From: Jakub Kicinski Date: Thu, 31 Aug 2023 01:34:52 +0000 (-0700) Subject: Merge tag 'nf-23-08-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf X-Git-Tag: dma-mapping-6.6-2023-09-30~31^2~40 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=4e60de1e4769066aa9956c83545c8fa21847f326;p=users%2Fhch%2Fdma-mapping.git Merge tag 'nf-23-08-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Fix mangling of TCP options with non-linear skbuff, from Xiao Liang. 2) OOB read in xt_sctp due to missing sanitization of array length field. From Wander Lairson Costa. 3) OOB read in xt_u32 due to missing sanitization of array length field. Also from Wander Lairson Costa. All of them above, always broken for several releases. 4) Missing audit log for set element reset command, from Phil Sutter. 5) Missing audit log for rule reset command, also from Phil. These audit log support are missing in 6.5. * tag 'nf-23-08-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_tables: Audit log rule reset netfilter: nf_tables: Audit log setelem reset netfilter: xt_u32: validate user space input netfilter: xt_sctp: validate the flag_info count netfilter: nft_exthdr: Fix non-linear header modification ==================== Link: https://lore.kernel.org/r/20230830235935.465690-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski --- 4e60de1e4769066aa9956c83545c8fa21847f326