| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Nov 2019 12:12:28 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 0/9] Netfilter fixes for net
Hi David,
The following patchset contains Netfilter fixes for net:
1) Missing register size validation in bitwise and cmp offloads.
2) Fix error code in ip_set_sockfn_get() when copy_to_user() fails,
from Dan Carpenter.
3) Oneliner to copy MAC address in IPv6 hash:ip,mac sets, from
Stefano Brivio.
4) Missing policy validation in ipset with NL_VALIDATE_STRICT,
from Jozsef Kadlecsik.
5) Fix unaligned access to private data area of nf_tables instructions,
from Lukas Wunner.
6) Relax check for object updates, reported as a regression by
Eric Garver, patch from Fernando Fernandez Mancera.
7) Crash on ebtables dnat extension when used from the output path.
From Florian Westphal.
8) Fix bogus EOPNOTSUPP when updating basechain flags.
9) Fix bogus EBUSY when updating a basechain that is already offloaded.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 1204c70d9dcba31164f78ad5d8c88c42335d51f8:
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2019-11-01 17:48:11 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 774e4d34dbebc9dc441535c4712794d336a9478c:
Merge branch 'master' of git://blackhole.kfki.hu/nf (2019-11-04 20:59:00 +0100)
----------------------------------------------------------------
Dan Carpenter (1):
netfilter: ipset: Fix an error code in ip_set_sockfn_get()
Fernando Fernandez Mancera (1):
netfilter: nf_tables: fix unexpected EOPNOTSUPP error
Florian Westphal (1):
bridge: ebtables: don't crash when using dnat target in output chains
Jozsef Kadlecsik (1):
netfilter: ipset: Fix nla_policies to fully support NL_VALIDATE_STRICT
Lukas Wunner (1):
netfilter: nf_tables: Align nft_expr private data to 64-bit
Pablo Neira Ayuso (4):
netfilter: nf_tables_offload: check for register data length mismatches
netfilter: nf_tables: bogus EOPNOTSUPP on basechain update
netfilter: nf_tables_offload: skip EBUSY on chain update
Merge branch 'master' of git://blackhole.kfki.hu/nf
Stefano Brivio (1):
netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets
include/net/netfilter/nf_tables.h | 3 +-
net/bridge/netfilter/ebt_dnat.c | 19 ++++++++++---
net/netfilter/ipset/ip_set_core.c | 49 +++++++++++++++++++++-----------
net/netfilter/ipset/ip_set_hash_ipmac.c | 2 +-
net/netfilter/ipset/ip_set_hash_net.c | 1 +
net/netfilter/ipset/ip_set_hash_netnet.c | 1 +
net/netfilter/nf_tables_api.c | 7 ++---
net/netfilter/nf_tables_offload.c | 3 +-
net/netfilter/nft_bitwise.c | 5 ++--
net/netfilter/nft_cmp.c | 2 +-
10 files changed, 62 insertions(+), 30 deletions(-)
Powered by blists - more mailing lists