conntrack-tools-1.4.5-15.el9

- conntrack: fix compiler warnings
- src: fix strncpy -Wstringop-truncation warnings
- connntrack: Fix for memleak when parsing -j arg
- Drop pointless assignments
- Don't call exit() from signal handler
- read_config_yy: Drop extra argument from dlog() call
- helpers: ftp: Avoid ugly casts
- Fix potential buffer overrun in snprintf() calls
- cache: Fix features array allocation
- hash: Flush tables when destroying

Resolves: rhbz#2068443

0009-hash-Flush-tables-when-destroying.patch

@@ -0,0 +1,29 @@
+From 928268da2fc7e4c3ba393fceba9b38c230b7151e Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 24 Mar 2022 18:06:39 +0100
+Subject: [PATCH] hash: Flush tables when destroying
+
+This is cosmetics only, but stops valgrind from complaining about
+definitely lost memory.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 9be65154696859d94dcdeb7347ba5cca3b8d48ba)
+---
+ src/hash.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/hash.c b/src/hash.c
+index fe6a047fcebe0..a0f240c21fa82 100644
+--- a/src/hash.c
++++ b/src/hash.c
+@@ -55,6 +55,7 @@ hashtable_create(int hashsize, int limit,
+ 
+ void hashtable_destroy(struct hashtable *h)
+ {
++	hashtable_flush(h);
+ 	free(h);
+ }
+ 
+-- 
+2.34.1
+

0010-cache-Fix-features-array-allocation.patch

@@ -0,0 +1,37 @@
+From 22c02399e51367b8ec1b2e66a4359ae5cd8db4ae Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 24 Mar 2022 18:07:51 +0100
+Subject: [PATCH] cache: Fix features array allocation
+
+struct cache::features is of type struct cache_feature **, allocate and
+populate accordingly.
+
+Fixes: ad31f852c3454 ("initial import of the conntrack daemon to Netfilter SVN")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 549f90d8a7847f201aa604a0cf7c24b73d4b5a56)
+---
+ src/cache.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cache.c b/src/cache.c
+index 79a024f8b6bb0..9bc8d0f5bf34a 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -69,12 +69,12 @@ struct cache *cache_create(const char *name, enum cache_type type,
+ 
+ 	memcpy(c->feature_type, feature_type, sizeof(feature_type));
+ 
+-	c->features = malloc(sizeof(struct cache_feature) * j);
++	c->features = malloc(sizeof(struct cache_feature *) * j);
+ 	if (!c->features) {
+ 		free(c);
+ 		return NULL;
+ 	}
+-	memcpy(c->features, feature_array, sizeof(struct cache_feature) * j);
++	memcpy(c->features, feature_array, sizeof(struct cache_feature *) * j);
+ 	c->num_features = j;
+ 
+ 	c->extra_offset = size;
+-- 
+2.34.1
+

0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch

@@ -0,0 +1,50 @@
+From a26eb6eba3f318271d3fbd52152ad43acfc15393 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 24 Mar 2022 18:14:50 +0100
+Subject: [PATCH] Fix potential buffer overrun in snprintf() calls
+
+When consecutively printing into the same buffer at increasing offset,
+reduce buffer size passed to snprintf() to not defeat its size checking.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 0e05989f3247e9aef0d96aafc144b2d853732891)
+---
+ src/process.c | 2 +-
+ src/queue.c   | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/process.c b/src/process.c
+index 3ddad5ffa7959..08598eeae84de 100644
+--- a/src/process.c
++++ b/src/process.c
+@@ -84,7 +84,7 @@ void fork_process_dump(int fd)
+ 	int size = 0;
+ 
+ 	list_for_each_entry(this, &process_list, head) {
+-		size += snprintf(buf+size, sizeof(buf),
++		size += snprintf(buf + size, sizeof(buf) - size,
+ 				 "PID=%u type=%s\n",
+ 				 this->pid,
+ 				 this->type < CTD_PROC_MAX ?
+diff --git a/src/queue.c b/src/queue.c
+index 76425b18495b5..e94dc7c45d1fd 100644
+--- a/src/queue.c
++++ b/src/queue.c
+@@ -69,12 +69,12 @@ void queue_stats_show(int fd)
+ 	int size = 0;
+ 	char buf[512];
+ 
+-	size += snprintf(buf+size, sizeof(buf),
++	size += snprintf(buf + size, sizeof(buf) - size,
+ 			 "allocated queue nodes:\t\t%12u\n\n",
+ 			 qobjects_num);
+ 
+ 	list_for_each_entry(this, &queue_list, list) {
+-		size += snprintf(buf+size, sizeof(buf),
++		size += snprintf(buf + size, sizeof(buf) - size,
+ 				 "queue %s:\n"
+ 				 "current elements:\t\t%12u\n"
+ 				 "maximum elements:\t\t%12u\n"
+-- 
+2.34.1
+

