Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ipset for openSUSE:Factory checked
in at 2024-02-15 20:58:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ipset (Old)
and /work/SRC/openSUSE:Factory/.ipset.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset"
Thu Feb 15 20:58:35 2024 rev:49 rq:1146171 version:7.21
Changes:
--------
--- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2024-02-01
18:03:58.216058519 +0100
+++ /work/SRC/openSUSE:Factory/.ipset.new.1815/ipset.changes 2024-02-15
20:58:37.836204529 +0100
@@ -1,0 +2,6 @@
+Mon Feb 12 12:41:44 UTC 2024 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 7.21
+ * Save mode was broken; this was repaired.
+
+-------------------------------------------------------------------
Old:
----
ipset-7.20.tar.bz2
New:
----
ipset-7.21.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ipset.spec ++++++
--- /var/tmp/diff_new_pack.92UcIh/_old 2024-02-15 20:58:38.504228652 +0100
+++ /var/tmp/diff_new_pack.92UcIh/_new 2024-02-15 20:58:38.504228652 +0100
@@ -25,7 +25,7 @@
%define ipset_build_kmp 0
%endif
Name: ipset
-Version: 7.20
+Version: 7.21
Release: 0
Summary: Netfilter ipset administration utility
License: GPL-2.0-only
++++++ ipset-7.20.tar.bz2 -> ipset-7.21.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/ChangeLog new/ipset-7.21/ChangeLog
--- old/ipset-7.20/ChangeLog 2024-01-31 11:32:03.000000000 +0100
+++ new/ipset-7.21/ChangeLog 2024-02-12 12:57:06.000000000 +0100
@@ -1,3 +1,8 @@
+7.21
+ - The patch "Fix hex literals in json output" broke save mode, restore it
+ - Fix -Werror=format-extra-args warning
+ - Workaround misleading -Wstringop-truncation warning
+
7.20
- Ignore *.order.cmd and *.symvers.cmd files in kernel builds
- Bash completion utility updated
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/configure new/ipset-7.21/configure
--- old/ipset-7.20/configure 2024-01-31 11:33:40.000000000 +0100
+++ new/ipset-7.21/configure 2024-02-12 12:58:35.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ipset 7.20.
+# Generated by GNU Autoconf 2.69 for ipset 7.21.
#
# Report bugs to <kad...@netfilter.org>.
#
@@ -594,8 +594,8 @@
# Identity of this package.
PACKAGE_NAME='ipset'
PACKAGE_TARNAME='ipset'
-PACKAGE_VERSION='7.20'
-PACKAGE_STRING='ipset 7.20'
+PACKAGE_VERSION='7.21'
+PACKAGE_STRING='ipset 7.21'
PACKAGE_BUGREPORT='kad...@netfilter.org'
PACKAGE_URL=''
@@ -1456,7 +1456,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ipset 7.20 to adapt to many kinds of systems.
+\`configure' configures ipset 7.21 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1527,7 +1527,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ipset 7.20:";;
+ short | recursive ) echo "Configuration of ipset 7.21:";;
esac
cat <<\_ACEOF
@@ -1667,7 +1667,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ipset configure 7.20
+ipset configure 7.21
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2045,7 +2045,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ipset $as_me 7.20, which was
+It was created by ipset $as_me 7.21, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2977,7 +2977,7 @@
