lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251008125942.25056-1-fw@strlen.de>
Date: Wed,  8 Oct 2025 14:59:38 +0200
From: Florian Westphal <fw@...len.de>
To: <netdev@...r.kernel.org>
Cc: Paolo Abeni <pabeni@...hat.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	<netfilter-devel@...r.kernel.org>,
	pablo@...filter.org
Subject: [PATCH net 0/4] netfilter: updates for net

The following patchset contains Netfilter fixes for *net*:

1) Fix crash (call recursion) when nftables synproxy extension is used
   in an object map.  When this feature was added in v5.4 the required
   hook call validation was forgotten.
   Fix from Fernando Fernandez Mancera.
2) bridge br_vlan_fill_forward_path_pvid uses incorrect
   rcu_dereference_protected(); we only have rcu read lock but not
   RTNL.  Fix from Eric Woudstra.

Last two patches address flakes in two existing selftests.

Please, pull these changes from:
The following changes since commit 2c95a756e0cfc19af6d0b32b0c6cf3bada334998:

  net: pse-pd: tps23881: Fix current measurement scaling (2025-10-07 18:30:53 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-25-10-08

for you to fetch changes up to e84945bdc619ed4243ba4298dbb8ca2062026474:

  selftests: netfilter: query conntrack state to check for port clash resolution (2025-10-08 13:17:31 +0200)

----------------------------------------------------------------
netfilter pull request nf-25-10-08

----------------------------------------------------------------
Eric Woudstra (1):
      bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()

Fernando Fernandez Mancera (1):
      netfilter: nft_objref: validate objref and objrefmap expressions

Florian Westphal (2):
      selftests: netfilter: nft_fib.sh: fix spurious test failures
      selftests: netfilter: query conntrack state to check for port clash resolution

 net/bridge/br_vlan.c                               |  2 +-
 net/netfilter/nft_objref.c                         | 39 +++++++++++++++
 .../selftests/net/netfilter/nf_nat_edemux.sh       | 58 +++++++++++++++-------
 tools/testing/selftests/net/netfilter/nft_fib.sh   | 13 +++--
 4 files changed, 89 insertions(+), 23 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