Name:           nftables
Version:        1.0.0
Release:        9
Epoch:          1
Summary:        A subsystem of the Linux kernel processing network data
License:        GPLv2
URL:            https://netfilter.org/projects/nftables/
Source0:        http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2
Source1:        nftables.service
Source2:        nftables.conf

Patch0:         backport-cache-validate-handle-string-length.patch
Patch1:         backport-evaluate-fix-segfault-when-adding-elements-to-invalid-set.patch
Patch2:         backport-segtree-split-prefix-and-range-creation-to-a-helper-function.patch
Patch3:         backport-segtree-add-string-range-reversal-support.patch
Patch4:         backport-segtree-fix-map-listing-with-interface-wildcard.patch
Patch5:         backport-src-Don-t-parse-string-as-verdict-in-map.patch
Patch6:         backport-parser_json-fix-device-parsing-in-netdev-family.patch
Patch7:         backport-iptopt-fix-crash-with-invalid-field-type-combo.patch
Patch8:         backport-evaluate-string-prefix-expression-must-retain-original-length.patch
Patch9:         backport-libnftables-release-top-level-scope.patch
Patch10:        backport-dump-locations-expressions-only-if-set.patch

Patch11:        backport-evaluate-allow-implicit-ether-vlan-dep.patch
Patch12:        backport-evaluate-datatype-memleak-after-binop-transfer.patch
Patch13:        backport-evaluate-bogus-datatype-assertion-in-binary-operation-evaluation.patch
Patch14:        backport-netlink_delinearize-do-not-transfer-binary-operation-to-non-anonymous-sets.patch
Patch15:        backport-payload-do-not-kill-dependency-for-proto_unknown.patch
Patch16:        backport-monitor-missing-cache-and-set-handle-initialization.patch
Patch17:        backport-netlink_linearize-fix-timeout-with-map-updates.patch

Patch18:        backport-owner-Fix-potential-array-out-of-bounds-access.patch
Patch19:        backport-evaluate-fix-shift-exponent-underflow-in-concatenation-evaluation.patch
Patch20:        backport-netlink-Fix-for-potential-NULL-pointer-deref.patch
Patch21:        backport-mnl-dump_nf_hooks-leaks-memory-in-error-path.patch

Patch22:        backport-netlink_linearize-use-div_round_up-in-byteorder-length.patch

BuildRequires:  gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd
BuildRequires:  iptables-devel jansson-devel python3-devel
BuildRequires:  chrpath

%description
nftables is a subsystem of the Linux kernel providing filtering and classification of\
network packets/datagrams/frames. 

%package        devel
Summary:        Development library for nftables / libnftables
Requires:       %{name} = %{epoch}:%{version}-%{release}  pkgconfig

%description devel
Development tools and static libraries and header files for the libnftables library.

%package_help

%package -n     python3-nftables
Summary:        Python module providing an interface to libnftables
Requires:       %{name} = %{epoch}:%{version}-%{release}
%{?python_provide:%python_provide python3-nftables}

%description -n python3-nftables
The nftables python module providing an interface to libnftables via ctypes.

%prep
%autosetup -n %{name}-%{version} -p1

%build
%configure --disable-silent-rules --with-xtables --with-json \
        --enable-python --with-python-bin=%{__python3}
%make_build

%check
make check

%install
%make_install
%delete_la

chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*

install -d $RPM_BUILD_ROOT/%{_unitdir}
cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/

install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/

install -d $RPM_BUILD_ROOT/%{_sysconfdir}/nftables
mv $RPM_BUILD_ROOT/%{_datadir}/nftables/*.nft $RPM_BUILD_ROOT/%{_sysconfdir}/nftables/

chrpath -d %{buildroot}%{_sbindir}/nft

mkdir -p %{buildroot}/etc/ld.so.conf.d
echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf

%post
%systemd_post nftables.service
/sbin/ldconfig

%preun
%systemd_preun nftables.service

%postun
%systemd_postun_with_restart nftables.service
/sbin/ldconfig

%ldconfig_scriptlets devel

%files
%defattr(-,root,root)
%license COPYING
%config(noreplace) %{_sysconfdir}/nftables/
%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf
%config(noreplace) /etc/ld.so.conf.d/*
%{_sbindir}/nft
%{_libdir}/*.so.*
%{_unitdir}/nftables.service
%{_docdir}/nftables/examples/*.nft

%files devel
%defattr(-,root,root)
%{_includedir}/nftables/libnftables.h
%{_libdir}/*.a
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc

%files help
%defattr(-,root,root)
%{_mandir}/man8/nft*
%{_mandir}/man3/libnftables.3*
%{_mandir}/man5/libnftables-json*

%files -n python3-nftables
%{python3_sitelib}/nftables-*.egg-info
%{python3_sitelib}/nftables/

%changelog
* Mon Aug 14 2023 zhanghao <zhanghao383@huawei.com> - 1:1.0.0-9
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:netlink_linearize: use div_round_up in byteorder length

* Thu Apr 06 2023 zhanghao <zhanghao383@huawei.com> - 1:1.0.0-8
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:Fix potential array out of bounds access
evaluate: fix shift exponent underflow in concatenation evaluation
netlink: Fix for potential NULL-pointer deref
mnl: dump_nf_hooks() leaks memory in error path

* Tue Mar 21 2023 zhanghao <zhanghao383@huawei.com> - 1:1.0.0-7
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:evaluate allow implicit ether vlan dep
evaluate datatype memleak after binop transfer
evaluate bogus datatype assertion in binary operation evaluation
netlink delinearize do not transfer binary operation to non anonymous sets
payload do not kill dependency for proto unknown
monitor missing cache and set handle initialization
netlink linearize fix timeout with map updates

* Thu Dec 15 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix dump locations expressions only if set

* Tue Dec 13 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix string prefix expression must retain original length
fix release top level scope

* Mon Nov 21 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-4
- Type:feature
- ID:NA
- SUG:NA
- DESC:enabled DT testcase

* Fri Sep 30 2022 huangyu <huangyu106@huawei.com> - 1:1.0.0-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix nft desribe ip option rr value coredump

* Sat Sep 03 2022 xinghe <xinghe2@h-partners.com> - 1:1.0.0-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix cache prepare nft_cache evaluate to return error
       fix cache validate handle string length
       add src support for implicit chain bindings
       fix cache release pending rules
       fix segtree map listing
       parser_json fix device parsing in netdev family
       fix src Don't parse string as verdict in map

* Sat Dec 04 2021 yanglu <yanglu72@huawei.com> - 1:1.0.0-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update nftables to 1.0.0

* Tue Sep 07 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-3
- Type:requirement
- ID:NA
- SUG:NA
- DESC:remove rpath of nft

* Tue Aug 24 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-2
- json: fix base chain output 

* Fri Jul 23 2021 gaihuiying <gaihuiying1@huawei.com> - 1:0.9.9-1
- update to 0.9.9

* Thu Jul 30 2020 cuibaobao <buildteam@openeuler.org> - 1:0.9.6-2
- Add python3-nftables sub-package

* Thu Jul 23 2020 cuibaobao <buildteam@openeuler.org> - 1:0.9.6-1
- update to 0.9.6

* Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:0.9.0-3
- Package init