# Define the identity of the package.
PACKAGE='ipset'
- VERSION='7.20'
+ VERSION='7.21'
cat >>confdefs.h <<_ACEOF
@@ -18331,7 +18331,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ipset $as_me 7.20, which was
+This file was extended by ipset $as_me 7.21, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -18397,7 +18397,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ipset config.status 7.20
+ipset config.status 7.21
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/configure.ac new/ipset-7.21/configure.ac
--- old/ipset-7.20/configure.ac 2024-01-31 11:32:03.000000000 +0100
+++ new/ipset-7.21/configure.ac 2024-02-12 12:57:06.000000000 +0100
@@ -1,5 +1,5 @@
dnl Boilerplate
-AC_INIT([ipset], [7.20], [kad...@netfilter.org])
+AC_INIT([ipset], [7.21], [kad...@netfilter.org])
AC_CONFIG_AUX_DIR([build-aux])
AC_CANONICAL_HOST
AC_CONFIG_MACRO_DIR([m4])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/kernel/ChangeLog
new/ipset-7.21/kernel/ChangeLog
--- old/ipset-7.20/kernel/ChangeLog 2024-01-31 11:32:03.000000000 +0100
+++ new/ipset-7.21/kernel/ChangeLog 2024-02-12 12:57:06.000000000 +0100
@@ -1,3 +1,11 @@
+7.21
+ - netfilter: ipset: Suppress false sparse warnings
+ - tests: Verify module unload when sets with timeout were just destroyed
+ - netfilter: ipset: remove set destroy at ip_set module removal
+ - netfilter: ipset: Cleanup the code of destroy operation and explain
+ the two stages in comments
+ - netfilter: ipset: Missing gc cancellations fixed
+
7.20
- treewide: Convert del_timer*() to timer_shutdown*() (Steven Rostedt)
- Use timer_shutdown_sync() when available, instead of del_timer_sync()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/kernel/net/netfilter/ipset/ip_set_core.c
new/ipset-7.21/kernel/net/netfilter/ipset/ip_set_core.c
--- old/ipset-7.20/kernel/net/netfilter/ipset/ip_set_core.c 2024-01-31
11:32:03.000000000 +0100
+++ new/ipset-7.21/kernel/net/netfilter/ipset/ip_set_core.c 2024-02-12
12:57:06.000000000 +0100
@@ -30,7 +30,6 @@
struct ip_set_net {
struct ip_set * __rcu *ip_set_list; /* all individual sets */
ip_set_id_t ip_set_max; /* max number of sets */
- bool is_deleted; /* deleted by ip_set_net_exit */
bool is_destroyed; /* all sets are destroyed */
};
@@ -926,11 +925,9 @@
struct ip_set_net *inst = ip_set_pernet(net);
nfnl_lock(NFNL_SUBSYS_IPSET);
- if (!inst->is_deleted) { /* already deleted from ip_set_net_exit() */
- set = ip_set(inst, index);
- if (set)
- __ip_set_put(set);
- }
+ set = ip_set(inst, index);
+ if (set)
+ __ip_set_put(set);
nfnl_unlock(NFNL_SUBSYS_IPSET);
}
EXPORT_SYMBOL_GPL(ip_set_nfnl_put);
@@ -1164,6 +1161,7 @@
return ret;
cleanup:
+ set->variant->cancel_gc(set);
set->variant->destroy(set);
put_out:
module_put(set->type->me);
@@ -1181,23 +1179,48 @@
.len = IPSET_MAXNAMELEN - 1 },
};
+/* Destroying a set is split into two stages when a DESTROY command issued:
+ * - Cancel garbage collectors and decrement the module reference counter:
+ * - Cancelling may wait and we are allowed to do it at this stage.
+ * - Module remove is protected by rcu_barrier() which waits for
+ * the second stage to be finished.
+ * - In order to prevent the race between kernel side add/del/test element
+ * operations and destroy, the destroying of the set data areas are
+ * performed via a call_rcu() call.
+ */
+
+/* Call set variant specific destroy function and reclaim the set data. */
static void
-ip_set_destroy_set(struct ip_set *set)
+ip_set_destroy_set_variant(struct ip_set *set)
{
- pr_debug("set: %s\n", set->name);
-
/* Must call it without holding any lock */
set->variant->destroy(set);
- module_put(set->type->me);
kfree(set);
}
static void
-ip_set_destroy_set_rcu(struct rcu_head *head)
+ip_set_destroy_set_variant_rcu(struct rcu_head *head)
{
struct ip_set *set = container_of(head, struct ip_set, rcu);
- ip_set_destroy_set(set);
+ ip_set_destroy_set_variant(set);
+}
+
+/* Cancel the garbage collectors and decrement module references */
+static void
+ip_set_destroy_cancel_gc(struct ip_set *set)
+{
+ set->variant->cancel_gc(set);
+ module_put(set->type->me);
+}
+
+/* Use when we may wait for the complete destroy to be finished.
