[ANNOUNCE] iptables 1.8.12 release

[Pablo Neira Ayuso <pablo@netfilter.org>]

[-- Attachment #1: Type: text/plain, Size: 1494 bytes --]

Hi!

The Netfilter project proudly presents:

        iptables 1.8.12

This release contains the following fixes:

* Fix null dereference parsing bitwise operations.
* Refuse to run under file capabilities, ie. getauxval(AT_SECURE).
* Fix for all-zero mask on Big Endian in arptables-nft.
* Support adding and replacing a rule in the same batch in
  iptables-nft.

*filter
-A FORWARD -m comment --comment "new rule being replaced"
-R FORWARD 1 -m comment --comment "new replacing rule"
COMMIT

* Print -X in xtables-monitor command for base chains.
* Remove incorrect libebt_redirect translations.
* Translate bare '-m sctp' match to '-p sctp' just like TCP and UDP.
* Support for info-request and info-reply icmp types.
* Fix interface comparisons in `-C` commands in iptables-nft.
* Several fixes for ip[6]tables-translate, the tool to ease migration
  to nftables.
* Document flush behaviour with --noflush for user-defined chains.

See changelog for more details (attached to this email).

You can download this new release from:

  https://www.netfilter.org/projects/iptables/downloads.html
  https://www.netfilter.org/pub/iptables/

To build the code, libnftnl >= 1.2.6 is required:

  http://netfilter.org/projects/libnftnl/downloads.html

In case of bugs and feature requests, file them via:

  https://bugzilla.netfilter.org

Happy firewalling.

P.S: tarball and website update is available since yesterday, I could
not deliver this cover letter until today, apologies for this delay.

[-- Attachment #2: changes-iptables-1.8.12.txt --]
[-- Type: text/plain, Size: 1919 bytes --]

Achill Gilgenast (1):
      configure: Avoid addition assignment operators

Alan Ross (1):
      libxtables: refuse to run under file capabilities

Florian Westphal (2):
      man: iptables-restore.8: document flush behaviour for user-defined chains
      nft: revert compat expressions in userdata

Jeremy Sowden (2):
      ip[6]tables-translate: fix test failures when WESP is defined
      nft: fix interface comparisons in `-C` commands

Miao Wang (1):
      extensions: libebt_redirect: prevent translation

Pablo Neira Ayuso (1):
      configure: Bump version for 1.8.12 release

Phil Sutter (20):
      nft: Drop interface mask leftovers from post_parse callbacks
      nft: Make add_log() static
      nft: ruleparse: Introduce nft_parse_rule_expr()
      nft: __add_{match,target}() can't fail
      nft: Introduce UDATA_TYPE_COMPAT_EXT
      nft-ruleparse: Fallback to compat expressions in userdata
      nft: Pass nft_handle into add_{action,match}()
      nft: Embed compat extensions in rule userdata
      tests: iptables-test: Add nft-compat variant
      extensions: icmp: Support info-request/-reply type names
      xshared: Accept an option if any given command allows it
      extensions: sctp: Translate bare '-m sctp' match
      libxtables: Promote xtopt_esize_by_type() as xtopt_psize getter
      Revert "libxtables: Promote xtopt_esize_by_type() as xtopt_psize getter"
      xtables-monitor: Print -X command for base chains, too
      nft: Support replacing a rule added in the same batch
      libxtables: Store all requested target types
      ruleparse: arp: Fix for all-zero mask on Big Endian
      tests: shell: Review nft-only/0009-needless-bitwise_0
      configure: Auto-detect libz unless explicitly requested

Remy D. Farley (1):
      iptables: fix null dereference parsing bitwise operations

Łukasz Stelmach (1):
      extensions: man: Add a note about route_localnet sysctl