lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Y7/s83d8D0z1QYt1@orbyte.nwl.cc>
Date:   Thu, 12 Jan 2023 12:20:19 +0100
From:   Phil Sutter <phil@...filter.org>
To:     netfilter <netfilter@...r.kernel.org>,
        netfilter-devel <netfilter-devel@...r.kernel.org>
Cc:     netdev@...r.kernel.org, netfilter-announce@...ts.netfilter.org,
        lwn@....net
Subject: [ANNOUNCE] iptables 1.8.9 release

Hi!

The Netfilter project proudly presents:

        iptables 1.8.9

This release contains new features:

* arptables-nft: Support --exact flag
* Add --enable-profiling configure option, preparing for gcov/gprof
* Support more chunk types in sctp extension
* Print '--' in ip6tables' 'opt' column for consistency with iptables
* More verbose error messages if iptables-nft-restore fails
* Support '-p Length' with ebtables-nft, needed for 802_3 extension
* Merge all NAT extensions into a single DSO
* Install ebtables-translate tool

... and fixes:

* Misc compiler warnings
* Duplicate ETH_ALEN definition when building against musl libc
* Failing out-of-tree build
* Avoid symbol pollution by limiting scope of some in xtables.h
* Increase testsuites' code-coverage
* Using --init-table would crash ebtables-restore, reject it properly
* Fix potential read from garbage in string extension
* Add missing nf_log.h kernel header to dist
* Fix listing format with overly long 'prot' column entries
* Print numeric protocol values with --numeric
* Broken ebtables' among match with MAC+IP address entries
* Occasional wrong line number reported by failing iptables-nft-restore
* Multiple rules using among match broke ebtables-restore
* Renaming a chain in legacy iptables could crash the program
* A second bitwise expression in a rule would mangle the first one
* More strictly reject rules with unexpected content
* Many xtables-translate fixes
* Misc memory leaks and garbage access, satisfy valgrind's leak checker

... and documentation updates:

* Iptables exits when setuid, mention this in man page
* Improve NFQUEUE queue-balance documentation

You can download the new release from:

https://netfilter.org/projects/iptables/downloads.html#iptables-1.8.9

In case of bugs, file them via:

* https://bugzilla.netfilter.org

Happy firewalling!

View attachment "changes-iptables-1.8.9.txt" of type "text/plain" (9085 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