+ */
+static void
+ip_set_destroy_set(struct ip_set *set)
+{
+ ip_set_destroy_cancel_gc(set);
+ ip_set_destroy_set_variant(set);
}
static int
@@ -1242,8 +1265,6 @@
s = ip_set(inst, i);
if (s) {
ip_set(inst, i) = NULL;
- /* Must cancel garbage collectors */
- s->variant->cancel_gc(s);
ip_set_destroy_set(s);
}
}
@@ -1272,8 +1293,8 @@
rcu_barrier();
}
/* Must cancel garbage collectors */
- s->variant->cancel_gc(s);
- call_rcu(&s->rcu, ip_set_destroy_set_rcu);
+ ip_set_destroy_cancel_gc(s);
+ call_rcu(&s->rcu, ip_set_destroy_set_variant_rcu);
}
return 0;
out:
@@ -2460,7 +2481,6 @@
#else
goto err_alloc;
#endif
- inst->is_deleted = false;
inst->is_destroyed = false;
rcu_assign_pointer(inst->ip_set_list, list);
return 0;
@@ -2477,20 +2497,6 @@
{
struct ip_set_net *inst = ip_set_pernet(net);
- struct ip_set *set = NULL;
- ip_set_id_t i;
-
- inst->is_deleted = true; /* flag for ip_set_nfnl_put */
-
- nfnl_lock(NFNL_SUBSYS_IPSET);
- for (i = 0; i < inst->ip_set_max; i++) {
- set = ip_set(inst, i);
- if (set) {
- ip_set(inst, i) = NULL;
- ip_set_destroy_set(set);
- }
- }
- nfnl_unlock(NFNL_SUBSYS_IPSET);
kvfree(rcu_dereference_protected(inst->ip_set_list, 1));
#ifndef HAVE_NET_OPS_ID
kvfree(inst);
@@ -2557,9 +2563,6 @@
nfnetlink_subsys_unregister(&ip_set_netlink_subsys);
UNREGISTER_PERNET_SUBSYS(&ip_set_net_ops);
- /* Wait for call_rcu() in destroy */
- rcu_barrier();
-
pr_debug("these are the famous last words\n");
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.20/kernel/net/netfilter/ipset/ip_set_hash_gen.h
new/ipset-7.21/kernel/net/netfilter/ipset/ip_set_hash_gen.h
--- old/ipset-7.20/kernel/net/netfilter/ipset/ip_set_hash_gen.h 2024-01-31
11:32:03.000000000 +0100
+++ new/ipset-7.21/kernel/net/netfilter/ipset/ip_set_hash_gen.h 2024-02-12
12:57:06.000000000 +0100
@@ -432,7 +432,7 @@
u32 i;
for (i = 0; i < jhash_size(t->htable_bits); i++) {
- n = __ipset_dereference(hbucket(t, i));
+ n = (__force struct hbucket *)hbucket(t, i);
if (!n)
continue;
if (set->extensions & IPSET_EXT_DESTROY && ext_destroy)
@@ -452,7 +452,7 @@
struct htype *h = set->data;
struct list_head *l, *lt;
- mtype_ahash_destroy(set, ipset_dereference_nfnl(h->table), true);
+ mtype_ahash_destroy(set, (__force struct htable *)h->table, true);
list_for_each_safe(l, lt, &h->ad) {
list_del(l);
kfree(l);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/lib/data.c new/ipset-7.21/lib/data.c
--- old/ipset-7.20/lib/data.c 2024-01-31 11:32:03.000000000 +0100
+++ new/ipset-7.21/lib/data.c 2024-02-12 12:57:06.000000000 +0100
@@ -111,7 +111,7 @@
assert(dst);
assert(src);
- strncpy(dst, src, len);
+ memcpy(dst, src, len);
dst[len - 1] = '\0';
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/lib/session.c new/ipset-7.21/lib/session.c
--- old/ipset-7.20/lib/session.c 2024-01-31 11:32:03.000000000 +0100