0012-helpers-ftp-Avoid-ugly-casts.patch

@@ -0,0 +1,55 @@
+From 2c8cc74e2fbfbed8fad8e80513fc7a34674bb382 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 24 Mar 2022 18:27:56 +0100
+Subject: [PATCH] helpers: ftp: Avoid ugly casts
+
+Coverity tool complains about accessing a local variable at non-zero
+offset. Avoid this by using a helper union. This should silence the
+checker, although the code is still probably not Big Endian-safe.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit ff4e57e890a8628208a004587cd7a5ee955bb5fe)
+---
+ src/helpers/ftp.c | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c
+index bd3f11788cc24..0694d38c6ea13 100644
+--- a/src/helpers/ftp.c
++++ b/src/helpers/ftp.c
+@@ -331,23 +331,21 @@ static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
+ 			      char *buffer, size_t buflen,
+ 			      uint32_t addr, uint16_t port)
+ {
++	union {
++		unsigned char c[4];
++		uint32_t d;
++	} tmp;
++
++	tmp.d = addr;
+ 	switch (type) {
+ 	case NF_CT_FTP_PORT:
+ 	case NF_CT_FTP_PASV:
+ 		return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
+-				((unsigned char *)&addr)[0],
+-				((unsigned char *)&addr)[1],
+-				((unsigned char *)&addr)[2],
+-				((unsigned char *)&addr)[3],
+-				port >> 8,
+-				port & 0xFF);
++				tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3],
++				port >> 8, port & 0xFF);
+ 	case NF_CT_FTP_EPRT:
+ 		return snprintf(buffer, buflen, "|1|%u.%u.%u.%u|%u|",
+-				((unsigned char *)&addr)[0],
+-				((unsigned char *)&addr)[1],
+-				((unsigned char *)&addr)[2],
+-				((unsigned char *)&addr)[3],
+-				port);
++				tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3], port);
+ 	case NF_CT_FTP_EPSV:
+ 		return snprintf(buffer, buflen, "|||%u|", port);
+ 	}
+-- 
+2.34.1
+

0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch

@@ -0,0 +1,30 @@
+From 385a065550fba6afc9132df07b8ef9da40431c55 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 24 Mar 2022 19:09:22 +0100
+Subject: [PATCH] read_config_yy: Drop extra argument from dlog() call
+
+False priority value was never printed.
+
+Fixes: dfb88dae65fbd ("conntrackd: change scheduler and priority via configuration file")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit f2fed05adbd05df23a063e0a9f2809399d924c64)
+---
+ src/read_config_yy.y | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/read_config_yy.y b/src/read_config_yy.y
+index 4311cd6c9a2f5..6aee67623953b 100644
+--- a/src/read_config_yy.y
++++ b/src/read_config_yy.y
+@@ -1042,7 +1042,7 @@ scheduler_line : T_PRIO T_NUMBER
+ {
+ 	conf.sched.prio = $2;
+ 	if (conf.sched.prio < 0 || conf.sched.prio > 99) {
+-		dlog(LOG_ERR, "`Priority' must be [0, 99]\n", $2);
++		dlog(LOG_ERR, "`Priority' must be [0, 99]\n");
+ 		exit(EXIT_FAILURE);
+ 	}
+ };
+-- 
+2.34.1
+

