Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-14149

Rebase libnftnl in RHEL9

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.4
    • None
    • libnftnl
    • libnftnl-1.2.6-2.el9
    • None
    • Rebase, Upstream
    • rhel-sst-networking-core
    • ssg_networking
    • 10
    • 13
    • None
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Release Note Not Required
    • None

      Current iptables and nftables packages require libnftnl-1.2.6.

      Currently, upstream's HEAD has one extra commit which is also a fix. So I suggest backporting this one on top:

      commit 3eaa940bc33a3186dc7ba1e30640ec79b5f261b9
Author: Phil Sutter <phil@nwl.cc>
Date:   Wed May 31 14:09:09 2023 +0200

    set: Do not leave free'd expr_list elements in place
    
    When freeing elements, remove them also to prevent a potential UAF.
    
    Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1685
    Fixes: 3469f09286cee ("src: add NFTNL_SET_EXPRESSIONS")
    Signed-off-by: Phil Sutter <phil@nwl.cc>

              psutter@redhat.com Phil Sutter
              psutter@redhat.com Phil Sutter
              Phil Sutter Phil Sutter
              Tomas Dolezal Tomas Dolezal
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: