Changelog for
libipset11-6.38-2.1.x86_64.rpm :
* Tue Apr 10 2018 jengelhAATTinai.de- Update to new upstream release 6.38
* Fix parsing service names for ports.
* Sat Mar 03 2018 jengelhAATTinai.de- Update to new upstream release 6.36
* Adding a IPv4 range x.x.x.x–255.255.255.255 could lead to memory exhaustion, which has been fixed.- Drop 0001-build-do-install-libipset-args.h.patch (merged)
* Mon Jan 22 2018 jengelhAATTinai.de- Add 0001-build-do-install-libipset-args.h.patch [boo#1077037].
* Sat Jan 06 2018 jengelhAATTinai.de- Update to new upstream release 6.35
* Userspace revision handling is reworked
* Backport patch: netfilter: ipset: use nfnl_mutex_is_locked
* Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
* netfilter: ipset: add resched points during set listing
* Fix \"don\'t update counters\" mode when counters used at the matching
* netfilter: ipset: Fix race between dump and swap
* Sat Sep 23 2017 jengelhAATTinai.de- Update to new upstream release 6.34
* Reset state after a command failed, when multiple ones are issued.
* Handle padding attribute properly in userspace.
* Test to check the fix to add an IPv4 range containing more than 2^31 addresses.- Remove ipset-6.33-export-func.diff (merged)
* Sun Sep 17 2017 jengelhAATTinai.de- Update to new upstream release 6.33
* Report if the option is supported by a newer kernel release- Add ipset-6.33-export-func.diff
* Fri Sep 15 2017 kstreitovaAATTsuse.com- fix build for Factory
* Fri Mar 17 2017 jengelhAATTinai.de- Update to new upstream release 6.31
* ipset: avoid kernel null pointer exception in ipset list:set
* fix bug: sometimes valid entries in hash:
* types of sets were evicted- Update to new upstream release 6.32
* fix possible truncated output in ipset output buffer handling
* Thu Oct 20 2016 jengelhAATTinai.de- Update to new upstream release 6.30
* hash:ipmac type support added to ipset
* Wed Mar 16 2016 jengelhAATTinai.de- Update to new upstream release 6.29
* Fix race condition in ipset save, swap and delete
* Sat Mar 12 2016 jengelhAATTinai.de- Update to new upstream release 6.28
* Test added to check 0.0.0.0/0,iface to be matched in hash:net,iface type
* Check IPSET_ATTR_ETHER netlink attribute length
* Fix set:list type crash when flush/dump set in parallel
* Allow a 0 netmask with hash_netiface type- Restore unreviewed deletion of KMP production, undo spec-cleaner refucktoring- Add ipset-destdir.diff
* Mon Jan 18 2016 kstreitovaAATTsuse.com- update to 6.27:
* kernel part changes
* fix reported memory size for hash:
* types
* fix hash type expire: release empty hash bucket block
* fix hash type expiration: incorrect index fixed
* collapse same condition body to a single one
* fix extension alignment
* compatibility: include linux/export.h when needed
* compatibility: make sure vmalloc.h is included for kvfree()
* compatibility: Fix detecting \'struct net\' in \'struct tcf_ematch\'
* compatibility: Protect definition of RCU_INIT_POINTER in compatibility header file
* netfilter: ipset: Fix sleeping memory allocation in atomic context (Nikolay Borisov)
* userspace changes
* handle uint64_t alignment issue in ipset tool- disable KMP build as we support the in-kernel version instead. Remove ipset-preamble file that is no longer needed [bsc#962345]- run spec-cleaner
* Sun Aug 30 2015 jengelhAATTinai.de- Update to new upstream release 6.26
* Out of bound access in hash:net
* types fixed
* Make struct htype per ipset family
* Optimize hash creation routine
* Thu Jun 25 2015 jengelhAATTinai.de- Update to new upstream release 6.25.1
* Add element count to all set types header
* Add element count to hash headers
* Support linking libipset to C++ programs
* When a single set is destroyed, make sure it cannot be grabbed by dump
* Check CIDR value only when attribute is given
* Permit CIDR equal to the host address CIDR in IPv6
* Mon Nov 24 2014 jengelhAATTinai.de- Update to new upstream release 6.24
* Alignment problem between 64bit kernel 32bit userspace fixed
* Potential read beyond the end of buffer resolved
* Fix parallel resizing and listing of the same set
* Introduce RCU in all set types instead of rwlock per set
* Remove rbtree from hash:net,iface in order to run under RCU
* Explicitly add padding elements to hash:net,net and hash:net,port,net
* Allocate the proper size of memory when /0 networks are supported
* Simplify cidr handling for hash:
*net
* types
* Indicate when /0 networks are supported
* Tue Sep 23 2014 jengelhAATTinai.de- Update to new upstream release 6.23
* Order create and add options in manpage so that generic ones come first
* Centralise generic create options (family, hashsize, maxelem) on top of man page in the generic options section.
