nftables (0.9.8-3.1+deb11u2) bullseye; urgency=medium
* d/p/rule_fix_for_potential_off-by-one_in_cmd_add_loc.patch: fix fuzz
* Fix incorrect bytecode generation hit with new kernel check that
rejects adding rules to bound chains
- cache: rename chain_htable to cache_chain_ht
- src: split chain list in table
- evaluate: init cmd pointer for new on-stack context
- rule: add helper function to expand chain rules into commands
- rule: expand standalone chain that contains rules
- src: expand table command before evaluation
-- Jeremy Sowden <jeremy@azazel.net> Tue, 10 Oct 2023 21:28:38 +0100
nftables (0.9.8-3.1+deb11u1) bullseye; urgency=medium
* d/p/rule_fix_for_potential_off-by-one_in_cmd_add_loc.patch
It fixes an off-by-one error in the check for NFT_NLATTR_LOC_MAX
which leads to double free or corruption (out) error.
Thanks to Sven Auhagen <sven.auhagen@voleatech.de> for
suggesting the fix (closes: #1017359).
* d/control: add myself to uploaders.
-- Jeremy Sowden <jeremy@azazel.net> Sun, 04 Sep 2022 09:34:11 +0100
nftables (0.9.8-3.1) unstable; urgency=medium
* Non-maintainer upload.
* d/p/payload-check-icmp-dependency-before-removing-previo.patch
Fix a regression in nftables 0.9.8 that made nftables too greedy
in removing icmp dependencies (Closes: #991309).
-- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 20 Jul 2021 10:01:47 +0200
nftables (0.9.8-3) unstable; urgency=medium
* [94a6c9b] src:nftables: add docbook-xsl again as build-dep.
Thanks to Michael Biebl for the suggestion (Closes: #981641)
-- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 02 Feb 2021 17:25:57 +0100
nftables (0.9.8-2) unstable; urgency=medium
[ Helmut Grohne ]
* [4eb3236] src:nftables: reduce Build-Depends (Closes: #981206)
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 27 Jan 2021 18:04:11 +0100
nftables (0.9.8-1) unstable; urgency=medium
* [ccb440d] New upstream version 0.9.8
Closes: #944759
Closes: #933621
Closes: #932878
* [fb3429c] src:nftables: bump build-dep on libnftnl to 1.1.9
* [1539707] src:nftables: bump std-version to 4.5.1
* [48ea92d] src:nftables: switch to libeditreadline (Closes: #979103)
-- Arturo Borrero Gonzalez <arturo@debian.org> Sun, 17 Jan 2021 18:48:39 +0100
nftables (0.9.7-1) unstable; urgency=medium
* [8813565] d/t/control: mark nft -h test as superficial (Closes: #969851)
* [2a29c4f] d/upstream/signing-key.asc: refresh
* [eaf8b7f] New upstream version 0.9.7
* [80c259b] src:nftables: bump build-dep on libnftnl to 1.1.8
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 28 Oct 2020 16:01:29 +0100
nftables (0.9.6-1) unstable; urgency=medium
* [e2f26f2] New upstream version 0.9.6 (Closes: #962909)
* [a203bd9] nftables: bump libmnl build-dep version to 1.0.4
* [e7a683f] tests: only run them with kernels >= 5.x
* [517865d] src:nftables: bump std-version to 4.5.0
-- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 16 Jun 2020 10:46:53 +0200
nftables (0.9.5-1) unstable; urgency=medium
* [15ebe06] New upstream version 0.9.5
* [1cc07ee] build-deps: bump libnftnl requirement to 1.1.7
* [34f7c95] src:nftables: bump debhelper compat level to 13
-- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 08 Jun 2020 11:11:53 +0200
nftables (0.9.4-1) unstable; urgency=medium
* [41441b9] New upstream version 0.9.4
* [9de28bb] d/patches: drop 0001-upstream-py-load-soname.patch
* [7c044e8] src:nftables: bump build-dep on libnftnl to 1.1.6
-- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 02 Apr 2020 12:30:12 +0200
nftables (0.9.3-2) unstable; urgency=medium
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Set debhelper-compat version in Build-Depends.
