Hello community, here is the log from the commit of package ipset.3332 for openSUSE:13.1:Update checked in at 2014-12-21 12:45:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/ipset.3332 (Old) and /work/SRC/openSUSE:13.1:Update/.ipset.3332.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset.3332" Changes: -------- New Changes file: --- /dev/null 2014-12-10 22:29:50.188034256 +0100 +++ /work/SRC/openSUSE:13.1:Update/.ipset.3332.new/ipset.changes 2014-12-21 12:43:44.000000000 +0100 @@ -0,0 +1,132 @@ +------------------------------------------------------------------- +Tue May 27 08:42:13 UTC 2014 - [email protected] + +- Update to upstream release 6.21.1 + to resolve lack of em_ipset in standalone package (bnc#877543) +- Original log entry: Update to new upstream release 6.21.1 +* add userspace support for forceadd +* fix ifname "physdev:" prefix parsing +* print mark & mark mask in hex rather then decimal +* add markmask for hash:ip,mark data type +* add hash:ip,mark data type to ipset +* Fix all set output from list/save when set with counters in use. +* ipset: Fix malformed output from list/save for ICMP types in port + field +* ipset: fix timeout data type size (Nikolay Martynov) + +------------------------------------------------------------------- +Mon Oct 28 12:34:04 UTC 2013 - [email protected] + +- Update to new upstream release 6.20.1 +* build fixes for kernel 3.8 and the userspace library +- Remove 0001-build-fix-incorrect-library-versioning.patch (merged) + +------------------------------------------------------------------- +Sun Oct 20 13:03:53 UTC 2013 - [email protected] + +- Add 0001-build-fix-incorrect-library-versioning.patch + +------------------------------------------------------------------- +Sun Oct 20 12:43:51 UTC 2013 - [email protected] + +- Update to new upstream release 6.20 +* netns support +* new set types: hash:net,net and hash:net,port,net +* new extension: "comment", for annotation of set elements +- Drop sles11.diff (no longer needed, upstream has better fix) + +------------------------------------------------------------------- +Fri May 10 20:11:15 UTC 2013 - [email protected] + +- Update to new upstream release 6.19 +* This release adds per-element byte and packet counters for every + set type. (Matching these will be available in iptables-1.4.19.) + +------------------------------------------------------------------- +Mon Apr 15 06:20:31 UTC 2013 - [email protected] + +- Update to new upstream release 6.18 +* bitmap:ip,mac: fix listing with timeout +* hash:*net*: nomatch flag not excluded on set resize +* list:set: update reference counter when last element pushed off + +------------------------------------------------------------------- +Thu Feb 21 16:07:01 UTC 2013 - [email protected] + +- Update to new upstream release 6.17 +* Fix revision printing in XML mode +* Correct "Suspicious condition (assignment + comparison)" +* Fix error path when protocol number is used with port range +* Interactive mode error after syntax error +* New utilities: ipset_bash_completion, ipset_list +* Ensure ip_set_max is not set to IPSET_INVALID_ID +* Resolve corrupted timeout values on set resize +* Resolve "Directory not empty" error message + +------------------------------------------------------------------- +Tue Nov 27 12:50:37 UTC 2012 - [email protected] + +- Update to new upstream release 6.16.1 +* Fix RCU handling when the number of maximal sets are increased +* netfilter: ipset: fix netiface set name overflow +- Remove 0001-build-support-for-Linux-3.7-UAPI.patch, merged upstream +- Remove 0001-build-Linux-3.7-netlink-fun.patch, merged upstream + +------------------------------------------------------------------- +Mon Nov 19 16:20:13 UTC 2012 - [email protected] + +- Update to new upstream release 6.15 +* Userspace changes: +* Use gethostbyname2 instead of getaddrinfo +* Support protocol numbers as well, not only protocol names +* Kernel part changes: +* Increase the number of maximal sets automatically as needed +* Fix range bug in hash:ip,port,net +- Add 0001-build-support-for-Linux-3.7-UAPI.patch +- Add 0001-build-Linux-3.7-netlink-fun.patch + +------------------------------------------------------------------- +Sat Sep 22 14:20:06 UTC 2012 - [email protected] + +- Update to new upstream release 6.14 +* Internal CIDR bookkeeping was broken and would lead to mismatches + when the number of different sized networks are greater than the + smallest CIDR value +* Support to match elements marked with "nomatch" in hash:*net* sets +* Add /0 network support to hash:net,iface type + +------------------------------------------------------------------- +Sat Jun 30 18:33:33 UTC 2012 - [email protected] + +- Update to new upstream release 6.13 +* more restrictive command-line parser +* documentation updates w.r.t. src/dst for hash:net,iface +* allow saving to/restoring from a file without shell redirection +* kernel: hash:net,iface: fix interface comparison +* timeout fixing bug broke SET