2019-06-10 15:58:34 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Jun 10 13:09:47 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 7.2
|
|
|
|
|
|
* ipset: Fix memory accounting for hash types on resize
|
|
|
|
|
|
|
2018-12-11 14:04:55 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Dec 11 13:02:03 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 7.1
|
|
|
|
|
|
* Correct the manpage about the sort option
|
|
|
|
|
|
* Implement sorting for hash types in the ipset tool
|
|
|
|
|
|
* Fix to list/save into file specified by option
|
|
|
|
|
|
- Remove ipset-file.diff (merged)
|
|
|
|
|
|
|
2018-11-21 01:52:55 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Nov 20 17:58:53 UTC 2018 - Arjen de Korte <suse+build@de-korte.org>
|
|
|
|
|
|
|
|
|
|
|
|
- Add ipset-file.diff [boo#1116432].
|
|
|
|
|
|
|
2018-10-30 08:59:43 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Oct 30 07:54:50 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 7.0
|
|
|
|
|
|
* A new internal protocol version between the kernel and
|
|
|
|
|
|
userspace is used. This is required in order to support two
|
|
|
|
|
|
new functions and the extendend LIST operation, which makes
|
|
|
|
|
|
possible to run ipset in every case entirely over netlink,
|
|
|
|
|
|
without the need to use getsockopt().
|
|
|
|
|
|
* The userspace library was reworked so it can be embedded
|
|
|
|
|
|
without calling the binary.
|
|
|
|
|
|
|
2018-04-11 01:12:41 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Apr 10 20:21:59 UTC 2018 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.38
|
|
|
|
|
|
* Fix parsing service names for ports.
|
|
|
|
|
|
|
2018-03-04 00:30:18 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sat Mar 3 23:27:51 UTC 2018 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.36
|
|
|
|
|
|
* Adding a IPv4 range x.x.x.x–255.255.255.255 could lead to
|
|
|
|
|
|
memory exhaustion, which has been fixed.
|
|
|
|
|
|
- Drop 0001-build-do-install-libipset-args.h.patch (merged)
|
|
|
|
|
|
|
2018-01-06 22:51:59 +01:00
|
|
|
|
-------------------------------------------------------------------
|
2018-01-22 22:52:40 +01:00
|
|
|
|
Mon Jan 22 21:49:31 UTC 2018 - jengelh@inai.de
|
|
|
|
|
|
|
2018-02-06 17:36:45 +01:00
|
|
|
|
- Add 0001-build-do-install-libipset-args.h.patch [boo#1077037].
|
2018-01-22 22:52:40 +01:00
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2018-01-06 22:51:59 +01:00
|
|
|
|
Sat Jan 6 21:47:52 UTC 2018 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.35
|
|
|
|
|
|
* Userspace revision handling is reworked
|
|
|
|
|
|
* Backport patch: netfilter: ipset: use nfnl_mutex_is_locked
|
|
|
|
|
|
* Missing nfnl_lock()/nfnl_unlock() is added to
|
|
|
|
|
|
ip_set_net_exit()
|
|
|
|
|
|
* netfilter: ipset: add resched points during set listing
|
|
|
|
|
|
* Fix "don't update counters" mode when counters used at the
|
|
|
|
|
|
matching
|
|
|
|
|
|
* netfilter: ipset: Fix race between dump and swap
|
|
|
|
|
|
|
2017-09-23 22:34:12 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sat Sep 23 19:10:12 UTC 2017 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.34
|
|
|
|
|
|
* Reset state after a command failed, when multiple ones
|
|
|
|
|
|
are issued.
|
|
|
|
|
|
* Handle padding attribute properly in userspace.
|
|
|
|
|
|
* Test to check the fix to add an IPv4 range containing more
|
|
|
|
|
|
than 2^31 addresses.
