* Fri Feb 17 2023 Phil Sutter <psutter@redhat.com> [1.0.4-9.el9]
- tests: add a test case for map update from packet path with concat (Phil Sutter) [2094894]
- netlink_linearize: fix timeout with map updates (Phil Sutter) [2094894]
- netlink_delinearize: fix decoding of concat data element (Phil Sutter) [2094894]
Resolves: rhbz#2094894
* Thu Feb 09 2023 Phil Sutter <psutter@redhat.com> [1.0.4-8.el9]
- monitor: Sanitize startup race condition (Phil Sutter) [2130721]
- evaluate: set eval ctx for add/update statements with integer constants (Phil Sutter) [2094894]
- src: allow anon set concatenation with ether and vlan (Phil Sutter) [2094887]
- evaluate: search stacked header list for matching payload dep (Phil Sutter) [2094887]
- netlink_delinearize: also postprocess OP_AND in set element context (Phil Sutter) [2094887]
- tests: add a test case for ether and vlan listing (Phil Sutter) [2094887]
- debug: dump the l2 protocol stack (Phil Sutter) [2094887]
- proto: track full stack of seen l2 protocols, not just cumulative offset (Phil Sutter) [2094887]
- netlink_delinearize: postprocess binary ands in concatenations (Phil Sutter) [2094887]
- netlink_delinearize: allow postprocessing on concatenated elements (Phil Sutter) [2094887]
- intervals: check for EXPR_F_REMOVE in case of element mismatch (Phil Sutter) [2115627]
- intervals: fix crash when trying to remove element in empty set (Phil Sutter) [2115627]
- scanner: don't pop active flex scanner scope (Phil Sutter) [2113874]
- parser: add missing synproxy scope closure (Phil Sutter) [2113874]
- tests/py: Add a test for failing ipsec after counter (Phil Sutter) [2113874]
- doc: Document limitations of ipsec expression with xfrm_interface (Phil Sutter) [1806431]
Resolves: rhbz#1806431, rhbz#2094887, rhbz#2094894, rhbz#2113874, rhbz#2115627, rhbz#2130721, rhbz#2094890
* Tue Jan 31 2023 Phil Sutter <psutter@redhat.com> [1.0.4-7.el9]
- One more attempt at fixing expected error records (Phil Sutter) [1973687]
Resolves: rhbz#1973687
* Fri Jun 24 2022 Phil Sutter <psutter@redhat.com> [1.0.4-2.el9]
- intervals: Do not sort cached set elements over and over again (Phil Sutter) [1917398]
- intervals: do not empty cache for maps (Phil Sutter) [1917398]
- intervals: do not report exact overlaps for new elements (Phil Sutter) [1917398]
- rule: collapse set element commands (Phil Sutter) [1917398]
- tests: shell: runtime set element automerge (Phil Sutter) [1917398]
Resolves: rhbz#1917398
- tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set")
- segtree: Fix segfault when restoring a huge interval set
Resolves: rhbz#2020668
- Install an improved sample config
- Fix permissions of osf-related configs
- rule: Fix for potential off-by-one in cmd_add_loc()
- netlink_delinearize: Fix suspicious calloc() call
- netlink: Avoid memleak in error path of netlink_delinearize_obj()
- netlink: Avoid memleak in error path of netlink_delinearize_table()
- netlink: Avoid memleak in error path of netlink_delinearize_chain()
- netlink: Avoid memleak in error path of netlink_delinearize_set()
- json: Drop pointless assignment in exthdr_expr_json()
- evaluate: Mark fall through case in str2hooknum()
- parser_json: Fix for memleak in tcp option error path
- parser_bison: Fix for implicit declaration of isalnum
- main: fix nft --help output fallout from 719e4427
- tests: add icmp/6 test where dependency should be left alone
- payload: check icmp dependency before removing previous icmp expression
Resolves: rhbz#1933117, rhbz#1938823, rhbz#1931790, rhbz#1964987, rhbz#1971600