Commit Graph

28 Commits

Author SHA1 Message Date
Phil Sutter
859c03055c nftables-1.0.4-10.el9
* Tue Feb 21 2023 Phil Sutter <psutter@redhat.com> [1.0.4-10.el9]
- netlink_delinearize: Sanitize concat data element decoding (Phil Sutter) [2160049]
- optimize: Clarify chain_optimize() array allocations (Phil Sutter) [2160049]
- optimize: Do not return garbage from stack (Phil Sutter) [2160049]
- netlink: Fix for potential NULL-pointer deref (Phil Sutter) [2160049]
- meta: parse_iso_date() returns boolean (Phil Sutter) [2160049]
- mnl: dump_nf_hooks() leaks memory in error path (Phil Sutter) [2160049]
- owner: Fix potential array out of bounds access (Phil Sutter) [2160049]
Resolves: rhbz#2160049
2023-02-21 19:53:35 +01:00
Phil Sutter
4a82b86805 nftables-1.0.4-9.el9
* Fri Feb 17 2023 Phil Sutter <psutter@redhat.com> [1.0.4-9.el9]
- tests: add a test case for map update from packet path with concat (Phil Sutter) [2094894]
- netlink_linearize: fix timeout with map updates (Phil Sutter) [2094894]
- netlink_delinearize: fix decoding of concat data element (Phil Sutter) [2094894]
Resolves: rhbz#2094894
2023-02-17 17:57:41 +01:00
Phil Sutter
552075b562 nftables-1.0.4-8.el9
* Thu Feb 09 2023 Phil Sutter <psutter@redhat.com> [1.0.4-8.el9]
- monitor: Sanitize startup race condition (Phil Sutter) [2130721]
- evaluate: set eval ctx for add/update statements with integer constants (Phil Sutter) [2094894]
- src: allow anon set concatenation with ether and vlan (Phil Sutter) [2094887]
- evaluate: search stacked header list for matching payload dep (Phil Sutter) [2094887]
- netlink_delinearize: also postprocess OP_AND in set element context (Phil Sutter) [2094887]
- tests: add a test case for ether and vlan listing (Phil Sutter) [2094887]
- debug: dump the l2 protocol stack (Phil Sutter) [2094887]
- proto: track full stack of seen l2 protocols, not just cumulative offset (Phil Sutter) [2094887]
- netlink_delinearize: postprocess binary ands in concatenations (Phil Sutter) [2094887]
- netlink_delinearize: allow postprocessing on concatenated elements (Phil Sutter) [2094887]
- intervals: check for EXPR_F_REMOVE in case of element mismatch (Phil Sutter) [2115627]
- intervals: fix crash when trying to remove element in empty set (Phil Sutter) [2115627]
- scanner: don't pop active flex scanner scope (Phil Sutter) [2113874]
- parser: add missing synproxy scope closure (Phil Sutter) [2113874]
- tests/py: Add a test for failing ipsec after counter (Phil Sutter) [2113874]
- doc: Document limitations of ipsec expression with xfrm_interface (Phil Sutter) [1806431]
Resolves: rhbz#1806431, rhbz#2094887, rhbz#2094894, rhbz#2113874, rhbz#2115627, rhbz#2130721, rhbz#2094890
2023-02-09 15:47:30 +01:00
Phil Sutter
b2d6b2fb35 nftables-1.0.4-7.el9
* Tue Jan 31 2023 Phil Sutter <psutter@redhat.com> [1.0.4-7.el9]
- One more attempt at fixing expected error records (Phil Sutter) [1973687]
Resolves: rhbz#1973687
2023-01-31 16:20:19 +01:00
Phil Sutter
32cc743b3e nftables-1.0.4-6.el9
* Tue Jan 31 2023 Phil Sutter <psutter@redhat.com> [1.0.4-6.el9]
- Realy fix expected error records (Phil Sutter) [1973687]
Resolves: rhbz#1973687
2023-01-31 12:29:46 +01:00
Phil Sutter
ee4b6a285b nftables-1.0.4-5.el9
* Fri Jan 27 2023 Phil Sutter <psutter@redhat.com> [1.0.4-5.el9]
- Fix expected error records (Phil Sutter) [1973687]
Resolves: rhbz#1973687
2023-01-27 16:17:29 +01:00
Phil Sutter
e0136676ca nftables-1.0.4-4.el9
* Fri Jan 20 2023 Phil Sutter <psutter@redhat.com> [1.0.4-4.el9]
- Add expected error records for testsuite runs (Phil Sutter) [1973687]
Resolves: rhbz#1973687
2023-01-20 15:13:54 +01:00
Phil Sutter
8d211afc1d nftables-1.0.4-3.el9
* Fri Nov 25 2022 Phil Sutter <psutter@redhat.com> [1.0.4-3.el9]
- Prevent port-shadow attacks in sample nat config (Phil Sutter) [2061940]
Resolves: rhbz#2061940
2022-11-25 16:48:10 +01:00
Phil Sutter
9a240b84de nftables-1.0.4-2.el9
* Fri Jun 24 2022 Phil Sutter <psutter@redhat.com> [1.0.4-2.el9]
- intervals: Do not sort cached set elements over and over again (Phil Sutter) [1917398]
- intervals: do not empty cache for maps (Phil Sutter) [1917398]
- intervals: do not report exact overlaps for new elements (Phil Sutter) [1917398]
- rule: collapse set element commands (Phil Sutter) [1917398]
- tests: shell: runtime set element automerge (Phil Sutter) [1917398]
Resolves: rhbz#1917398
2022-06-24 16:56:40 +02:00
Phil Sutter
98611e7b9d nftables-1.0.4-1.el9
- Review package dependencies
- new version 1.0.4

