diff --git a/SOURCES/0001-main-enforce-options-before-commands.patch b/SOURCES/0001-main-enforce-options-before-commands.patch index 45b750c..f1401bd 100644 --- a/SOURCES/0001-main-enforce-options-before-commands.patch +++ b/SOURCES/0001-main-enforce-options-before-commands.patch @@ -27,17 +27,17 @@ Date: Fri Dec 13 11:32:46 2019 +0100 Signed-off-by: Pablo Neira Ayuso --- - src/main.c | 46 +++++++++++++++++++++- - tests/shell/testcases/cache/0001_cache_handling_0 | 2 +- - tests/shell/testcases/chains/0016delete_handle_0 | 4 +- - .../shell/testcases/chains/0039negative_priority_0 | 8 ++++ - .../shell/testcases/flowtable/0010delete_handle_0 | 2 +- - .../shell/testcases/maps/0008interval_map_delete_0 | 2 +- - tests/shell/testcases/optionals/comments_0 | 2 +- - tests/shell/testcases/optionals/comments_handles_0 | 2 +- - .../testcases/optionals/delete_object_handles_0 | 4 +- - tests/shell/testcases/optionals/handles_0 | 2 +- - tests/shell/testcases/sets/0028delete_handle_0 | 2 +- + src/main.c | 46 ++++++++++++++++++- + .../testcases/cache/0001_cache_handling_0 | 2 +- + .../testcases/chains/0016delete_handle_0 | 4 +- + .../testcases/chains/0039negative_priority_0 | 8 ++++ + .../testcases/flowtable/0010delete_handle_0 | 2 +- + .../testcases/maps/0008interval_map_delete_0 | 2 +- + tests/shell/testcases/optionals/comments_0 | 2 +- + .../testcases/optionals/comments_handles_0 | 2 +- + .../optionals/delete_object_handles_0 | 4 +- + tests/shell/testcases/optionals/handles_0 | 2 +- + .../shell/testcases/sets/0028delete_handle_0 | 2 +- 11 files changed, 64 insertions(+), 12 deletions(-) create mode 100755 tests/shell/testcases/chains/0039negative_priority_0 @@ -240,5 +240,5 @@ index 4e8b322..5ad17c2 100755 EXPECTED="table ip test-ip { -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0002-main-restore-debug.patch b/SOURCES/0002-main-restore-debug.patch index 442f24b..9bd8b72 100644 --- a/SOURCES/0002-main-restore-debug.patch +++ b/SOURCES/0002-main-restore-debug.patch @@ -46,5 +46,5 @@ index 74199f9..6ab1b89 100644 !strcmp(argv[i], "--file")) { skip = true; -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0003-monitor-Do-not-decompose-non-anonymous-sets.patch b/SOURCES/0003-monitor-Do-not-decompose-non-anonymous-sets.patch index 5f1d629..6611382 100644 --- a/SOURCES/0003-monitor-Do-not-decompose-non-anonymous-sets.patch +++ b/SOURCES/0003-monitor-Do-not-decompose-non-anonymous-sets.patch @@ -64,5 +64,5 @@ index 0000000..59930c5 +O - +J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": "@s"}}]}}} -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0004-monitor-Fix-output-for-ranges-in-anonymous-sets.patch b/SOURCES/0004-monitor-Fix-output-for-ranges-in-anonymous-sets.patch index 42209e3..90f2aea 100644 --- a/SOURCES/0004-monitor-Fix-output-for-ranges-in-anonymous-sets.patch +++ b/SOURCES/0004-monitor-Fix-output-for-ranges-in-anonymous-sets.patch @@ -76,5 +76,5 @@ index 59930c5..1fbcfe2 100644 +O - +J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [20, {"range": [30, 40]}]}}}]}}} -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0005-xfrm-spi-is-big-endian.patch b/SOURCES/0005-xfrm-spi-is-big-endian.patch index 8dd30e8..e7ee4af 100644 --- a/SOURCES/0005-xfrm-spi-is-big-endian.patch +++ b/SOURCES/0005-xfrm-spi-is-big-endian.patch @@ -47,5 +47,5 @@ index 6049c66..c46a226 100644 [ cmp lte reg 1 0x31020000 ] -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0006-tests-shell-Search-diff-tool-once-and-for-all.patch b/SOURCES/0006-tests-shell-Search-diff-tool-once-and-for-all.patch index e6adbfc..e1e9c1f 100644 --- a/SOURCES/0006-tests-shell-Search-diff-tool-once-and-for-all.patch +++ b/SOURCES/0006-tests-shell-Search-diff-tool-once-and-for-all.patch @@ -25,39 +25,39 @@ Date: Tue Jan 14 16:50:35 2020 +0100 Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- - tests/shell/run-tests.sh | 7 ++++++- - tests/shell/testcases/flowtable/0010delete_handle_0 | 3 +-- - tests/shell/testcases/listing/0003table_0 | 6 ++---- - tests/shell/testcases/listing/0004table_0 | 3 +-- - tests/shell/testcases/listing/0005ruleset_ip_0 | 3 +-- - tests/shell/testcases/listing/0006ruleset_ip6_0 | 3 +-- - tests/shell/testcases/listing/0007ruleset_inet_0 | 3 +-- - tests/shell/testcases/listing/0008ruleset_arp_0 | 3 +-- - tests/shell/testcases/listing/0009ruleset_bridge_0 | 3 +-- - tests/shell/testcases/listing/0010sets_0 | 3 +-- - tests/shell/testcases/listing/0011sets_0 | 3 +-- - tests/shell/testcases/listing/0012sets_0 | 3 +-- - tests/shell/testcases/listing/0013objects_0 | 3 +-- - tests/shell/testcases/listing/0014objects_0 | 6 ++---- - tests/shell/testcases/listing/0015dynamic_0 | 3 +-- - tests/shell/testcases/listing/0017objects_0 | 3 +-- - tests/shell/testcases/listing/0018data_0 | 3 +-- - tests/shell/testcases/listing/0019set_0 | 3 +-- - tests/shell/testcases/listing/0020flowtable_0 | 3 +-- - tests/shell/testcases/maps/0003map_add_many_elements_0 | 3 +-- - tests/shell/testcases/maps/0004interval_map_create_once_0 | 3 +-- - tests/shell/testcases/maps/0008interval_map_delete_0 | 3 +-- - tests/shell/testcases/netns/0001nft-f_0 | 3 +-- - tests/shell/testcases/netns/0002loosecommands_0 | 3 +-- - tests/shell/testcases/netns/0003many_0 | 3 +-- - tests/shell/testcases/nft-f/0016redefines_1 | 3 +-- - tests/shell/testcases/optionals/delete_object_handles_0 | 3 +-- - tests/shell/testcases/optionals/update_object_handles_0 | 3 +-- - .../shell/testcases/rule_management/0001addinsertposition_0 | 12 ++++-------- - tests/shell/testcases/sets/0028delete_handle_0 | 3 +-- - tests/shell/testcases/sets/0036add_set_element_expiration_0 | 5 ++++- - tests/shell/testcases/transactions/0003table_0 | 4 +--- - tests/shell/testcases/transactions/0040set_0 | 3 +-- + tests/shell/run-tests.sh | 7 ++++++- + tests/shell/testcases/flowtable/0010delete_handle_0 | 3 +-- + tests/shell/testcases/listing/0003table_0 | 6 ++---- + tests/shell/testcases/listing/0004table_0 | 3 +-- + tests/shell/testcases/listing/0005ruleset_ip_0 | 3 +-- + tests/shell/testcases/listing/0006ruleset_ip6_0 | 3 +-- + tests/shell/testcases/listing/0007ruleset_inet_0 | 3 +-- + tests/shell/testcases/listing/0008ruleset_arp_0 | 3 +-- + tests/shell/testcases/listing/0009ruleset_bridge_0 | 3 +-- + tests/shell/testcases/listing/0010sets_0 | 3 +-- + tests/shell/testcases/listing/0011sets_0 | 3 +-- + tests/shell/testcases/listing/0012sets_0 | 3 +-- + tests/shell/testcases/listing/0013objects_0 | 3 +-- + tests/shell/testcases/listing/0014objects_0 | 6 ++---- + tests/shell/testcases/listing/0015dynamic_0 | 3 +-- + tests/shell/testcases/listing/0017objects_0 | 3 +-- + tests/shell/testcases/listing/0018data_0 | 3 +-- + tests/shell/testcases/listing/0019set_0 | 3 +-- + tests/shell/testcases/listing/0020flowtable_0 | 3 +-- + .../shell/testcases/maps/0003map_add_many_elements_0 | 3 +-- + .../testcases/maps/0004interval_map_create_once_0 | 3 +-- + tests/shell/testcases/maps/0008interval_map_delete_0 | 3 +-- + tests/shell/testcases/netns/0001nft-f_0 | 3 +-- + tests/shell/testcases/netns/0002loosecommands_0 | 3 +-- + tests/shell/testcases/netns/0003many_0 | 3 +-- + tests/shell/testcases/nft-f/0016redefines_1 | 3 +-- + .../testcases/optionals/delete_object_handles_0 | 3 +-- + .../testcases/optionals/update_object_handles_0 | 3 +-- + .../rule_management/0001addinsertposition_0 | 12 ++++-------- + tests/shell/testcases/sets/0028delete_handle_0 | 3 +-- + .../testcases/sets/0036add_set_element_expiration_0 | 5 ++++- + tests/shell/testcases/transactions/0003table_0 | 4 +--- + tests/shell/testcases/transactions/0040set_0 | 3 +-- 33 files changed, 46 insertions(+), 75 deletions(-) diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh @@ -569,5 +569,5 @@ index a404abc..468816b 100755 fi -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0007-cache-Fix-for-doubled-output-after-reset-command.patch b/SOURCES/0007-cache-Fix-for-doubled-output-after-reset-command.patch index b1aba78..2374687 100644 --- a/SOURCES/0007-cache-Fix-for-doubled-output-after-reset-command.patch +++ b/SOURCES/0007-cache-Fix-for-doubled-output-after-reset-command.patch @@ -81,5 +81,5 @@ index 3bd16f2..21200c3 100755 + exit 1 +fi -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0008-netlink-Fix-leak-in-unterminated-string-deserializer.patch b/SOURCES/0008-netlink-Fix-leak-in-unterminated-string-deserializer.patch index b15c611..414c39f 100644 --- a/SOURCES/0008-netlink-Fix-leak-in-unterminated-string-deserializer.patch +++ b/SOURCES/0008-netlink-Fix-leak-in-unterminated-string-deserializer.patch @@ -47,5 +47,5 @@ index 154353b..06a0312 100644 static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp) -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0009-netlink-Fix-leaks-in-netlink_parse_cmp.patch b/SOURCES/0009-netlink-Fix-leaks-in-netlink_parse_cmp.patch index 46e878c..9043fb1 100644 --- a/SOURCES/0009-netlink-Fix-leaks-in-netlink_parse_cmp.patch +++ b/SOURCES/0009-netlink-Fix-leaks-in-netlink_parse_cmp.patch @@ -71,5 +71,5 @@ index 06a0312..88dbd5a 100644 static void netlink_parse_lookup(struct netlink_parse_ctx *ctx, -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0010-netlink-Avoid-potential-NULL-pointer-deref-in-netlin.patch b/SOURCES/0010-netlink-Avoid-potential-NULL-pointer-deref-in-netlin.patch index b48f1e6..b772afc 100644 --- a/SOURCES/0010-netlink-Avoid-potential-NULL-pointer-deref-in-netlin.patch +++ b/SOURCES/0010-netlink-Avoid-potential-NULL-pointer-deref-in-netlin.patch @@ -38,5 +38,5 @@ index 498326d..cb1b7fe 100644 nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_FLAGS, NFT_PAYLOAD_L4CSUM_PSEUDOHDR); -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0011-tests-json_echo-Fix-for-Python3.patch b/SOURCES/0011-tests-json_echo-Fix-for-Python3.patch index f907886..be98168 100644 --- a/SOURCES/0011-tests-json_echo-Fix-for-Python3.patch +++ b/SOURCES/0011-tests-json_echo-Fix-for-Python3.patch @@ -35,5 +35,5 @@ index a636d5f..fa7d69a 100755 if not k in data: continue -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0012-tests-json_echo-Support-testing-host-binaries.patch b/SOURCES/0012-tests-json_echo-Support-testing-host-binaries.patch index c2958df..88cfa7f 100644 --- a/SOURCES/0012-tests-json_echo-Support-testing-host-binaries.patch +++ b/SOURCES/0012-tests-json_echo-Support-testing-host-binaries.patch @@ -64,5 +64,5 @@ index fa7d69a..36a377a 100755 # various commands to work with -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0013-tests-monitor-Support-running-individual-test-cases.patch b/SOURCES/0013-tests-monitor-Support-running-individual-test-cases.patch index 26c9079..deef550 100644 --- a/SOURCES/0013-tests-monitor-Support-running-individual-test-cases.patch +++ b/SOURCES/0013-tests-monitor-Support-running-individual-test-cases.patch @@ -60,5 +60,5 @@ index 0478cf6..efacdaa 100755 # files are like this: # -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0014-tests-monitor-Support-testing-host-s-nft-binary.patch