commit 3535d5ee463e3ef27cd530179eebef01921fefa9 Author: MSVSphere Packaging Team Date: Fri Apr 14 14:05:45 2023 +0300 import libnetfilter_conntrack-1.0.9-1.el9 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..572bea8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libnetfilter_conntrack-1.0.9.tar.bz2 diff --git a/.libnetfilter_conntrack.metadata b/.libnetfilter_conntrack.metadata new file mode 100644 index 0000000..3151a31 --- /dev/null +++ b/.libnetfilter_conntrack.metadata @@ -0,0 +1 @@ +5e27ae89897080aa83eb32b836c4fbe16920db29 SOURCES/libnetfilter_conntrack-1.0.9.tar.bz2 diff --git a/SOURCES/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch b/SOURCES/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch new file mode 100644 index 0000000..e002968 --- /dev/null +++ b/SOURCES/0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch @@ -0,0 +1,57 @@ +From 8ee1e27facf598a1362b29b794e51271b5be4db7 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Thu, 24 Feb 2022 15:01:11 +0100 +Subject: [PATCH] conntrack: fix build with kernel 5.15 and musl + +Currently, with kernel 5.15 headers and musl building is failing with +redefinition errors due to a conflict between the kernel and musl headers. + +Musl is able to suppres the conflicting kernel header definitions if they +are included after the standard libc ones, however since ICMP definitions +were moved into a separate internal header to avoid duplication this has +stopped working and is breaking the builds. + +It seems that the issue is that which contains the UAPI +suppression defines is included in the internal.h header and not in the +proto.h which actually includes the kernel ICMP headers and thus UAPI +supression defines are not present. + +Solve this by moving the include before the ICMP kernel +includes in the proto.h + +Fixes: bc1cb4b11403 ("conntrack: Move icmp request>reply type mapping to common file") +Signed-off-by: Robert Marko +Signed-off-by: Florian Westphal +(cherry picked from commit 21ee35dde73aec5eba35290587d479218c6dd824) +--- + include/internal/internal.h | 1 - + include/internal/proto.h | 1 + + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/internal/internal.h b/include/internal/internal.h +index 2ef8a9057628b..7cd7c44bf8336 100644 +--- a/include/internal/internal.h ++++ b/include/internal/internal.h +@@ -14,7 +14,6 @@ + #include + #include + #include +-#include + + #include + #include +diff --git a/include/internal/proto.h b/include/internal/proto.h +index 40e7bfe63cc77..60a5f4e4ff8e0 100644 +--- a/include/internal/proto.h ++++ b/include/internal/proto.h +@@ -2,6 +2,7 @@ + #define _NFCT_PROTO_H_ + + #include ++#include + #include + #include + +-- +2.38.0 + diff --git a/SOURCES/0002-expect-conntrack-Avoid-spurious-covscan-overrun-warn.patch b/SOURCES/0002-expect-conntrack-Avoid-spurious-covscan-overrun-warn.patch new file mode 100644 index 0000000..94741d5 --- /dev/null +++ b/SOURCES/0002-expect-conntrack-Avoid-spurious-covscan-overrun-warn.patch @@ -0,0 +1,92 @@ +From 883bc7739f467000f1ccb00b5d0e383c7289dcc0 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Fri, 25 Mar 2022 14:55:53 +0100 +Subject: [PATCH] expect/conntrack: Avoid spurious covscan overrun warning + +It doesn't like how memset() is called for a struct nfnlhdr pointer with +large size value. Pass void pointers instead. This also removes the call +from __build_{expect,conntrack}() which is duplicate in +__build_query_{exp,ct}() code-path. + +Signed-off-by: Phil Sutter +(cherry picked from commit 86f5bdc2a85b208053e7361ccd575e4eb3c853a3) +--- + src/conntrack/api.c | 4 +++- + src/conntrack/build.c | 2 -- + src/expect/api.c | 4 +++- + src/expect/build.c | 2 -- + 4 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/conntrack/api.c b/src/conntrack/api.c +index b7f64fb43ce83..7f72d07f2e7f6 100644 +--- a/src/conntrack/api.c ++++ b/src/conntrack/api.c +@@ -779,6 +779,8 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh, + assert(req != NULL); + assert(ct != NULL); + ++ memset(req, 0, size); ++ + return __build_conntrack(ssh, req, size, type, flags, ct); + } + +@@ -812,7 +814,7 @@ __build_query_ct(struct nfnl_subsys_handle *ssh, + assert(data != NULL); + assert(req != NULL); + +- memset(req, 0, size); ++ memset(buffer, 0, size); + + switch(qt) { + case NFCT_Q_CREATE: +diff --git a/src/conntrack/build.c b/src/conntrack/build.c +index b5a7061d53698..f80cfc12d5e38 100644 +--- a/src/conntrack/build.c ++++ b/src/conntrack/build.c +@@ -27,8 +27,6 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, + return -1; + } + +- memset(req, 0, size); +- + buf = (char *)&req->nlh; + nlh = mnl_nlmsg_put_header(buf); + nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | type; +diff --git a/src/expect/api.c b/src/expect/api.c +index 39cd09249684c..b100c72ded50e 100644 +--- a/src/expect/api.c ++++ b/src/expect/api.c +@@ -513,6 +513,8 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh, + assert(req != NULL); + assert(exp != NULL); + ++ memset(req, 0, size); ++ + return __build_expect(ssh, req, size, type, flags, exp); + } + +@@ -546,7 +548,7 @@ __build_query_exp(struct nfnl_subsys_handle *ssh, + assert(data != NULL); + assert(req != NULL); + +- memset(req, 0, size); ++ memset(buffer, 0, size); + + switch(qt) { + case NFCT_Q_CREATE: +diff --git a/src/expect/build.c b/src/expect/build.c +index 2e0f968f36dad..1807adce26f62 100644 +--- a/src/expect/build.c ++++ b/src/expect/build.c +@@ -29,8 +29,6 @@ int __build_expect(struct nfnl_subsys_handle *ssh, + else + return -1; + +- memset(req, 0, size); +- + buf = (char *)&req->nlh; + nlh = mnl_nlmsg_put_header(buf); + nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK_EXP << 8) | type; +-- +2.38.0 + diff --git a/SPECS/libnetfilter_conntrack.spec b/SPECS/libnetfilter_conntrack.spec new file mode 100644 index 0000000..1f80937 --- /dev/null +++ b/SPECS/libnetfilter_conntrack.spec @@ -0,0 +1,242 @@ +Name: libnetfilter_conntrack +Version: 1.0.9 +Release: 1%{?dist} +Summary: Netfilter conntrack userspace library +License: GPLv2+ +URL: http://netfilter.org +Source0: http://netfilter.org/projects/libnetfilter_conntrack/files/%{name}-%{version}.tar.bz2 + +Patch01: 0001-conntrack-fix-build-with-kernel-5.15-and-musl.patch +Patch02: 0002-expect-conntrack-Avoid-spurious-covscan-overrun-warn.patch + +BuildRequires: gcc +BuildRequires: kernel-headers +BuildRequires: libmnl-devel >= 1.0.3 +BuildRequires: libnfnetlink-devel >= 1.0.1 +BuildRequires: make +BuildRequires: pkgconfig + +%description +libnetfilter_conntrack is a userspace library providing a programming +interface (API) to the in-kernel connection tracking state table. + +%package devel +Summary: Netfilter conntrack userspace library +Requires: %{name} = %{version}-%{release}, libnfnetlink-devel >= 1.0.1 +Requires: kernel-headers + +%description devel +libnetfilter_conntrack is a userspace library providing a programming +interface (API) to the in-kernel connection tracking state table. + +%prep +%autosetup -p1 + +%build +%configure --disable-static --disable-rpath + +%{make_build} + +%install +%{make_install} +find $RPM_BUILD_ROOT -type f -name "*.la" -delete + +%ldconfig_scriptlets + +%files +%license COPYING +%{_libdir}/*.so.* + +%files devel +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%dir %{_includedir}/libnetfilter_conntrack +%{_includedir}/libnetfilter_conntrack/*.h + +%changelog +* Fri Apr 14 2023 MSVSphere Packaging Team - 1.0.9-1 +- Rebuilt for MSVSphere 9.2 beta + +* Thu Dec 08 2022 Phil Sutter - 1.0.9-1 +- expect/conntrack: Avoid spurious covscan overrun warning +- conntrack: fix build with kernel 5.15 and musl +- New version 1.0.9 + +* Wed Dec 07 2022 Phil Sutter - 1.0.8-5 +- conntrack: don't cancel nest on unknown layer 4 protocols + +* Mon Aug 09 2021 Mohan Boddu - 1.0.8-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 1.0.8-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.0.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Jan 17 2021 Peter Robinson - 1.0.8-1 +- Update to 1.0.8 +- Cleanup spec + +* Tue Jul 28 2020 Fedora Release Engineering - 1.0.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 1.0.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 1.0.