* Add description of hash:mac set type to man page.
* Add missing space for skbinfo option synopsis.
* Support updating extensions when the set is full- Drop sovers.diff (no longer needed)
* Tue Sep 16 2014 jengelhAATTinai.de- Update to new upstream release 6.22
* includes the new set type hash:mac
* The new skbinfo extension makes possible to store fw mark, tc class and/or hardware queue parameters together with the set elements and then attach them to the matchig packets by the SET target.- Add sovers.diff to counter missing symbol errors
* Wed Mar 05 2014 jengelhAATTinai.de- Update to new upstream release 6.21.1
* add userspace support for forceadd
* fix ifname \"physdev:\" prefix parsing
* print mark & mark mask in hex rather then decimal
* add markmask for hash:ip,mark data type
* add hash:ip,mark data type to ipset
* Fix all set output from list/save when set with counters in use.
* ipset: Fix malformed output from list/save for ICMP types in port field
* ipset: fix timeout data type size (Nikolay Martynov)
* Mon Oct 28 2013 jengelhAATTinai.de- Update to new upstream release 6.20.1
* build fixes for kernel 3.8 and the userspace library- Remove 0001-build-fix-incorrect-library-versioning.patch (merged)
* Sun Oct 20 2013 jengelhAATTinai.de- Add 0001-build-fix-incorrect-library-versioning.patch
* Sun Oct 20 2013 jengelhAATTinai.de- Update to new upstream release 6.20
* netns support
* new set types: hash:net,net and hash:net,port,net
* new extension: \"comment\", for annotation of set elements- Drop sles11.diff (no longer needed, upstream has better fix)
* Fri May 10 2013 jengelhAATTinai.de- Update to new upstream release 6.19
* This release adds per-element byte and packet counters for every set type. (Matching these will be available in iptables-1.4.19.)
* Mon Apr 15 2013 jengelhAATTinai.de- Update to new upstream release 6.18
* bitmap:ip,mac: fix listing with timeout
* hash:
*net
*: nomatch flag not excluded on set resize
* list:set: update reference counter when last element pushed off
* Thu Feb 21 2013 jengelhAATTinai.de- Update to new upstream release 6.17
* Fix revision printing in XML mode
* Correct \"Suspicious condition (assignment + comparison)\"
* Fix error path when protocol number is used with port range
* Interactive mode error after syntax error
* New utilities: ipset_bash_completion, ipset_list
* Ensure ip_set_max is not set to IPSET_INVALID_ID
* Resolve corrupted timeout values on set resize
* Resolve \"Directory not empty\" error message
* Tue Nov 27 2012 jengelhAATTinai.de- Update to new upstream release 6.16.1
* Fix RCU handling when the number of maximal sets are increased
* netfilter: ipset: fix netiface set name overflow- Remove 0001-build-support-for-Linux-3.7-UAPI.patch, merged upstream- Remove 0001-build-Linux-3.7-netlink-fun.patch, merged upstream
* Mon Nov 19 2012 jengelhAATTinai.de- Update to new upstream release 6.15
* Userspace changes:
* Use gethostbyname2 instead of getaddrinfo
* Support protocol numbers as well, not only protocol names
* Kernel part changes:
* Increase the number of maximal sets automatically as needed
* Fix range bug in hash:ip,port,net- Add 0001-build-support-for-Linux-3.7-UAPI.patch- Add 0001-build-Linux-3.7-netlink-fun.patch
* Sat Sep 22 2012 jengelhAATTinai.de- Update to new upstream release 6.14
* Internal CIDR bookkeeping was broken and would lead to mismatches when the number of different sized networks are greater than the smallest CIDR value
* Support to match elements marked with \"nomatch\" in hash:
*net
* sets
* Add /0 network support to hash:net,iface type
* Sat Jun 30 2012 jengelhAATTinai.de- Update to new upstream release 6.13
* more restrictive command-line parser
* documentation updates w.r.t. src/dst for hash:net,iface
* allow saving to/restoring from a file without shell redirection
* kernel: hash:net,iface: fix interface comparison
* timeout fixing bug broke SET target special timeout value, fixed
* Thu May 10 2012 jengelhAATTinai.de- Update to new upstream release 6.12
* Report syntax error messages immediately
* Add dynamic module support to ipset userspace tool
* Fix timeout value overflow bug at large timeout parameters
* gcc 4.7 support
* Fri Jan 20 2012 jengelhAATTmedozas.de- Update to new upstream release 6.11
* libipset is now complete; ipset is just a frontend
* Log warning when a hash type of set gets full
* Exceptions support added to hash:
*net
* types
* hash:net,iface timeout bug fixed
* Support hostnames and service names with dash
* Sun Jan 01 2012 jengelhAATTmedozas.de- Populate ipset package on build.opensuse.org after disabling ipset-genl compilation in xtables-addons