Hello community, here is the log from the commit of package ipset for openSUSE:Factory checked in at 2019-08-27 15:21:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ipset (Old) and /work/SRC/openSUSE:Factory/.ipset.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset" Tue Aug 27 15:21:46 2019 rev:35 rq:724577 version:7.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2019-06-22 11:23:58.581373212 +0200 +++ /work/SRC/openSUSE:Factory/.ipset.new.7948/ipset.changes 2019-08-27 15:21:47.692828527 +0200 @@ -1,0 +2,11 @@ +Mon Aug 19 12:53:22 UTC 2019 - Jan Engelhardt <[email protected]> + +- Update to new upstream release 7.3 + * Fix rename concurrency with listing, which can result broken + list/save results. + * ipset: Copy the right MAC address in bitmap:ip,mac and + hash:ip,mac sets. + * ipset: Actually allow destination MAC address for hash:ip,mac + sets too. + +------------------------------------------------------------------- Old: ---- ipset-7.2.tar.bz2 New: ---- ipset-7.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipset.spec ++++++ --- /var/tmp/diff_new_pack.CGqmv1/_old 2019-08-27 15:21:48.228828257 +0200 +++ /var/tmp/diff_new_pack.CGqmv1/_new 2019-08-27 15:21:48.228828257 +0200 @@ -25,12 +25,13 @@ %define ipset_build_kmp 0 %endif Name: ipset -Version: 7.2 +Version: 7.3 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0-only Group: Productivity/Networking/Security -Url: http://ipset.netfilter.org/ +URL: http://ipset.netfilter.org/ + #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ Source: http://ipset.netfilter.org/%name-%version.tar.bz2 @@ -58,7 +59,7 @@ ipset can: * store multiple IP addresses or port numbers and match against the - collection by iptables at one swoop; + collection by iptables in one swoop; * dynamically update iptables rules against IP addresses or ports without performance penalty; * express complex IP address and ports based rulesets with one single ++++++ ipset-7.2.tar.bz2 -> ipset-7.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/ChangeLog new/ipset-7.3/ChangeLog --- old/ipset-7.2/ChangeLog 2019-06-10 12:10:11.000000000 +0200 +++ new/ipset-7.3/ChangeLog 2019-07-23 10:34:26.000000000 +0200 @@ -1,3 +1,6 @@ +7.3 + - ipset: fix spelling error in libipset.3 manpage (Neutron Soutmun) + 7.2 - Update my email address diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/configure new/ipset-7.3/configure --- old/ipset-7.2/configure 2019-06-10 12:12:23.000000000 +0200 +++ new/ipset-7.3/configure 2019-07-29 14:15:11.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ipset 7.2. +# Generated by GNU Autoconf 2.69 for ipset 7.3. # # Report bugs to <[email protected]>. # @@ -594,8 +594,8 @@ # Identity of this package. PACKAGE_NAME='ipset' PACKAGE_TARNAME='ipset' -PACKAGE_VERSION='7.2' -PACKAGE_STRING='ipset 7.2' +PACKAGE_VERSION='7.3' +PACKAGE_STRING='ipset 7.3' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1433,7 +1433,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ipset 7.2 to adapt to many kinds of systems. +\`configure' configures ipset 7.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1504,7 +1504,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ipset 7.2:";; + short | recursive ) echo "Configuration of ipset 7.3:";; esac cat <<\_ACEOF @@ -1642,7 +1642,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ipset configure 7.2 +ipset configure 7.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2020,7 +2020,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ipset $as_me 7.2, which was +It was created by ipset $as_me 7.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2957,7 +2957,7 @@ # Define the identity of the package. PACKAGE='ipset' - VERSION='7.2' + VERSION='7.3' cat >>confdefs.h <<_ACEOF @@ -17943,7 +17943,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ipset $as_me 7.2, which was +This file was extended by ipset $as_me 7.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18009,7 +18009,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ipset config.status 7.2 +ipset config.status 7.