Oracle Linux 6138 Published by

A nftables bug fix and enhancement update has been released for Oracle Linux 9.



El-errata: ELBA-2023-0950 Oracle Linux 9 nftables bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2023-0950

  http://linux.oracle.com/errata/ELBA-2023-0950.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nftables-1.0.4-9.el9_1.i686.rpm
nftables-1.0.4-9.el9_1.x86_64.rpm
python3-nftables-1.0.4-9.el9_1.x86_64.rpm
nftables-devel-1.0.4-9.el9_1.i686.rpm
nftables-devel-1.0.4-9.el9_1.x86_64.rpm

aarch64:
nftables-1.0.4-9.el9_1.aarch64.rpm
python3-nftables-1.0.4-9.el9_1.aarch64.rpm
nftables-devel-1.0.4-9.el9_1.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol9/SRPMS-updates//nftables-1.0.4-9.el9_1.src.rpm


Description of changes:

[[1.0.4-9.el9]]
- tests: add a test case for map update from packet path with concat (Phil Sutter) [2094894]
- netlink_linearize: fix timeout with map updates (Phil Sutter) [2094894]
- netlink_delinearize: fix decoding of concat data element (Phil Sutter) [2094894]

[[1.0.4-8.el9]]
- monitor: Sanitize startup race condition (Phil Sutter) [2130721]
- evaluate: set eval ctx for add/update statements with integer constants (Phil Sutter) [2094894]
- src: allow anon set concatenation with ether and vlan (Phil Sutter) [2094887]
- evaluate: search stacked header list for matching payload dep (Phil Sutter) [2094887]
- netlink_delinearize: also postprocess OP_AND in set element context (Phil Sutter) [2094887]
- tests: add a test case for ether and vlan listing (Phil Sutter) [2094887]
- debug: dump the l2 protocol stack (Phil Sutter) [2094887]
- proto: track full stack of seen l2 protocols, not just cumulative offset (Phil Sutter) [2094887]
- netlink_delinearize: postprocess binary ands in concatenations (Phil Sutter) [2094887]
- netlink_delinearize: allow postprocessing on concatenated elements (Phil Sutter) [2094887]
- intervals: check for EXPR_F_REMOVE in case of element mismatch (Phil Sutter) [2115627]
- intervals: fix crash when trying to remove element in empty set (Phil Sutter) [2115627]
- scanner: don't pop active flex scanner scope (Phil Sutter) [2113874]
- parser: add missing synproxy scope closure (Phil Sutter) [2113874]
- tests/py: Add a test for failing ipsec after counter (Phil Sutter) [2113874]
- doc: Document limitations of ipsec expression with xfrm_interface (Phil Sutter) [1806431]

[[1.0.4-7.el9]]
- One more attempt at fixing expected error records (Phil Sutter) [1973687]

[[1.0.4-6.el9]]
- Realy fix expected error records (Phil Sutter) [1973687]

[[1.0.4-5.el9]]
- Fix expected error records (Phil Sutter) [1973687]

[[1.0.4-4.el9]]
- Add expected error records for testsuite runs (Phil Sutter) [1973687]

[[1.0.4-3.el9]]
- Prevent port-shadow attacks in sample nat config (Phil Sutter) [2061940]

_______________________________________________