0014-Don-t-call-exit-from-signal-handler.patch

@@ -0,0 +1,30 @@
+From 6441d719c562135db1a41ff34a28f9edf8caf0fb Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 25 Mar 2022 09:50:18 +0100
+Subject: [PATCH] Don't call exit() from signal handler
+
+Coverity tool complains that exit() is not signal-safe and therefore
+should not be called from within a signal handler. Call _exit() instead.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 7e4d4abd47c6b9b2af745c0a4c8b5532c1886399)
+---
+ src/run.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/run.c b/src/run.c
+index f11a5327fe5e6..37a0eb1c6b957 100644
+--- a/src/run.c
++++ b/src/run.c
+@@ -67,7 +67,7 @@ void killer(int signo)
+ 	close_log();
+ 
+ 	sd_ct_stop();
+-	exit(0);
++	_exit(0);
+ }
+ 
+ static void child(int foo)
+-- 
+2.34.1
+

0015-Drop-pointless-assignments.patch

@@ -0,0 +1,43 @@
+From addd3c1ab24b64e9569095bcf02378904444f744 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 25 Mar 2022 10:15:13 +0100
+Subject: [PATCH] Drop pointless assignments
+
+These variables are not referred to after assigning within their scope
+(or until they're overwritten).
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 5ecb1226d73eb4f9407faa8d663d7038046d34c6)
+---
+ src/helpers/ssdp.c | 1 -
+ src/main.c         | 2 +-
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/helpers/ssdp.c b/src/helpers/ssdp.c
+index 58658e39d0a21..41a637a9ce720 100644
+--- a/src/helpers/ssdp.c
++++ b/src/helpers/ssdp.c
+@@ -259,7 +259,6 @@ static int find_hdr(const char *name, const uint8_t *data, int data_len,
+ 		data += i+2;
+ 	}
+ 
+-	data_len -= name_len;
+ 	data += name_len;
+ 	if (pos)
+ 		*pos = data;
+diff --git a/src/main.c b/src/main.c
+index 7062e12085f11..8c3fa1c943a96 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -320,7 +320,7 @@ int main(int argc, char *argv[])
+ 
+ 	umask(0177);
+ 
+-	if ((ret = init_config(config_file)) == -1) {
++	if (init_config(config_file) == -1) {
+ 		dlog(LOG_ERR, "can't open config file `%s'", config_file);
+ 		exit(EXIT_FAILURE);
+ 	}
+-- 
+2.34.1
+

0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch

@@ -0,0 +1,30 @@
+From aff26dfeea91e70032bdc99bdf5bb5a194dd431d Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 25 Mar 2022 10:30:29 +0100
+Subject: [PATCH] connntrack: Fix for memleak when parsing -j arg
+
+Have to free the strings allocated by split_address_and_port().
+
+Fixes: 29b390a212214 ("conntrack: Support IPv6 NAT")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 42cb292d6c9e8567db2e30e183b1bd31093700ad)
+---
+ src/conntrack.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/conntrack.c b/src/conntrack.c
+index 06f60e85fa1ed..eea5fd339c831 100644
+--- a/src/conntrack.c
++++ b/src/conntrack.c
+@@ -2432,6 +2432,8 @@ int main(int argc, char *argv[])
+ 					nfct_set_nat_details(c, tmpl.ct, &ad,
+ 							     port_str, family);
+ 				}
++				free(port_str);
++				free(nat_address);
+ 			}
+ 			break;
+ 		case 'w':
+-- 
+2.34.1
+

