Hi Pablo,
Please apply the next bugfixes against the nf tree.
- Fix extensions alignment in ipset: Gerhard Wiesinger reported
that the missing data aligments lead to crash on non-intel
architecture. The patch was tested on armv7h by Gerhard Wiesinger
and on x86_64 and sparc64 by me.
- An incorrect index at the hash:* types could lead to
falsely early expired entries and memory leak when the comment
extension was used too.
- Release empty hash bucket block when all entries are expired or
all slots are empty instead of shrinkig the data part to zero.
Best regards,
Jozsef
----
The following changes since commit 212cd0895330b775f2db49451f046a5ca4e5704b:
selinux: fix random read in selinux_ip_postroute_compat() (2015-11-05 16:45:51 -0500)
are available in the git repository at:
git://blackhole.kfki.hu/nf master
for you to fetch changes up to 0aae24eb409fc429f54ca3809f904f1b91e295e0:
netfilter: ipset: Fix hash type expire: release empty hash bucket block (2015-11-07 11:28:49 +0100)
----------------------------------------------------------------
Jozsef Kadlecsik (3):
netfilter: ipset: Fix extension alignment
netfilter: ipset: Fix hash:* type expiration
netfilter: ipset: Fix hash type expire: release empty hash bucket block
include/linux/netfilter/ipset/ip_set.h | 2 +-
net/netfilter/ipset/ip_set_bitmap_gen.h | 17 +++++----------
net/netfilter/ipset/ip_set_bitmap_ip.c | 14 ++++--------
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 64 +++++++++++++++++++++++++-----------------------------
net/netfilter/ipset/ip_set_bitmap_port.c | 18 ++++++---------
net/netfilter/ipset/ip_set_core.c | 14 +++++++-----
net/netfilter/ipset/ip_set_hash_gen.h | 26 ++++++++++++++--------
net/netfilter/ipset/ip_set_list_set.c | 5 +++--
8 files changed, 75 insertions(+), 85 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
