From 990e8cd802cc969208671d047457048c4e0ac5dc Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Thu, 26 Oct 2023 16:19:13 +0000
Subject: [PATCH] libnftnl-1.2.6-1.el9

* Thu Oct 26 2023 Phil Sutter <psutter@redhat.com> [1.2.6-1.el9]
- set: Do not leave free'd expr_list elements in place (Phil Sutter) [RHEL-14149]
- Rebase onto version 1.2.6 (Phil Sutter) [RHEL-14149]
Resolves: RHEL-14149
---
 .gitignore                                    |  1 +
 ...e-free-d-expr_list-elements-in-place.patch | 77 +++++++++++++++++++
 libnftnl.spec                                 | 40 +++++-----
 sources                                       |  2 +-
 4 files changed, 101 insertions(+), 19 deletions(-)
 create mode 100644 0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch

diff --git a/.gitignore b/.gitignore
index 332b57a..fcad209 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@
 /libnftnl-1.1.9.tar.bz2
 /libnftnl-1.2.1.tar.bz2
 /libnftnl-1.2.2.tar.bz2
+/libnftnl-1.2.6.tar.xz
diff --git a/0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch b/0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch
new file mode 100644
index 0000000..de444b8
--- /dev/null
+++ b/0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch
@@ -0,0 +1,77 @@
+From 64b18b08a4c7ff6baeca536100e34aacbbafa7f3 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Thu, 26 Oct 2023 18:05:02 +0200
+Subject: [PATCH] set: Do not leave free'd expr_list elements in place
+
+JIRA: https://issues.redhat.com/browse/RHEL-14149
+Upstream Status: libnftnl commit 3eaa940bc33a3186dc7ba1e30640ec79b5f261b9
+
+commit 3eaa940bc33a3186dc7ba1e30640ec79b5f261b9
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Wed May 31 14:09:09 2023 +0200
+
+    set: Do not leave free'd expr_list elements in place
+
+    When freeing elements, remove them also to prevent a potential UAF.
+
+    Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1685
+    Fixes: 3469f09286cee ("src: add NFTNL_SET_EXPRESSIONS")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+
+Signed-off-by: Phil Sutter <psutter@redhat.com>
+---
+ src/set.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/set.c b/src/set.c
+index c46f827..719e596 100644
+--- a/src/set.c
++++ b/src/set.c
+@@ -54,8 +54,10 @@ void nftnl_set_free(const struct nftnl_set *s)
+ 	if (s->flags & (1 << NFTNL_SET_USERDATA))
+ 		xfree(s->user.data);
+ 
+-	list_for_each_entry_safe(expr, next, &s->expr_list, head)
++	list_for_each_entry_safe(expr, next, &s->expr_list, head) {
++		list_del(&expr->head);
+ 		nftnl_expr_free(expr);
++	}
+ 
+ 	list_for_each_entry_safe(elem, tmp, &s->element_list, head) {
+ 		list_del(&elem->head);
+@@ -105,8 +107,10 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr)
+ 		break;
+ 	case NFTNL_SET_EXPR:
+ 	case NFTNL_SET_EXPRESSIONS:
+-		list_for_each_entry_safe(expr, tmp, &s->expr_list, head)
++		list_for_each_entry_safe(expr, tmp, &s->expr_list, head) {
++			list_del(&expr->head);
+ 			nftnl_expr_free(expr);
++		}
+ 		break;
+ 	default:
+ 		return;
+@@ -210,8 +214,10 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
+ 		s->user.len = data_len;
+ 		break;
+ 	case NFTNL_SET_EXPR:
+-		list_for_each_entry_safe(expr, tmp, &s->expr_list, head)
++		list_for_each_entry_safe(expr, tmp, &s->expr_list, head) {
++			list_del(&expr->head);
+ 			nftnl_expr_free(expr);
++		}
+ 
+ 		expr = (void *)data;
+ 		list_add(&expr->head, &s->expr_list);
+@@ -742,8 +748,10 @@ int nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s)
+ 
+ 	return 0;
+ out_set_expr:
+-	list_for_each_entry_safe(expr, next, &s->expr_list, head)
++	list_for_each_entry_safe(expr, next, &s->expr_list, head) {
++		list_del(&expr->head);
+ 		nftnl_expr_free(expr);
++	}
+ 
+ 	return -1;
+ }
diff --git a/libnftnl.spec b/libnftnl.spec
index af42eca..979b8b5 100644
--- a/libnftnl.spec
+++ b/libnftnl.spec
@@ -1,20 +1,21 @@
-Name:           libnftnl
-Version:        1.2.2
-Release:        1%{?dist}
-Summary:        Library for low-level interaction with nftables Netlink's API over libmnl
+%define rpmversion 1.2.6
+%define specrelease 1
 