* Re-export upstream signing key without extra signatures.
* debian/copyright: use spaces rather than tabs to start continuation
lines.
* Drop unnecessary dependency on dh-autoreconf.
* Use canonical URL in Vcs-Git.
[ Chris Lamb ]
* [24184a4] nftables: don't install example Makefile (Closes: #946332)
[ Arturo Borrero Gonzalez ]
* [7d2cf78] d/patches: add 0001-upstream-py-load-soname.patch
(Closes: #946219)
-- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 17 Dec 2019 13:49:23 +0100
nftables (0.9.3-1) unstable; urgency=medium
* This release was packaged and uploaded to Debian while on a 300km/h train.
Hope it works :-)
* [01e140c] New upstream version 0.9.3
Closes: #944669
Closes: #916863
* [1674c79] src:nftables: bump build-dep version on linftnl
* [7074517] d/patches: drop patches included in latest upstream release
-- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 03 Dec 2019 14:03:14 +0100
nftables (0.9.2-2) unstable; urgency=medium
[ Konstantin Demin ]
* [9c626fc] d/rules: build less verbose if requested
[ Arturo Borrero Gonzalez ]
* [ba5d4d0] nftables: add Suggests: firewalld
* [f8bea94] nftables: add upstream patches to address firewalld testsuite
failures (Closes: #939838)
* [35f35af] src:nftables: bump std-version to 4.4.1
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 09 Oct 2019 19:40:31 +0200
nftables (0.9.2-1) unstable; urgency=medium
* [d29de9d] New upstream version 0.9.2
* [27aa9aa] src:nftables: bump build-dep on libnftnl to 1.1.4
* [2b73890] src:nftables: drop all patches, now included in upstream source
* [4ff7527] d/rules: make build more verbose by default
* [990710e] nftables: include more upstream example files
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 28 Aug 2019 13:22:32 +0200
nftables (0.9.1-3) unstable; urgency=medium
* [609ee76] d/README.Debian: refresh file
* [3255aaa] src:nftables: run wrap-and-sort
* [5337001] nftables: raise package priority to important
* [09b720f] src:nftables: add docbook-xsl build-dep
* [9db946c] src:nftables: bump debhelper compat to 12
* [4f0bb1d] nftables.maintscript: introduce file
* [1b54808] d/patches: add BE fixtures (Closes: #934740)
-- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 15 Aug 2019 15:01:49 +0200
nftables (0.9.1-2) unstable; urgency=medium
* [9dc1bd1] d/control: bump std-version to 4.4.0
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 10 Jul 2019 11:19:29 +0200
nftables (0.9.1-1~exp1) experimental; urgency=medium
* [683e6f1] src:nftables: add salsa CI support
* [23e5163] d/watch: add missing line break
* [b6500d8] d/upstream/signing-key.asc: refresh key
* [b326349] New upstream version 0.9.1
* [bf731ca] d/patches: drop reproducible.patch
* [29aa197] nftables: refresh build-dep for documentation
* [9d4cbf9] nftables: bump libnftnl build-dep version requirement
* [6d3bbe5] d/patches: add build_docs.patch
* [d041ac8] nftables-dbg: drop debug symbol migration relationship depends
* [b1c680a] libnftables: bump SONAME from 0 to 1
* [8f39f4d] libnftables1: include additional manpages
* [40f70bf] d/copyright: refresh file
* [edb2911] python3-nftables: introduce new binary package
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 26 Jun 2019 13:43:47 +0200
nftables (0.9.0-2) unstable; urgency=medium
* [0509603] d/t/control: mark internaltest-shell.sh as flaky (Closes: #903083)
* [79434be] d/t: run monitor testsuite
* [9b254aa] nftables: enable JSON support
-- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 03 Dec 2018 14:11:14 +0100
nftables (0.9.0-1) unstable; urgency=medium
* [d1ad0df] d/t/internaltest-shell.sh: use installed nft binary
* [b857e27] d/control: add multiarch support for both libnftables0 and
libnftables-dev
* [94ba918] New upstream version 0.9.0
* [b76ced6] d/control: bump build-dep on libnftnl
