import UBI nftables-1.0.4-4.el8_9

SOURCES/0034-parser_bison-Fix-for-broken-compatibility-with-older.patch

@@ -0,0 +1,86 @@
+From fa2b3f20274f5e66b67e2c3d2b7d957b9200473e Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Wed, 15 Nov 2023 17:06:19 +0100
+Subject: [PATCH] parser_bison: Fix for broken compatibility with older dumps
+
+JIRA: https://issues.redhat.com/browse/RHEL-2596
+Upstream Status: nftables commit 22fab8681a50014174cdd02ace90f74b9e9eefe9
+
+commit 22fab8681a50014174cdd02ace90f74b9e9eefe9
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Oct 19 18:40:04 2023 +0200
+
+    parser_bison: Fix for broken compatibility with older dumps
+
+    Commit e6d1d0d611958 ("src: add set element multi-statement
+    support") changed the order of expressions and other state attached to set
+    elements are expected in input. This broke parsing of ruleset dumps
+    created by nft commands prior to that commit.
+
+    Restore compatibility by also accepting the old ordering.
+
+    Fixes: e6d1d0d611958 ("src: add set element multi-statement support")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+
+Signed-off-by: Phil Sutter <psutter@redhat.com>
+---
+ src/parser_bison.y                            |  6 ++++
+ tests/shell/testcases/sets/elem_opts_compat_0 | 29 +++++++++++++++++++
+ 2 files changed, 35 insertions(+)
+ create mode 100755 tests/shell/testcases/sets/elem_opts_compat_0
+
+diff --git a/src/parser_bison.y b/src/parser_bison.y
+index b548d5b..b882f3b 100644
+--- a/src/parser_bison.y
++++ b/src/parser_bison.y
+@@ -4283,6 +4283,12 @@ meter_key_expr_alloc	:	concat_expr
+ 
+ set_elem_expr		:	set_elem_expr_alloc
+ 			|	set_elem_expr_alloc		set_elem_expr_options
++			|	set_elem_expr_alloc		set_elem_expr_options	set_elem_stmt_list
++			{
++				$$ = $1;
++				list_splice_tail($3, &$$->stmt_list);
++				xfree($3);
++			}
+ 			;
+ 
+ set_elem_key_expr	:	set_lhs_expr		{ $$ = $1; }
+diff --git a/tests/shell/testcases/sets/elem_opts_compat_0 b/tests/shell/testcases/sets/elem_opts_compat_0
+new file mode 100755
+index 0000000..e012953
+--- /dev/null
++++ b/tests/shell/testcases/sets/elem_opts_compat_0
+@@ -0,0 +1,29 @@
++#!/bin/sh
++
++# ordering of element options and expressions has changed, make sure parser
++# accepts both ways
++
++set -e
++
++$NFT -f - <<EOF
++table t {
++	set s {
++		type inet_service
++		counter;
++		timeout 30s;
++	}
++}
++EOF
++
++check() {
++	out=$($NFT list ruleset)
++	secs=$(sed -n 's/.*expires \([0-9]\+\)s.*/\1/p' <<< "$out")
++	[[ $secs -lt 11 ]]
++	grep -q 'counter packets 10 bytes 20' <<< "$out"
++}
++
++$NFT add element t s '{ 23 counter packets 10 bytes 20 expires 10s }'
++check
++$NFT flush set t s
++$NFT add element t s '{ 42 expires 10s counter packets 10 bytes 20 }'
++check
+-- 
+2.41.0
+

SPECS/nftables.spec

@@ -1,5 +1,5 @@
 %define nft_rpmversion 1.0.4
-%define nft_specrelease 3
+%define nft_specrelease 4
 %define libnftnl_ver 1.2.2-1
 
 Name:           nftables
@@ -54,6 +54,7 @@ Patch30:            0030-optimize-Clarify-chain_optimize-array-allocations.patch
 Patch31:            0031-netlink_delinearize-Sanitize-concat-data-element-dec.patch
 Patch32:            0032-tests-monitor-Summarize-failures-per-test-case.patch
 Patch33:            0033-rule-check-address-family-in-set-collapse.patch
+Patch34:            0034-parser_bison-Fix-for-broken-compatibility-with-older.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -173,6 +174,9 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py
 %{python3_sitelib}/nftables/
 
 %changelog
+* Wed Nov 15 2023 Phil Sutter <psutter@redhat.com> [1.0.4-4.el8]
+- parser_bison: Fix for broken compatibility with older dumps (Phil Sutter) [RHEL-2596]
+
 * Thu Sep 21 2023 Phil Sutter <psutter@redhat.com> [1.0.4-3.el8]
 - spec: Rename variables to avoid a clash (Phil Sutter) [INTERNAL]
 - rule: check address family in set collapse (Phil Sutter) [RHEL-5160]