target special timeout value, fixed + +------------------------------------------------------------------- +Thu May 10 11:07:52 UTC 2012 - [email protected] + +- Update to new upstream release 6.12 +* Report syntax error messages immediately +* Add dynamic module support to ipset userspace tool +* Fix timeout value overflow bug at large timeout parameters +* gcc 4.7 support + +------------------------------------------------------------------- +Fri Jan 20 17:27:01 UTC 2012 - [email protected] + +- Update to new upstream release 6.11 +* libipset is now complete; ipset is just a frontend +* Log warning when a hash type of set gets full +* Exceptions support added to hash:*net* types +* hash:net,iface timeout bug fixed +* Support hostnames and service names with dash + + +------------------------------------------------------------------- +Sun Jan 1 03:17:39 UTC 2012 - [email protected] + +- Populate ipset package on build.opensuse.org after disabling + ipset-genl compilation in xtables-addons New: ---- ipset-6.21.1.tar.bz2 ipset-preamble ipset.changes ipset.spec sles11.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipset.spec ++++++ # # spec file for package ipset # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: ipset %define lname libipset3 Version: 6.21.1 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0 Group: Productivity/Networking/Security Url: http://ipset.netfilter.org/ #Freecode-URL: http://freecode.com/projects/ipset/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ Source: ftp://ftp.netfilter.org/pub/ipset/%name-%version.tar.bz2 Source3: %name-preamble BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: linux-glibc-devel >= 2.6.24 BuildRequires: pkgconfig >= 0.21 BuildRequires: pkgconfig(libmnl) >= 1 # Make quilt happy %if 0%{?kernel_module_package_buildreqs:1} %define with_kmp 1 BuildRequires: %kernel_module_package_buildreqs %endif BuildRequires: kernel-syms >= 2.6.39 Recommends: %name-kmp %if 0%{?with_kmp:1} %kernel_module_package -p %name-preamble %endif %description IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. ipset can: * store multiple IP addresses or port numbers and match against the collection by iptables at one swoop; * dynamically update iptables rules against IP addresses or ports without performance penalty; * express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets %package KMP Summary: Netfilter ipset kernel modules Group: System/Kernel %description KMP IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. This package contains a version update to the in-kernel ipset modules. %package -n %lname Summary: Userspace library for the in-kernel Netfilter ipset interface Group: System/Libraries %description -n %lname IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. %package devel Summary: Development files for ipset extensions Group: Development/Libraries/C and C++ Requires: %lname = %version %description devel IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set. %prep %if 0%{?__xz:1} %setup -q %else tar --use=xz -xf "%{S:0}"; %setup -DTq %endif autoreconf -fi %build %if 0%{?with_kmp} for flavor in %flavors_to_build; do cp -a . "../%name-$flavor-%version"; pushd "../%name-$flavor-%version/"; # ksource: it just checks for a header %configure --disable-static \ --with-kbuild="/usr/src/linux-obj/%_target_cpu/$flavor" \ --with-ksource="/usr/src/linux" \ --includedir="%_includedir/pkg" make %{?_smp_mflags} all modules; popd; done; %else %configure --disable-static --with-kmod=no --includedir="%_includedir/pkg" make %{?_smp_mflags}; %endif %install b="%buildroot"; %if 0%{?with_kmp} for flavor in %flavors_to_build; do pushd "../%name-$flavor-%version/"; make %{?_smp_mflags} install modules_install \ DESTDIR="$b" INSTALL_MOD_PATH="$b"; popd; done; %else make %{?_smp_mflags} install DESTDIR="$b"; %endif find "$b/%_libdir" -type f -name "*.la" -delete; %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig %files %defattr(-,root,root) %_sbindir/ipset %_mandir/man*/* %files -n %lname %defattr(-,root,root) %_libdir/libipset.so.3* %files devel %defattr(-,root,root) %_libdir/libipset.so %_libdir/pkgconfig/libipset.pc %_includedir/pkg/ %changelog ++++++ ipset-preamble ++++++ Enhances: kernel-%1 Requires: kernel-%1 Supplements: packageand(kernel-%1:ipset) ++++++ sles11.diff ++++++ The evil overlords backported the 5-argument form, causing the version check to be meaningless. --- kernel/net/netfilter/ipset/ip_set_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: ipset-6.13/kernel/net/netfilter/ipset/ip_set_core.c =================================================================== --- ipset-6.13.orig/kernel/net/netfilter/ipset/ip_set_core.c +++ ipset-6.13/kernel/net/netfilter/ipset/ip_set_core.c @@ -1180,7 +1180,7 @@ ip_set_dump(struct sock *ctnl, struct sk if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0) +#if 0 return netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, ip_set_dump_done); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
