| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Apr 2020 00:29:29 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 0/7] Netfilter fixes for net
Hi David,
The following patchset contains Netfilter fixes for net, they are:
1) Fix spurious overlap condition in the rbtree tree, from Stefano Brivio.
2) Fix possible uninitialized pointer dereference in nft_lookup.
3) IDLETIMER v1 target matches the Android layout, from
Maciej Zenczykowski.
4) Dangling pointer in nf_tables_set_alloc_name, from Eric Dumazet.
5) Fix RCU warning splat in ipset find_set_type(), from Amol Grover.
6) Report EOPNOTSUPP on unsupported set flags and object types in sets.
7) Add NFT_SET_CONCAT flag to provide consistent error reporting
when users defines set with ranges in concatenations in old kernels.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thank you.
----------------------------------------------------------------
The following changes since commit 0452800f6db4ed0a42ffb15867c0acfd68829f6a:
net: dsa: mt7530: fix null pointer dereferencing in port5 setup (2020-04-03 16:10:32 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to ef516e8625ddea90b3a0313f3a0b0baa83db7ac2:
netfilter: nf_tables: reintroduce the NFT_SET_CONCAT flag (2020-04-07 18:23:04 +0200)
----------------------------------------------------------------
Amol Grover (1):
netfilter: ipset: Pass lockdep expression to RCU lists
Eric Dumazet (1):
netfilter: nf_tables: do not leave dangling pointer in nf_tables_set_alloc_name
Maciej Żenczykowski (1):
netfilter: xt_IDLETIMER: target v1 - match Android layout
Pablo Neira Ayuso (3):
netfilter: nf_tables: do not update stateful expressions if lookup is inverted
netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
netfilter: nf_tables: reintroduce the NFT_SET_CONCAT flag
Stefano Brivio (1):
netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion
include/net/netfilter/nf_tables.h | 2 +-
include/uapi/linux/netfilter/nf_tables.h | 2 ++
include/uapi/linux/netfilter/xt_IDLETIMER.h | 1 +
net/netfilter/ipset/ip_set_core.c | 3 ++-
net/netfilter/nf_tables_api.c | 7 ++++---
net/netfilter/nft_lookup.c | 12 +++++++-----
net/netfilter/nft_set_bitmap.c | 1 -
net/netfilter/nft_set_rbtree.c | 23 +++++++++++------------
net/netfilter/xt_IDLETIMER.c | 3 +++
9 files changed, 31 insertions(+), 23 deletions(-)
Powered by blists - more mailing lists