+Name:           libnftnl
+Version:        %{rpmversion}
+Release:        %{specrelease}%{?buildid}
+Summary:        Library for low-level interaction with nftables Netlink's API over libmnl
 License:        GPLv2+
 URL:            https://netfilter.org/projects/libnftnl/
-Source0:        https://www.netfilter.org/pub/libnftnl/libnftnl-%{version}.tar.bz2
+Source0:        %{url}/files/%{name}-%{version}.tar.xz
+
+Patch1:             0001-set-Do-not-leave-free-d-expr_list-elements-in-place.patch
 
 BuildRequires:  libmnl-devel
-BuildRequires:  jansson-devel
 BuildRequires:  gcc
 BuildRequires:  make
-
-# replace old libnftables package
-Provides: libnftables = %{version}-%{release}
-Obsoletes: libnftables < 0-0.6
+#BuildRequires:  autoconf
+#BuildRequires:  automake
 
 %description
 A library for low-level interaction with nftables Netlink's API over libmnl.
@@ -22,9 +23,6 @@ A library for low-level interaction with nftables Netlink's API over libmnl.
 %package        devel
 Summary:        Development files for %{name}
 Requires:       %{name}%{_isa} = %{version}-%{release}
-# replace old libnftables-devel package
-Provides: libnftables-devel = %{version}-%{release}
-Obsoletes: libnftables-devel < 0-0.6
 
 %description    devel
 The %{name}-devel package contains libraries and header files for
@@ -34,15 +32,17 @@ developing applications that use %{name}.
 %autosetup -p1
 
 %build
-%configure --disable-static --disable-silent-rules --with-json-parsing
+# This is what autogen.sh (only in git repo) does - without it, patches changing
+# Makefile.am cause the build system to regenerate Makefile.in and trying to use
+# automake-1.14 for that which is not available in RHEL.
+#autoreconf -fi
+#rm -rf autom4te*.cache
+
+%configure --disable-static --disable-silent-rules
 %make_build
 
 %check
 %make_build check
-# JSON parsing is broken on big endian, causing tests to fail. Fixes awaiting
-# upstream acceptance: https://marc.info/?l=netfilter-devel&m=152968610931720&w=2
-#cd tests
-#sh ./test-script.sh
 
 %install
 %make_install
@@ -58,6 +58,10 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 %{_includedir}/libnftnl
 
 %changelog
+* Thu Oct 26 2023 Phil Sutter <psutter@redhat.com> [1.2.6-1.el9]
+- set: Do not leave free'd expr_list elements in place (Phil Sutter) [RHEL-14149]
+- Rebase onto version 1.2.6 (Phil Sutter) [RHEL-14149]
+
 * Tue Jun 07 2022 Phil Sutter <psutter@redhat.com> - 1.2.2-1
 - New version 1.2.2
 
diff --git a/sources b/sources
index fe2d09f..6314a58 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libnftnl-1.2.2.tar.bz2) = 657d48aa263043b80daa39eb8e2647c84c03b3e3a4a30b85bec1d8e4a0976075a71ad233bb384f4460d5f6662f285c12947feb8c1a6c9a534a2c9cf7ba04eee3
+SHA512 (libnftnl-1.2.6.tar.xz) = 0c8c369eec84b0c568f0067598bece6e3be9a0fbd977e443ae3b14a5a6d842a6086ceb5426a65f8c77204709655f148c1241193f1a928f8c12154a57e3548b34