Hi Phil, On Wed, Oct 11, 2023 at 05:49:09PM +0200, Pablo Neira Ayuso wrote: > On Wed, Oct 11, 2023 at 05:25:59PM +0200, Phil Sutter wrote: > > On Wed, Oct 11, 2023 at 10:01:15AM +0200, Pablo Neira Ayuso wrote: > > > For the record, I have pushed out this 1.0.6.y branch: > > > > > > http://git.netfilter.org/nftables/log/?h=1.0.6.y > > > > I have this shell script collecting potential backports based on Fixes: > > tags. It identified 34 additional backports for v1.0.6 tag (hashes are > > meaningless): > > > > e5b4169ee25ab json: expose dynamic flag > > These are local commit IDs? Would it be possible to list with upstream > commit IDs for easier review? > > > 0a7e53f2e0913 parser_json: Default meter size to zero > > 522e207b0a836 parser_json: Catch nonsense ops in match statement > > 725b096b99e56 parser_json: Wrong check in json_parse_ct_timeout_policy() > > 91401c4115b51 parser_json: Fix synproxy object mss/wscale parsing > > 7aee3e7754b22 parser_json: Fix limit object burst value parsing > > 60504c1817c42 parser_json: Fix flowtable prio value parsing > > 3b2f35cee7e1c parser_json: Proper ct expectation attribute parsing > > d804aa93a5988 parser_json: Fix typo in json_parse_cmd_add_object() > > 7e4eb93535418 parser_json: Catch wrong "reset" payload > > I can see json fixes, these should be good too. > > > ed0c72352193e netlink: handle invalid etype in set_make_key() > > 733470961f792 datatype: initialize TYPE_CT_EVENTBIT slot in datatype array > > 6e674db5d2990 datatype: initialize TYPE_CT_LABEL slot in datatype array > > f8ccde9188013 datatype: fix leak and cleanup reference counting for struct datatype > > 4b46a3fa44813 include: drop "format" attribute from nft_gmp_print() > > 930756f09a750 evaluate: fix check for truncation in stmt_evaluate_log_prefix() > > 987ae8d4b20de tests: monitor: Fix for wrong ordering in expected JSON output > > ad6cfbace2d2d tests: monitor: Fix for wrong syntax in set-interval.t > > b83bd8b441e41 tests: monitor: Fix monitor JSON output for insert command > > 0f8798917093a evaluate: Drop dead code from expr_evaluate_mapping() > > 2f2320a434300 tests: shell: Stabilize sets/0043concatenated_ranges_0 test > > fa841d99b3795 tests: fix inet nat prio tests > > 5604dd5b1f365 cache: include set elements in "nft set list" > > 8d1f462e157bc evaluate: set NFT_SET_EVAL flag if dynamic set already exists > > d572772659392 tests: shell: Fix for unstable sets/0043concatenated_ranges_0 > > 4e4f7fd8334aa xt: Fix translation error path > > ca2fbde1ceeeb evaluate: insert byte-order conversions for expressions between 9 and 15 bits > > c0e5aba1bc963 xt: Fix fallback printing for extensions matching keywords > > 62a416b9eac19 tests: shell: cover rule insertion by index > > 0e5ea5fae26a3 evaluate: print error on missing family in nat statement > > cf35149fd378a netlink_delinearize: Sanitize concat data element decoding > > 1fb4c25073ed6 mnl: dump_nf_hooks() leaks memory in error path > > 2f14b059afd88 meta: parse_iso_date() returns boolean > > 99d6c23b32160 netlink: Fix for potential NULL-pointer deref Would you send me your script? I will look at integrating this into 1.0.6.y Thanks.