[ANNOUNCE] conntrack-tools 1.4.9 release

[Pablo Neira Ayuso <pablo@netfilter.org>]

[-- Attachment #1: Type: text/plain, Size: 1469 bytes --]

Hi!

The Netfilter project proudly presents:

        conntrack-tools 1.4.9

This release contains bugfixes, for the conntrack cli:

- skip ENOSPC on updates when ct label is not available
- don't print [USERSPACE] information in case of XML output
- fix parsing of tuple-port-src and tuple-port-dst
- improve --secmark,--id,--zone parser
- improve --mark parser
- fix for ENOENT in delete to align behaviour with updates
- fix compiler warnings with -Wcalloc-transposed-args
- prefer kernel-provided event timestamp via CTA_TIMESTAMP_EVENT
  if it is available
- introduce --labelmap option to specify connlabel.conf path
- Extend error message for EBUSY when registering userspace helper

and the conntrackd daemon:

- don't add expectation table entry for RPC portmap port
- fix signal handler race-condition
- restrict multicast reception, otherwise multicast sync messages
  can be received from any interface if your firewall policy does
  not restrict the interface used for sending and receiving them.
- remove double close() in multicast resulting in EBADFD

You can download the new release from:

https://netfilter.org/projects/conntrack-tools/downloads.html#conntrack-tools-1.4.9

To build the code, updated libnetfilter_conntrack 1.1.1 is required:

https://netfilter.org/projects/libnetfilter_conntrack/downloads.html#libnetfilter_conntrack-1.1.1

In case of bugs and feature requests, file them via:

* https://bugzilla.netfilter.org

Happy firewalling.

[-- Attachment #2: changes-conntrack-tools-1.4.9.txt --]
[-- Type: text/plain, Size: 1579 bytes --]

Ahelenia Ziemiańska (1):
      conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)

Christoph Heiss (2):
      conntrack: move label parsing to after argument parsing
      conntrack: introduce --labelmap option to specify connlabel.conf path

Donald Yandt (2):
      conntrackd: prevent memory loss if reallocation fails
      conntrackd: exit with failure status

Florian Westphal (2):
      conntrack: prefer kernel-provided event timestamp if it is available
      conntrack: --id argument is mandatory

Ignacy Gawędzki (1):
      conntrack: don't print [USERSPACE] information in case of XML output

Markus Breitenberger (1):
      conntrackd: Fix signal handler race-condition

Pablo Neira Ayuso (8):
      conntrack: ct label update requires proper ruleset
      tests: conntrack: missing space before option
      conntrack: improve --secmark,--id,--zone parser
      conntrack: improve --mark parser
      conntrackd: restrict multicast reception
      conntrackd: remove double close() in multicast resulting in EBADFD
      conntrackd: update netns test to support IPv6
      conntrack-tools 1.4.9 release

Pfeil Daniel (1):
      conntrackd: helpers/rpc: Don't add expectation table entry for portmap port

Phil Sutter (3):
      conntrack: Fix for ENOENT in mnl_nfct_delete_cb()
      src: Eliminate warnings with -Wcalloc-transposed-args
      nfct: helper: Extend error message for EBUSY

Stephan Brunner (1):
      conntrack: tcp: fix parsing of tuple-port-src and tuple-port-dst

Xavier Claude (1):
      conntrackd.conf.5: fix typos