* [f4bbe12] d/control: bump std-versions to 4.1.4
-- Arturo Borrero Gonzalez <arturo@debian.org> Sat, 09 Jun 2018 14:47:07 +0200
nftables (0.8.5-1) unstable; urgency=medium
* [c135598] d/t/control: disable internaltest-py.sh
* [c64af79] d/control: bump libnftnl buld-dep version to 1.1.0
(Closes: #898538)
* [6c014f1] New upstream version 0.8.5
* [bc3bf1c] d/patches/: drop rename_libnftables_h.patch
-- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 15 May 2018 10:54:19 +0200
nftables (0.8.4-1) unstable; urgency=medium
* [7c20e29] New upstream version 0.8.4
* [4d1ae20] libnftables: introduce binary packages
* [fe2897f] d/copyright: refresh with libnftables
-- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 03 May 2018 19:46:30 +0200
nftables (0.8.3-1) unstable; urgency=medium
* [2cc4fde] New upstream version 0.8.3
* [b2ad2f6] nftables: refresh example files
* [680e9d0] d/rules: use dh_installsystemd
-- Arturo Borrero Gonzalez <arturo@debian.org> Sun, 04 Mar 2018 22:01:25 +0100
nftables (0.8.2-1) unstable; urgency=medium
[ Helmut Grohne ]
* [159958f] d/rules: use dh_auto_configure (Closes: #888715)
[ Arturo Borrero Gonzalez ]
* [66b45dd] New upstream version 0.8.2
-- Arturo Borrero Gonzalez <arturo@debian.org> Fri, 02 Feb 2018 19:57:44 +0100
nftables (0.8.1-1) unstable; urgency=medium
* [46be8e1] d/control: update git URLs
* [77d8cc2] New upstream version 0.8.1
* [57c711b] d/control: bump build-dep on libnftnl
* [517ecd2] d/control: bump std-version to 4.1.3
* [bc590c4] d/compat: bump dh compat to 11
* [68fbe65] d/copyright: use HTTPS in the URL
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 17 Jan 2018 14:55:14 +0100
nftables (0.8-2) unstable; urgency=medium
* [95b5638] d/t/internaltest-py.sh: enable test, dummy module not required
* [a5f037d] d/control: bump build-dep version on libxtables to 1.6.1.
Thanks to James Clarke for the report.
-- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 27 Nov 2017 13:07:24 +0100
nftables (0.8-1) unstable; urgency=medium
[ Alexander Greiner-Bär ]
* [4157de9] nftables.service: use correct order in systemd unit file
(Closes: #873856)
[ Arturo Borrero Gonzalez ]
* [311b618] New upstream version 0.8
* [b38f21a] d/control: bump libnftnl dependency to 1.0.8
* [19f5962] d/control: bump std-version to 4.1.1
* [7d95221] d/watch: ignore nftables upstream version 0.100 and 0.099
* [da499c0] d/control: update package description
* [734076e] nftables: update package documentation
* [8883735] d/copyright: refresh file
* [c5af3f3] d/control: drop old depends of dh- packages
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 18 Oct 2017 01:00:05 +0200
nftables (0.7-2) unstable; urgency=medium
[ Arturo Borrero Gonzalez ]
* [058867f] d/control: move package to pkg-netfilter
[ Martin Dickopp ]
* [bf9bd6e] nftables.service: load firewall earlier in the boot process
(Closes: #866902)
[ Arturo Borrero Gonzalez ]
* [772f6ea] d/control: bump std-version to 4.0.0
-- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 03 Jul 2017 09:23:22 +0200
nftables (0.7-1) unstable; urgency=medium
* [c7b6524] New upstream version 0.7
* [b061528] nftables: switch to debhelper compat 10
* [33238bc] nftables-dbg: switch to -dbgsym package
* [4d838e4] d/control: bump dependency on libnftnl
* [0fac534] d/control: refresh kernel version reference in nftables
description
* [625229a] d/rules: enable hardening
-- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 22 Dec 2016 11:21:01 +0100
nftables (0.6+snapshot20161117-2) unstable; urgency=medium
* [078c41a] d/tests/: disable internaltest-py.sh
* [0560a63] nftables-dbg: use Multi-Arch: same
* [f2ace74] nftables: don't use libxtables11
-- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 23 Nov 2016 12:43:46 +0100