b/SOURCES/0014-tests-monitor-Support-testing-host-s-nft-binary.patch index 502b623..8ab1067 100644 --- a/SOURCES/0014-tests-monitor-Support-testing-host-s-nft-binary.patch +++ b/SOURCES/0014-tests-monitor-Support-testing-host-s-nft-binary.patch @@ -36,5 +36,5 @@ index efacdaa..ffb833a 100755 testcases+=" $1" shift -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0015-tests-py-Support-testing-host-binaries.patch b/SOURCES/0015-tests-py-Support-testing-host-binaries.patch index 007fc9b..8e0cf3d 100644 --- a/SOURCES/0015-tests-py-Support-testing-host-binaries.patch +++ b/SOURCES/0015-tests-py-Support-testing-host-binaries.patch @@ -72,5 +72,5 @@ index 6edca3c..01ee6c9 100755 test_files = files_ok = run_total = 0 tests = passed = warnings = errors = 0 -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0016-doc-nft.8-Mention-wildcard-interface-matching.patch b/SOURCES/0016-doc-nft.8-Mention-wildcard-interface-matching.patch index f534eec..c4bc399 100644 --- a/SOURCES/0016-doc-nft.8-Mention-wildcard-interface-matching.patch +++ b/SOURCES/0016-doc-nft.8-Mention-wildcard-interface-matching.patch @@ -39,5 +39,5 @@ index 5473d59..a5cab9d 100644 [options="header"] |================== -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0017-scanner-Extend-asteriskstring-definition.patch b/SOURCES/0017-scanner-Extend-asteriskstring-definition.patch index 09717b0..6468662 100644 --- a/SOURCES/0017-scanner-Extend-asteriskstring-definition.patch +++ b/SOURCES/0017-scanner-Extend-asteriskstring-definition.patch @@ -35,5 +35,5 @@ index d32adf4..7daf5c1 100644 slash \/ -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0018-parser-add-a-helper-for-concat-expression-handling.patch b/SOURCES/0018-parser-add-a-helper-for-concat-expression-handling.patch index 5a93472..d973cdf 100644 --- a/SOURCES/0018-parser-add-a-helper-for-concat-expression-handling.patch +++ b/SOURCES/0018-parser-add-a-helper-for-concat-expression-handling.patch @@ -16,7 +16,7 @@ Date: Wed Dec 11 14:31:44 2019 +0100 Signed-off-by: Florian Westphal --- - src/parser_bison.y | 99 ++++++++++++++++++++++++------------------------------ + src/parser_bison.y | 99 ++++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 56 deletions(-) diff --git a/src/parser_bison.y b/src/parser_bison.y @@ -158,5 +158,5 @@ index 707f467..0fd9b94 100644 ; -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0019-include-resync-nf_tables.h-cache-copy.patch b/SOURCES/0019-include-resync-nf_tables.h-cache-copy.patch index bd55b39..af7fa1b 100644 --- a/SOURCES/0019-include-resync-nf_tables.h-cache-copy.patch +++ b/SOURCES/0019-include-resync-nf_tables.h-cache-copy.patch @@ -33,7 +33,7 @@ index ed8881a..1a99df3 100644 /** * enum nft_verdicts - nf_tables internal verdicts -@@ -299,15 +300,29 @@ enum nft_set_policies { +@@ -299,14 +300,28 @@ enum nft_set_policies { * enum nft_set_desc_attributes - set element description * * @NFTA_SET_DESC_SIZE: number of elements in set (NLA_U32) @@ -47,7 +47,7 @@ index ed8881a..1a99df3 100644 }; #define NFTA_SET_DESC_MAX (__NFTA_SET_DESC_MAX - 1) - /** ++/** + * enum nft_set_field_attributes - attributes of concatenated fields + * + * @NFTA_SET_FIELD_LEN: length of single field, in bits (NLA_U32) @@ -59,10 +59,9 @@ index ed8881a..1a99df3 100644 +}; +#define NFTA_SET_FIELD_MAX (__NFTA_SET_FIELD_MAX - 1) + -+/** + /** * enum nft_set_attributes - nf_tables set netlink attributes * - * @NFTA_SET_TABLE: table name (NLA_STRING) @@ -368,6 +383,7 @@ enum nft_set_elem_flags { * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY) * @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes) @@ -80,5 +79,5 @@ index ed8881a..1a99df3 100644 }; #define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1) -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0020-src-Add-support-for-NFTNL_SET_DESC_CONCAT.patch b/SOURCES/0020-src-Add-support-for-NFTNL_SET_DESC_CONCAT.patch index 663f661..01d4785 100644 --- a/SOURCES/0020-src-Add-support-for-NFTNL_SET_DESC_CONCAT.patch +++ b/SOURCES/0020-src-Add-support-for-NFTNL_SET_DESC_CONCAT.patch @@ -177,5 +177,5 @@ index 3ca1805..4669577 100644 return new_set; } -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0021-src-Add-support-for-concatenated-set-ranges.patch b/SOURCES/0021-src-Add-support-for-concatenated-set-ranges.patch index 00f8f9e..5d9101b 100644 --- a/SOURCES/0021-src-Add-support-for-concatenated-set-ranges.patch +++ b/SOURCES/0021-src-Add-support-for-concatenated-set-ranges.patch @@ -82,12 +82,12 @@ Date: Thu Jan 30 01:16:57 2020 +0100 Signed-off-by: Pablo Neira Ayuso --- include/expression.h | 1 + - include/rule.h | 5 +++ - src/evaluate.c | 5 +++ - src/netlink.c | 109 +++++++++++++++++++++++++++++++++++------------ - src/parser_bison.y | 17 ++++++-- - src/rule.c | 13 +++--- - src/segtree.