0017-src-fix-strncpy-Wstringop-truncation-warnings.patch

@@ -0,0 +1,225 @@
+From a045ef8abc1c81ac359103ac61841bae860d8960 Mon Sep 17 00:00:00 2001
+From: "Jose M. Guisado Gomez" <guigom@riseup.net>
+Date: Fri, 16 Aug 2019 11:25:11 +0200
+Subject: [PATCH] src: fix strncpy -Wstringop-truncation warnings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+-Wstringop-truncation warning was introduced in GCC-8 as truncation
+checker for strncpy and strncat.
+
+Systems using gcc version >= 8 would receive the following warnings:
+
+read_config_yy.c: In function ‘yyparse’:
+read_config_yy.y:1594:2: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]
+ 1594 |  strncpy(policy->name, $2, CTD_HELPER_NAME_LEN);
+      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+read_config_yy.y:1384:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
+ 1384 |  strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
+      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+read_config_yy.y:692:2: warning: ‘strncpy’ specified bound 108 equals destination size [-Wstringop-truncation]
+  692 |  strncpy(conf.local.path, $2, UNIX_PATH_MAX);
+      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+read_config_yy.y:169:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
+  169 |  strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
+      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+read_config_yy.y:119:2: warning: ‘strncpy’ specified bound 256 equals destination size [-Wstringop-truncation]
+  119 |  strncpy(conf.logfile, $2, FILENAME_MAXLEN);
+      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+main.c: In function ‘main’:
+main.c:168:5: warning: ‘strncpy’ specified bound 4096 equals destination size [-Wstringop-truncation]
+  168 |     strncpy(config_file, argv[i], PATH_MAX);
+      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Fix the issue by checking for string length first. Also using
+snprintf instead.
+
+In addition, correct an off-by-one when warning about maximum config
+file path length.
+
+Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+(cherry picked from commit f196de88cdd9764ddc2e4de737a960972d82fe9d)
+---
+ include/conntrackd.h |  6 +++---
+ include/helper.h     |  2 +-
+ include/local.h      |  4 ++--
+ src/main.c           |  7 +++----
+ src/read_config_yy.y | 39 +++++++++++++++++++++++++++++----------
+ 5 files changed, 38 insertions(+), 20 deletions(-)
+
+diff --git a/include/conntrackd.h b/include/conntrackd.h
+index 81dff221e96de..fe9ec1854a7d2 100644
+--- a/include/conntrackd.h
++++ b/include/conntrackd.h
+@@ -85,9 +85,9 @@ union inet_address {
+ #define CONFIG(x) conf.x
+ 
+ struct ct_conf {
+-	char logfile[FILENAME_MAXLEN];
++	char logfile[FILENAME_MAXLEN + 1];
+ 	int syslog_facility;
+-	char lockfile[FILENAME_MAXLEN];
++	char lockfile[FILENAME_MAXLEN + 1];
+ 	int hashsize;			/* hashtable size */
+ 	int channel_num;
+ 	int channel_default;
+@@ -132,7 +132,7 @@ struct ct_conf {
+ 		int prio;
+ 	} sched;
+ 	struct {
+-		char logfile[FILENAME_MAXLEN];
++		char logfile[FILENAME_MAXLEN + 1];
+ 		int syslog_facility;
+ 		size_t buffer_size;
+ 	} stats;
+diff --git a/include/helper.h b/include/helper.h
+index 7353dfa9b2073..08d4cf4642802 100644
+--- a/include/helper.h
++++ b/include/helper.h
+@@ -13,7 +13,7 @@ struct pkt_buff;
+ #define CTD_HELPER_POLICY_MAX	4
+ 
+ struct ctd_helper_policy {
+-	char		name[CTD_HELPER_NAME_LEN];
++	char		name[CTD_HELPER_NAME_LEN + 1];
+ 	uint32_t	expect_timeout;
+ 	uint32_t	expect_max;
+ };
+diff --git a/include/local.h b/include/local.h
+index 22859d7ab60aa..9379446732eed 100644
+--- a/include/local.h
++++ b/include/local.h
