lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 16 May 2023 07:23:58 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert
	<steffen.klassert@...unet.com>, <netdev@...r.kernel.org>
Subject: [PATCH 0/7] pull request (net): ipsec 2023-05-16

1) Don't check the policy default if we have an allow
   policy. Fix from Sabrina Dubroca.

2) Fix netdevice refount usage on offload.
   From Leon Romanovsky.

3) Use netdev_put instead of dev_puti to correctly release
   the netdev on failure in xfrm_dev_policy_add.
   From Leon Romanovsky.

4) Revert "Fix XFRM-I support for nested ESP tunnels"
   This broke Netfilter policy matching.
   From Martin Willi.

5) Reject optional tunnel/BEET mode templates in outbound policies
   on netlink and pfkey sockets. From Tobias Brunner.

6) Check if_id in inbound policy/secpath match to make
   it symetric to the outbound codepath.
   From Benedict Wong.

Please pull or let me know if there are problems.

Thanks!

The following changes since commit 24e3fce00c0b557491ff596c0682a29dee6fe848:

  net: stmmac: Add queue reset into stmmac_xdp_open() function (2023-04-05 19:02:56 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git tags/ipsec-2023-05-16

for you to fetch changes up to 8680407b6f8f5fba59e8f1d63c869abc280f04df:

  xfrm: Check if_id in inbound policy/secpath match (2023-05-10 07:56:05 +0200)

----------------------------------------------------------------
ipsec-2023-05-16

----------------------------------------------------------------
Benedict Wong (1):
      xfrm: Check if_id in inbound policy/secpath match

Leon Romanovsky (2):
      xfrm: release all offloaded policy memory
      xfrm: Fix leak of dev tracker

Martin Willi (1):
      Revert "Fix XFRM-I support for nested ESP tunnels"

Sabrina Dubroca (1):
      xfrm: don't check the default policy if the policy allows the packet

Tobias Brunner (2):
      xfrm: Reject optional tunnel/BEET mode templates in outbound policies
      af_key: Reject optional tunnel/BEET mode templates in outbound policies

 net/key/af_key.c               | 12 ++++++----
 net/xfrm/xfrm_device.c         |  2 +-
 net/xfrm/xfrm_interface_core.c | 54 ++++--------------------------------------
 net/xfrm/xfrm_policy.c         | 20 +++++-----------
 net/xfrm/xfrm_user.c           | 15 ++++++++----
 5 files changed, 29 insertions(+), 74 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