------------------------------------------------------------------- Wed Mar 16 23:25:41 UTC 2016 - jengelh@inai.de - Update to new upstream release 6.29 * Fix race condition in ipset save, swap and delete ------------------------------------------------------------------- Sat Mar 12 21:40:08 UTC 2016 - jengelh@inai.de - Update to new upstream release 6.28 * Test added to check 0.0.0.0/0,iface to be matched in hash:net,iface type * Check IPSET_ATTR_ETHER netlink attribute length * Fix set:list type crash when flush/dump set in parallel * Allow a 0 netmask with hash_netiface type - Restore unreviewed deletion of KMP production, undo spec-cleaner refucktoring - Add ipset-destdir.diff ------------------------------------------------------------------- Mon Jan 18 15:42:54 UTC 2016 - kstreitova@suse.com - update to 6.27: * kernel part changes * fix reported memory size for hash:* types * fix hash type expire: release empty hash bucket block * fix hash type expiration: incorrect index fixed * collapse same condition body to a single one * fix extension alignment * compatibility: include linux/export.h when needed * compatibility: make sure vmalloc.h is included for kvfree() * compatibility: Fix detecting 'struct net' in 'struct tcf_ematch' * compatibility: Protect definition of RCU_INIT_POINTER in compatibility header file * netfilter: ipset: Fix sleeping memory allocation in atomic context (Nikolay Borisov) * userspace changes * handle uint64_t alignment issue in ipset tool - disable KMP build as we support the in-kernel version instead. Remove ipset-preamble file that is no longer needed [bsc#962345] - run spec-cleaner ------------------------------------------------------------------- Sun Aug 30 11:23:27 UTC 2015 - jengelh@inai.de - Update to new upstream release 6.26 * Out of bound access in hash:net* types fixed * Make struct htype per ipset family * Optimize hash creation routine ------------------------------------------------------------------- Thu Jun 25 09:57:08 UTC 2015 - jengelh@inai.de - Update to new upstream release 6.25.1 * Add element count to all set types header * Add element count to hash headers * Support linking libipset to C++ programs * When a single set is destroyed, make sure it cannot be grabbed by dump * Check CIDR value only when attribute is given * Permit CIDR equal to the host address CIDR in IPv6 ------------------------------------------------------------------- Mon Nov 24 21:31:24 UTC 2014 - jengelh@inai.de - Update to new upstream release 6.24 * Alignment problem between 64bit kernel 32bit userspace fixed * Potential read beyond the end of buffer resolved * Fix parallel resizing and listing of the same set * Introduce RCU in all set types instead of rwlock per set * Remove rbtree from hash:net,iface in order to run under RCU * Explicitly add padding elements to hash:net,net and hash:net,port,net * Allocate the proper size of memory when /0 networks are supported * Simplify cidr handling for hash:*net* types * Indicate when /0 networks are supported ------------------------------------------------------------------- Tue Sep 23 18:04:06 UTC 2014 - jengelh@inai.de - Update to new upstream release 6.23 * Order create and add options in manpage so that generic ones come first * Centralise generic create options (family, hashsize, maxelem) on top of man page in the generic options section. * Add description of hash:mac set type to man page. * Add missing space for skbinfo option synopsis. * Support updating extensions when the set is full - Drop sovers.diff (no longer needed) ------------------------------------------------------------------- Tue Sep 16 06:27:32 UTC 2014 - jengelh@inai.de - Update to new upstream release 6.22 * includes the new set type hash:mac * The new skbinfo extension makes possible to store fw mark, tc class and/or hardware queue parameters together with the set elements and then attach them to the matchig packets by the SET target. - Add sovers.diff to counter missing symbol errors ------------------------------------------------------------------- Wed Mar 5 08:47:39 UTC 2014 - jengelh@inai.de - Update to new upstream release 6.21.1 * add userspace support for forceadd * fix ifname "physdev:" prefix parsing * print mark & mark mask in hex rather then decimal * add markmask for hash:ip,mark data type * add hash:ip,mark data type to ipset * Fix all set output from list/save when set with counters in use. * ipset: Fix malformed output from list/save for ICMP types in port field * ipset: fix timeout data type size (Nikolay Martynov) ------------------------------------------------------------------- Mon