+@@ -7,12 +7,12 @@
+ 
+ struct local_conf {
+ 	int reuseaddr;
+-	char path[UNIX_PATH_MAX];
++	char path[UNIX_PATH_MAX + 1];
+ };
+ 
+ struct local_server {
+ 	int fd;
+-	char path[UNIX_PATH_MAX];
++	char path[UNIX_PATH_MAX + 1];
+ };
+ 
+ /* callback return values */
+diff --git a/src/main.c b/src/main.c
+index 8c3fa1c943a96..de4773df8a204 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -120,8 +120,8 @@ do_chdir(const char *d)
+ 
+ int main(int argc, char *argv[])
+ {
++	char config_file[PATH_MAX + 1] = {};
+ 	int ret, i, action = -1;
+-	char config_file[PATH_MAX] = {};
+ 	int type = 0;
+ 	struct utsname u;
+ 	int version, major, minor;
+@@ -165,13 +165,12 @@ int main(int argc, char *argv[])
+ 			break;
+ 		case 'C':
+ 			if (++i < argc) {
+-				strncpy(config_file, argv[i], PATH_MAX);
+-				if (strlen(argv[i]) >= PATH_MAX){
+-					config_file[PATH_MAX-1]='\0';
++				if (strlen(argv[i]) > PATH_MAX) {
+ 					dlog(LOG_WARNING, "Path to config file"
+ 					     " to long. Cutting it down to %d"
+ 					     " characters", PATH_MAX);
+ 				}
++				snprintf(config_file, PATH_MAX, "%s", argv[i]);
+ 				break;
+ 			}
+ 			show_usage(argv[0]);
+diff --git a/src/read_config_yy.y b/src/read_config_yy.y
+index 6aee67623953b..d963c494be1fc 100644
+--- a/src/read_config_yy.y
++++ b/src/read_config_yy.y
+@@ -116,7 +116,12 @@ logfile_bool : T_LOG T_OFF
+ 
+ logfile_path : T_LOG T_PATH_VAL
+ {
+-	strncpy(conf.logfile, $2, FILENAME_MAXLEN);
++	if (strlen($2) > FILENAME_MAXLEN) {
++		dlog(LOG_ERR, "LogFile path is longer than %u characters",
++		     FILENAME_MAXLEN);
++		exit(EXIT_FAILURE);
++	}
++	snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
+ 	free($2);
+ };
+ 
+@@ -166,7 +171,12 @@ syslog_facility : T_SYSLOG T_STRING
+ 
+ lock : T_LOCK T_PATH_VAL
+ {
+-	strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
++	if (strlen($2) > FILENAME_MAXLEN) {
++		dlog(LOG_ERR, "LockFile path is longer than %u characters",
++		     FILENAME_MAXLEN);
++		exit(EXIT_FAILURE);
++	}
++	snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
+ 	free($2);
+ };
+ 
+@@ -689,13 +699,13 @@ unix_options:
+ 
+ unix_option : T_PATH T_PATH_VAL
+ {
+-	strncpy(conf.local.path, $2, UNIX_PATH_MAX);
+-	free($2);
+-	if (conf.local.path[UNIX_PATH_MAX - 1]) {
+-		dlog(LOG_ERR, "UNIX Path is longer than %u characters",
+-		     UNIX_PATH_MAX - 1);
++	if (strlen($2) > UNIX_PATH_MAX) {
++		dlog(LOG_ERR, "Path is longer than %u characters",
++		     UNIX_PATH_MAX);
+ 		exit(EXIT_FAILURE);
+ 	}
++	snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
++	free($2);
+ };
+ 
+ unix_option : T_BACKLOG T_NUMBER
+@@ -1381,7 +1391,12 @@ stat_logfile_bool : T_LOG T_OFF
+ 
+ stat_logfile_path : T_LOG T_PATH_VAL
+ {
+-	strncpy(conf.stats.logfile, $2, FILENAME_MAXLEN);
++	if (strlen($2) > FILENAME_MAXLEN) {
++		dlog(LOG_ERR, "stats LogFile path is longer than %u characters",
++		     FILENAME_MAXLEN);
++		exit(EXIT_FAILURE);
++	}
++	snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
+ 	free($2);
+ };
+ 
+@@ -1589,11 +1604,15 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
+ 		exit(EXIT_FAILURE);
+ 		break;
+ 	}
++	if (strlen($2) > CTD_HELPER_NAME_LEN) {
++		dlog(LOG_ERR, "Helper Policy is longer than %u characters",
++		     CTD_HELPER_NAME_LEN);
++		exit(EXIT_FAILURE);
++	}
+ 
+ 	policy = (struct ctd_helper_policy *) &e->data;
+-	strncpy(policy->name, $2, CTD_HELPER_NAME_LEN);
++	snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
+ 	free($2);
+-	policy->name[CTD_HELPER_NAME_LEN-1] = '\0';
+ 	/* Now object is complete. */
+ 	e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT;
+ 	stack_item_push(&symbol_stack, e);
+-- 
+2.34.1
+

