Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ipset-6.36-3.3.1 RPM for x86_64

From OpenSuSE Leap 15.3 for x86_64

Name: ipset Distribution: SUSE Linux Enterprise 15
Version: 6.36 Vendor: SUSE LLC <https://www.suse.com/>
Release: 3.3.1 Build date: Wed Feb 6 14:23:17 2019
Group: Productivity/Networking/Security Build host: sheep57
Size: 37339 Source RPM: ipset-6.36-3.3.1.src.rpm
Packager: https://www.suse.com/
Url: http://ipset.netfilter.org/
Summary: Netfilter ipset administration utility
IP sets are a framework inside the Linux kernel, which can be
administered by the ipset utility. Depending on the type, currently
an IP set may store IP addresses, (TCP/UDP) port numbers or IP
addresses with MAC addresses in a way, which ensures lightning speed
when matching an entry against a set.

ipset can:
* store multiple IP addresses or port numbers and match against the
  collection by iptables at one swoop;
* dynamically update iptables rules against IP addresses or ports
  without performance penalty;
* express complex IP address and ports based rulesets with one single
  iptables rule and benefit from the speed of IP sets

Provides

Requires

License

GPL-2.0-only

Changelog

* Wed Jan 30 2019 kstreitova@suse.com
  - add ipset-6.36_service_names_for_ports.patch to fix parsing
    service names for ports. Parsing is attempted both for numbers
    and service names and the temporary stored error message
    triggered to reset the state parameters about the set
    [bsc#1122853]
* Sat Mar 03 2018 jengelh@inai.de
  - Update to new upstream release 6.36
    * Adding a IPv4 range x.x.x.x–255.255.255.255 could lead to
      memory exhaustion, which has been fixed.
  - Drop 0001-build-do-install-libipset-args.h.patch (merged)
* Mon Jan 22 2018 jengelh@inai.de
  - Add 0001-build-do-install-libipset-args.h.patch [boo#1077037].
* Sat Jan 06 2018 jengelh@inai.de
  - Update to new upstream release 6.35
    * Userspace revision handling is reworked
    * Backport patch: netfilter: ipset: use nfnl_mutex_is_locked
    * Missing nfnl_lock()/nfnl_unlock() is added to
      ip_set_net_exit()
    * netfilter: ipset: add resched points during set listing
    * Fix "don't update counters" mode when counters used at the
      matching
    * netfilter: ipset: Fix race between dump and swap
* Sat Sep 23 2017 jengelh@inai.de
  - Update to new upstream release 6.34
    * Reset state after a command failed, when multiple ones
      are issued.
    * Handle padding attribute properly in userspace.
    * Test to check the fix to add an IPv4 range containing more
      than 2^31 addresses.
  - Remove ipset-6.33-export-func.diff (merged)
* Sun Sep 17 2017 jengelh@inai.de
  - Update to new upstream release 6.33
    * Report if the option is supported by a newer kernel release
  - Add ipset-6.33-export-func.diff
* Fri Sep 15 2017 kstreitova@suse.com
  - fix build for Factory
* Fri Mar 17 2017 jengelh@inai.de
  - Update to new upstream release 6.31
    * ipset: avoid kernel null pointer exception in ipset list:set
    * fix bug: sometimes valid entries in hash:* types of sets were
      evicted
  - Update to new upstream release 6.32
    * fix possible truncated output in ipset output buffer handling
* Thu Oct 20 2016 jengelh@inai.de
  - Update to new upstream release 6.30
    * hash:ipmac type support added to ipset
* Wed Mar 16 2016 jengelh@inai.de
  - Update to new upstream release 6.29
    * Fix race condition in ipset save, swap and delete
* Sat Mar 12 2016 jengelh@inai.de
  - Update to new upstream release 6.28
    * Test added to check 0.0.0.0/0,iface to be matched in
    hash:net,iface type
    * Check IPSET_ATTR_ETHER netlink attribute length
    * Fix set:list type crash when flush/dump set in parallel
    * Allow a 0 netmask with hash_netiface type
  - Restore unreviewed deletion of KMP production,
    undo spec-cleaner refucktoring
  - Add ipset-destdir.diff
* Mon Jan 18 2016 kstreitova@suse.com
  - update to 6.27:
    * kernel part changes
    * fix reported memory size for hash:* types
    * fix hash type expire: release empty hash bucket block
    * fix hash type expiration: incorrect index fixed
    * collapse same condition body to a single one
    * fix extension alignment
    * compatibility: include linux/export.h when needed
    * compatibility: make sure vmalloc.h is included for kvfree()
    * compatibility: Fix detecting 'struct net' in 'struct tcf_ematch'
    * compatibility: Protect definition of RCU_INIT_POINTER in
      compatibility header file
    * netfilter: ipset: Fix sleeping memory allocation in atomic
      context (Nikolay Borisov)
    * userspace changes
    * handle uint64_t alignment issue in ipset tool
  - disable KMP build as we support the in-kernel version instead.
    Remove ipset-preamble file that is no longer needed [bsc#962345]
  - run spec-cleaner
* Sun Aug 30 2015 jengelh@inai.de
  - Update to new upstream release 6.26
    * Out of bound access in hash:net* types fixed
    * Make struct htype per ipset family
    * Optimize hash creation routine