nftables (0.6+snapshot20161117-1) unstable; urgency=medium
* [2540606] New upstream version 0.6+snapshot20161117
* [8879bd0] d/control: bump build-dep on libnftnl 1.0.6+snapshot20161117
* [f90e51c] nftables: enable libxtables integration
-- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 17 Nov 2016 11:30:33 +0100
nftables (0.6-3) unstable; urgency=medium
* [c4cacdd] d/: update email address to 'arturo@debian.org'
-- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 10 Oct 2016 11:10:16 +0200
nftables (0.6-2) unstable; urgency=medium
* [2ff280b] d/tests/systemd-service-test.sh: dont use echo in the
initial warning
* [89a01ba] d/tests/internaltests-shell.sh: dont' run testsuite if
kernel is < 4.x
* [59e6ac2] d/nftables.{postinst,postrm,preinst}: gracefully delete
/etc/init.d/nftables (Closes: #833078)
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 01 Aug 2016 12:26:56 +0200
nftables (0.6-1) unstable; urgency=medium
* [5564626] Imported Upstream version 0.6
* [65ce938] d/control: bump dependency version on libnftnl
* [2127d04] d/control: adjust dependecy on libmnl 1.0.3
* [d18e174] d/control: point to linux 4.7 in package descriptions
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 03 Jun 2016 10:31:34 +0200
nftables (0.5+snapshot20160509-1) unstable; urgency=medium
* [5a7c867] d/tests/internaltests-py.sh: run testsuite with installed
binary
* [b2282c4] d/tests/systemd-service-test.sh: don't run tests if old
kernel is present
* [b389985] Imported Upstream version 0.5+snapshot20160509
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 09 May 2016 13:58:32 +0200
nftables (0.5+snapshot20160426-1) unstable; urgency=medium
* [955e138] d/tests/systemd-service-test.sh: adapt script to
ci.debian.net
* [ad1699a] Imported Upstream version 0.5+snapshot20160426
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 26 Apr 2016 11:01:18 +0200
nftables (0.5+snapshot20160419-3) unstable; urgency=medium
* [f1d8880] d/control: bump standars-version to 3.9.8
* [65bae17] d/tests: add systemd-service-test.sh
* [e2e4cd7] d/tests: include script extension in file names
* [fd16851] d/: gracefully delete old config files from /etc/nftables
(Closes: #822239)
* [af57b91] d/rules: prevent dh_installinit to act on
/etc/init.d/nftables
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 25 Apr 2016 11:37:00 +0200
nftables (0.5+snapshot20160419-2) unstable; urgency=medium
* [cf22dca] d/tests/control: internaltests-shell requires kmod
* [dd847bb] d/README.Debian: fix several typos
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 20 Apr 2016 17:25:50 +0200
nftables (0.5+snapshot20160419-1) unstable; urgency=medium
* [88b9c37] d/rules: don't add /etc/nftables/ dir to 'nftables' binary package
* [e0472f0] sysvinit: the init script is now just an example
* [f89907b] examples: restore upstream examples
* [8228918] d/nftables.examples: cleanup leftover line regarding upstream
examples
* [0655029] nftables.conf: provide a skeleton firewall and use the old one as
example (Closes: #804648)
* [dc504e4] examples/syntax/README: point to the nftables wiki
* [ecd9257] examples/syntax/nat: add new example file
* [406baf9] examples/syntax/: add a new example file: overview
* [3fa3d3e] d/control: bump standards to 3.9.7
* [79a8520] Imported Upstream version 0.5+snapshot20160419
* [775f2af] d/control: get rid of XS-Testsuite
* [9ac90db] d/control: change Vcs-git from git:// to https://
* [b4b8ee7] d/control: bump dependency with libnftnl
* [9e6b0eb] d/tests: run internal nftables tests (shell)
* [f8e3da1] d/tests: run internal nftables tests (py)
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 20 Apr 2016 12:00:22 +0200
nftables (0.5+snapshot20151106-1) unstable; urgency=medium
* [bd1e71f] Imported Upstream version 0.5+snapshot20151106
