update to 7.19

2023-12-15 13:55:00 +08:00 · 2023-12-15 13:55:00 +08:00 · 72eb64340f
commit 72eb64340f
parent 0a45abd75c
4 changed files with 8 additions and 47 deletions
--- a/backport-netfilter-ipset-Fix-overflow-before-widen-in-the-bit.patch
+++ b/backport-netfilter-ipset-Fix-overflow-before-widen-in-the-bit.patch
@ -1,44 +0,0 @@
-From f9a5f712132273139473cb322c3155375a1d1836 Mon Sep 17 00:00:00 2001
-From: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
-Date: Sat, 28 Jan 2023 19:09:52 +0100
-Subject: [PATCH] netfilter: ipset: Fix overflow before widen in the
- bitmap_ip_create() function.
-
-When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of
-an arithmetic expression 2 << (netmask - mask_bits - 1) is subject
-to overflow due to a failure casting operands to a larger data type
-before performing the arithmetic.
-
-Note that it's harmless since the value will be checked at the next step.
-
-Found by InfoTeCS on behalf of Linux Verification Center
-(linuxtesting.org) with SVACE.
-
-Fixes: b9fed748185a ("netfilter: ipset: Check and reject crazy /0 input parameters")
-Signed-off-by: Ilia.Gavrilov <Ilia.Gavrilov@infotecs.ru>
-Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
-
-Conflict: NA
-Reference: http://git.netfilter.org/ipset/commit/?id=f9a5f712132273139473cb322c3155375a1d1836
---
- kernel/net/netfilter/ipset/ip_set_bitmap_ip.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
-index c488663..f37169c 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
-+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
-@@ -312,8 +312,8 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
- 			return -IPSET_ERR_BITMAP_RANGE;
- 
- 		pr_debug("mask_bits %u, netmask %u\n", mask_bits, netmask);
-		hosts = 2 << (32 - netmask - 1);
-		elements = 2 << (netmask - mask_bits - 1);
-+		hosts = 2U << (32 - netmask - 1);
-+		elements = 2UL << (netmask - mask_bits - 1);
- 	}
- 	if (elements > IPSET_BITMAP_MAX_RANGE + 1)
- 		return -IPSET_ERR_BITMAP_RANGE_SIZE;
-- 
-2.27.0
-
--- a/ipset-7.17.tar.bz2
+++ b/ipset-7.17.tar.bz2
--- a/ipset-7.19.tar.bz2
+++ b/ipset-7.19.tar.bz2
--- a/ipset.spec
+++ b/ipset.spec
@ -1,6 +1,6 @@
 Name:	          ipset	
-Version:  	  7.17
-Release:	  2
+Version:  	  7.19
+Release:	  1
 Summary:	  Manage Linux IP sets
 License:	  GPLv2
 URL:		  http://ipset.netfilter.org/
@ -9,7 +9,6 @@ Source1:          ipset.service
 Source2:          ipset.start-stop
 Source3:          ipset-config

-Patch0:           backport-netfilter-ipset-Fix-overflow-before-widen-in-the-bit.patch

 BuildRequires:	  libmnl-devel automake autoconf libtool libtool-ltdl-devel systemd make
 Requires:         ipset-libs = %{version}-%{release} iptables-services
@ -133,6 +132,12 @@ fi
 %{_mandir}/man3/libipset.3.*

 %changelog
+* Mon Dec 25 2023 xinghe <xinghe2@h-partners.com> - 7.19-1
+- Type:requirements
+- ID:NA
+- SUG:NA
+- DESC:update ipset to 7.19
+
 * Tue Feb 28 2023 gaihuiying <eaglegai@163.com> - 7.17-2
 - Type:bugfix
 - ID:NA