Re: [RFC] nftables 1.0.6 -stable backports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Phil,

On Wed, Oct 11, 2023 at 05:49:09PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Oct 11, 2023 at 05:25:59PM +0200, Phil Sutter wrote:
> > On Wed, Oct 11, 2023 at 10:01:15AM +0200, Pablo Neira Ayuso wrote:
> > > For the record, I have pushed out this 1.0.6.y branch:
> > > 
> > > http://git.netfilter.org/nftables/log/?h=1.0.6.y
> > 
> > I have this shell script collecting potential backports based on Fixes:
> > tags. It identified 34 additional backports for v1.0.6 tag (hashes are
> > meaningless):
> > 
> > e5b4169ee25ab json: expose dynamic flag
> 
> These are local commit IDs? Would it be possible to list with upstream
> commit IDs for easier review?
> 
> > 0a7e53f2e0913 parser_json: Default meter size to zero
> > 522e207b0a836 parser_json: Catch nonsense ops in match statement
> > 725b096b99e56 parser_json: Wrong check in json_parse_ct_timeout_policy()
> > 91401c4115b51 parser_json: Fix synproxy object mss/wscale parsing
> > 7aee3e7754b22 parser_json: Fix limit object burst value parsing
> > 60504c1817c42 parser_json: Fix flowtable prio value parsing
> > 3b2f35cee7e1c parser_json: Proper ct expectation attribute parsing
> > d804aa93a5988 parser_json: Fix typo in json_parse_cmd_add_object()
> > 7e4eb93535418 parser_json: Catch wrong "reset" payload
> 
> I can see json fixes, these should be good too.
> 
> > ed0c72352193e netlink: handle invalid etype in set_make_key()
> > 733470961f792 datatype: initialize TYPE_CT_EVENTBIT slot in datatype array
> > 6e674db5d2990 datatype: initialize TYPE_CT_LABEL slot in datatype array
> > f8ccde9188013 datatype: fix leak and cleanup reference counting for struct datatype
> > 4b46a3fa44813 include: drop "format" attribute from nft_gmp_print()
> > 930756f09a750 evaluate: fix check for truncation in stmt_evaluate_log_prefix()
> > 987ae8d4b20de tests: monitor: Fix for wrong ordering in expected JSON output
> > ad6cfbace2d2d tests: monitor: Fix for wrong syntax in set-interval.t
> > b83bd8b441e41 tests: monitor: Fix monitor JSON output for insert command
> > 0f8798917093a evaluate: Drop dead code from expr_evaluate_mapping()
> > 2f2320a434300 tests: shell: Stabilize sets/0043concatenated_ranges_0 test
> > fa841d99b3795 tests: fix inet nat prio tests
> > 5604dd5b1f365 cache: include set elements in "nft set list"
> > 8d1f462e157bc evaluate: set NFT_SET_EVAL flag if dynamic set already exists
> > d572772659392 tests: shell: Fix for unstable sets/0043concatenated_ranges_0
> > 4e4f7fd8334aa xt: Fix translation error path
> > ca2fbde1ceeeb evaluate: insert byte-order conversions for expressions between 9 and 15 bits
> > c0e5aba1bc963 xt: Fix fallback printing for extensions matching keywords
> > 62a416b9eac19 tests: shell: cover rule insertion by index
> > 0e5ea5fae26a3 evaluate: print error on missing family in nat statement
> > cf35149fd378a netlink_delinearize: Sanitize concat data element decoding
> > 1fb4c25073ed6 mnl: dump_nf_hooks() leaks memory in error path
> > 2f14b059afd88 meta: parse_iso_date() returns boolean
> > 99d6c23b32160 netlink: Fix for potential NULL-pointer deref

Would you send me your script?

I will look at integrating this into 1.0.6.y

Thanks.



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux