diff --git a/.gitignore b/.gitignore index 64ba2fe..cc64dfe 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /libnftnl-1.1.3.tar.bz2 /libnftnl-1.1.4.tar.bz2 /libnftnl-1.1.5.tar.bz2 +/libnftnl-1.1.7.tar.bz2 diff --git a/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch b/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch deleted file mode 100644 index a3b4126..0000000 --- a/0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b2388765e0c4405442faa13845419f6a35d0134c Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 2 Dec 2019 18:29:56 +0100 -Subject: [libnftnl PATCH] tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE - -Marshalling code around that attribute has been dropped by commit -d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") so it's value is -lost during the test. - -Assuming that NFTNL_FLOWTABLE_SIZE will receive kernel support at a -later point, leave the test code in place but just comment it out. - -Fixes: d1c4b98c733a5 ("flowtable: remove NFTA_FLOWTABLE_SIZE") -Signed-off-by: Phil Sutter -Acked-by: Pablo Neira Ayuso ---- - tests/nft-flowtable-test.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tests/nft-flowtable-test.c b/tests/nft-flowtable-test.c -index 3edb00ddf3196..8ab8d4c5347a4 100644 ---- a/tests/nft-flowtable-test.c -+++ b/tests/nft-flowtable-test.c -@@ -33,9 +33,11 @@ static void cmp_nftnl_flowtable(struct nftnl_flowtable *a, struct nftnl_flowtabl - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_USE) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_USE)) - print_err("Flowtable use mismatches"); -+#if 0 - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_SIZE) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_SIZE)) - print_err("Flowtable size mismatches"); -+#endif - if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FLAGS) != - nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FLAGS)) - print_err("Flowtable flags mismatches"); --- -2.24.0 - diff --git a/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch b/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch deleted file mode 100644 index cc56cef..0000000 --- a/0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ba1b02594e8d05e4c791925a50f9309f89b55c80 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 2 Dec 2019 22:57:40 +0100 -Subject: [libnftnl PATCH] flowtable: Fix memleak in error path of - nftnl_flowtable_parse_devs() - -In error case, allocated dev_array is not freed. - -Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation") -Signed-off-by: Phil Sutter -Acked-by: Pablo Neira Ayuso ---- - src/flowtable.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/flowtable.c b/src/flowtable.c -index 324e80f7e6ad6..db319434b51c0 100644 ---- a/src/flowtable.c -+++ b/src/flowtable.c -@@ -419,6 +419,7 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest, - err: - while (len--) - xfree(dev_array[len]); -+ xfree(dev_array); - return -1; - } - --- -2.24.0 - diff --git a/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch b/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch deleted file mode 100644 index d147038..0000000 --- a/0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 32a8c5f52355ef69bf74c28e27345b2e03d948e7 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 2 Dec 2019 23:00:20 +0100 -Subject: [libnftnl PATCH] chain: Fix memleak in error path of - nftnl_chain_parse_devs() - -In error case, dev_array is not freed when it should. - -Fixes: e3ac19b5ec162 ("chain: multi-device support") -Signed-off-by: Phil Sutter -Acked-by: Pablo Neira Ayuso ---- - src/chain.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/chain.c b/src/chain.c -index d4050d28e77d0..9cc8735a4936f 100644 ---- a/src/chain.c -+++ b/src/chain.c -@@ -636,6 +636,7 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) - err: - while (len--) - xfree(dev_array[len]); -+ xfree(dev_array); - return -1; - } - --- -2.24.0 - diff --git a/0004-flowtable-Correctly-check-realloc-call.patch b/0004-flowtable-Correctly-check-realloc-call.patch deleted file mode 100644 index 96a0d01..0000000 --- a/0004-flowtable-Correctly-check-realloc-call.