Hello community, here is the log from the commit of package nftables for openSUSE:Factory checked in at 2020-05-09 19:52:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nftables (Old) and /work/SRC/openSUSE:Factory/.nftables.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nftables" Sat May 9 19:52:16 2020 rev:19 rq:801122 version:0.9.4 Changes: -------- --- /work/SRC/openSUSE:Factory/nftables/nftables.changes 2020-04-07 10:20:31.137775600 +0200 +++ /work/SRC/openSUSE:Factory/.nftables.new.2738/nftables.changes 2020-05-09 19:52:24.872845629 +0200 @@ -1,0 +2,5 @@ +Thu May 7 11:41:07 UTC 2020 - Jan Engelhardt <[email protected]> + +- Add anonset-crashfix.patch [boo#1171321] + +------------------------------------------------------------------- New: ---- anonset-crashfix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nftables.spec ++++++ --- /var/tmp/diff_new_pack.fK4W5o/_old 2020-05-09 19:52:25.892847819 +0200 +++ /var/tmp/diff_new_pack.fK4W5o/_new 2020-05-09 19:52:25.896847827 +0200 @@ -28,6 +28,7 @@ Source: http://ftp.netfilter.org/pub/nftables/nftables-%version.tar.bz2 Source2: http://ftp.netfilter.org/pub/nftables/nftables-%version.tar.bz2.sig Source3: %name.keyring +Patch1: anonset-crashfix.patch BuildRequires: asciidoc BuildRequires: bison BuildRequires: flex @@ -78,7 +79,7 @@ A Python module for nftables. %prep -%setup -q +%autosetup -p1 %build mkdir bin ++++++ anonset-crashfix.patch ++++++ >From [email protected] Thu May 7 13:29:26 2020 Date: Thu, 7 May 2020 13:29:19 From: Pablo Neira Ayuso <[email protected]> To: [email protected] Cc: [email protected] Subject: [PATCH nft] mnl: fix error rule reporting with missing table/chain and anonymous sets Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7f64f1e in erec_print (octx=0x55555555d2c0, erec=0x55555555fcf0, debug_mask=0) at erec.c:95 95 switch (indesc->type) { (gdb) bt buf=0x55555555db20 "add rule inet traffic-filter input tcp dport { 22, 80, 443 } accept") at libnftables.c:459 (gdb) p indesc $1 = (const struct input_descriptor *) 0x0 Closes: http://bugzilla.opensuse.org/show_bug.cgi?id=1171321 Fixes: 086ec6f30c96 ("mnl: extended error support for create command") Reported-by: Jan Engelhardt <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> --- src/mnl.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/mnl.c b/src/mnl.c index 94e80261afb7..9ce4072859b1 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -1048,7 +1048,10 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd, cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location); mnl_attr_put_strz(nlh, NFTA_SET_TABLE, h->table.name); - cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location); + if (set_is_anonymous(set->flags)) + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->location); + else + cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location); mnl_attr_put_strz(nlh, NFTA_SET_NAME, h->set.name); nftnl_set_nlmsg_build_payload(nlh, nls); -- 2.20.1