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++ + include/rule.h | 5 ++ + src/evaluate.c | 5 ++ + src/netlink.c | 109 +++++++++++++++++++++++++++++----------- + src/parser_bison.y | 17 +++++-- + src/rule.c | 13 ++--- + src/segtree.c | 117 +++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 229 insertions(+), 38 deletions(-) diff --git a/include/expression.h b/include/expression.h @@ -573,5 +573,5 @@ index 7217dbc..e859f84 100644 { struct expr **elements, **ranges; -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0022-parser_json-Support-ranges-in-concat-expressions.patch b/SOURCES/0022-parser_json-Support-ranges-in-concat-expressions.patch index 5ee20ac..665aa6b 100644 --- a/SOURCES/0022-parser_json-Support-ranges-in-concat-expressions.patch +++ b/SOURCES/0022-parser_json-Support-ranges-in-concat-expressions.patch @@ -20,7 +20,7 @@ Date: Fri Mar 6 16:15:48 2020 +0100 Signed-off-by: Phil Sutter Acked-by: Eric Garver --- - src/parser_json.c | 51 +++++++++++++++++++++++++++++---------------------- + src/parser_json.c | 51 +++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/src/parser_json.c b/src/parser_json.c @@ -115,5 +115,5 @@ index 031930e..c48faa8 100644 { if (json_is_string(root)) { -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0023-doc-Document-notrack-statement.patch b/SOURCES/0023-doc-Document-notrack-statement.patch index 4c31fc5..d0aa129 100644 --- a/SOURCES/0023-doc-Document-notrack-statement.patch +++ b/SOURCES/0023-doc-Document-notrack-statement.patch @@ -47,5 +47,5 @@ index 3b82436..749533a 100644 ~~~~~~~~~~~~~~ A meta statement sets the value of a meta expression. The existing meta fields -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0024-JSON-Improve-performance-of-json_events_cb.patch b/SOURCES/0024-JSON-Improve-performance-of-json_events_cb.patch index f7ed167..baa1dca 100644 --- a/SOURCES/0024-JSON-Improve-performance-of-json_events_cb.patch +++ b/SOURCES/0024-JSON-Improve-performance-of-json_events_cb.patch @@ -49,5 +49,5 @@ index c48faa8..ce8e566 100644 tmp = json_object_get(json, "add"); -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0025-segtree-Fix-missing-expires-value-in-prefixes.patch b/SOURCES/0025-segtree-Fix-missing-expires-value-in-prefixes.patch index 3f829d4..06b95e6 100644 --- a/SOURCES/0025-segtree-Fix-missing-expires-value-in-prefixes.patch +++ b/SOURCES/0025-segtree-Fix-missing-expires-value-in-prefixes.patch @@ -38,5 +38,5 @@ index e859f84..1ba4363 100644 } -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0026-segtree-Use-expr_clone-in-get_set_interval_.patch b/SOURCES/0026-segtree-Use-expr_clone-in-get_set_interval_.patch index 5b3fd97..f54752a 100644 --- a/SOURCES/0026-segtree-Use-expr_clone-in-get_set_interval_.patch +++ b/SOURCES/0026-segtree-Use-expr_clone-in-get_set_interval_.patch @@ -51,5 +51,5 @@ index 1ba4363..dc4db6b 100644 } break; -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0027-segtree-Merge-get_set_interval_find-and-get_set_inte.patch b/SOURCES/0027-segtree-Merge-get_set_interval_find-and-get_set_inte.patch index f67ee6b..2506813 100644 --- a/SOURCES/0027-segtree-Merge-get_set_interval_find-and-get_set_inte.patch +++ b/SOURCES/0027-segtree-Merge-get_set_interval_find-and-get_set_inte.patch @@ -21,7 +21,7 @@ Date: Thu Apr 30 13:57:35 2020 +0200 Signed-off-by: Phil Sutter --- - src/segtree.c | 63 +++++++++++++++-------------------------------------------- + src/segtree.c | 63 +++++++++++++-------------------------------------- 1 file changed, 16 insertions(+), 47 deletions(-) diff --git a/src/segtree.c b/src/segtree.c @@ -127,5 +127,5 @@ index dc4db6b..6e1f696 100644 compound_expr_add(new_init, range); else -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0028-tests-0034get_element_0-do-not-discard-stderr.patch b/SOURCES/0028-tests-0034get_element_0-do-not-discard-stderr.patch index 78e70d9..b8615d6 100644 --- a/SOURCES/0028-tests-0034get_element_0-do-not-discard-stderr.patch +++ b/SOURCES/0028-tests-0034get_element_0-do-not-discard-stderr.patch @@ -37,5 +37,5 @@ index c7e7298..e23dbda 100755 out="${out#* \{ }" out="${out% \}}" -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0029-segtree-Fix-get-element-command-with-prefixes.patch b/SOURCES/0029-segtree-Fix-get-element-command-with-prefixes.patch index 22cb037..7d699a6 100644 --- a/SOURCES/0029-segtree-Fix-get-element-command-with-prefixes.patch +++ b/SOURCES/0029-segtree-Fix-get-element-command-with-prefixes.patch @@ -23,7 +23,7 @@ Date: Thu Apr 30 14:02:44 2020 +0200 Signed-off-by: Phil Sutter --- src/segtree.c | 1 + - tests/shell/testcases/sets/0034get_element_0 | 62 ++++++++++++++++++++-------- + tests/shell/testcases/sets/0034get_element_0 | 62 ++++++++++++++------ 2 files changed, 45 insertions(+), 18 deletions(-) diff --git a/src/segtree.c b/src/segtree.c @@ -131,5 +131,5 @@ index e23dbda..3343529 100755 exit $RC -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0030-include-Resync-nf_tables.h-cache-copy.patch b/SOURCES/0030-include-Resync-nf_tables.h-cache-copy.patch index 6f68126..12fcf75 100644 --- a/SOURCES/0030-include-Resync-nf_tables.h-cache-copy.patch +++ b/SOURCES/0030-include-Resync-nf_tables.h-cache-copy.patch @@ -41,5 +41,5 @@ index 1a99df3..9b54a86 100644 /** -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0031-src-Set-NFT_SET_CONCAT-flag-for-sets-with-concatenat.patch b/SOURCES/0031-src-Set-NFT_SET_CONCAT-flag-for-sets-with-concatenat.patch index 60b1a0d..d8149bf 100644 --- a/SOURCES/0031-src-Set-NFT_SET_CONCAT-flag-for-sets-with-concatenat.patch +++ b/SOURCES/0031-src-Set-NFT_SET_CONCAT-flag-for-sets-with-concatenat.patch @@ -68,5 +68,5 @@ index 0c84816..f66251b 100644 if (set_is_datamap(set->flags)) { -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0032-src-store-expr-not-dtype-to-track-data-in-sets.patch b/SOURCES/0032-src-store-expr-not-dtype-to-track-data-in-sets.patch index 9428a85..4fa4cf1 100644 --- a/SOURCES/0032-src-store-expr-not-dtype-to-track-data-in-sets.patch +++ b/SOURCES/0032-src-store-expr-not-dtype-to-track-data-in-sets.patch @@ -46,18 +46,18 @@ Date: Tue Jul 16 19:03:55 2019 +0200 --- include/datatype.h | 1 - include/netlink.h | 1 - - include/rule.h | 6 ++---- - src/datatype.c | 5 ----- - src/evaluate.c | 58 +++++++++++++++++++++++++++++++++++++----------------- + include/rule.h | 6 ++--- + src/datatype.c | 5 ---- + src/evaluate.c | 58 ++++++++++++++++++++++++++++++++-------------- src/expression.c | 2 +- src/json.c | 4 ++-- - src/mnl.c | 6 +++--- + src/mnl.c | 6 ++--- src/monitor.c | 2 +- - src/netlink.c | 32 ++++++++++++++---------------- + src/netlink.c | 32 ++++++++++++------------- src/parser_bison.y | 3 +-- - src/parser_json.c | 8 ++++++-- - src/rule.c | 8 ++++---- - src/segtree.c | 8 ++++++-- + src/parser_json.c | 8 +++++-- + src/rule.c | 8 +++---- + src/segtree.c | 8 +++++-- 14 files changed, 81 insertions(+), 63 deletions(-) diff --git a/include/datatype.h b/include/datatype.h @@ -499,5 +499,5 @@ index 073c6ec..d6e3ce2 100644 tree->debug_mask = debug_mask; } -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0033-evaluate-Perform-set-evaluation-on-implicitly-declar.patch b/SOURCES/0033-evaluate-Perform-set-evaluation-on-implicitly-declar.patch index 95ce04e..1d5b5fc 100644 --- a/SOURCES/0033-evaluate-Perform-set-evaluation-on-implicitly-declar.patch +++ b/SOURCES/0033-evaluate-Perform-set-evaluation-on-implicitly-declar.patch @@ -116,5 +116,5 @@ index 578dcae..fc45cef 100644 } -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0034-evaluate-missing-datatype-definition-in-implicit_set.patch b/SOURCES/0034-evaluate-missing-datatype-definition-in-implicit_set.patch index e96c30c..3b7244d 100644 --- a/SOURCES/0034-evaluate-missing-datatype-definition-in-implicit_set.patch +++ b/SOURCES/0034-evaluate-missing-datatype-definition-in-implicit_set.patch @@ -33,9 +33,9 @@ Date: Sun Jun 7 15:23:21 2020 +0200 Reviewed-by: Stefano Brivio Signed-off-by: Pablo Neira Ayuso --- - src/evaluate.c | 22 ++++++++++++---------- - tests/shell/testcases/maps/0009vmap_0 | 19 +++++++++++++++++++ - tests/shell/testcases/maps/dumps/0009vmap_0 | 13 +++++++++++++ + src/evaluate.c | 22 +++++++++++---------- + tests/shell/testcases/maps/0009vmap_0 | 19 ++++++++++++++++++ + tests/shell/testcases/maps/dumps/0009vmap_0 | 13 ++++++++++++ 3 files changed, 44 insertions(+), 10 deletions(-) create mode 100755 tests/shell/testcases/maps/0009vmap_0 create mode 100644 tests/shell/testcases/maps/dumps/0009vmap_0 @@ -163,5 +163,5 @@ index 0000000..540a8af + } +} -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0035-mergesort-unbreak-listing-with-binops.patch b/SOURCES/0035-mergesort-unbreak-listing-with-binops.patch index 1ce1b28..7171ddd 100644 --- a/SOURCES/0035-mergesort-unbreak-listing-with-binops.patch +++ b/SOURCES/0035-mergesort-unbreak-listing-with-binops.patch @@ -84,5 +84,5 @@ index 55f1bc2..076e562 100644 + [ lookup reg 1 set __set%d ] + -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0036-proto-add-sctp-crc32-checksum-fixup.patch b/SOURCES/0036-proto-add-sctp-crc32-checksum-fixup.patch index 495b8bb..a9e9f8c 100644 --- a/SOURCES/0036-proto-add-sctp-crc32-checksum-fixup.patch +++ b/SOURCES/0036-proto-add-sctp-crc32-checksum-fixup.patch @@ -130,5 +130,5 @@ index 40ce590..8360abf 100644 [ICMP6HDR_TYPE] = ICMP6HDR_TYPE("type", &icmp6_type_type, icmp6_type), [ICMP6HDR_CODE] = ICMP6HDR_TYPE("code", &icmpv6_code_type, icmp6_code), -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0037-proto-Fix-ARP-header-field-ordering.patch b/SOURCES/0037-proto-Fix-ARP-header-field-ordering.patch index e29a957..8a0782d 100644 --- a/SOURCES/0037-proto-Fix-ARP-header-field-ordering.patch +++ b/SOURCES/0037-proto-Fix-ARP-header-field-ordering.patch @@ -35,11 +35,11 @@ Date: Tue Nov 10 13:07:49 2020 +0100 --- include/proto.h | 2 +- src/proto.c | 2 +- - tests/py/arp/arp.t | 3 +++ - tests/py/arp/arp.t.json | 56 +++++++++++++++++++++++++++++++++++++++ - tests/py/arp/arp.t.json.output | 28 ++++++++++++++++++++ - tests/py/arp/arp.t.payload | 10 +++++++ - tests/py/arp/arp.t.payload.netdev | 14 ++++++++++ + tests/py/arp/arp.t | 3 ++ + tests/py/arp/arp.t.json | 56 +++++++++++++++++++++++++++++++ + tests/py/arp/arp.t.json.output | 28 ++++++++++++++++ + tests/py/arp/arp.t.payload | 10 ++++++ + tests/py/arp/arp.t.payload.netdev | 14 ++++++++ 7 files changed, 113 insertions(+), 2 deletions(-) diff --git a/include/proto.h b/include/proto.h @@ -229,5 +229,5 @@ index 667691f..f57610c 100644 + [ cmp eq reg 1 0x0101a8c0 0xc000edfe 0x0000eeff ] + -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0038-json-echo-Speedup-seqnum_to_json.patch b/SOURCES/0038-json-echo-Speedup-seqnum_to_json.patch index 31d0eca..a62f001 100644 --- a/SOURCES/0038-json-echo-Speedup-seqnum_to_json.patch +++ b/SOURCES/0038-json-echo-Speedup-seqnum_to_json.patch @@ -104,5 +104,5 @@ index ddc694f..107dc38 100644 } -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0039-json-Fix-seqnum_to_json-functionality.patch b/SOURCES/0039-json-Fix-seqnum_to_json-functionality.patch index b07dcff..73e9ad1 100644 --- a/SOURCES/0039-json-Fix-seqnum_to_json-functionality.patch +++ b/SOURCES/0039-json-Fix-seqnum_to_json-functionality.patch @@ -112,5 +112,5 @@ index 107dc38..785f0e7 100644 tmp = json_object_get(json, "add"); if (!tmp) -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0040-json-don-t-leave-dangling-pointers-on-hlist.patch b/SOURCES/0040-json-don-t-leave-dangling-pointers-on-hlist.patch index a415cc2..165db16 100644 --- a/SOURCES/0040-json-don-t-leave-dangling-pointers-on-hlist.patch +++ b/SOURCES/0040-json-don-t-leave-dangling-pointers-on-hlist.patch @@ -43,5 +43,5 @@ index 785f0e7..986f128 100644 } -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0041-json-init-parser-state-for-every-new-buffer-file.patch b/SOURCES/0041-json-init-parser-state-for-every-new-buffer-file.patch index 2906409..6291fbf 100644 --- a/SOURCES/0041-json-init-parser-state-for-every-new-buffer-file.patch +++ b/SOURCES/0041-json-init-parser-state-for-every-new-buffer-file.patch @@ -42,5 +42,5 @@ index 986f128..662bb4b 100644 if (!nft->json_root) return -EINVAL; -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0042-tests-Disable-tests-known-to-fail-on-RHEL8.patch b/SOURCES/0042-tests-Disable-tests-known-to-fail-on-RHEL8.patch index 9b3f64f..6a866a1 100644 --- a/SOURCES/0042-tests-Disable-tests-known-to-fail-on-RHEL8.patch +++ b/SOURCES/0042-tests-Disable-tests-known-to-fail-on-RHEL8.patch @@ -23,32 +23,30 @@ RHEL8 kernel does not support: Disable all related tests to make the testsuites pass. --- - tests/monitor/testcases/object.t | 14 +++---- - tests/py/any/meta.t | 36 ++++++++--------- - tests/py/bridge/meta.t | 8 ++-- - tests/py/inet/osf.t | 24 +++++------ - tests/py/inet/socket.t | 2 +- - tests/py/inet/synproxy.t | 12 +++--- - tests/py/ip/objects.t | 46 +++++++++++----------- - tests/py/ip6/sets.t | 2 +- - .../testcases/flowtable/0002create_flowtable_0 | 8 ++-- - .../testcases/flowtable/0003add_after_flush_0 | 8 ++-- - .../testcases/flowtable/0004delete_after_add_0 | 6 +-- - .../shell/testcases/flowtable/0005delete_in_use_1 | 10 ++--- - tests/shell/testcases/flowtable/0007prio_0 | 6 +-- - tests/shell/testcases/flowtable/0008prio_1 | 4 +- - .../testcases/flowtable/0009deleteafterflush_0 | 12 +++--- - tests/shell/testcases/listing/0013objects_0 | 2 + - tests/shell/testcases/nft-f/0017ct_timeout_obj_0 | 2 + - .../shell/testcases/nft-f/0018ct_expectation_obj_0 | 2 + - .../testcases/nft-f/dumps/0017ct_timeout_obj_0.nft | 11 ------ - .../nft-f/dumps/0017ct_timeout_obj_0.nft.disabled | 11 ++++++ - .../testcases/optionals/update_object_handles_0 | 2 + - .../sets/0036add_set_element_expiration_0 | 2 + - tests/shell/testcases/transactions/0046set_0 | 2 + - 23 files changed, 122 insertions(+), 110 deletions(-) - delete mode 100644 tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft - create mode 100644 tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled + tests/monitor/testcases/object.t | 14 +++--- + tests/py/any/meta.t | 36 +++++++-------- + tests/py/bridge/meta.t | 8 ++-- + tests/py/inet/osf.t | 24 +++++----- + tests/py/inet/socket.t | 2 +- + tests/py/inet/synproxy.t | 12 ++--- + tests/py/ip/objects.t | 46 +++++++++---------- + tests/py/ip6/sets.t | 2 +- + .../flowtable/0002create_flowtable_0 | 8 ++-- + .../testcases/flowtable/0003add_after_flush_0 | 8 ++-- + .../flowtable/0004delete_after_add_0 | 6 +-- + .../testcases/flowtable/0005delete_in_use_1 | 10 ++-- + tests/shell/testcases/flowtable/0007prio_0 | 6 +-- + tests/shell/testcases/flowtable/0008prio_1 | 4 +- + .../flowtable/0009deleteafterflush_0 | 12 ++--- + tests/shell/testcases/listing/0013objects_0 | 2 + + .../testcases/nft-f/0017ct_timeout_obj_0 | 2 + + .../testcases/nft-f/0018ct_expectation_obj_0 | 2 + + ....nft => 0017ct_timeout_obj_0.nft.disabled} | 0 + .../optionals/update_object_handles_0 | 2 + + .../sets/0036add_set_element_expiration_0 | 2 + + tests/shell/testcases/transactions/0046set_0 | 2 + + 22 files changed, 111 insertions(+), 99 deletions(-) + rename tests/shell/testcases/nft-f/dumps/{0017ct_timeout_obj_0.nft => 0017ct_timeout_obj_0.nft.disabled} (100%) diff --git a/tests/monitor/testcases/object.t b/tests/monitor/testcases/object.t index 2afe33c..1b30384 100644 @@ -422,40 +420,10 @@ index 4f9872f..f518cf7 100755 EXPECTED='table ip filter { ct expectation ctexpect{ protocol tcp -diff --git a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft -deleted file mode 100644 -index 7cff1ed..0000000 ---- a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft -+++ /dev/null -@@ -1,11 +0,0 @@ --table ip filter { -- ct timeout cttime { -- protocol tcp -- l3proto ip -- policy = { established : 123, close : 12 } -- } -- -- chain c { -- ct timeout set "cttime" -- } --} -diff --git a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled -new file mode 100644 -index 0000000..7cff1ed ---- /dev/null -+++ b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled -@@ -0,0 +1,11 @@ -+table ip filter { -+ ct timeout cttime { -+ protocol tcp -+ l3proto ip -+ policy = { established : 123, close : 12 } -+ } -+ -+ chain c { -+ ct timeout set "cttime" -+ } -+} +diff --git a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled +similarity index 100% +rename from tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft +rename to tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled diff --git a/tests/shell/testcases/optionals/update_object_handles_0 b/tests/shell/testcases/optionals/update_object_handles_0 index 8b12b8c..e11b4e7 100755 --- a/tests/shell/testcases/optionals/update_object_handles_0 @@ -493,5 +461,5 @@ index 172e24d..1b24964 100755 add chain ip filter group_7933 add map ip filter group_7933 { type ipv4_addr : classid; flags interval; } -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0043-monitor-Fix-for-use-after-free-when-printing-map-ele.patch b/SOURCES/0043-monitor-Fix-for-use-after-free-when-printing-map-ele.patch index f1d018d..2f86c7a 100644 --- a/SOURCES/0043-monitor-Fix-for-use-after-free-when-printing-map-ele.patch +++ b/SOURCES/0043-monitor-Fix-for-use-after-free-when-printing-map-ele.patch @@ -37,5 +37,5 @@ index 7927b6f..142cc92 