From 71f22223bf89fcf7f16dd6e263259a27284002f6 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Fri, 14 Jul 2023 17:46:04 +0200
Subject: [PATCH] libnftnl-1.2.6-1

- Drop outdated libnftables provides, it might clash with the new
  nftables-provided libnftables at some point in future
- Backport one late fix from upstream
- new version 1.2.6

Resolves: rhbz#2222053
---
 .gitignore                                    |  1 +
 ...e-free-d-expr_list-elements-in-place.patch | 69 +++++++++++++++++++
 libnftnl.spec                                 | 12 ++--
 sources                                       |  2 +-
 4 files changed, 79 insertions(+), 5 deletions(-)
 create mode 100644 0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch

diff --git a/.gitignore b/.gitignore
index 810326d..877aae1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,4 @@
 /libnftnl-1.2.3.tar.bz2
 /libnftnl-1.2.4.tar.bz2
 /libnftnl-1.2.5.tar.xz
+/libnftnl-1.2.6.tar.xz
diff --git a/0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch b/0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch
new file mode 100644
index 0000000..942caee
--- /dev/null
+++ b/0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch
@@ -0,0 +1,69 @@
+From 3eaa940bc33a3186dc7ba1e30640ec79b5f261b9 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 31 May 2023 14:09:09 +0200
+Subject: [libnftnl PATCH] set: Do not leave free'd expr_list elements in place
+
+When freeing elements, remove them also to prevent a potential UAF.
+
+Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1685
+Fixes: 3469f09286cee ("src: add NFTNL_SET_EXPRESSIONS")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ src/set.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/set.c b/src/set.c
+index c46f8277ff687..719e59616e974 100644
+--- a/src/set.c
++++ b/src/set.c
+@@ -54,8 +54,10 @@ void nftnl_set_free(const struct nftnl_set *s)
+ 	if (s->flags & (1 << NFTNL_SET_USERDATA))
+ 		xfree(s->user.data);
+ 
+-	list_for_each_entry_safe(expr, next, &s->expr_list, head)
++	list_for_each_entry_safe(expr, next, &s->expr_list, head) {
++		list_del(&expr->head);
+ 		nftnl_expr_free(expr);
++	}
+ 
+ 	list_for_each_entry_safe(elem, tmp, &s->element_list, head) {
+ 		list_del(&elem->head);
+@@ -105,8 +107,10 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr)
+ 		break;
+ 	case NFTNL_SET_EXPR:
+ 	case NFTNL_SET_EXPRESSIONS:
+-		list_for_each_entry_safe(expr, tmp, &s->expr_list, head)
++		list_for_each_entry_safe(expr, tmp, &s->expr_list, head) {
++			list_del(&expr->head);
+ 			nftnl_expr_free(expr);
++		}
+ 		break;
+ 	default:
+ 		return;
+@@ -210,8 +214,10 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
+ 		s->user.len = data_len;
+ 		break;
+ 	case NFTNL_SET_EXPR:
+-		list_for_each_entry_safe(expr, tmp, &s->expr_list, head)
++		list_for_each_entry_safe(expr, tmp, &s->expr_list, head) {
++			list_del(&expr->head);
+ 			nftnl_expr_free(expr);
++		}
+ 
+ 		expr = (void *)data;
+ 		list_add(&expr->head, &s->expr_list);
+@@ -742,8 +748,10 @@ int nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s)
+ 
+ 	return 0;
+ out_set_expr:
+-	list_for_each_entry_safe(expr, next, &s->expr_list, head)
++	list_for_each_entry_safe(expr, next, &s->expr_list, head) {
++		list_del(&expr->head);
+ 		nftnl_expr_free(expr);
++	}
+ 
+ 	return -1;
+ }
+-- 
+2.40.0
+
diff --git a/libnftnl.spec b/libnftnl.spec
index 45bf633..83e1f24 100644
--- a/libnftnl.spec
+++ b/libnftnl.spec
@@ -1,5 +1,5 @@
 Name:           libnftnl
-Version:        1.2.5
+Version:        1.2.6
 Release:        1%{?dist}
 Summary:        Library for low-level interaction with nftables Netlink's API over libmnl
 
@@ -12,9 +12,7 @@ BuildRequires:  jansson-devel
 BuildRequires:  gcc
 BuildRequires:  make
 
-# replace old libnftables package
-Provides: libnftables = %{version}-%{release}
-Obsoletes: libnftables < 0-0.6
+Patch01:        0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch
 
 %description
 A library for low-level interaction with nftables Netlink's API over libmnl.
@@ -54,6 +52,12 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 %{_includedir}/libnftnl
 
 %changelog
+* Fri Jul 14 2023 Phil Sutter <psutter@redhat.com> - 1.2.6-1
+- Drop outdated libnftables provides, it might clash with the new
+  nftables-provided libnftables at some point in future
+- Backport one late fix from upstream
+- new version 1.2.6
+
 * Fri Mar 10 2023 Phil Sutter <psutter@redhat.com> - 1.2.5-1
 - new version 1.2.5
 
diff --git a/sources b/sources
index cd03894..6314a58 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libnftnl-1.2.5.tar.xz) = 576ccd0815063a6ef3095b5514c3d286b4450fad98fbf7a85cd537f66adf043e7e6295d4c84cc3cbfd18cf9a29576d15a88cc439a61a3e654841a27c71babea1
+SHA512 (libnftnl-1.2.6.tar.xz) = 0c8c369eec84b0c568f0067598bece6e3be9a0fbd977e443ae3b14a5a6d842a6086ceb5426a65f8c77204709655f148c1241193f1a928f8c12154a57e3548b34