nftables (0.9.8-3.1+deb11u2) bullseye; urgency=medium * d/p/rule_fix_for_potential_off-by-one_in_cmd_add_loc.patch: fix fuzz * Fix incorrect bytecode generation hit with new kernel check that rejects adding rules to bound chains - cache: rename chain_htable to cache_chain_ht - src: split chain list in table - evaluate: init cmd pointer for new on-stack context - rule: add helper function to expand chain rules into commands - rule: expand standalone chain that contains rules - src: expand table command before evaluation -- Jeremy Sowden Tue, 10 Oct 2023 21:28:38 +0100 nftables (0.9.8-3.1+deb11u1) bullseye; urgency=medium * d/p/rule_fix_for_potential_off-by-one_in_cmd_add_loc.patch It fixes an off-by-one error in the check for NFT_NLATTR_LOC_MAX which leads to double free or corruption (out) error. Thanks to Sven Auhagen for suggesting the fix (closes: #1017359). * d/control: add myself to uploaders. -- Jeremy Sowden Sun, 04 Sep 2022 09:34:11 +0100 nftables (0.9.8-3.1) unstable; urgency=medium * Non-maintainer upload. * d/p/payload-check-icmp-dependency-before-removing-previo.patch Fix a regression in nftables 0.9.8 that made nftables too greedy in removing icmp dependencies (Closes: #991309). -- Christian Ehrhardt Tue, 20 Jul 2021 10:01:47 +0200 nftables (0.9.8-3) unstable; urgency=medium * [94a6c9b] src:nftables: add docbook-xsl again as build-dep. Thanks to Michael Biebl for the suggestion (Closes: #981641) -- Arturo Borrero Gonzalez Tue, 02 Feb 2021 17:25:57 +0100 nftables (0.9.8-2) unstable; urgency=medium [ Helmut Grohne ] * [4eb3236] src:nftables: reduce Build-Depends (Closes: #981206) -- Arturo Borrero Gonzalez Wed, 27 Jan 2021 18:04:11 +0100 nftables (0.9.8-1) unstable; urgency=medium * [ccb440d] New upstream version 0.9.8 Closes: #944759 Closes: #933621 Closes: #932878 * [fb3429c] src:nftables: bump build-dep on libnftnl to 1.1.9 * [1539707] src:nftables: bump std-version to 4.5.1 * [48ea92d] src:nftables: switch to libeditreadline (Closes: #979103) -- Arturo Borrero Gonzalez Sun, 17 Jan 2021 18:48:39 +0100 nftables (0.9.7-1) unstable; urgency=medium * [8813565] d/t/control: mark nft -h test as superficial (Closes: #969851) * [2a29c4f] d/upstream/signing-key.asc: refresh * [eaf8b7f] New upstream version 0.9.7 * [80c259b] src:nftables: bump build-dep on libnftnl to 1.1.8 -- Arturo Borrero Gonzalez Wed, 28 Oct 2020 16:01:29 +0100 nftables (0.9.6-1) unstable; urgency=medium * [e2f26f2] New upstream version 0.9.6 (Closes: #962909) * [a203bd9] nftables: bump libmnl build-dep version to 1.0.4 * [e7a683f] tests: only run them with kernels >= 5.x * [517865d] src:nftables: bump std-version to 4.5.0 -- Arturo Borrero Gonzalez Tue, 16 Jun 2020 10:46:53 +0200 nftables (0.9.5-1) unstable; urgency=medium * [15ebe06] New upstream version 0.9.5 * [1cc07ee] build-deps: bump libnftnl requirement to 1.1.7 * [34f7c95] src:nftables: bump debhelper compat level to 13 -- Arturo Borrero Gonzalez Mon, 08 Jun 2020 11:11:53 +0200 nftables (0.9.4-1) unstable; urgency=medium * [41441b9] New upstream version 0.9.4 * [9de28bb] d/patches: drop 0001-upstream-py-load-soname.patch * [7c044e8] src:nftables: bump build-dep on libnftnl to 1.1.6 -- Arturo Borrero Gonzalez Thu, 02 Apr 2020 12:30:12 +0200 nftables (0.9.3-2) unstable; urgency=medium [ Debian Janitor ] * Use secure URI in Homepage field. * Set debhelper-compat version in Build-Depends. * Re-export upstream signing key without extra signatures. * debian/copyright: use spaces rather than tabs to start continuation lines. * Drop