| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190321112845.10627-1-pablo@netfilter.org>
Date: Thu, 21 Mar 2019 12:28:36 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 0/9] Netfilter fixes for net
Hi David,
The following patchset contains Netfilter fixes for your net tree:
1) Remove a direct dependency with IPv6 introduced by the
sip_external_media feature, from Alin Nastac.
2) Fix bogus ENOENT when removing interval elements from set.
3) Set transport_header from br_netfilter to mimic the stack
behaviour, this partially fixes a checksum validation bug
from the SCTP connection tracking, from Xin Long.
4) Fix undefined reference to symbol in xt_TEE, due to missing
Kconfig dependencies, from Arnd Bergmann.
5) Check for NULL in skb_header_pointer() calls in ip6t_shr,
from Kangjie Lu.
6) Fix bogus EBUSY when removing an existing conntrack helper from
a transaction.
7) Fix module autoload of the redirect extension.
8) Remove duplicated transition in flowtable diagram in the existing
documentation.
9) Missing .release_ops call from error path in newrule() which
results module refcount leak, from Taehee Yoo.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 4ec850e5dfec092b26cf3b7d5a6c9e444ea4babd:
net: dwmac-sun8i: fix a missing check of of_get_phy_mode (2019-03-12 14:52:00 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to b25a31bf0ca091aa8bdb9ab329b0226257568bbe:
netfilter: nf_tables: add missing ->release_ops() in error path of newrule() (2019-03-20 08:32:58 +0100)
----------------------------------------------------------------
Alin Nastac (1):
netfilter: nf_conntrack_sip: remove direct dependency on IPv6
Arnd Bergmann (1):
netfilter: fix NETFILTER_XT_TARGET_TEE dependencies
Kangjie Lu (1):
netfilter: ip6t_srh: fix NULL pointer dereferences
Pablo Neira Ayuso (4):
netfilter: nft_set_rbtree: check for inactive element after flag mismatch
netfilter: nf_tables: bogus EBUSY in helper removal from transaction
netfilter: nft_redir: fix module autoload with ip4
netfilter: nf_flowtable: remove duplicated transition in diagram
Taehee Yoo (1):
netfilter: nf_tables: add missing ->release_ops() in error path of newrule()
Xin Long (1):
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
Documentation/networking/nf_flowtable.txt | 8 +++----
net/bridge/br_netfilter_hooks.c | 1 +
net/bridge/br_netfilter_ipv6.c | 2 ++
net/ipv6/netfilter/ip6t_srh.c | 6 +++++
net/netfilter/Kconfig | 1 +
net/netfilter/nf_conntrack_sip.c | 37 +++++++++++++------------------
net/netfilter/nf_tables_api.c | 5 ++++-
net/netfilter/nft_objref.c | 19 +++++++++++++---
net/netfilter/nft_redir.c | 2 +-
net/netfilter/nft_set_rbtree.c | 7 +++---
10 files changed, 54 insertions(+), 34 deletions(-)
Powered by blists - more mailing lists