|
|
|
|
|
|
- Remove ipset-6.33-export-func.diff (merged)
|
|
|
|
|
|
|
2017-09-17 23:24:03 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sun Sep 17 21:19:30 UTC 2017 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.33
|
|
|
|
|
|
* Report if the option is supported by a newer kernel release
|
|
|
|
|
|
- Add ipset-6.33-export-func.diff
|
|
|
|
|
|
|
2017-09-17 22:36:16 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri Sep 15 16:44:31 UTC 2017 - kstreitova@suse.com
|
|
|
|
|
|
|
|
|
|
|
|
- fix build for Factory
|
|
|
|
|
|
|
2017-03-17 12:47:06 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri Mar 17 11:45:35 UTC 2017 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.31
|
|
|
|
|
|
* ipset: avoid kernel null pointer exception in ipset list:set
|
|
|
|
|
|
* fix bug: sometimes valid entries in hash:* types of sets were
|
|
|
|
|
|
evicted
|
|
|
|
|
|
- Update to new upstream release 6.32
|
|
|
|
|
|
* fix possible truncated output in ipset output buffer handling
|
|
|
|
|
|
|
2016-10-20 20:34:33 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu Oct 20 18:25:24 UTC 2016 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.30
|
|
|
|
|
|
* hash:ipmac type support added to ipset
|
|
|
|
|
|
|
2016-03-17 00:30:10 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Mar 16 23:25:41 UTC 2016 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.29
|
|
|
|
|
|
* Fix race condition in ipset save, swap and delete
|
|
|
|
|
|
|
2016-03-13 12:49:43 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sat Mar 12 21:40:08 UTC 2016 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.28
|
|
|
|
|
|
* Test added to check 0.0.0.0/0,iface to be matched in
|
|
|
|
|
|
hash:net,iface type
|
|
|
|
|
|
* Check IPSET_ATTR_ETHER netlink attribute length
|
|
|
|
|
|
* Fix set:list type crash when flush/dump set in parallel
|
|
|
|
|
|
* Allow a 0 netmask with hash_netiface type
|
2016-03-17 01:24:00 +01:00
|
|
|
|
- Restore unreviewed deletion of KMP production,
|
|
|
|
|
|
undo spec-cleaner refucktoring
|
2016-03-24 12:20:07 +01:00
|
|
|
|
- Add ipset-destdir.diff
|
2016-03-13 12:49:43 +01:00
|
|
|
|
|
2016-01-19 14:12:16 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Jan 18 15:42:54 UTC 2016 - kstreitova@suse.com
|
|
|
|
|
|
|
|
|
|
|
|
- update to 6.27:
|
|
|
|
|
|
* kernel part changes
|
|
|
|
|
|
* fix reported memory size for hash:* types
|
|
|
|
|
|
* fix hash type expire: release empty hash bucket block
|
|
|
|
|
|
* fix hash type expiration: incorrect index fixed
|
|
|
|
|
|
* collapse same condition body to a single one
|
|
|
|
|
|
* fix extension alignment
|
|
|
|
|
|
* compatibility: include linux/export.h when needed
|
|
|
|
|
|
* compatibility: make sure vmalloc.h is included for kvfree()
|
|
|
|
|
|
* compatibility: Fix detecting 'struct net' in 'struct tcf_ematch'
|
|
|
|
|
|
* compatibility: Protect definition of RCU_INIT_POINTER in
|
|
|
|
|
|
compatibility header file
|
|
|
|
|
|
* netfilter: ipset: Fix sleeping memory allocation in atomic
|
|
|
|
|
|
context (Nikolay Borisov)
|
|
|
|
|
|
* userspace changes
|
|
|
|
|
|
* handle uint64_t alignment issue in ipset tool
|
|
|
|
|
|
- disable KMP build as we support the in-kernel version instead.
|
|
|
|
|
|
Remove ipset-preamble file that is no longer needed [bsc#962345]
|
|
|
|
|
|
- run spec-cleaner
|
|
|
|
|
|
|
2015-08-30 13:27:21 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sun Aug 30 11:23:27 UTC 2015 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.26
|
|
|
|
|
|
* Out of bound access in hash:net* types fixed
|
|
|
|
|
|
* Make struct htype per ipset family
|
|
|
|
|
|
* Optimize hash creation routine
|
|
|
|
|
|
|
2015-06-25 12:04:16 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu Jun 25 09:57:08 UTC 2015 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.25.1
|
|
|
|
|
|
* Add element count to all set types header
|
|
|
|
|
|
* Add element count to hash headers
|
|
|
|
|
|
* Support linking libipset to C++ programs
|
|
|
|
|
|
* When a single set is destroyed, make sure it cannot
|
|
|
|
|
|
be grabbed by dump
|
|
|
|
|
|
* Check CIDR value only when attribute is given
|
|
|
|
|
|
* Permit CIDR equal to the host address CIDR in IPv6
|
|
|
|
|
|
|
2014-11-25 00:00:01 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Nov 24 21:31:24 UTC 2014 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.24
|
|
|
|
|
|
* Alignment problem between 64bit kernel 32bit userspace fixed
|
|
|
|
|
|
* Potential read beyond the end of buffer resolved
|
|
|
|
|
|
* Fix parallel resizing and listing of the same set
|
|
|
|
|
|
* Introduce RCU in all set types instead of rwlock per set
|
|
|
|
|
|
* Remove rbtree from hash:net,iface in order to run under RCU
|
|
|
|
|
|
* Explicitly add padding elements to hash:net,net and
|
|
|
|
|
|
hash:net,port,net
|
|
|
|
|
|
* Allocate the proper size of memory when /0 networks are supported
|
|
|
|
|
|
* Simplify cidr handling for hash:*net* types
|
|
|
|
|
|
* Indicate when /0 networks are supported
|
|
|
|
|
|
|
2014-09-23 20:34:10 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Sep 23 18:04:06 UTC 2014 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.23
|
|
|
|
|
|
* Order create and add options in manpage so that generic ones
|
|
|
|
|
|
come first
|
|
|
|
|
|
* Centralise generic create options (family, hashsize, maxelem)
|
|
|
|
|
|
on top of man page in the generic options section.