unnecessary dependency on dh-autoreconf. * Use canonical URL in Vcs-Git. [ Chris Lamb ] * [24184a4] nftables: don't install example Makefile (Closes: #946332) [ Arturo Borrero Gonzalez ] * [7d2cf78] d/patches: add 0001-upstream-py-load-soname.patch (Closes: #946219) -- Arturo Borrero Gonzalez Tue, 17 Dec 2019 13:49:23 +0100 nftables (0.9.3-1) unstable; urgency=medium * This release was packaged and uploaded to Debian while on a 300km/h train. Hope it works :-) * [01e140c] New upstream version 0.9.3 Closes: #944669 Closes: #916863 * [1674c79] src:nftables: bump build-dep version on linftnl * [7074517] d/patches: drop patches included in latest upstream release -- Arturo Borrero Gonzalez Tue, 03 Dec 2019 14:03:14 +0100 nftables (0.9.2-2) unstable; urgency=medium [ Konstantin Demin ] * [9c626fc] d/rules: build less verbose if requested [ Arturo Borrero Gonzalez ] * [ba5d4d0] nftables: add Suggests: firewalld * [f8bea94] nftables: add upstream patches to address firewalld testsuite failures (Closes: #939838) * [35f35af] src:nftables: bump std-version to 4.4.1 -- Arturo Borrero Gonzalez Wed, 09 Oct 2019 19:40:31 +0200 nftables (0.9.2-1) unstable; urgency=medium * [d29de9d] New upstream version 0.9.2 * [27aa9aa] src:nftables: bump build-dep on libnftnl to 1.1.4 * [2b73890] src:nftables: drop all patches, now included in upstream source * [4ff7527] d/rules: make build more verbose by default * [990710e] nftables: include more upstream example files -- Arturo Borrero Gonzalez Wed, 28 Aug 2019 13:22:32 +0200 nftables (0.9.1-3) unstable; urgency=medium * [609ee76] d/README.Debian: refresh file * [3255aaa] src:nftables: run wrap-and-sort * [5337001] nftables: raise package priority to important * [09b720f] src:nftables: add docbook-xsl build-dep * [9db946c] src:nftables: bump debhelper compat to 12 * [4f0bb1d] nftables.maintscript: introduce file * [1b54808] d/patches: add BE fixtures (Closes: #934740) -- Arturo Borrero Gonzalez Thu, 15 Aug 2019 15:01:49 +0200 nftables (0.9.1-2) unstable; urgency=medium * [9dc1bd1] d/control: bump std-version to 4.4.0 -- Arturo Borrero Gonzalez Wed, 10 Jul 2019 11:19:29 +0200 nftables (0.9.1-1~exp1) experimental; urgency=medium * [683e6f1] src:nftables: add salsa CI support * [23e5163] d/watch: add missing line break * [b6500d8] d/upstream/signing-key.asc: refresh key * [b326349] New upstream version 0.9.1 * [bf731ca] d/patches: drop reproducible.patch * [29aa197] nftables: refresh build-dep for documentation * [9d4cbf9] nftables: bump libnftnl build-dep version requirement * [6d3bbe5] d/patches: add build_docs.patch * [d041ac8] nftables-dbg: drop debug symbol migration relationship depends * [b1c680a] libnftables: bump SONAME from 0 to 1 * [8f39f4d] libnftables1: include additional manpages * [40f70bf] d/copyright: refresh file * [edb2911] python3-nftables: introduce new binary package -- Arturo Borrero Gonzalez Wed, 26 Jun 2019 13:43:47 +0200 nftables (0.9.0-2) unstable; urgency=medium * [0509603] d/t/control: mark internaltest-shell.sh as flaky (Closes: #903083) * [79434be] d/t: run monitor testsuite * [9b254aa] nftables: enable JSON support -- Arturo Borrero Gonzalez Mon, 03 Dec 2018 14:11:14 +0100 nftables (0.9.0-1) unstable; urgency=medium * [d1ad0df] d/t/internaltest-shell.sh: use installed nft binary * [b857e27] d/control: add multiarch support for both libnftables0 and libnftables-dev * [94ba918] New upstream version 0.9.0 * [b76ced6] d/control: bump build-dep on libnftnl * [f4bbe12] d/control: bump std-versions to 