

---
 nftables.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nftables.spec b/nftables.spec
index be7c955..e640084 100644
--- a/nftables.spec
+++ b/nftables.spec
@@ -37,7 +37,7 @@ BuildRequires:  python3-base
 BuildRequires:  readline-devel
 BuildRequires:  pkgconfig(jansson)
 BuildRequires:  pkgconfig(libmnl) >= 1.0.3
-BuildRequires:  pkgconfig(libnftnl) >= 1.1.6
+BuildRequires:  pkgconfig(libnftnl) >= 1.1.7
 BuildRequires:  pkgconfig(xtables) >= 1.6.1
 
 %description