nftables-0.9.8-10.el9

- tests: shell: better parameters for the interval stack overflow test - tests: shell: $NFT needs to be invoked unquoted Resolves: rhbz#2020668
2021-12-08 17:13:31 +01:00 · 2021-12-08 17:13:31 +01:00 · f5f9d2bc8f
commit f5f9d2bc8f
parent 44cc91b788
3 changed files with 111 additions and 1 deletions
--- a/0019-tests-shell-NFT-needs-to-be-invoked-unquoted.patch
+++ b/0019-tests-shell-NFT-needs-to-be-invoked-unquoted.patch
@ -0,0 +1,53 @@
 From 4bd60613ea60da4bf9da226be352dd47f585e8d0 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20N=C4=9Bmec?= <snemec@redhat.com>
 Date: Fri, 5 Nov 2021 12:39:11 +0100
 Subject: [PATCH] tests: shell: $NFT needs to be invoked unquoted
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 The variable has to undergo word splitting, otherwise the shell tries
 to find the variable value as an executable, which breaks in cases that
 7c8a44b25c22 ("tests: shell: Allow wrappers to be passed as nft command")
 intends to support.
 Mention this in the shell tests README.
 Fixes: d8ccad2a2b73 ("tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set")")
 Signed-off-by: Štěpán Němec <snemec@redhat.com>
 Signed-off-by: Phil Sutter <phil@nwl.cc>
 (cherry picked from commit dad3338f1f76a4a5bd782bae9c6b48941dfb1e31)
 Conflicts:
 	tests/shell/README
 -> Context change due to missing other patches.
 ---
 tests/shell/README                                       | 3 +++
 tests/shell/testcases/sets/0068interval_stack_overflow_0 | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 diff --git a/tests/shell/README b/tests/shell/README
 index e0279bbdc30c3..aee50e3d668b1 100644
 --- a/tests/shell/README
 +++ b/tests/shell/README
@@ -25,4 +25,7 @@ path to the nftables binary being tested.
 You can pass an arbitrary $NFT value as well:
  # NFT=/usr/local/sbin/nft ./run-tests.sh
 +Note that, to support usage such as NFT='valgrind nft', tests must
 +invoke $NFT unquoted.
 +
 By default the tests are run with the nft binary at '../../src/nft'
 diff --git a/tests/shell/testcases/sets/0068interval_stack_overflow_0 b/tests/shell/testcases/sets/0068interval_stack_overflow_0
 index 134282de28268..6620572449c3c 100755
 --- a/tests/shell/testcases/sets/0068interval_stack_overflow_0
 +++ b/tests/shell/testcases/sets/0068interval_stack_overflow_0
@@ -26,4 +26,4 @@ table inet test68_table {
 }
 EOF
 -( ulimit -s 128 && "$NFT" -f "$ruleset_file" )
 +( ulimit -s 128 && $NFT -f "$ruleset_file" )
 -- 
 2.33.0
--- a/0020-tests-shell-better-parameters-for-the-interval-stack.patch
+++ b/0020-tests-shell-better-parameters-for-the-interval-stack.patch
@ -0,0 +1,51 @@
 From 0c34164a245bdd03085e906bc9b3327d559535a4 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20N=C4=9Bmec?= <snemec@redhat.com>
 Date: Wed, 1 Dec 2021 12:12:00 +0100
 Subject: [PATCH] tests: shell: better parameters for the interval stack
 overflow test
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Wider testing has shown that 128 kB stack is too low (e.g. for systems
 with 64 kB page size), leading to false failures in some environments.
 Based on results from a matrix of RHEL 8 and RHEL 9 systems across
 x86_64, aarch64, ppc64le and s390x architectures as well as some
 anecdotal testing of other Linux distros on x86_64 machines, 400 kB
 seems safe: the normal nft stack (which should stay constant during
 this test) on all tested systems doesn't exceed 200 kB (stays around
 100 kB on typical systems with 4 kB page size), while always growing
 beyond 500 kB in the failing case (nftables before baecd1cf2685) with
 the increased set size.
 Fixes: d8ccad2a2b73 ("tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set")")
 Signed-off-by: Štěpán Němec <snemec@redhat.com>
 Signed-off-by: Phil Sutter <phil@nwl.cc>
 (cherry picked from commit 7b81d9cb094ffa96ad821528cf19269dc348f617)
 ---
 tests/shell/testcases/sets/0068interval_stack_overflow_0 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/tests/shell/testcases/sets/0068interval_stack_overflow_0 b/tests/shell/testcases/sets/0068interval_stack_overflow_0
 index 6620572449c3c..2cbc986802644 100755
 --- a/tests/shell/testcases/sets/0068interval_stack_overflow_0
 +++ b/tests/shell/testcases/sets/0068interval_stack_overflow_0
@@ -9,7 +9,7 @@ trap 'rm -f "$ruleset_file"' EXIT
 {
 	echo 'define big_set = {'
 	for ((i = 1; i < 255; i++)); do
 -		for ((j = 1; j < 80; j++)); do
 +		for ((j = 1; j < 255; j++)); do
 			echo "10.0.$i.$j,"
 		done
 	done
@@ -26,4 +26,4 @@ table inet test68_table {
 }
 EOF
 -( ulimit -s 128 && $NFT -f "$ruleset_file" )
 +( ulimit -s 400 && $NFT -f "$ruleset_file" )
 -- 
 2.33.0
--- a/nftables.spec
+++ b/nftables.spec
@ -1,6 +1,6 @@
 Name:           nftables
 Version:        0.9.8
-Release:        9%{?dist}
+Release:        10%{?dist}
 # Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
 Epoch:          1
 Summary:        Netfilter Tables userspace utillites
@ -32,6 +32,8 @@ Patch15: 0015-json-init-parser-state-for-every-new-buffer-file.patch
 Patch16: 0016-segtree-Fix-segfault-when-restoring-a-huge-interval-.patch
 Patch17: 0017-tests-cover-baecd1cf2685-segtree-Fix-segfault-when-r.patch
 Patch18: 0018-doc-nft.8-Extend-monitor-description-by-trace.patch
 Patch19: 0019-tests-shell-NFT-needs-to-be-invoked-unquoted.patch
 Patch20: 0020-tests-shell-better-parameters-for-the-interval-stack.patch
 #BuildRequires: autogen
 #BuildRequires: autoconf
@ -141,6 +143,10 @@ sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
 %{python3_sitelib}/nftables/
 %changelog
 * Wed Dec 08 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-10
 - tests: shell: better parameters for the interval stack overflow test
 - tests: shell: $NFT needs to be invoked unquoted
 * Thu Nov 11 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-9
 - doc: nft.8: Extend monitor description by trace