Hello community, here is the log from the commit of package ipset.2807 for openSUSE:13.1:Update checked in at 2014-05-19 11:26:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/ipset.2807 (Old) and /work/SRC/openSUSE:13.1:Update/.ipset.2807.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset.2807" Changes: -------- New Changes file: --- /dev/null 2014-05-19 01:51:27.372033255 +0200 +++ /work/SRC/openSUSE:13.1:Update/.ipset.2807.new/ipset.changes 2014-05-19 11:26:25.000000000 +0200 @@ -0,0 +1,95 @@ +------------------------------------------------------------------- +Fri May 10 20:11:15 UTC 2013 - [email protected] + +- Update to new upstream release 6.19 +* This release adds per-element byte and packet counters for every + set type. (Matching these will be available in iptables-1.4.19.) + +------------------------------------------------------------------- +Mon Apr 15 06:20:31 UTC 2013 - [email protected] + +- Update to new upstream release 6.18 +* bitmap:ip,mac: fix listing with timeout +* hash:*net*: nomatch flag not excluded on set resize +* list:set: update reference counter when last element pushed off + +------------------------------------------------------------------- +Thu Feb 21 16:07:01 UTC 2013 - [email protected] + +- Update to new upstream release 6.17 +* Fix revision printing in XML mode +* Correct "Suspicious condition (assignment + comparison)" +* Fix error path when protocol number is used with port range +* Interactive mode error after syntax error +* New utilities: ipset_bash_completion, ipset_list +* Ensure ip_set_max is not set to IPSET_INVALID_ID +* Resolve corrupted timeout values on set resize +* Resolve "Directory not empty" error message + +------------------------------------------------------------------- +Tue Nov 27 12:50:37 UTC 2012 - [email protected] + +- Update to new upstream release 6.16.1 +* Fix RCU handling when the number of maximal sets are increased +* netfilter: ipset: fix netiface set name overflow +- Remove 0001-build-support-for-Linux-3.7-UAPI.patch, merged upstream +- Remove 0001-build-Linux-3.7-netlink-fun.patch, merged upstream + +------------------------------------------------------------------- +Mon Nov 19 16:20:13 UTC 2012 - [email protected] + +- Update to new upstream release 6.15 +* Userspace changes: +* Use gethostbyname2 instead of getaddrinfo +* Support protocol numbers as well, not only protocol names +* Kernel part changes: +* Increase the number of maximal sets automatically as needed +* Fix range bug in hash:ip,port,net +- Add 0001-build-support-for-Linux-3.7-UAPI.patch +- Add 0001-build-Linux-3.7-netlink-fun.patch + +------------------------------------------------------------------- +Sat Sep 22 14:20:06 UTC 2012 - [email protected] + +- Update to new upstream release 6.14 +* Internal CIDR bookkeeping was broken and would lead to mismatches + when the number of different sized networks are greater than the + smallest CIDR value +* Support to match elements marked with "nomatch" in hash:*net* sets +* Add /0 network support to hash:net,iface type + +------------------------------------------------------------------- +Sat Jun 30 18:33:33 UTC 2012 - [email protected] + +- Update to new upstream release 6.13 +* more restrictive command-line parser +* documentation updates w.r.t. src/dst for hash:net,iface +* allow saving to/restoring from a file without shell redirection +* kernel: hash:net,iface: fix interface comparison +* timeout fixing bug broke SET target special timeout value, fixed + +------------------------------------------------------------------- +Thu May 10 11:07:52 UTC 2012 - [email protected] + +- Update to new upstream release 6.12 +* Report syntax error messages immediately +* Add dynamic module support to ipset userspace tool +* Fix timeout value overflow bug at large timeout parameters +* gcc 4.7 support + +------------------------------------------------------------------- +Fri Jan 20 17:27:01 UTC 2012 - [email protected] + +- Update to new upstream release 6.11 +* libipset is now complete; ipset is just a frontend +* Log warning when a hash type of set gets full +* Exceptions support added to hash:*net* types +* hash:net,iface timeout bug fixed +* Support hostnames and service names with dash + + +------------------------------------------------------------------- +Sun Jan 1 03:17:39 UTC 2012 - [email protected] + +- Populate ipset package on build.opensuse.org after disabling + ipset-genl compilation in xtables-addons New: ---- ipset-6.19.tar.xz ipset-preamble ipset.changes ipset.spec sles11.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipset.spec ++++++ # # spec file for package ipset # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: ipset %define lname libipset3 Version: 6.19 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 Group: Productivity/Networking/Security Url: http://ipset.netfilter.org/ #Freecode-URL: http://freecode.com/projects/ipset/ #DL-URL: ftp://ftp.netfilter.org/pub/ipset/ipset-6.19.tar.bz2 #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ Source: %name-%version.tar.xz Source3: %name-preamble Patch1: sles11.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkgconfig >= 0.21 BuildRequires: xz %if 0%{?suse_version} >= 1140 || 0%{?fedora_version} BuildRequires: pkgconfig(libmnl) >= 1 %else BuildRequires: libmnl-devel >= 1 %endif %if 0%{?suse_version} >= 1140 BuildRequires: linux-glibc-devel >= 2.6.24 %endif %if 0%{?suse_version} && 0%{?suse_version} <= 1110 BuildRequires: linux-kernel-headers >= 2.6.24 %endif %if 0%{?redhat_version} || 0%{?centos_version} || 0%{?fedora_version} BuildRequires: kernel-headers >= 2.6.24 %endif %if 0%{?suse_version} # Make quilt happy %if 0%{?kernel_module_package_buildreqs:1} %define with_kmp 1 BuildRequires: %kernel_module_package_buildreqs %endif BuildRequires: kernel-syms >= 2.6.39 Recommends: %name-kmp %endif %if 0%{?with_kmp:1} %kernel_module_package -p %name-preamble %endif %description IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. ipset can: * store multiple IP addresses or port numbers and match against the collection by iptables at one swoop; * dynamically update iptables rules against IP addresses or ports without performance penalty; * express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets %package KMP Summary: Netfilter ipset kernel modules Group: System/Kernel %description KMP IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. This package contains a version update to the in-kernel ipset modules. %package -n %lname Summary: Userspace library for the in-kernel Netfilter ipset interface Group: System/Libraries %description -n %lname IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. %package devel Summary: Development files for ipset extensions Group: Development/Libraries/C and C++ Requires: %lname = %version %description devel IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. %prep %if 0%{?__xz:1} %setup -q %else tar --use=xz -xf "%{S:0}"; %setup -DTq %endif %patch -P 1 -p1 %build %if 0%{?with_kmp} for flavor in %flavors_to_build; do cp -a . "../%name-$flavor-%version"; pushd "../%name-$flavor-%version/"; # ksource: it just checks for a header %configure --disable-static \ --with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" \ --with-ksource="/usr/src/linux"; make %{?_smp_mflags} all modules; popd; done; %else %configure --disable-static --with-kmod=no make %{?_smp_mflags}; %endif %install b="%buildroot"; %if 0%{?with_kmp} for flavor in %flavors_to_build; do pushd "../%name-$flavor-%version/"; make %{?_smp_mflags} install modules_install \ DESTDIR="$b" INSTALL_MOD_PATH="$b"; popd; done; %else make %{?_smp_mflags} install DESTDIR="$b"; %endif find "$b/%_libdir" -type f -name "*.la" -delete; %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig %files %defattr(-,root,root) %_sbindir/ipset %_mandir/man*/* %files -n %lname %defattr(-,root,root) %_libdir/libipset.so.3* %files devel %defattr(-,root,root) %_libdir/libipset.so %_includedir/libipset %changelog ++++++ ipset-preamble ++++++ Enhances: kernel-%1 Requires: kernel-%1 Supplements: packageand(kernel-%1:ipset) ++++++ sles11.diff ++++++ The evil overlords backported the 5-argument form, causing the version check to be meaningless. --- kernel/net/netfilter/ipset/ip_set_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: ipset-6.13/kernel/net/netfilter/ipset/ip_set_core.c =================================================================== --- ipset-6.13.orig/kernel/net/netfilter/ipset/ip_set_core.c +++ ipset-6.13/kernel/net/netfilter/ipset/ip_set_core.c @@ -1180,7 +1180,7 @@ ip_set_dump(struct sock *ctnl, struct sk if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0) +#if 0 return netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, ip_set_dump_done); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
