ipset/ipset.changes

213 lines
8.4 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Mon Jan 18 15:42:54 UTC 2016 - kstreitova@suse.com
- update to 6.27:
* kernel part changes
* fix reported memory size for hash:* types
* fix hash type expire: release empty hash bucket block
* fix hash type expiration: incorrect index fixed
* collapse same condition body to a single one
* fix extension alignment
* compatibility: include linux/export.h when needed
* compatibility: make sure vmalloc.h is included for kvfree()
* compatibility: Fix detecting 'struct net' in 'struct tcf_ematch'
* compatibility: Protect definition of RCU_INIT_POINTER in
compatibility header file
* netfilter: ipset: Fix sleeping memory allocation in atomic
context (Nikolay Borisov)
* userspace changes
* handle uint64_t alignment issue in ipset tool
- disable KMP build as we support the in-kernel version instead.
Remove ipset-preamble file that is no longer needed [bsc#962345]
- run spec-cleaner
-------------------------------------------------------------------
Sun Aug 30 11:23:27 UTC 2015 - jengelh@inai.de
- Update to new upstream release 6.26
* Out of bound access in hash:net* types fixed
* Make struct htype per ipset family
* Optimize hash creation routine
-------------------------------------------------------------------
Thu Jun 25 09:57:08 UTC 2015 - jengelh@inai.de
- Update to new upstream release 6.25.1
* Add element count to all set types header
* Add element count to hash headers
* Support linking libipset to C++ programs
* When a single set is destroyed, make sure it cannot
be grabbed by dump
* Check CIDR value only when attribute is given
* Permit CIDR equal to the host address CIDR in IPv6
-------------------------------------------------------------------
Mon Nov 24 21:31:24 UTC 2014 - jengelh@inai.de
- Update to new upstream release 6.24
* Alignment problem between 64bit kernel 32bit userspace fixed
* Potential read beyond the end of buffer resolved
* Fix parallel resizing and listing of the same set
* Introduce RCU in all set types instead of rwlock per set
* Remove rbtree from hash:net,iface in order to run under RCU
* Explicitly add padding elements to hash:net,net and
hash:net,port,net
* Allocate the proper size of memory when /0 networks are supported
* Simplify cidr handling for hash:*net* types
* Indicate when /0 networks are supported
-------------------------------------------------------------------
Tue Sep 23 18:04:06 UTC 2014 - jengelh@inai.de
- Update to new upstream release 6.23
* Order create and add options in manpage so that generic ones
come first
* Centralise generic create options (family, hashsize, maxelem)
on top of man page in the generic options section.
* Add description of hash:mac set type to man page.
* Add missing space for skbinfo option synopsis.
* Support updating extensions when the set is full
- Drop sovers.diff (no longer needed)
-------------------------------------------------------------------
Tue Sep 16 06:27:32 UTC 2014 - jengelh@inai.de
- Update to new upstream release 6.22
* includes the new set type hash:mac
* The new skbinfo extension makes possible to store fw mark, tc
class and/or hardware queue parameters together with the set
elements and then attach them to the matchig packets by the SET
target.
- Add sovers.diff to counter missing symbol errors
-------------------------------------------------------------------
Wed Mar 5 08:47:39 UTC 2014 - jengelh@inai.de
- Update to new upstream release 6.21.1
* add userspace support for forceadd
* fix ifname "physdev:" prefix parsing
* print mark & mark mask in hex rather then decimal
* add markmask for hash:ip,mark data type
* add hash:ip,mark data type to ipset
* Fix all set output from list/save when set with counters in use.