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 835d645f4052551c5c1829c37a07c882f2260f65 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 2 Dec 2019 23:08:07 +0100 -Subject: [libnftnl PATCH] flowtable: Correctly check realloc() call - -If realloc() fails, it returns NULL but the original pointer is -untouchted and therefore still has to be freed. Unconditionally -overwriting the old pointer is therefore a bad idea, use a temporary -variable instead. - -Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation") -Signed-off-by: Phil Sutter -Acked-by: Pablo Neira Ayuso ---- - src/flowtable.c | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/src/flowtable.c b/src/flowtable.c -index db319434b51c0..9ba3b6d9a3404 100644 ---- a/src/flowtable.c -+++ b/src/flowtable.c -@@ -388,7 +388,7 @@ static int nftnl_flowtable_parse_hook_cb(const struct nlattr *attr, void *data) - static int nftnl_flowtable_parse_devs(struct nlattr *nest, - struct nftnl_flowtable *c) - { -- const char **dev_array; -+ const char **dev_array, **tmp; - int len = 0, size = 8; - struct nlattr *attr; - -@@ -401,14 +401,13 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest, - goto err; - dev_array[len++] = strdup(mnl_attr_get_str(attr)); - if (len >= size) { -- dev_array = realloc(dev_array, -- size * 2 * sizeof(char *)); -- if (!dev_array) -+ tmp = realloc(dev_array, size * 2 * sizeof(char *)); -+ if (!tmp) - goto err; - - size *= 2; -- memset(&dev_array[len], 0, -- (size - len) * sizeof(char *)); -+ memset(&tmp[len], 0, (size - len) * sizeof(char *)); -+ dev_array = tmp; - } - } - --- -2.24.0 - diff --git a/0005-chain-Correctly-check-realloc-call.patch b/0005-chain-Correctly-check-realloc-call.patch deleted file mode 100644 index 8da29c9..0000000 --- a/0005-chain-Correctly-check-realloc-call.patch +++ /dev/null @@ -1,52 +0,0 @@ -From d95a703746d5394d56a9f464e343594e4882da0d Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Mon, 2 Dec 2019 23:12:34 +0100 -Subject: [libnftnl PATCH] chain: Correctly check realloc() call - -If realloc() fails, it returns NULL but the original pointer is -untouchted and therefore still has to be freed. Unconditionally -overwriting the old pointer is therefore a bad idea, use a temporary -variable instead. - -Fixes: e3ac19b5ec162 ("chain: multi-device support") -Signed-off-by: Phil Sutter -Acked-by: Pablo Neira Ayuso ---- - src/chain.c | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/src/chain.c b/src/chain.c -index 9cc8735a4936f..b9a16fc9b42df 100644 ---- a/src/chain.c -+++ b/src/chain.c -@@ -605,7 +605,7 @@ static int nftnl_chain_parse_hook_cb(const struct nlattr *attr, void *data) - - static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) - { -- const char **dev_array; -+ const char **dev_array, **tmp; - int len = 0, size = 8; - struct nlattr *attr; - -@@ -618,14 +618,13 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) - goto err; - dev_array[len++] = strdup(mnl_attr_get_str(attr)); - if (len >= size) { -- dev_array = realloc(dev_array, -- size * 2 * sizeof(char *)); -- if (!dev_array) -+ tmp = realloc(dev_array, size * 2 * sizeof(char *)); -+ if (!tmp) - goto err; - - size *= 2; -- memset(&dev_array[len], 0, -- (size - len) * sizeof(char *)); -+ memset(&tmp[len], 0, (size - len) * sizeof(char *)); -+ dev_array = tmp; - } - } - --- -2.24.0 - diff --git a/libnftnl.spec b/libnftnl.spec index cd50c8f..acca188 100644 --- a/libnftnl.spec +++ b/libnftnl.spec @@ -1,18 +1,12 @@ Name: libnftnl -Version: 1.1.5 -Release: 2%{?dist} +Version: 1.1.7 +Release: 1%{?dist} Summary: Library for low-level interaction with nftables Netlink's API over libmnl License: GPLv2+ URL: http://netfilter.org/projects/libnftnl/ Source0: http://ftp.netfilter.org/pub/libnftnl/libnftnl-%{version}.tar.bz2 -Patch1: 0001-tests-flowtable-Don-t-check-NFTNL_FLOWTABLE_SIZE.patch -Patch2: 0002-flowtable-Fix-memleak-in-error-path-of-nftnl_flowtab.patch -Patch3: 0003-chain-Fix-memleak-in-error-path-of-nftnl_chain_parse.patch -Patch4: 0004-flowtable-Correctly-check-realloc-call.patch -Patch5: 0005-chain-Correctly-check-realloc-call.patch - BuildRequires: libmnl-devel BuildRequires: jansson-devel BuildRequires: gcc @@ -63,6 +57,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %{_includedir}/libnftnl %changelog +* Fri Jun 05 2020 Phil Sutter - 1.1.7-1 +- Rebase onto upstream version 1.1.7 + * Wed Jan 29 2020 Fedora Release Engineering - 1.1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index b220a26..7285571 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libnftnl-1.1.5.tar.bz2) = a0495e1a99ea9efcf3994db48e50943023ff3d8101055887574ff4eb6b0df8600cf7db68a9c91ca02bbbcc1f01099b008649f88321bb956897bcc90eb4167ee7 +SHA512 (libnftnl-1.1.7.tar.bz2) = 80fd09147b1e2c1533cc2c8347d35137ff94f14118d5ba7bf3c1fbd0a226f6443560d5eca03273129e091b3442f820cd24455e72e917a8b7fedc8f3c9b6dc407