|
|
|
|
|
|
* Add description of hash:mac set type to man page.
|
|
|
|
|
|
* Add missing space for skbinfo option synopsis.
|
|
|
|
|
|
* Support updating extensions when the set is full
|
|
|
|
|
|
- Drop sovers.diff (no longer needed)
|
|
|
|
|
|
|
2014-09-16 08:28:50 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Sep 16 06:27:32 UTC 2014 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.22
|
|
|
|
|
|
* includes the new set type hash:mac
|
|
|
|
|
|
* The new skbinfo extension makes possible to store fw mark, tc
|
|
|
|
|
|
class and/or hardware queue parameters together with the set
|
|
|
|
|
|
elements and then attach them to the matchig packets by the SET
|
|
|
|
|
|
target.
|
2014-09-21 11:16:39 +02:00
|
|
|
|
- Add sovers.diff to counter missing symbol errors
|
2014-09-16 08:28:50 +02:00
|
|
|
|
|
2014-03-05 09:52:06 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Mar 5 08:47:39 UTC 2014 - jengelh@inai.de
|
|
|
|
|
|
|
2014-03-09 18:06:41 +01:00
|
|
|
|
- Update to new upstream release 6.21.1
|
2014-03-05 09:52:06 +01:00
|
|
|
|
* add userspace support for forceadd
|
|
|
|
|
|
* fix ifname "physdev:" prefix parsing
|
|
|
|
|
|
* print mark & mark mask in hex rather then decimal
|
|
|
|
|
|
* add markmask for hash:ip,mark data type
|
|
|
|
|
|
* add hash:ip,mark data type to ipset
|
|
|
|
|
|
* Fix all set output from list/save when set with counters in use.
|
|
|
|
|
|
* ipset: Fix malformed output from list/save for ICMP types in port
|
|
|
|
|
|
field
|
|
|
|
|
|
* ipset: fix timeout data type size (Nikolay Martynov)
|
|
|
|
|
|
|
2013-10-28 13:39:08 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Oct 28 12:34:04 UTC 2013 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.20.1
|
|
|
|
|
|
* build fixes for kernel 3.8 and the userspace library
|
|
|
|
|
|
- Remove 0001-build-fix-incorrect-library-versioning.patch (merged)
|
|
|
|
|
|
|
2013-10-20 15:17:58 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sun Oct 20 13:03:53 UTC 2013 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Add 0001-build-fix-incorrect-library-versioning.patch
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sun Oct 20 12:43:51 UTC 2013 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.20
|
|
|
|
|
|
* netns support
|
|
|
|
|
|
* new set types: hash:net,net and hash:net,port,net
|
|
|
|
|
|
* new extension: "comment", for annotation of set elements
|
|
|
|
|
|
- Drop sles11.diff (no longer needed, upstream has better fix)
|
|
|
|
|
|
|
2013-05-10 22:27:09 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri May 10 20:11:15 UTC 2013 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.19
|
|
|
|
|
|
* This release adds per-element byte and packet counters for every
|
|
|
|
|
|
set type. (Matching these will be available in iptables-1.4.19.)