+++ new/ipset-7.21/lib/session.c 2024-02-12 12:57:06.000000000 +0100
@@ -1086,12 +1086,12 @@
if (arg->opt == IPSET_OPT_FAMILY) {
safe_snprintf(session, " \"%s\" : \"",
arg->name[0]);
safe_dprintf(session, arg->print, arg->opt);
- safe_snprintf(session, "\",\n", arg->name[0]);
+ safe_snprintf(session, "\",\n");
break;
}
safe_snprintf(session, " \"%s\" : ", arg->name[0]);
safe_dprintf(session, arg->print, arg->opt);
- safe_snprintf(session, ",\n", arg->name[0]);
+ safe_snprintf(session, ",\n");
break;
default:
break;
@@ -2284,7 +2284,8 @@
if (cmd == IPSET_CMD_LIST || cmd == IPSET_CMD_SAVE) {
/* Set default output mode */
if (session->mode == IPSET_LIST_NONE)
- session->mode = IPSET_LIST_PLAIN;
+ session->mode = cmd == IPSET_CMD_LIST ?
+ IPSET_LIST_PLAIN : IPSET_LIST_SAVE;
/* Reset just in case there are multiple modes in a session */
ipset_envopt_unset(session, IPSET_ENV_QUOTED);
switch (session->mode) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/tests/restore.t
new/ipset-7.21/tests/restore.t
--- old/ipset-7.20/tests/restore.t 2024-01-31 11:32:03.000000000 +0100
+++ new/ipset-7.21/tests/restore.t 2024-02-12 12:57:06.000000000 +0100
@@ -6,4 +6,28 @@
0 ipset x
# Check auto-increasing maximal number of sets
0 ./setlist_resize.sh
+# Create bitmap set with timeout
+0 ipset create test1 bitmap:ip range 2.0.0.1-2.1.0.0 timeout 5
+# Add element to bitmap set
+0 ipset add test1 2.0.0.2 timeout 30
+# Create hash set with timeout
+0 ipset -N test2 iphash --hashsize 128 timeout 4
+# Add element to hash set
+0 ipset add test2 2.0.0.3 timeout 30
+# Create list set with timeout
+0 ipset -N test3 list:set timeout 3
+# Add bitmap set to list set
+0 ipset a test3 test1 timeout 30
+# Add hash set to list set
+0 ipset a test3 test2 timeout 30
+# Flush list set
+0 ipset f test3
+# Destroy all sets
+0 ipset x
+# Remove the ip_set_list_set kernel module
+0 rmmod ip_set_list_set
+# Remove the ip_set_bitmap_ip kernel module
+0 rmmod ip_set_bitmap_ip
+# Remove the ip_set_hash_ip kernel module
+0 rmmod ip_set_hash_ip
# eof
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.20/tests/setlist_resize.sh
new/ipset-7.21/tests/setlist_resize.sh
--- old/ipset-7.20/tests/setlist_resize.sh 2024-01-31 11:32:03.000000000
+0100
+++ new/ipset-7.21/tests/setlist_resize.sh 2024-02-12 12:57:06.000000000
+0100
@@ -12,7 +12,7 @@
ip_set_hash_netportnet ip_set_hash_ipmark ip_set_hash_mac \
ip_set_bitmap_port ip_set_bitmap_ipmac \
ip_set_bitmap_ip xt_set ip_set; do
- rmmod $x
+ rmmod $x >/dev/null 2>&1
done
create() {
@@ -31,6 +31,6 @@
test `$ipset l -n | wc -l` -eq 1024 || exit 1
$ipset x
test `lsmod|grep -w ^ip_set_hash_ip | awk '{print $3}'` -eq 0 || exit 1
- rmmod ip_set_hash_ip
- rmmod ip_set
+ rmmod ip_set_hash_ip >/dev/null 2>&1
+ rmmod ip_set >/dev/null 2>&1
done
