lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 15 Aug 2020 12:31:53 +0200
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     netfilter-devel@...r.kernel.org
Cc:     davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org
Subject: [PATCH 0/8] Netfilter fixes for net

Hi,

The following patchset contains Netfilter fixes for net:

1) Endianness issue in IPv4 option support in nft_exthdr,
   from Stephen Suryaputra.

2) Removes the waitcount optimization in nft_compat,
   from Florian Westphal.

3) Remove ipv6 -> nf_defrag_ipv6 module dependency, from
   Florian Westphal.

4) Memleak in chain binding support, also from Florian.

5) Simplify nft_flowtable.sh selftest, from Fabian Frederick.

6) Optional MTU arguments for selftest nft_flowtable.sh,
   also from Fabian.

7) Remove noise error report when killing process in
   selftest nft_flowtable.sh, from Fabian Frederick.

8) Reject bogus getsockopt option length in ebtables,
   from Florian Westphal.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thank you.

----------------------------------------------------------------

The following changes since commit 7c7ab580db49cc7befe5f4b91bb1920cd6b07575:

  net: Convert to use the fallthrough macro (2020-08-08 14:29:09 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 5c04da55c754c44937b3d19c6522f9023fd5c5d5:

  netfilter: ebtables: reject bogus getopt len value (2020-08-14 11:59:08 +0200)

----------------------------------------------------------------
Fabian Frederick (3):
      selftests: netfilter: add checktool function
      selftests: netfilter: add MTU arguments to flowtables
      selftests: netfilter: kill running process only

Florian Westphal (4):
      netfilter: nft_compat: remove flush counter optimization
      netfilter: avoid ipv6 -> nf_defrag_ipv6 module dependency
      netfilter: nf_tables: free chain context when BINDING flag is missing
      netfilter: ebtables: reject bogus getopt len value

Stephen Suryaputra (1):
      netfilter: nf_tables: nft_exthdr: the presence return value should be little-endian

 include/linux/netfilter_ipv6.h                     | 18 ------
 net/bridge/netfilter/ebtables.c                    |  4 ++
 net/bridge/netfilter/nf_conntrack_bridge.c         |  8 ++-
 net/ipv6/netfilter.c                               |  3 -
 net/netfilter/nf_tables_api.c                      |  6 +-
 net/netfilter/nft_compat.c                         | 37 +++++------
 net/netfilter/nft_exthdr.c                         |  4 +-
 tools/testing/selftests/netfilter/nft_flowtable.sh | 73 +++++++++++++---------
 8 files changed, 73 insertions(+), 80 deletions(-)

Powered by blists - more mailing lists