100644 dummyset->init = set_expr_alloc(monh->loc, set); -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0044-tests-monitor-use-correct-nft-value-in-EXIT-trap.patch b/SOURCES/0044-tests-monitor-use-correct-nft-value-in-EXIT-trap.patch index 5804349..cfb0df1 100644 --- a/SOURCES/0044-tests-monitor-use-correct-nft-value-in-EXIT-trap.patch +++ b/SOURCES/0044-tests-monitor-use-correct-nft-value-in-EXIT-trap.patch @@ -40,5 +40,5 @@ index ffb833a..c1cacb4 100755 command_file=$(mktemp -p $testdir) output_file=$(mktemp -p $testdir) -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0045-evaluate-Reject-quoted-strings-containing-only-wildc.patch b/SOURCES/0045-evaluate-Reject-quoted-strings-containing-only-wildc.patch index 9d95874..2178c15 100644 --- a/SOURCES/0045-evaluate-Reject-quoted-strings-containing-only-wildc.patch +++ b/SOURCES/0045-evaluate-Reject-quoted-strings-containing-only-wildc.patch @@ -53,5 +53,5 @@ index a966ed4..0181750 100644 memset(unescaped_str, 0, sizeof(unescaped_str)); -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0046-src-Support-odd-sized-payload-matches.patch b/SOURCES/0046-src-Support-odd-sized-payload-matches.patch index f68adc2..9b17f0c 100644 --- a/SOURCES/0046-src-Support-odd-sized-payload-matches.patch +++ b/SOURCES/0046-src-Support-odd-sized-payload-matches.patch @@ -60,5 +60,5 @@ index 3576400..45280ef 100644 break; } -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0047-src-Optimize-prefix-matches-on-byte-boundaries.patch b/SOURCES/0047-src-Optimize-prefix-matches-on-byte-boundaries.patch index ffb3bd1..c6288ac 100644 --- a/SOURCES/0047-src-Optimize-prefix-matches-on-byte-boundaries.patch +++ b/SOURCES/0047-src-Optimize-prefix-matches-on-byte-boundaries.patch @@ -237,5 +237,5 @@ index b2e8363..18b8bcb 100644 # ip6 saddr ::1 ip6 daddr ::2 ip6 test-ip6 input -- -1.8.3.1 +2.31.1 diff --git a/SOURCES/0063-parser_json-Fix-error-reporting-for-invalid-syntax.patch b/SOURCES/0063-parser_json-Fix-error-reporting-for-invalid-syntax.patch new file mode 100644 index 0000000..32f88c4 --- /dev/null +++ b/SOURCES/0063-parser_json-Fix-error-reporting-for-invalid-syntax.patch @@ -0,0 +1,100 @@ +From 8cb078a2f9f69259325c10f479c198349ef01ef2 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 6 Oct 2021 17:24:44 +0200 +Subject: [PATCH] parser_json: Fix error reporting for invalid syntax + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1994141 +Upstream Status: nftables commit 9fe5d1bc18cfa + +commit 9fe5d1bc18cfaed2ecf717e3dd9a97ff5b0e183c +Author: Phil Sutter +Date: Wed Sep 1 16:41:44 2021 +0200 + + parser_json: Fix error reporting for invalid syntax + + Errors emitted by the JSON parser caused BUG() in erec_print() due to + input descriptor values being bogus. + + Due to lack of 'include' support, JSON parser uses a single input + descriptor only and it lived inside the json_ctx object on stack of + nft_parse_json_*() functions. + + By the time errors are printed though, that scope is not valid anymore. + Move the static input descriptor object to avoid this. + + Fixes: 586ad210368b7 ("libnftables: Implement JSON parser") + Signed-off-by: Phil Sutter +--- + src/parser_json.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/src/parser_json.c b/src/parser_json.c +index a069a89..ef4d4fb 100644 +--- a/src/parser_json.c ++++ b/src/parser_json.c +@@ -44,7 +44,6 @@ + #define CTX_F_CONCAT (1 << 8) /* inside concat_expr */ + + struct json_ctx { +- struct input_descriptor indesc; + struct nft_ctx *nft; + struct list_head *msgs; + struct list_head *cmds; +@@ -107,11 +106,12 @@ static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root); + /* parsing helpers */ + + const struct location *int_loc = &internal_location; ++static struct input_descriptor json_indesc; + + static void json_lib_error(struct json_ctx *ctx, json_error_t *err) + { + struct location loc = { +- .indesc = &ctx->indesc, ++ .indesc = &json_indesc, + .line_offset = err->position - err->column, + .first_line = err->line, + .last_line = err->line, +@@ -3864,16 +3864,15 @@ int nft_parse_json_buffer(struct nft_ctx *nft, const char *buf, + struct list_head *msgs, struct list_head *cmds) + { + struct json_ctx ctx = { +- .indesc = { +- .type = INDESC_BUFFER, +- .data = buf, +- }, + .nft = nft, + .msgs = msgs, + .cmds = cmds, + }; + int ret; + ++ json_indesc.type = INDESC_BUFFER; ++ json_indesc.data = buf; ++ + parser_init(nft, nft->state, msgs, cmds, nft->top_scope); + nft->json_root = json_loads(buf, 0, NULL); + if (!nft->json_root) +@@ -3892,10 +3891,6 @@ int nft_parse_json_filename(struct nft_ctx *nft, const char *filename, + struct list_head *msgs, struct list_head *cmds) + { + struct json_ctx ctx = { +- .indesc = { +- .type = INDESC_FILE, +- .name = filename, +- }, + .nft = nft, + .msgs = msgs, + .cmds = cmds, +@@ -3903,6 +3898,9 @@ int nft_parse_json_filename(struct nft_ctx *nft, const char *filename, + json_error_t err; + int ret; + ++ json_indesc.type = INDESC_FILE; ++ json_indesc.name = filename; ++ + parser_init(nft, nft->state, msgs, cmds, nft->top_scope); + nft->json_root = json_load_file(filename, 0, &err); + if (!nft->json_root) +-- +2.31.1 + diff --git a/SOURCES/0064-parser_bison-Fix-for-implicit-declaration-of-isalnum.patch b/SOURCES/0064-parser_bison-Fix-for-implicit-declaration-of-isalnum.patch new file mode 100644 index 0000000..09f6950 --- /dev/null +++ b/SOURCES/0064-parser_bison-Fix-for-implicit-declaration-of-isalnum.patch @@ -0,0 +1,37 @@ +From