| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241022092226.654370-1-steffen.klassert@secunet.com>
Date: Tue, 22 Oct 2024 11:22:21 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert
<steffen.klassert@...unet.com>, <netdev@...r.kernel.org>
Subject: [PATCH 0/5] pull request (net): ipsec 2024-10-22
1) Fix routing behavior that relies on L4 information
for xfrm encapsulated packets.
From Eyal Birger.
2) Remove leftovers of pernet policy_inexact lists.
From Florian Westphal.
3) Validate new SA's prefixlen when the selector family is
not set from userspace.
From Sabrina Dubroca.
4) Fix a kernel-infoleak when dumping an auth algorithm.
From Petr Vaganov.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 7ebf44c910690a7097442d4dd68f12315569b2f4:
MAINTAINERS: adjust file entry of the oa_tc6 header (2024-09-22 19:55:04 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git tags/ipsec-2024-10-22
for you to fetch changes up to 6889cd2a93e1e3606b3f6e958aa0924e836de4d2:
xfrm: fix one more kernel-infoleak in algo dumping (2024-10-11 09:00:03 +0200)
----------------------------------------------------------------
ipsec-2024-10-22
----------------------------------------------------------------
Eyal Birger (2):
xfrm: extract dst lookup parameters into a struct
xfrm: respect ip protocols rules criteria when performing dst lookups
Florian Westphal (1):
xfrm: policy: remove last remnants of pernet inexact list
Petr Vaganov (1):
xfrm: fix one more kernel-infoleak in algo dumping
Sabrina Dubroca (1):
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
include/net/netns/xfrm.h | 1 -
include/net/xfrm.h | 28 +++++++++++++------------
net/ipv4/xfrm4_policy.c | 40 ++++++++++++++++--------------------
net/ipv6/xfrm6_policy.c | 31 ++++++++++++++--------------
net/xfrm/xfrm_device.c | 11 +++++++---
net/xfrm/xfrm_policy.c | 53 ++++++++++++++++++++++++++++++++++--------------
net/xfrm/xfrm_user.c | 10 +++++++--
7 files changed, 103 insertions(+), 71 deletions(-)
Powered by blists - more mailing lists