Hello community, here is the log from the commit of package ipset for openSUSE:Factory checked in at 2013-04-17 17:54:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ipset (Old) and /work/SRC/openSUSE:Factory/.ipset.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2013-03-08 13:10:33.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.ipset.new/ipset.changes 2013-04-17 17:54:21.000000000 +0200 @@ -1,0 +2,8 @@ +Mon Apr 15 06:20:31 UTC 2013 - [email protected] + +- Update to new upstream release 6.18 +* bitmap:ip,mac: fix listing with timeout +* hash:*net*: nomatch flag not excluded on set resize +* list:set: update reference counter when last element pushed off + +------------------------------------------------------------------- Old: ---- ipset-6.17.tar.xz New: ---- ipset-6.18.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipset.spec ++++++ --- /var/tmp/diff_new_pack.lwdP0Y/_old 2013-04-17 17:54:22.000000000 +0200 +++ /var/tmp/diff_new_pack.lwdP0Y/_new 2013-04-17 17:54:22.000000000 +0200 @@ -18,7 +18,7 @@ Name: ipset %define lname libipset3 -Version: 6.17 +Version: 6.18 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 @@ -26,7 +26,7 @@ Url: http://ipset.netfilter.org/ #Freecode-URL: http://freecode.com/projects/ipset/ -#DL-URL: ftp://ftp.netfilter.org/pub/ipset/ipset-6.17.tar.bz2 +#DL-URL: ftp://ftp.netfilter.org/pub/ipset/ipset-6.18.tar.bz2 #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ Source: %name-%version.tar.xz ++++++ ipset-6.17.tar.xz -> ipset-6.18.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/ChangeLog new/ipset-6.18/ChangeLog --- old/ipset-6.17/ChangeLog 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/ChangeLog 2013-04-14 20:17:32.000000000 +0200 @@ -1,3 +1,6 @@ +6.18 + - + 6.17 - Fix revision printing in XML mode (reported by Mart Frauenlob) - Correct "Suspicious condition (assignment + comparison)" (Thomas Jarosch) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/configure new/ipset-6.18/configure --- old/ipset-6.17/configure 2013-02-21 16:48:27.000000000 +0100 +++ new/ipset-6.18/configure 2013-04-14 20:18:50.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.65 for ipset 6.17. +# Generated by GNU Autoconf 2.65 for ipset 6.18. # # Report bugs to <[email protected]>. # @@ -705,8 +705,8 @@ # Identity of this package. PACKAGE_NAME='ipset' PACKAGE_TARNAME='ipset' -PACKAGE_VERSION='6.17' -PACKAGE_STRING='ipset 6.17' +PACKAGE_VERSION='6.18' +PACKAGE_STRING='ipset 6.18' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1474,7 +1474,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ipset 6.17 to adapt to many kinds of systems. +\`configure' configures ipset 6.18 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1544,7 +1544,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ipset 6.17:";; + short | recursive ) echo "Configuration of ipset 6.18:";; esac cat <<\_ACEOF @@ -1666,7 +1666,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ipset configure 6.17 +ipset configure 6.18 generated by GNU Autoconf 2.65 Copyright (C) 2009 Free Software Foundation, Inc. @@ -2037,7 +2037,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ipset $as_me 6.17, which was +It was created by ipset $as_me 6.18, which was generated by GNU Autoconf 2.65. Invocation command line was $ $0 $@ @@ -2919,7 +2919,7 @@ # Define the identity of the package. PACKAGE='ipset' - VERSION='6.17' + VERSION='6.18' cat >>confdefs.h <<_ACEOF @@ -15565,7 +15565,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ipset $as_me 6.17, which was +This file was extended by ipset $as_me 6.18, which was generated by GNU Autoconf 2.65. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15631,7 +15631,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ipset config.status 6.17 +ipset config.status 6.18 configured by $0, generated by GNU Autoconf 2.65, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/configure.ac new/ipset-6.18/configure.ac --- old/ipset-6.17/configure.ac 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/configure.ac 2013-04-14 20:17:32.000000000 +0200 @@ -1,5 +1,5 @@ dnl Boilerplate -AC_INIT([ipset], [6.17], [[email protected]]) +AC_INIT([ipset], [6.18], [[email protected]]) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/kernel/ChangeLog new/ipset-6.18/kernel/ChangeLog --- old/ipset-6.17/kernel/ChangeLog 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/kernel/ChangeLog 2013-04-14 20:17:32.000000000 +0200 @@ -1,3 +1,8 @@ +6.18 + - bitmap:ip,mac: fix listing with timeout (reported by Yoann JUET) + - hash:*net*: nomatch flag not excluded on set resize + - list:set: update reference counter when last element pushed off + 6.17 - Make sure ip_set_max isn't set to IPSET_INVALID_ID - netfilter: ipset: timeout values corrupted on set resize (Josh Hunt) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/kernel/include/linux/netfilter/ipset/ip_set_ahash.h new/ipset-6.18/kernel/include/linux/netfilter/ipset/ip_set_ahash.h --- old/ipset-6.17/kernel/include/linux/netfilter/ipset/ip_set_ahash.h 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/kernel/include/linux/netfilter/ipset/ip_set_ahash.h 2013-04-14 20:17:32.000000000 +0200 @@ -294,6 +294,7 @@ #define type_pf_data_tlist TOKEN(TYPE, PF, _data_tlist) #define type_pf_data_next TOKEN(TYPE, PF, _data_next) #define type_pf_data_flags TOKEN(TYPE, PF, _data_flags) +#define type_pf_data_reset_flags TOKEN(TYPE, PF, _data_reset_flags) #ifdef IP_SET_HASH_WITH_NETS #define type_pf_data_match TOKEN(TYPE, PF, _data_match) #else @@ -388,9 +389,9 @@ struct ip_set_hash *h = set->data; struct htable *t, *orig = h->table; u8 htable_bits = orig->htable_bits; - const struct type_pf_elem *data; + struct type_pf_elem *data; struct hbucket *n, *m; - u32 i, j; + u32 i, j, flags = 0; int ret; retry: @@ -415,9 +416,16 @@ n = hbucket(orig, i); for (j = 0; j < n->pos; j++) { data = ahash_data(n, j); +#ifdef IP_SET_HASH_WITH_NETS + flags = 0; + type_pf_data_reset_flags(data, &flags); +#endif m = hbucket(t, HKEY(data, h->initval, htable_bits)); - ret = type_pf_elem_add(m, data, AHASH_MAX(h), 0); + ret = type_pf_elem_add(m, data, AHASH_MAX(h), flags); if (ret < 0) { +#ifdef IP_SET_HASH_WITH_NETS + type_pf_data_flags(data, flags); +#endif read_unlock_bh(&set->lock); ahash_destroy(t); if (ret == -EAGAIN) @@ -839,9 +847,9 @@ struct ip_set_hash *h = set->data; struct htable *t, *orig = h->table; u8 htable_bits = orig->htable_bits; - const struct type_pf_elem *data; + struct type_pf_elem *data; struct hbucket *n, *m; - u32 i, j; + u32 i, j, flags = 0; int ret; /* Try to cleanup once */ @@ -876,10 +884,17 @@ n = hbucket(orig, i); for (j = 0; j < n->pos; j++) { data = ahash_tdata(n, j); +#ifdef IP_SET_HASH_WITH_NETS + flags = 0; + type_pf_data_reset_flags(data, &flags); +#endif m = hbucket(t, HKEY(data, h->initval, htable_bits)); - ret = type_pf_elem_tadd(m, data, AHASH_MAX(h), 0, - ip_set_timeout_get(type_pf_data_timeout(data))); + ret = type_pf_elem_tadd(m, data, AHASH_MAX(h), flags, + ip_set_timeout_get(type_pf_data_timeout(data))); if (ret < 0) { +#ifdef IP_SET_HASH_WITH_NETS + type_pf_data_flags(data, flags); +#endif read_unlock_bh(&set->lock); ahash_destroy(t); if (ret == -EAGAIN) @@ -1190,6 +1205,7 @@ #undef type_pf_data_tlist #undef type_pf_data_next #undef type_pf_data_flags +#undef type_pf_data_reset_flags #undef type_pf_data_match #undef type_pf_elem diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c --- old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c 2013-04-14 20:17:32.000000000 +0200 @@ -348,7 +348,11 @@ nla_put_failure: nla_nest_cancel(skb, nested); ipset_nest_end(skb, atd); - return -EMSGSIZE; + if (unlikely(id == first)) { + cb->args[2] = 0; + return -EMSGSIZE; + } + return 0; } static int diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c --- old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c 2013-04-14 20:17:32.000000000 +0200 @@ -104,6 +104,15 @@ dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); } +static inline void +hash_ipportnet4_data_reset_flags(struct hash_ipportnet4_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } +} + static inline int hash_ipportnet4_data_match(const struct hash_ipportnet4_elem *elem) { @@ -414,6 +423,15 @@ dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); } +static inline void +hash_ipportnet6_data_reset_flags(struct