|
|
|
|
|
|
|
2013-04-15 08:31:46 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Apr 15 06:20:31 UTC 2013 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.18
|
|
|
|
|
|
* bitmap:ip,mac: fix listing with timeout
|
|
|
|
|
|
* hash:*net*: nomatch flag not excluded on set resize
|
|
|
|
|
|
* list:set: update reference counter when last element pushed off
|
|
|
|
|
|
|
2013-03-06 00:30:11 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu Feb 21 16:07:01 UTC 2013 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.17
|
|
|
|
|
|
* Fix revision printing in XML mode
|
|
|
|
|
|
* Correct "Suspicious condition (assignment + comparison)"
|
|
|
|
|
|
* Fix error path when protocol number is used with port range
|
|
|
|
|
|
* Interactive mode error after syntax error
|
|
|
|
|
|
* New utilities: ipset_bash_completion, ipset_list
|
|
|
|
|
|
* Ensure ip_set_max is not set to IPSET_INVALID_ID
|
|
|
|
|
|
* Resolve corrupted timeout values on set resize
|
|
|
|
|
|
* Resolve "Directory not empty" error message
|
|
|
|
|
|
|
2012-11-27 13:54:19 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Nov 27 12:50:37 UTC 2012 - jengelh@inai.de
|
|
|
|
|
|
|
2012-12-03 23:21:19 +01:00
|
|
|
|
- Update to new upstream release 6.16.1
|
2012-12-10 17:32:25 +01:00
|
|
|
|
* Fix RCU handling when the number of maximal sets are increased
|
|
|
|
|
|
* netfilter: ipset: fix netiface set name overflow
|
2012-11-27 13:54:19 +01:00
|
|
|
|
- Remove 0001-build-support-for-Linux-3.7-UAPI.patch, merged upstream
|
|
|
|
|
|
- Remove 0001-build-Linux-3.7-netlink-fun.patch, merged upstream
|
|
|
|
|
|
|
2012-11-19 17:23:06 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Nov 19 16:20:13 UTC 2012 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.15
|
|
|
|
|
|
* Userspace changes:
|
|
|
|
|
|
* Use gethostbyname2 instead of getaddrinfo
|
|
|
|
|
|
* Support protocol numbers as well, not only protocol names
|
|
|
|
|
|
* Kernel part changes:
|
|
|
|
|
|
* Increase the number of maximal sets automatically as needed
|
|
|
|
|
|
* Fix range bug in hash:ip,port,net
|
2012-11-21 23:58:21 +01:00
|
|
|
|
- Add 0001-build-support-for-Linux-3.7-UAPI.patch
|
|
|
|
|
|
- Add 0001-build-Linux-3.7-netlink-fun.patch
|
2012-11-19 17:23:06 +01:00
|
|
|
|
|
2012-09-22 16:51:54 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sat Sep 22 14:20:06 UTC 2012 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.14
|
|
|
|
|
|
* Internal CIDR bookkeeping was broken and would lead to mismatches
|
|
|
|
|
|
when the number of different sized networks are greater than the
|
|
|
|
|
|
smallest CIDR value
|
|
|
|
|
|
* Support to match elements marked with "nomatch" in hash:*net* sets
|
|
|
|
|
|
* Add /0 network support to hash:net,iface type
|
|
|
|
|
|
|
2012-06-30 21:19:08 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sat Jun 30 18:33:33 UTC 2012 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.13
|
|
|
|
|
|
* more restrictive command-line parser
|
|
|
|
|
|
* documentation updates w.r.t. src/dst for hash:net,iface
|
|
|
|
|
|
* allow saving to/restoring from a file without shell redirection
|
|
|
|
|
|
* kernel: hash:net,iface: fix interface comparison
|
|
|
|
|
|
* timeout fixing bug broke SET target special timeout value, fixed
|
|
|
|
|
|
|
2012-05-10 13:16:38 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu May 10 11:07:52 UTC 2012 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.12
|
|
|
|
|
|
* Report syntax error messages immediately
|
|
|
|
|
|
* Add dynamic module support to ipset userspace tool
|
|
|
|
|
|
* Fix timeout value overflow bug at large timeout parameters
|
|
|
|
|
|
* gcc 4.7 support
|
|
|
|
|
|
|
2012-01-20 19:00:13 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri Jan 20 17:27:01 UTC 2012 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
|
|
- Update to new upstream release 6.11
|
|
|
|
|
|
* libipset is now complete; ipset is just a frontend
|
|
|
|
|
|
* Log warning when a hash type of set gets full
|
|
|
|
|
|
* Exceptions support added to hash:*net* types
|
|
|
|
|
|
* hash:net,iface timeout bug fixed
|
|
|
|
|
|
* Support hostnames and service names with dash
|
|
|
|
|
|
|
|
|
|
|
|
|
2012-01-01 04:39:22 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sun Jan 1 03:17:39 UTC 2012 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
|
|
- Populate ipset package on build.opensuse.org after disabling
|
|
|
|
|
|
ipset-genl compilation in xtables-addons
|