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 1.0.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Dec 06 2018 Paul Wouters - 1.0.7-1 +- Updated to 1.0.7 + +* Fri Jul 13 2018 Fedora Release Engineering - 1.0.6-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 1.0.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 1.0.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.0.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 1.0.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Sep 22 2016 Paul Wouters - 1.0.6-1 +- Updated to 1.0.6 + +* Thu Feb 04 2016 Fedora Release Engineering - 1.0.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 1.0.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 1.0.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 18 2014 Tom Callaway - 1.0.4-3 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 1.0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Aug 8 2013 Paul P. Komkoff Jr - 1.0.4-1 +- new upstream version + +* Sat Aug 03 2013 Fedora Release Engineering - 1.0.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Sun Mar 24 2013 Paul P. Komkoff Jr - 1.0.3-1 +- new upstream version + +* Thu Feb 14 2013 Fedora Release Engineering - 1.0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Nov 30 2012 Paul P. Komkoff Jr - 1.0.2-1 +- new upstream version + +* Thu Jul 19 2012 Fedora Release Engineering - 1.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri May 18 2012 Paul P. Komkoff Jr - 1.0.1-1 +- new upstream version + +* Sat Mar 17 2012 Paul P. Komkoff Jr - 1.0.0-1 +- new upstream version + +* Fri Jan 13 2012 Fedora Release Engineering - 0.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Sun Apr 3 2011 Paul P. Komkoff Jr - 0.9.1-1 +- new upstream version + +* Tue Feb 08 2011 Fedora Release Engineering - 0.9.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Nov 19 2010 Paul P. Komkoff Jr - 0.9.0-1 +- new upstream version + +* Wed Jan 20 2010 Paul P. Komkoff Jr - 0.0.101-1 +- new upstream version + +* Mon Sep 28 2009 Paul P. Komkoff Jr - 0.0.100-1 +- new upstream version + +* Fri Jul 24 2009 Fedora Release Engineering - 0.0.99-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 0.0.99-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Jan 13 2009 Paul P. Komkoff Jr - 0.0.99-1 +- new upstream version + +* Sun Oct 26 2008 Paul P. Komkoff Jr - 0.0.97-1 +- new upstream version + +* Sun Sep 21 2008 Ville Skyttä - 0.0.96-3 +- Fix Patch0:/%%patch mismatch. + +* Thu Aug 7 2008 Tom "spot" Callaway - 0.0.96-2 +- fix license tag + +* Wed Jul 16 2008 Paul P. Komkoff Jr - 0.0.96-1 +- grab new upstream version +- use bundled header again + +* Sat Feb 23 2008 Paul P. Komkoff Jr - 0.0.89-0.1.svn7356 +- new version from upstream svn, with new api +- use system headers instead of bundled + +* Tue Feb 19 2008 Fedora Release Engineering - 0.0.82-3 +- Autorebuild for GCC 4.3 + +* Tue Feb 19 2008 Paul P. Komkoff Jr - 0.0.82-2 +- fix build with a new glibc + +* Sun Jan 20 2008 Paul P. Komkoff Jr - 0.0.82-1 +- new upstream version + +* Thu Aug 30 2007 Paul P. Komkoff Jr - 0.0.81-1 +- new upstream version + +* Wed Aug 29 2007 Fedora Release Engineering - 0.0.80-2 +- Rebuild for selinux ppc32 issue. + +* Thu Jul 19 2007 Paul P. Komkoff Jr - 0.0.80-1 +- new upstream version + +* Wed May 30 2007 Paul P. Komkoff Jr - 0.0.75-1 +- new upstream version + +* Sun Mar 25 2007 Paul P. Komkoff Jr - 0.0.50-4 +- grab ownership of some directories + +* Mon Mar 19 2007 Paul P. Komkoff Jr - 0.0.50-3 +- include libnfnetlink-devel into -devel deps + +* Sat Mar 17 2007 Paul P. Komkoff Jr - 0.0.50-2 +- new way of handling rpaths (as in current packaging guidelines) + +* Sun Feb 11 2007 Paul P. Komkoff Jr - 0.0.50-1 +- upstream version 0.0.50 + +* Fri Sep 15 2006 Paul P. Komkoff Jr +- rebuilt + +* Wed Jul 12 2006 Felipe Kellermann - 0.0.31-1 +- Adds pkgconfig to devel files. +- Version 0.0.31. + +* Mon May 8 2006 Paul P Komkoff Jr - 0.0.30-2 +- Include COPYING in %%doc + +* Sun Mar 26 2006 Paul P Komkoff Jr - 0.0.30-1 +- Preparing for submission to fedora extras