4.1.4 -- Arturo Borrero Gonzalez Sat, 09 Jun 2018 14:47:07 +0200 nftables (0.8.5-1) unstable; urgency=medium * [c135598] d/t/control: disable internaltest-py.sh * [c64af79] d/control: bump libnftnl buld-dep version to 1.1.0 (Closes: #898538) * [6c014f1] New upstream version 0.8.5 * [bc3bf1c] d/patches/: drop rename_libnftables_h.patch -- Arturo Borrero Gonzalez Tue, 15 May 2018 10:54:19 +0200 nftables (0.8.4-1) unstable; urgency=medium * [7c20e29] New upstream version 0.8.4 * [4d1ae20] libnftables: introduce binary packages * [fe2897f] d/copyright: refresh with libnftables -- Arturo Borrero Gonzalez Thu, 03 May 2018 19:46:30 +0200 nftables (0.8.3-1) unstable; urgency=medium * [2cc4fde] New upstream version 0.8.3 * [b2ad2f6] nftables: refresh example files * [680e9d0] d/rules: use dh_installsystemd -- Arturo Borrero Gonzalez Sun, 04 Mar 2018 22:01:25 +0100 nftables (0.8.2-1) unstable; urgency=medium [ Helmut Grohne ] * [159958f] d/rules: use dh_auto_configure (Closes: #888715) [ Arturo Borrero Gonzalez ] * [66b45dd] New upstream version 0.8.2 -- Arturo Borrero Gonzalez Fri, 02 Feb 2018 19:57:44 +0100 nftables (0.8.1-1) unstable; urgency=medium * [46be8e1] d/control: update git URLs * [77d8cc2] New upstream version 0.8.1 * [57c711b] d/control: bump build-dep on libnftnl * [517ecd2] d/control: bump std-version to 4.1.3 * [bc590c4] d/compat: bump dh compat to 11 * [68fbe65] d/copyright: use HTTPS in the URL -- Arturo Borrero Gonzalez Wed, 17 Jan 2018 14:55:14 +0100 nftables (0.8-2) unstable; urgency=medium * [95b5638] d/t/internaltest-py.sh: enable test, dummy module not required * [a5f037d] d/control: bump build-dep version on libxtables to 1.6.1. Thanks to James Clarke for the report. -- Arturo Borrero Gonzalez Mon, 27 Nov 2017 13:07:24 +0100 nftables (0.8-1) unstable; urgency=medium [ Alexander Greiner-Bär ] * [4157de9] nftables.service: use correct order in systemd unit file (Closes: #873856) [ Arturo Borrero Gonzalez ] * [311b618] New upstream version 0.8 * [b38f21a] d/control: bump libnftnl dependency to 1.0.8 * [19f5962] d/control: bump std-version to 4.1.1 * [7d95221] d/watch: ignore nftables upstream version 0.100 and 0.099 * [da499c0] d/control: update package description * [734076e] nftables: update package documentation * [8883735] d/copyright: refresh file * [c5af3f3] d/control: drop old depends of dh- packages -- Arturo Borrero Gonzalez Wed, 18 Oct 2017 01:00:05 +0200 nftables (0.7-2) unstable; urgency=medium [ Arturo Borrero Gonzalez ] * [058867f] d/control: move package to pkg-netfilter [ Martin Dickopp ] * [bf9bd6e] nftables.service: load firewall earlier in the boot process (Closes: #866902) [ Arturo Borrero Gonzalez ] * [772f6ea] d/control: bump std-version to 4.0.0 -- Arturo Borrero Gonzalez Mon, 03 Jul 2017 09:23:22 +0200 nftables (0.7-1) unstable; urgency=medium * [c7b6524] New upstream version 0.7 * [b061528] nftables: switch to debhelper compat 10 * [33238bc] nftables-dbg: switch to -dbgsym package * [4d838e4] d/control: bump dependency on libnftnl * [0fac534] d/control: refresh kernel version reference in nftables description * [625229a] d/rules: enable hardening -- Arturo Borrero Gonzalez Thu, 22 Dec 2016 11:21:01 +0100 nftables (0.6+snapshot20161117-2) unstable; urgency=medium * [078c41a] d/tests/: disable internaltest-py.sh * [0560a63] nftables-dbg: use Multi-Arch: same * [f2ace74] nftables: don't use libxtables11 -- Arturo Borrero Gonzalez Wed, 23 Nov 2016 12:43:46 +0100 nftables (0.6+snapshot20161117-1) unstable; urgency=medium * [2540606] New upstream version 0.6+snapshot20161117 * [8879bd0] d/control: bump build-dep on libnftnl 1.0.6+snapshot20161117 * [f90e51c] nftables: enable libxtables integration -- Arturo Borrero Gonzalez Thu, 17 Nov 2016 11:30:33 +0100 nftables (0.6-3) unstable; urgency=medium * [c4cacdd] d/: update email address to 'arturo@debian.org' -- Arturo Borrero Gonzalez Mon, 10 Oct 2016 11:10:16 +0200 nftables (0.6-2) unstable; urgency=medium * [2ff280b] d/tests/systemd-service-test.sh: dont use echo in the initial warning * [89a01ba] d/tests/internaltests-shell.sh: dont' run testsuite if kernel is < 4.x * [59e6ac2] d/nftables.{postinst,postrm,preinst}: gracefully delete /etc/init.d/nftables (Closes: #833078) -- Arturo Borrero Gonzalez Mon, 01 Aug 2016 12:26:56 +0200 nftables (0.6-1) unstable; urgency=medium * [5564626] Imported Upstream version 0.6 * [65ce938] d/control: bump dependency version on libnftnl * [2127d04] d/control: adjust dependecy on libmnl 1.0.3 * [d18e174] d/control: point to linux 4.7 in package descriptions -- Arturo Borrero Gonzalez Fri, 03 Jun 2016 10:31:34 +0200 nftables (0.5+snapshot20160509-1) unstable; urgency=medium * [5a7c867] d/tests/internaltests-py.sh: run testsuite with installed binary * [b2282c4] d/tests/systemd-service-test.sh: don't run tests if old kernel is present * [b389985] Imported Upstream version 0.5+snapshot20160509 -- Arturo Borrero Gonzalez Mon, 09 May 2016 13:58:32 +0200 nftables (0.5+snapshot20160426-1) unstable; urgency=medium * [955e138] d/tests/systemd-service-test.sh: adapt script to ci.debian.net * [ad1699a] Imported Upstream version 0.5+snapshot20160426 -- Arturo Borrero Gonzalez Tue, 26 Apr 2016 11:01:18 +0200 nftables (0.5+snapshot20160419-3) unstable; urgency=medium * [f1d8880] d/control: bump standars-version to 3.9.8 * [65bae17] d/tests: add systemd-service-test.sh * [e2e4cd7] d/tests: include script extension in file names * [fd16851] d/: gracefully delete old config files from /etc/nftables (Closes: #822239) * [af57b91] d/rules: prevent dh_installinit to act on /etc/init.d/nftables -- Arturo Borrero Gonzalez Mon, 25 Apr 2016 11:37:00 +0200 nftables (0.5+snapshot20160419-2) unstable; urgency=medium * [cf22dca] d/tests/control: internaltests-shell requires kmod * [dd847bb] d/README.Debian: fix several typos -- Arturo Borrero Gonzalez Wed, 20 Apr 2016 17:25:50 +0200 nftables (0.5+snapshot20160419-1) unstable; urgency=medium * [88b9c37] d/rules: don't add /etc/nftables/ dir to 'nftables' binary package * [e0472f0] sysvinit: the init script is now just an example * [f89907b] examples: restore upstream examples * [8228918] d/nftables.examples: cleanup leftover line regarding upstream examples * [0655029] nftables.conf: provide a skeleton firewall and use the old one as example (Closes: #804648) * [dc504e4] examples/syntax/README: point to the nftables wiki * [ecd9257] examples/syntax/nat: add new example file * [406baf9] examples/syntax/: add a new example file: overview * [3fa3d3e] d/control: bump standards to 3.9.7 * [79a8520] Imported Upstream version 0.5+snapshot20160419 * [775f2af] d/control: get rid of XS-Testsuite * [9ac90db] d/control: change Vcs-git from git:// to https:// * [b4b8ee7] d/control: bump dependency with libnftnl * [9e6b0eb] d/tests: run internal nftables tests (shell) * [f8e3da1] d/tests: run internal nftables tests (py) -- Arturo Borrero Gonzalez Wed, 20 Apr 2016 12:00:22 +0200 nftables (0.5+snapshot20151106-1) unstable; urgency=medium * [bd1e71f] Imported Upstream version 