hash_ipportnet6_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } +} + static inline int hash_ipportnet6_data_match(const struct hash_ipportnet6_elem *elem) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_hash_net.c new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_hash_net.c --- old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_hash_net.c 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_hash_net.c 2013-04-14 20:17:32.000000000 +0200 @@ -87,7 +87,16 @@ static inline void hash_net4_data_flags(struct hash_net4_elem *dst, u32 flags) { - dst->nomatch = flags & IPSET_FLAG_NOMATCH; + dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); +} + +static inline void +hash_net4_data_reset_flags(struct hash_net4_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } } static inline int @@ -308,7 +317,16 @@ static inline void hash_net6_data_flags(struct hash_net6_elem *dst, u32 flags) { - dst->nomatch = flags & IPSET_FLAG_NOMATCH; + dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); +} + +static inline void +hash_net6_data_reset_flags(struct hash_net6_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } } static inline int diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_hash_netiface.c new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_hash_netiface.c --- old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_hash_netiface.c 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_hash_netiface.c 2013-04-14 20:17:32.000000000 +0200 @@ -198,7 +198,16 @@ static inline void hash_netiface4_data_flags(struct hash_netiface4_elem *dst, u32 flags) { - dst->nomatch = flags & IPSET_FLAG_NOMATCH; + dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); +} + +static inline void +hash_netiface4_data_reset_flags(struct hash_netiface4_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } } static inline int @@ -494,7 +503,7 @@ static inline void hash_netiface6_data_flags(struct hash_netiface6_elem *dst, u32 flags) { - dst->nomatch = flags & IPSET_FLAG_NOMATCH; + dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); } static inline int @@ -504,6 +513,15 @@ } static inline void +hash_netiface6_data_reset_flags(struct hash_netiface6_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } +} + +static inline void hash_netiface6_data_zero_out(struct hash_netiface6_elem *elem) { elem->elem = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_hash_netport.c new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_hash_netport.c --- old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_hash_netport.c 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_hash_netport.c 2013-04-14 20:17:32.000000000 +0200 @@ -104,6 +104,15 @@ dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); } +static inline void +hash_netport4_data_reset_flags(struct hash_netport4_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } +} + static inline int hash_netport4_data_match(const struct hash_netport4_elem *elem) { @@ -375,6 +384,15 @@ dst->nomatch = !!(flags & IPSET_FLAG_NOMATCH); } +static inline void +hash_netport6_data_reset_flags(struct hash_netport6_elem *dst, u32 *flags) +{ + if (dst->nomatch) { + *flags = IPSET_FLAG_NOMATCH; + dst->nomatch = 0; + } +} + static inline int hash_netport6_data_match(const struct hash_netport6_elem *elem) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_list_set.c new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_list_set.c --- old/ipset-6.17/kernel/net/netfilter/ipset/ip_set_list_set.c 2013-02-21 16:44:09.000000000 +0100 +++ new/ipset-6.18/kernel/net/netfilter/ipset/ip_set_list_set.c 2013-04-14 20:17:32.000000000 +0200 @@ -174,9 +174,13 @@ { const struct set_elem *e = list_set_elem(map, i); - if (i == map->size - 1 && e->id != IPSET_INVALID_ID) - /* Last element replaced: e.g. add new,before,last */ - ip_set_put_byindex(e->id); + if (e->id != IPSET_INVALID_ID) { + const struct set_elem *x = list_set_elem(map, map->size - 1); + + /* Last element replaced or pushed off */ + if (x->id != IPSET_INVALID_ID) + ip_set_put_byindex(x->id); + } if (with_timeout(map->timeout)) list_elem_tadd(map, i, id, ip_set_timeout_set(timeout)); else -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