bb4718fa421938c4a501b9a55df68de16a572f23 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 6 Oct 2021 17:32:04 +0200 +Subject: [PATCH] parser_bison: Fix for implicit declaration of isalnum + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999059 +Upstream Status: nftables commit 7c3b2a7acbdc7 + +commit 7c3b2a7acbdc793b822a230ec0c28086c7d0365d +Author: Phil Sutter +Date: Fri Jun 11 16:03:32 2021 +0200 + + parser_bison: Fix for implicit declaration of isalnum + + Have to include ctype.h to make it known. + + Fixes: e76bb37940181 ("src: allow for variables in the log prefix string") + Signed-off-by: Phil Sutter +--- + src/parser_bison.y | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/parser_bison.y b/src/parser_bison.y +index 5ab5744..d38ec30 100644 +--- a/src/parser_bison.y ++++ b/src/parser_bison.y +@@ -10,6 +10,7 @@ + + %{ + ++#include + #include + #include + #include +-- +2.31.1 + diff --git a/SOURCES/0065-parser_json-Fix-for-memleak-in-tcp-option-error-path.patch b/SOURCES/0065-parser_json-Fix-for-memleak-in-tcp-option-error-path.patch new file mode 100644 index 0000000..0f6e5ee --- /dev/null +++ b/SOURCES/0065-parser_json-Fix-for-memleak-in-tcp-option-error-path.patch @@ -0,0 +1,46 @@ +From 99d51194569f2784261f452ee821c42c3a7a6808 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 6 Oct 2021 17:32:04 +0200 +Subject: [PATCH] parser_json: Fix for memleak in tcp option error path + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999059 +Upstream Status: nftables commit f7b0eef8391ae + +commit f7b0eef8391ae7f89a3a82f6eeecaebe199224d7 +Author: Phil Sutter +Date: Fri Jun 11 16:07:02 2021 +0200 + + parser_json: Fix for memleak in tcp option error path + + If 'kind' value is invalid, the function returned without freeing 'expr' + first. Fix this by performing the check before allocation. + + Fixes: cb21869649208 ("json: tcp: add raw tcp option match support") + Signed-off-by: Phil Sutter +--- + src/parser_json.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/parser_json.c b/src/parser_json.c +index ef4d4fb..2250be9 100644 +--- a/src/parser_json.c ++++ b/src/parser_json.c +@@ -610,12 +610,12 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx, + "base", &kind, "offset", &offset, "len", &len)) { + uint32_t flag = 0; + +- expr = tcpopt_expr_alloc(int_loc, kind, +- TCPOPT_COMMON_KIND); +- + if (kind < 0 || kind > 255) + return NULL; + ++ expr = tcpopt_expr_alloc(int_loc, kind, ++ TCPOPT_COMMON_KIND); ++ + if (offset == TCPOPT_COMMON_KIND && len == 8) + flag = NFT_EXTHDR_F_PRESENT; + +-- +2.31.1 + diff --git a/SOURCES/0066-json-Drop-pointless-assignment-in-exthdr_expr_json.patch b/SOURCES/0066-json-Drop-pointless-assignment-in-exthdr_expr_json.patch new file mode 100644 index 0000000..8000cf3 --- /dev/null +++ b/SOURCES/0066-json-Drop-pointless-assignment-in-exthdr_expr_json.patch @@ -0,0 +1,37 @@ +From 5f30a3447d28381fdf534ff4ed90167455d1283b Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 6 Oct 2021 17:32:04 +0200 +Subject: [PATCH] json: Drop pointless assignment in exthdr_expr_json() + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999059 +Upstream Status: nftables commit c1616dfd1ce40 + +commit c1616dfd1ce40bac197924c8947e1c646e915dca +Author: Phil Sutter +Date: Fri Jun 11 16:23:22 2021 +0200 + + json: Drop pointless assignment in exthdr_expr_json() + + The updated value of 'is_exists' is no longer read at this point. + + Fixes: cb21869649208 ("json: tcp: add raw tcp option match support") + Signed-off-by: Phil Sutter +--- + src/json.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/json.c b/src/json.c +index dfc9031..ecec51c 100644 +--- a/src/json.c ++++ b/src/json.c +@@ -679,7 +679,6 @@ json_t *exthdr_expr_json(const struct expr *expr, struct output_ctx *octx) + "base", expr->exthdr.raw_type, + "offset", expr->exthdr.offset, + "len", expr->len); +- is_exists = false; + } + + return json_pack("{s:o}", "tcp option", root); +-- +2.31.1 + diff --git a/SPECS/nftables.spec b/SPECS/nftables.spec index 8a4bcdf..c140eeb 100644 --- a/SPECS/nftables.spec +++ b/SPECS/nftables.spec @@ -1,5 +1,5 @@ %define rpmversion 0.9.3 -%define specrelease 21 +%define specrelease 22 Name: nftables Version: %{rpmversion} @@ -79,6 +79,10 @@ Patch59: 0059-exthdr-Implement-SCTP-Chunk-matching.patch Patch60: 0060-include-missing-sctp_chunk.h-in-Makefile.am.patch Patch61: 0061-doc-nft.8-Extend-monitor-description-by-trace.patch Patch62: 0062-tests-shell-Fix-bogus-testsuite-failure-with-100Hz.patch +Patch63: 0063-parser_json-Fix-error-reporting-for-invalid-syntax.patch +Patch64: 0064-parser_bison-Fix-for-implicit-declaration-of-isalnum.patch +Patch65: 0065-parser_json-Fix-for-memleak-in-tcp-option-error-path.patch +Patch66: 0066-json-Drop-pointless-assignment-in-exthdr_expr_json.patch BuildRequires: autogen BuildRequires: autoconf @@ -195,6 +199,12 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py %{python3_sitelib}/nftables/ %changelog +* Wed Oct 06 2021 Phil Sutter [0.9.3-22.el8] +- json: Drop pointless assignment in exthdr_expr_json() (Phil Sutter) [1999059] +- parser_json: Fix for memleak in tcp option error path (Phil Sutter) [1999059] +- parser_bison: Fix for implicit declaration of isalnum (Phil Sutter) [1999059] +- parser_json: Fix error reporting for invalid syntax (Phil Sutter) [1994141] + * Mon Aug 02 2021 Phil Sutter [0.9.3-21.el8] - tests: shell: Fix bogus testsuite failure with 100Hz (Phil Sutter) [1919203] - doc: nft.8: Extend monitor description by trace (Phil Sutter) [1820365]