lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 15 Aug 2020 12:31:53 +0200
From:   Pablo Neira Ayuso <>
Subject: [PATCH 0/8] Netfilter fixes for net


The following patchset contains Netfilter fixes for net:

1) Endianness issue in IPv4 option support in nft_exthdr,
   from Stephen Suryaputra.

2) Removes the waitcount optimization in nft_compat,
   from Florian Westphal.

3) Remove ipv6 -> nf_defrag_ipv6 module dependency, from
   Florian Westphal.

4) Memleak in chain binding support, also from Florian.

5) Simplify selftest, from Fabian Frederick.

6) Optional MTU arguments for selftest,
   also from Fabian.

7) Remove noise error report when killing process in
   selftest, from Fabian Frederick.

8) Reject bogus getsockopt option length in ebtables,
   from Florian Westphal.

Please, pull these changes from:


Thank you.


The following changes since commit 7c7ab580db49cc7befe5f4b91bb1920cd6b07575:

  net: Convert to use the fallthrough macro (2020-08-08 14:29:09 -0700)

are available in the Git repository at:

  git:// HEAD

for you to fetch changes up to 5c04da55c754c44937b3d19c6522f9023fd5c5d5:

  netfilter: ebtables: reject bogus getopt len value (2020-08-14 11:59:08 +0200)

Fabian Frederick (3):
      selftests: netfilter: add checktool function
      selftests: netfilter: add MTU arguments to flowtables
      selftests: netfilter: kill running process only

Florian Westphal (4):
      netfilter: nft_compat: remove flush counter optimization
      netfilter: avoid ipv6 -> nf_defrag_ipv6 module dependency
      netfilter: nf_tables: free chain context when BINDING flag is missing
      netfilter: ebtables: reject bogus getopt len value

Stephen Suryaputra (1):
      netfilter: nf_tables: nft_exthdr: the presence return value should be little-endian

 include/linux/netfilter_ipv6.h                     | 18 ------
 net/bridge/netfilter/ebtables.c                    |  4 ++
 net/bridge/netfilter/nf_conntrack_bridge.c         |  8 ++-
 net/ipv6/netfilter.c                               |  3 -
 net/netfilter/nf_tables_api.c                      |  6 +-
 net/netfilter/nft_compat.c                         | 37 +++++------
 net/netfilter/nft_exthdr.c                         |  4 +-
 tools/testing/selftests/netfilter/ | 73 +++++++++++++---------
 8 files changed, 73 insertions(+), 80 deletions(-)

Powered by blists - more mailing lists