From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate001.proxmox.com (gate001.proxmox.com [45.144.208.40]) by lore.proxmox.com (Postfix) with ESMTPS id 715011FF0E9 for ; Thu, 16 Jul 2026 10:59:56 +0200 (CEST) Received: from gate001.proxmox.com (localhost.localdomain [127.0.0.1]) by gate001.proxmox.com (Proxmox) with ESMTP id D0141213F2; Thu, 16 Jul 2026 10:59:55 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com, Stefan Hanreich Subject: applied: [PATCH pve-firewall 1/1] fix #7818: disallow line feeds in firewall comments Date: Thu, 16 Jul 2026 10:58:32 +0200 Message-ID: <178419231061.201965.12652046655276203125.b4-ty@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260715093432.34437-1-s.hanreich@proxmox.com> References: <20260715093432.34437-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1784192343017 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.181 Adjusted score from AWL reputation of From: address DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment (newer systems) RCVD_IN_DNSWL_LOW -0.7 Sender listed at https://www.dnswl.org/, low trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: JE5JQ7NCEEADOHE3WFMBSFIY53TJXCRL X-Message-ID-Hash: JE5JQ7NCEEADOHE3WFMBSFIY53TJXCRL X-MailFrom: f.gruenbichler@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, 15 Jul 2026 11:34:30 +0200, Stefan Hanreich wrote: > They do not get sanitized and interpreted literally, allowing for > authenticated users to inject additional lines into the firewall > configuration files. > > Applied, thanks! Went with this v1 instead of the v2, since it fixes the issue and the proposed changes in v2 should be discussed, and if acked, applied wholesale not just to this individual field. [1/1] fix #7818: disallow line feeds in firewall comments commit: 97a07715161cea9fd403f473d3e19a6dc857d018 Best regards, -- Fabian Grünbichler