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/configure.ac new/ipset-7.3/configure.ac --- old/ipset-7.2/configure.ac 2019-06-10 12:10:11.000000000 +0200 +++ new/ipset-7.3/configure.ac 2019-07-23 10:34:26.000000000 +0200 @@ -1,5 +1,5 @@ dnl Boilerplate -AC_INIT([ipset], [7.2], [[email protected]]) +AC_INIT([ipset], [7.3], [[email protected]]) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/kernel/ChangeLog new/ipset-7.3/kernel/ChangeLog --- old/ipset-7.2/kernel/ChangeLog 2019-06-10 12:10:11.000000000 +0200 +++ new/ipset-7.3/kernel/ChangeLog 2019-07-23 10:34:26.000000000 +0200 @@ -1,3 +1,10 @@ +7.3 + - Fix rename concurrency with listing + - ipset: Copy the right MAC address in bitmap:ip,mac and + hash:ip,mac sets (Stefano Brivio) + - ipset: Actually allow destination MAC address for hash:ip,mac + sets too (Stefano Brivio) + 7.2 - Update my email address - ipset: Fix memory accounting for hash types on resize (Stefano Brivio) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/kernel/include/linux/netfilter/ipset/ip_set.h new/ipset-7.3/kernel/include/linux/netfilter/ipset/ip_set.h --- old/ipset-7.2/kernel/include/linux/netfilter/ipset/ip_set.h 2019-06-10 12:10:11.000000000 +0200 +++ new/ipset-7.3/kernel/include/linux/netfilter/ipset/ip_set.h 2019-07-23 10:34:26.000000000 +0200 @@ -402,6 +402,13 @@ return ntohs(nla_get_be16(attr)); } +/* In order to support older kernels before patch ae0be8de9a53cda3: + * + * netlink: make nla_nest_start() add NLA_F_NESTED flag + * + * we have to keep ipset_nest_start() ipset_nest_end() + * in the package source +*/ #define ipset_nest_start(skb, attr) nla_nest_start(skb, attr | NLA_F_NESTED) #define ipset_nest_end(skb, start) nla_nest_end(skb, start) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c new/ipset-7.3/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c --- old/ipset-7.2/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c 2019-06-10 12:10:11.000000000 +0200 +++ new/ipset-7.3/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c 2019-07-23 10:34:26.000000000 +0200 @@ -232,7 +232,7 @@ e.id = ip_to_id(map, ip); - if (opt->flags & IPSET_DIM_ONE_SRC) + if (opt->flags & IPSET_DIM_TWO_SRC) ether_addr_copy(e.ether, eth_hdr(skb)->h_source); else ether_addr_copy(e.ether, eth_hdr(skb)->h_dest); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/kernel/net/netfilter/ipset/ip_set_core.c new/ipset-7.3/kernel/net/netfilter/ipset/ip_set_core.c --- old/ipset-7.2/kernel/net/netfilter/ipset/ip_set_core.c 2019-06-10 12:10:11.000000000 +0200 +++ new/ipset-7.3/kernel/net/netfilter/ipset/ip_set_core.c 2019-07-23 10:34:26.000000000 +0200 @@ -1173,7 +1173,7 @@ return -ENOENT; write_lock_bh(&ip_set_ref_lock); - if (set->ref != 0) { + if (set->ref != 0 || set->ref_netlink != 0) { ret = -IPSET_ERR_REFERENCED; goto out; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c new/ipset-7.3/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c --- old/ipset-7.2/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c 2019-06-10 12:10:11.000000000 +0200 +++ new/ipset-7.3/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c 2019-07-23 10:34:26.000000000 +0200 @@ -92,15 +92,11 @@ struct hash_ipmac4_elem e = { .ip = 0, { .foo[0] = 0, .foo[1] = 0 } }; struct ip_set_ext ext = IP_SET_INIT_KEXT(skb, opt, set); - /* MAC can be src only */ - if (!(opt->flags & IPSET_DIM_TWO_SRC)) - return 0; - if (skb_mac_header(skb) < skb->head || (skb_mac_header(skb) + ETH_HLEN) > skb->data) return -EINVAL; - if (opt->flags & IPSET_DIM_ONE_SRC) + if (opt->flags & IPSET_DIM_TWO_SRC) ether_addr_copy(e.ether, eth_hdr(skb)->h_source); else ether_addr_copy(e.ether, eth_hdr(skb)->h_dest); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.2/lib/libipset.3 new/ipset-7.3/lib/libipset.3 --- old/ipset-7.2/lib/libipset.3 2019-06-10 12:10:11.000000000 +0200 +++ new/ipset-7.3/lib/libipset.3 2019-07-23 10:34:26.000000000 +0200 @@ -77,7 +77,7 @@ ipset_parse_argv Parses the .B argc -lenght of array of strings +length of array of strings .B argv with the already initialized .B @@ -165,7 +165,7 @@ .TP ipset_session_full_io -You can controll the full IO, i.e. input (restore) and output (save) +You can control the full IO, i.e. input (restore) and output (save) separatedly by the function. The .B session @@ -187,7 +187,7 @@ .TP ipset_session_normal_io -You can controll the normal IO, which corresponds to the interface +You can control the normal IO, which corresponds to the interface provided by .B ipset(8) @@ -218,7 +218,7 @@ where .B what -tells the funtion you want to get the input or the output stream. +tells the function you want to get the input or the output stream. .TP ipset_session_io_close @@ -228,7 +228,7 @@ where .B what -tells the funtion you want to close the input or the output +tells the function you want to close the input or the output stream. After closing, the standard streams are set: stdin for input, stdout for output.