Oct 28 12:34:04 UTC 2013 - jengelh@inai.de - Update to new upstream release 6.20.1 * build fixes for kernel 3.8 and the userspace library - Remove 0001-build-fix-incorrect-library-versioning.patch (merged) ------------------------------------------------------------------- Sun Oct 20 13:03:53 UTC 2013 - jengelh@inai.de - Add 0001-build-fix-incorrect-library-versioning.patch ------------------------------------------------------------------- Sun Oct 20 12:43:51 UTC 2013 - jengelh@inai.de - Update to new upstream release 6.20 * netns support * new set types: hash:net,net and hash:net,port,net * new extension: "comment", for annotation of set elements - Drop sles11.diff (no longer needed, upstream has better fix) ------------------------------------------------------------------- Fri May 10 20:11:15 UTC 2013 - jengelh@inai.de - Update to new upstream release 6.19 * This release adds per-element byte and packet counters for every set type. (Matching these will be available in iptables-1.4.19.) ------------------------------------------------------------------- Mon Apr 15 06:20:31 UTC 2013 - jengelh@inai.de - Update to new upstream release 6.18 * bitmap:ip,mac: fix listing with timeout * hash:*net*: nomatch flag not excluded on set resize * list:set: update reference counter when last element pushed off ------------------------------------------------------------------- Thu Feb 21 16:07:01 UTC 2013 - jengelh@inai.de - Update to new upstream release 6.17 * Fix revision printing in XML mode * Correct "Suspicious condition (assignment + comparison)" * Fix error path when protocol number is used with port range * Interactive mode error after syntax error * New utilities: ipset_bash_completion, ipset_list * Ensure ip_set_max is not set to IPSET_INVALID_ID * Resolve corrupted timeout values on set resize * Resolve "Directory not empty" error message ------------------------------------------------------------------- Tue Nov 27 12:50:37 UTC 2012 - jengelh@inai.de - Update to new upstream release 6.16.1 * Fix RCU handling when the number of maximal sets are increased * netfilter: ipset: fix netiface set name overflow - Remove 0001-build-support-for-Linux-3.7-UAPI.patch, merged upstream - Remove 0001-build-Linux-3.7-netlink-fun.patch, merged upstream ------------------------------------------------------------------- Mon Nov 19 16:20:13 UTC 2012 - jengelh@inai.de - Update to new upstream release 6.15 * Userspace changes: * Use gethostbyname2 instead of getaddrinfo * Support protocol numbers as well, not only protocol names * Kernel part changes: * Increase the number of maximal sets automatically as needed * Fix range bug in hash:ip,port,net - Add 0001-build-support-for-Linux-3.7-UAPI.patch - Add 0001-build-Linux-3.7-netlink-fun.patch ------------------------------------------------------------------- Sat Sep 22 14:20:06 UTC 2012 - jengelh@inai.de - Update to new upstream release 6.14 * Internal CIDR bookkeeping was broken and would lead to mismatches when the number of different sized networks are greater than the smallest CIDR value * Support to match elements marked with "nomatch" in hash:*net* sets * Add /0 network support to hash:net,iface type ------------------------------------------------------------------- Sat Jun 30 18:33:33 UTC 2012 - jengelh@inai.de - Update to new upstream release 6.13 * more restrictive command-line parser * documentation updates w.r.t. src/dst for hash:net,iface * allow saving to/restoring from a file without shell redirection * kernel: hash:net,iface: fix interface comparison * timeout fixing bug broke SET target special timeout value, fixed ------------------------------------------------------------------- Thu May 10 11:07:52 UTC 2012 - jengelh@inai.de - Update to new upstream release 6.12 * Report syntax error messages immediately * Add dynamic module support to ipset userspace tool * Fix timeout value overflow bug at large timeout parameters * gcc 4.7 support ------------------------------------------------------------------- Fri Jan 20 17:27:01 UTC 2012 - jengelh@medozas.de - Update to new upstream release 6.11 * libipset is now complete; ipset is just a frontend * Log warning when a hash type of set gets full * Exceptions support added to hash:*net* types * hash:net,iface timeout bug fixed * Support hostnames and service names with dash ------------------------------------------------------------------- Sun Jan 1 03:17:39 UTC 2012 - jengelh@medozas.de - Populate ipset package on build.opensuse.org after disabling ipset-genl compilation in xtables-addons