0.5+snapshot20151106 * [b7e3c39] d/control: bump build-dep on libnftnl -- Arturo Borrero Gonzalez Fri, 06 Nov 2015 13:32:49 +0100 nftables (0.5-2) unstable; urgency=medium * [92938c3] d/rules: get rid of useless commented line * [a04a737] d/: add nftables-dbg binary package -- Arturo Borrero Gonzalez Tue, 13 Oct 2015 14:03:25 +0200 nftables (0.5-1) unstable; urgency=medium * [007a8d0] Imported Upstream version 0.5 * [9a90c87] d/control: nftables 0.5 requires libnftnl >= 1.0.5 * [17fdcc1] d/control: update nftables description: linux 4.2 recommended * [a473529] d/copyright: update file to include latest changes in v0.5 * [4a9deac] d/copyright: drop copyright for debian/* -- Arturo Borrero Gonzalez Fri, 18 Sep 2015 11:44:21 +0200 nftables (0.4-7) unstable; urgency=medium [ Vincent Blut ] * [0fc181f] d/copyright: fix missing doc/nft.xml license (Closes: #795096) [ Arturo Borrero Gonzalez ] * [ae662e4] d/rules: drop get-orig-source code -- Arturo Borrero Gonzalez Mon, 17 Aug 2015 11:20:15 +0200 nftables (0.4-6) unstable; urgency=medium * [4f9fbf0] d/tests/control: add restriction to run test as root * [be594d3] nftables.conf: improve icmpv6 support -- Arturo Borrero Gonzalez Fri, 15 May 2015 12:53:09 +0200 nftables (0.4-5) unstable; urgency=medium * [231244a] sysvinit: don't start the service by default -- Arturo Borrero Gonzalez Wed, 06 May 2015 11:56:10 +0200 nftables (0.4-4) unstable; urgency=medium * [c8b825e] /etc/init.d/nftables: fix inverted logic in status op. Thanks to Manolo Diaz for the fast report (Closes: #783608) * [2105ccb] source: make the build reproducible -- Arturo Borrero Gonzalez Tue, 05 May 2015 12:15:33 +0200 nftables (0.4-3) unstable; urgency=medium * [d42d50f] d/nftables.init: doesn't require networking to stop * [ceee9cb] d/nftables.service: the service is of Type=oneshot * [8415993] d/nftables.init: fix bashism in status operation. Thanks to Manolo Diaz for the bug report (Closes: #775875) * [a0e197a] d/tests: add basic autopkgtest support -- Arturo Borrero Gonzalez Fri, 20 Mar 2015 21:27:46 +0100 nftables (0.4-2) unstable; urgency=medium * Both a /etc/init.d/nftables and a nftables.service files are distributed for admins to easily make nftables theirs system firewalls. * [2237bad] d/nftables.examples: only ship upstream examples, not in /etc/nftables -- Arturo Borrero Gonzalez Fri, 09 Jan 2015 14:59:47 +0100 nftables (0.4-1) unstable; urgency=medium * [b187410] d/control: bump standars to 3.9.6 * [2021272] Imported Upstream version 0.4 (Closes: #773401) * [8b73e74] d/patches/: drop all v0.3 patches * [bff758e] d/control: depends on libnftnl >= 1.0.3 * [0e2023b] d/copyright: put more general statement first * [b382dff] d/rules: fix perms of files under /etc/nftables * [96252e6] d/rules: disable silent rules -- Arturo Borrero Gonzalez Mon, 22 Dec 2014 10:33:33 +0100 nftables (0.3-1) unstable; urgency=medium * [3a4f54a] d/patches: patch to harden the build * [b6c82d5] Imported Upstream version 0.3 * [98e5eb7] d/control: depends on libnftnl >= 1.0.2 -- Arturo Borrero Gonzalez Wed, 25 Jun 2014 19:02:59 +0200 nftables (0.2-2) unstable; urgency=low * [6aa52bf] d/README.Debian: fix Patrick McHardy name * [ca0e8ba] d/nftables.links: fix broken links file * [7492a48] d/rules: delete override for dh_auto_test * [1aca9dd] d/patches: improve verbose_build.patch -- Arturo Borrero Gonzalez Tue, 27 May 2014 11:14:48 +0200 nftables (0.2-1) unstable; urgency=low * Initial release (Closes: #522176) -- Arturo Borrero Gonzalez Fri, 09 May 2014 19:22:44 +0100