Resolves: rhbz#1917398
2022-06-09 18:18:10 +02:00
Phil Sutter
1606add35f nftables-0.9.8-12.el9
- evaluate: pick data element byte order, not dtype one

Resolves: rhbz#2040672
2022-01-14 14:54:55 +01:00
Phil Sutter
946bb34b50 nftables-0.9.8-11.el9
- tests: py: add dnat to port without defining destination address
- evaluate: fix inet nat with no layer 3 info
- include: missing sctp_chunk.h in Makefile.am
- exthdr: Implement SCTP Chunk matching
- scanner: sctp: Move to own scope
- scanner: introduce start condition stack
- json: Simplify non-tcpopt exthdr printing a bit

Resolves: rhbz#2018023, rhbz#2030314
2021-12-22 14:13:58 +01:00
Phil Sutter
f5f9d2bc8f nftables-0.9.8-10.el9
- tests: shell: better parameters for the interval stack overflow test
- tests: shell: $NFT needs to be invoked unquoted

Resolves: rhbz#2020668
2021-12-08 17:13:31 +01:00
Phil Sutter
44cc91b788 nftables-0.9.8-9.el9
- doc: nft.8: Extend monitor description by trace

Resolves: rhbz#2003707
2021-11-11 11:13:37 +01:00
Phil Sutter
ff72da09da nftables-0.9.8-8.el9
- tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set")
- segtree: Fix segfault when restoring a huge interval set

Resolves: rhbz#2020668
2021-11-05 19:08:32 +01:00
Mohan Boddu
3c7e9c5df1 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:32:43 +00:00
Phil Sutter
65f5371472 nftables-0.9.8-6.el9
- json: init parser state for every new buffer/file

Resolves: rhbz#1973630
2021-06-18 13:13:51 +02:00
Phil Sutter
2b5611ed68 nftables-0.9.8-5.el9
- src: add xzalloc_array() and use it to allocate the expression hashtable

Related: rhbz#1938823
2021-06-15 12:48:14 +02:00
Phil Sutter
a2ea441692 nftables-0.9.8-4.el9
- Install an improved sample config
- Fix permissions of osf-related configs
- rule: Fix for potential off-by-one in cmd_add_loc()
- netlink_delinearize: Fix suspicious calloc() call
- netlink: Avoid memleak in error path of netlink_delinearize_obj()
- netlink: Avoid memleak in error path of netlink_delinearize_table()
- netlink: Avoid memleak in error path of netlink_delinearize_chain()
- netlink: Avoid memleak in error path of netlink_delinearize_set()
- json: Drop pointless assignment in exthdr_expr_json()
- evaluate: Mark fall through case in str2hooknum()
- parser_json: Fix for memleak in tcp option error path
- parser_bison: Fix for implicit declaration of isalnum
- main: fix nft --help output fallout from 719e4427
- tests: add icmp/6 test where dependency should be left alone
- payload: check icmp dependency before removing previous icmp expression

Resolves: rhbz#1933117, rhbz#1938823, rhbz#1931790, rhbz#1964987, rhbz#1971600
2021-06-14 14:46:08 +02:00
Štěpán Němec
de703c11a8 Enable RHEL 9 gating (equivalent to RHEL 8) 2021-06-10 10:26:08 +02:00
Mohan Boddu
4bf7355416 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:26:24 +00:00
DistroBaker
c8c0d697ab Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nftables.git#f9ec47168c3362cfdd4e7b2f3b32b8d028cb6d0b
2021-02-03 00:35:52 +00:00
DistroBaker
d1ee611bce Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nftables.git#bcb7ed67bc179a964bc3c323162fd003065613b4
2021-01-16 23:55:59 +00:00
DistroBaker
369c752027 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nftables.git#5ec5eb0ad96a266e53fc20446a7b890ad053b5f0
2020-11-01 00:21:40 +00:00
DistroBaker
2f42db39fd Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nftables.git#0375e8ac9c797454d2d314571200e922f7927af6
2020-10-29 14:40:47 +01:00
DistroBaker
a85aa4fe1a Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nftables.git#60b6d3d324c90ea7ee6c0c5ec89f89cddc5b617e
2020-10-27 17:53:20 +01:00
Petr Šabata
6c98e57fe4 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/nftables#60b6d3d324c90ea7ee6c0c5ec89f89cddc5b617e
2020-10-15 21:05:18 +02:00
Release Configuration Management
0996cb805f New branch setup 2020-10-08 18:33:09 +00:00