0018-conntrack-fix-compiler-warnings.patch

@@ -0,0 +1,101 @@
+From 6dda36aceaedf88b33e5a2cf216bbd3b047611a6 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Mon, 17 Jan 2022 16:42:52 +0100
+Subject: [PATCH] conntrack: fix compiler warnings
+
+.... those do not indicate bugs, but they are distracting.
+
+'exp_filter_add' at filter.c:513:2:
+__builtin_strncpy specified bound 16 equals destination size [-Wstringop-truncation]
+
+This warning is because the size argument passed to strncpy() is
+identical to buffer size, i.e. if hit the resulting string is not
+0-terminated.
+
+read_config_yy.y:1625: warning: '__builtin_snprintf' output may be truncated before the last format character [-Wformat-truncation=]
+ 1625 |         snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
+read_config_yy.y:1399: warning: '__builtin_snprintf' output may be ...
+ 1399 |         snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
+read_config_yy.y:707: warning: '__builtin_snprintf' output may be ...
+  707 |         snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
+read_config_yy.y:179: warning: '__builtin_snprintf' output may be ...
+  179 |         snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
+read_config_yy.y:124: warning: '__builtin_snprintf' output may be ...
+  124 |         snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
+
+... its because the _MAXLEN constants are one less than the output
+buffer size, i.e. could use either .._MAXLEN + 1 or sizeof, this uses
+sizeof().
+
+Signed-off-by: Florian Westphal <fw@strlen.de>
+(cherry picked from commit 5f15bb47bbcdb7581c80c5e488cd109450494ec2)
+---
+ src/filter.c         |  2 +-
+ src/read_config_yy.y | 10 +++++-----
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/filter.c b/src/filter.c
+index 00a5e96ecc248..9f961b1fe5b1b 100644
+--- a/src/filter.c
++++ b/src/filter.c
+@@ -470,7 +470,7 @@ struct exp_filter *exp_filter_create(void)
+ 
+ struct exp_filter_item {
+ 	struct list_head	head;
+-	char			helper_name[NFCT_HELPER_NAME_MAX];
++	char			helper_name[NFCT_HELPER_NAME_MAX + 1];
+ };
+ 
+ /* this is ugly, but it simplifies read_config_yy.y */
+diff --git a/src/read_config_yy.y b/src/read_config_yy.y
+index d963c494be1fc..401a1575014d0 100644
+--- a/src/read_config_yy.y
++++ b/src/read_config_yy.y
+@@ -121,7 +121,7 @@ logfile_path : T_LOG T_PATH_VAL
+ 		     FILENAME_MAXLEN);
+ 		exit(EXIT_FAILURE);
+ 	}
+-	snprintf(conf.logfile, FILENAME_MAXLEN, "%s", $2);
++	snprintf(conf.logfile, sizeof(conf.logfile), "%s", $2);
+ 	free($2);
+ };
+ 
+@@ -176,7 +176,7 @@ lock : T_LOCK T_PATH_VAL
+ 		     FILENAME_MAXLEN);
+ 		exit(EXIT_FAILURE);
+ 	}
+-	snprintf(conf.lockfile, FILENAME_MAXLEN, "%s", $2);
++	snprintf(conf.lockfile, sizeof(conf.lockfile), "%s", $2);
+ 	free($2);
+ };
+ 
+@@ -704,7 +704,7 @@ unix_option : T_PATH T_PATH_VAL
+ 		     UNIX_PATH_MAX);
+ 		exit(EXIT_FAILURE);
+ 	}
+-	snprintf(conf.local.path, UNIX_PATH_MAX, "%s", $2);
++	snprintf(conf.local.path, sizeof(conf.local.path), "%s", $2);
+ 	free($2);
+ };
+ 
+@@ -1396,7 +1396,7 @@ stat_logfile_path : T_LOG T_PATH_VAL
+ 		     FILENAME_MAXLEN);
+ 		exit(EXIT_FAILURE);
+ 	}
+-	snprintf(conf.stats.logfile, FILENAME_MAXLEN, "%s", $2);
++	snprintf(conf.stats.logfile, sizeof(conf.stats.logfile), "%s", $2);
+ 	free($2);
+ };
+ 
+@@ -1611,7 +1611,7 @@ helper_type: T_HELPER_POLICY T_STRING '{' helper_policy_list '}'
+ 	}
+ 
+ 	policy = (struct ctd_helper_policy *) &e->data;
+-	snprintf(policy->name, CTD_HELPER_NAME_LEN, "%s", $2);
++	snprintf(policy->name, sizeof(policy->name), "%s", $2);
+ 	free($2);
+ 	/* Now object is complete. */
+ 	e->type = SYMBOL_HELPER_POLICY_EXPECT_ROOT;
+-- 
+2.34.1
+