* [b7e3c39] d/control: bump build-dep on libnftnl
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 06 Nov 2015 13:32:49 +0100
nftables (0.5-2) unstable; urgency=medium
* [92938c3] d/rules: get rid of useless commented line
* [a04a737] d/: add nftables-dbg binary package
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 13 Oct 2015 14:03:25 +0200
nftables (0.5-1) unstable; urgency=medium
* [007a8d0] Imported Upstream version 0.5
* [9a90c87] d/control: nftables 0.5 requires libnftnl >= 1.0.5
* [17fdcc1] d/control: update nftables description: linux 4.2 recommended
* [a473529] d/copyright: update file to include latest changes in v0.5
* [4a9deac] d/copyright: drop copyright for debian/*
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 18 Sep 2015 11:44:21 +0200
nftables (0.4-7) unstable; urgency=medium
[ Vincent Blut ]
* [0fc181f] d/copyright: fix missing doc/nft.xml license (Closes: #795096)
[ Arturo Borrero Gonzalez ]
* [ae662e4] d/rules: drop get-orig-source code
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 17 Aug 2015 11:20:15 +0200
nftables (0.4-6) unstable; urgency=medium
* [4f9fbf0] d/tests/control: add restriction to run test as root
* [be594d3] nftables.conf: improve icmpv6 support
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 15 May 2015 12:53:09 +0200
nftables (0.4-5) unstable; urgency=medium
* [231244a] sysvinit: don't start the service by default
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 06 May 2015 11:56:10 +0200
nftables (0.4-4) unstable; urgency=medium
* [c8b825e] /etc/init.d/nftables: fix inverted logic in status op.
Thanks to Manolo Diaz for the fast report (Closes: #783608)
* [2105ccb] source: make the build reproducible
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 05 May 2015 12:15:33 +0200
nftables (0.4-3) unstable; urgency=medium
* [d42d50f] d/nftables.init: doesn't require networking to stop
* [ceee9cb] d/nftables.service: the service is of Type=oneshot
* [8415993] d/nftables.init: fix bashism in status operation.
Thanks to Manolo Diaz for the bug report (Closes: #775875)
* [a0e197a] d/tests: add basic autopkgtest support
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 20 Mar 2015 21:27:46 +0100
nftables (0.4-2) unstable; urgency=medium
* Both a /etc/init.d/nftables and a nftables.service files are distributed
for admins to easily make nftables theirs system firewalls.
* [2237bad] d/nftables.examples: only ship upstream examples, not in
/etc/nftables
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 09 Jan 2015 14:59:47 +0100
nftables (0.4-1) unstable; urgency=medium
* [b187410] d/control: bump standars to 3.9.6
* [2021272] Imported Upstream version 0.4 (Closes: #773401)
* [8b73e74] d/patches/: drop all v0.3 patches
* [bff758e] d/control: depends on libnftnl >= 1.0.3
* [0e2023b] d/copyright: put more general statement first
* [b382dff] d/rules: fix perms of files under /etc/nftables
* [96252e6] d/rules: disable silent rules
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 22 Dec 2014 10:33:33 +0100
nftables (0.3-1) unstable; urgency=medium
* [3a4f54a] d/patches: patch to harden the build
* [b6c82d5] Imported Upstream version 0.3
* [98e5eb7] d/control: depends on libnftnl >= 1.0.2
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 25 Jun 2014 19:02:59 +0200
nftables (0.2-2) unstable; urgency=low
* [6aa52bf] d/README.Debian: fix Patrick McHardy name
* [ca0e8ba] d/nftables.links: fix broken links file
* [7492a48] d/rules: delete override for dh_auto_test
* [1aca9dd] d/patches: improve verbose_build.patch
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 27 May 2014 11:14:48 +0200
nftables (0.2-1) unstable; urgency=low
* Initial release (Closes: #522176)
-- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Fri, 09 May 2014 19:22:44 +0100