* ipset: Fix malformed output from list/save for ICMP types in port
field
* ipset: fix timeout data type size (Nikolay Martynov)
-------------------------------------------------------------------
Mon Oct 28 12:34:04 UTC 2013 - jengelh@inai.de
- Update to new upstream release 6.20.1
* build fixes for kernel 3.8 and the userspace library
- Remove 0001-build-fix-incorrect-library-versioning.patch (merged)
-------------------------------------------------------------------
Sun Oct 20 13:03:53 UTC 2013 - jengelh@inai.de
- Add 0001-build-fix-incorrect-library-versioning.patch
-------------------------------------------------------------------
Sun Oct 20 12:43:51 UTC 2013 - jengelh@inai.de
- Update to new upstream release 6.20
* netns support
* new set types: hash:net,net and hash:net,port,net
* new extension: "comment", for annotation of set elements
- Drop sles11.diff (no longer needed, upstream has better fix)
-------------------------------------------------------------------
Fri May 10 20:11:15 UTC 2013 - jengelh@inai.de
- Update to new upstream release 6.19
* This release adds per-element byte and packet counters for every
set type. (Matching these will be available in iptables-1.4.19.)
-------------------------------------------------------------------
Mon Apr 15 06:20:31 UTC 2013 - jengelh@inai.de
- Update to new upstream release 6.18
* bitmap:ip,mac: fix listing with timeout
* hash:*net*: nomatch flag not excluded on set resize
* list:set: update reference counter when last element pushed off
-------------------------------------------------------------------
Thu Feb 21 16:07:01 UTC 2013 - jengelh@inai.de
- Update to new upstream release 6.17
* Fix revision printing in XML mode
* Correct "Suspicious condition (assignment + comparison)"
* Fix error path when protocol number is used with port range
* Interactive mode error after syntax error
* New utilities: ipset_bash_completion, ipset_list
* Ensure ip_set_max is not set to IPSET_INVALID_ID
* Resolve corrupted timeout values on set resize
* Resolve "Directory not empty" error message
-------------------------------------------------------------------
Tue Nov 27 12:50:37 UTC 2012 - jengelh@inai.de
- Update to new upstream release 6.16.1
* Fix RCU handling when the number of maximal sets are increased
* netfilter: ipset: fix netiface set name overflow
- Remove 0001-build-support-for-Linux-3.7-UAPI.patch, merged upstream
- Remove 0001-build-Linux-3.7-netlink-fun.patch, merged upstream
-------------------------------------------------------------------
Mon Nov 19 16:20:13 UTC 2012 - jengelh@inai.de
- Update to new upstream release 6.15
* Userspace changes:
* Use gethostbyname2 instead of getaddrinfo
* Support protocol numbers as well, not only protocol names
* Kernel part changes:
* Increase the number of maximal sets automatically as needed
* Fix range bug in hash:ip,port,net
- Add 0001-build-support-for-Linux-3.7-UAPI.patch
- Add 0001-build-Linux-3.7-netlink-fun.patch
-------------------------------------------------------------------
Sat Sep 22 14:20:06 UTC 2012 - jengelh@inai.de
- Update to new upstream release 6.14
* Internal CIDR bookkeeping was broken and would lead to mismatches
when the number of different sized networks are greater than the
smallest CIDR value
* Support to match elements marked with "nomatch" in hash:*net* sets
* Add /0 network support to hash:net,iface type
-------------------------------------------------------------------
Sat Jun 30 18:33:33 UTC 2012 - jengelh@inai.de
- Update to new upstream release 6.13
* more restrictive command-line parser
* documentation updates w.r.t. src/dst for hash:net,iface
* allow saving to/restoring from a file without shell redirection
* kernel: hash:net,iface: fix interface comparison
* timeout fixing bug broke SET target special timeout value, fixed
-------------------------------------------------------------------
Thu May 10 11:07:52 UTC 2012 - jengelh@inai.de
- Update to new upstream release 6.12
* Report syntax error messages immediately
* Add dynamic module support to ipset userspace tool
* Fix timeout value overflow bug at large timeout parameters
* gcc 4.7 support
-------------------------------------------------------------------
Fri Jan 20 17:27:01 UTC 2012 - jengelh@medozas.de
- Update to new upstream release 6.11
* libipset is now complete; ipset is just a frontend
* Log warning when a hash type of set gets full
* Exceptions support added to hash:*net* types
* hash:net,iface timeout bug fixed
* Support hostnames and service names with dash
-------------------------------------------------------------------
Sun Jan 1 03:17:39 UTC 2012 - jengelh@medozas.de
- Populate ipset package on build.opensuse.org after disabling
ipset-genl compilation in xtables-addons