conntrack-tools.spec

@@ -1,6 +1,6 @@
 Name:           conntrack-tools
 Version:        1.4.5
-Release:        14%{?dist}
+Release:        15%{?dist}
 Summary:        Manipulate netfilter connection tracking table and run High Availability
 License:        GPLv2
 URL:            http://conntrack-tools.netfilter.org/
@@ -16,6 +16,16 @@ Patch05:        0005-nfct-remove-lazy-binding.patch
 Patch06:        0006-conntrackd-use-strncpy-to-unix-path.patch
 Patch07:        0007-conntrackd-Use-strdup-in-lexer.patch
 Patch08:        0008-conntrackd-use-correct-max-unix-path-length.patch
+Patch09:        0009-hash-Flush-tables-when-destroying.patch
+Patch10:        0010-cache-Fix-features-array-allocation.patch
+Patch11:        0011-Fix-potential-buffer-overrun-in-snprintf-calls.patch
+Patch12:        0012-helpers-ftp-Avoid-ugly-casts.patch
+Patch13:        0013-read_config_yy-Drop-extra-argument-from-dlog-call.patch
+Patch14:        0014-Don-t-call-exit-from-signal-handler.patch
+Patch15:        0015-Drop-pointless-assignments.patch
+Patch16:        0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch
+Patch17:        0017-src-fix-strncpy-Wstringop-truncation-warnings.patch
+Patch18:        0018-conntrack-fix-compiler-warnings.patch
 
 BuildRequires:  gcc
 BuildRequires:  libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7
@@ -96,6 +106,18 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
 %systemd_postun conntrackd.service 
 
 %changelog
+* Mon Aug 15 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-15
+- conntrack: fix compiler warnings
+- src: fix strncpy -Wstringop-truncation warnings
+- connntrack: Fix for memleak when parsing -j arg
+- Drop pointless assignments
+- Don't call exit() from signal handler
+- read_config_yy: Drop extra argument from dlog() call
+- helpers: ftp: Avoid ugly casts
+- Fix potential buffer overrun in snprintf() calls
+- cache: Fix features array allocation
+- hash: Flush tables when destroying
+
 * Mon Mar 28 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-14
 - conntrackd: use correct max unix path length