import UBI nftables-1.0.4-4.el8_9

This commit is contained in:
eabdullin 2024-04-02 17:20:20 +00:00
parent 57ff1bf0b7
commit 03c344530e
2 changed files with 91 additions and 1 deletions

View File

@ -0,0 +1,86 @@
From fa2b3f20274f5e66b67e2c3d2b7d957b9200473e Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Wed, 15 Nov 2023 17:06:19 +0100
Subject: [PATCH] parser_bison: Fix for broken compatibility with older dumps
JIRA: https://issues.redhat.com/browse/RHEL-2596
Upstream Status: nftables commit 22fab8681a50014174cdd02ace90f74b9e9eefe9
commit 22fab8681a50014174cdd02ace90f74b9e9eefe9
Author: Phil Sutter <phil@nwl.cc>
Date: Thu Oct 19 18:40:04 2023 +0200
parser_bison: Fix for broken compatibility with older dumps
Commit e6d1d0d611958 ("src: add set element multi-statement
support") changed the order of expressions and other state attached to set
elements are expected in input. This broke parsing of ruleset dumps
created by nft commands prior to that commit.
Restore compatibility by also accepting the old ordering.
Fixes: e6d1d0d611958 ("src: add set element multi-statement support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
src/parser_bison.y | 6 ++++
tests/shell/testcases/sets/elem_opts_compat_0 | 29 +++++++++++++++++++
2 files changed, 35 insertions(+)
create mode 100755 tests/shell/testcases/sets/elem_opts_compat_0
diff --git a/src/parser_bison.y b/src/parser_bison.y
index b548d5b..b882f3b 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4283,6 +4283,12 @@ meter_key_expr_alloc : concat_expr
set_elem_expr : set_elem_expr_alloc
| set_elem_expr_alloc set_elem_expr_options
+ | set_elem_expr_alloc set_elem_expr_options set_elem_stmt_list
+ {
+ $$ = $1;
+ list_splice_tail($3, &$$->stmt_list);
+ xfree($3);
+ }
;
set_elem_key_expr : set_lhs_expr { $$ = $1; }
diff --git a/tests/shell/testcases/sets/elem_opts_compat_0 b/tests/shell/testcases/sets/elem_opts_compat_0
new file mode 100755
index 0000000..e012953
--- /dev/null
+++ b/tests/shell/testcases/sets/elem_opts_compat_0
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# ordering of element options and expressions has changed, make sure parser
+# accepts both ways
+
+set -e
+
+$NFT -f - <<EOF
+table t {
+ set s {
+ type inet_service
+ counter;
+ timeout 30s;
+ }
+}
+EOF
+
+check() {
+ out=$($NFT list ruleset)
+ secs=$(sed -n 's/.*expires \([0-9]\+\)s.*/\1/p' <<< "$out")
+ [[ $secs -lt 11 ]]
+ grep -q 'counter packets 10 bytes 20' <<< "$out"
+}
+
+$NFT add element t s '{ 23 counter packets 10 bytes 20 expires 10s }'
+check
+$NFT flush set t s
+$NFT add element t s '{ 42 expires 10s counter packets 10 bytes 20 }'
+check
--
2.41.0

View File

@ -1,5 +1,5 @@
%define nft_rpmversion 1.0.4 %define nft_rpmversion 1.0.4
%define nft_specrelease 3 %define nft_specrelease 4
%define libnftnl_ver 1.2.2-1 %define libnftnl_ver 1.2.2-1
Name: nftables Name: nftables
@ -54,6 +54,7 @@ Patch30: 0030-optimize-Clarify-chain_optimize-array-allocations.patch
Patch31: 0031-netlink_delinearize-Sanitize-concat-data-element-dec.patch Patch31: 0031-netlink_delinearize-Sanitize-concat-data-element-dec.patch
Patch32: 0032-tests-monitor-Summarize-failures-per-test-case.patch Patch32: 0032-tests-monitor-Summarize-failures-per-test-case.patch
Patch33: 0033-rule-check-address-family-in-set-collapse.patch Patch33: 0033-rule-check-address-family-in-set-collapse.patch
Patch34: 0034-parser_bison-Fix-for-broken-compatibility-with-older.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -173,6 +174,9 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py
%{python3_sitelib}/nftables/ %{python3_sitelib}/nftables/
%changelog %changelog
* Wed Nov 15 2023 Phil Sutter <psutter@redhat.com> [1.0.4-4.el8]
- parser_bison: Fix for broken compatibility with older dumps (Phil Sutter) [RHEL-2596]
* Thu Sep 21 2023 Phil Sutter <psutter@redhat.com> [1.0.4-3.el8] * Thu Sep 21 2023 Phil Sutter <psutter@redhat.com> [1.0.4-3.el8]
- spec: Rename variables to avoid a clash (Phil Sutter) [INTERNAL] - spec: Rename variables to avoid a clash (Phil Sutter) [INTERNAL]
- rule: check address family in set collapse (Phil Sutter) [RHEL-5160] - rule: check address family in set collapse (Phil Sutter) [RHEL-5160]