* Thu Jun 25 2015 jengelh@inai.de
  - Update to new upstream release 6.25.1
    * Add element count to all set types header
    * Add element count to hash headers
    * Support linking libipset to C++ programs
    * When a single set is destroyed, make sure it cannot
    be grabbed by dump
    * Check CIDR value only when attribute is given
    * Permit CIDR equal to the host address CIDR in IPv6
* Mon Nov 24 2014 jengelh@inai.de
  - Update to new upstream release 6.24
    * Alignment problem between 64bit kernel 32bit userspace fixed
    * Potential read beyond the end of buffer resolved
    * Fix parallel resizing and listing of the same set
    * Introduce RCU in all set types instead of rwlock per set
    * Remove rbtree from hash:net,iface in order to run under RCU
    * Explicitly add padding elements to hash:net,net and
    hash:net,port,net
    * Allocate the proper size of memory when /0 networks are supported
    * Simplify cidr handling for hash:*net* types
    * Indicate when /0 networks are supported
* Tue Sep 23 2014 jengelh@inai.de
  - Update to new upstream release 6.23
    * Order create and add options in manpage so that generic ones
    come first
    * Centralise generic create options (family, hashsize, maxelem)
    on top of man page in the generic options section.
    * Add description of hash:mac set type to man page.
    * Add missing space for skbinfo option synopsis.
    * Support updating extensions when the set is full
  - Drop sovers.diff (no longer needed)
* Tue Sep 16 2014 jengelh@inai.de
  - Update to new upstream release 6.22
    * includes the new set type hash:mac
    * The new skbinfo extension makes possible to store fw mark, tc
    class and/or hardware queue parameters together with the set
    elements and then attach them to the matchig packets by the SET
    target.
  - Add sovers.diff to counter missing symbol errors
* Wed Mar 05 2014 jengelh@inai.de
  - Update to new upstream release 6.21.1
    * add userspace support for forceadd
    * fix ifname "physdev:" prefix parsing
    * print mark & mark mask in hex rather then decimal
    * add markmask for hash:ip,mark data type
    * add hash:ip,mark data type to ipset
    * Fix all set output from list/save when set with counters in use.
    * ipset: Fix malformed output from list/save for ICMP types in port
    field
    * ipset: fix timeout data type size (Nikolay Martynov)
* Mon Oct 28 2013 jengelh@inai.de
  - Update to new upstream release 6.20.1
    * build fixes for kernel 3.8 and the userspace library
  - Remove 0001-build-fix-incorrect-library-versioning.patch (merged)
* Sun Oct 20 2013 jengelh@inai.de
  - Add 0001-build-fix-incorrect-library-versioning.patch
* Sun Oct 20 2013 jengelh@inai.de
  - Update to new upstream release 6.20
    * netns support
    * new set types: hash:net,net and hash:net,port,net
    * new extension: "comment", for annotation of set elements
  - Drop sles11.diff (no longer needed, upstream has better fix)
* Fri May 10 2013 jengelh@inai.de
  - Update to new upstream release 6.19
    * This release adds per-element byte and packet counters for every
    set type. (Matching these will be available in iptables-1.4.19.)
* Mon Apr 15 2013 jengelh@inai.de
  - Update to new upstream release 6.18
    * bitmap:ip,mac: fix listing with timeout
    * hash:*net*: nomatch flag not excluded on set resize
    * list:set: update reference counter when last element pushed off
* Thu Feb 21 2013 jengelh@inai.de
  - Update to new upstream release 6.17
    * Fix revision printing in XML mode
    * Correct "Suspicious condition (assignment + comparison)"
    * Fix error path when protocol number is used with port range
    * Interactive mode error after syntax error
    * New utilities: ipset_bash_completion, ipset_list
    * Ensure ip_set_max is not set to IPSET_INVALID_ID
    * Resolve corrupted timeout values on set resize
    * Resolve "Directory not empty" error message
* Tue Nov 27 2012 jengelh@inai.de
  - Update to new upstream release 6.16.1
    * Fix RCU handling when the number of maximal sets are increased
    * netfilter: ipset: fix netiface set name overflow
  - Remove 0001-build-support-for-Linux-3.7-UAPI.patch, merged upstream
  - Remove 0001-build-Linux-3.7-netlink-fun.patch, merged upstream
* Mon Nov 19 2012 jengelh@inai.de
  - Update to new upstream release 6.15
    * Userspace changes:
    * Use gethostbyname2 instead of getaddrinfo
    * Support protocol numbers as well, not only protocol names
    * Kernel part changes:
    * Increase the number of maximal sets automatically as needed
    * Fix range bug in hash:ip,port,net
  - Add 0001-build-support-for-Linux-3.7-UAPI.patch
  - Add 0001-build-Linux-3.7-netlink-fun.patch
* Sat Sep 22 2012 jengelh@inai.de
  - Update to new upstream release 6.14
    * Internal CIDR bookkeeping was broken and would lead to mismatches
    when the number of different sized networks are greater than the
    smallest CIDR value
    * Support to match elements marked with "nomatch" in hash:*net* sets
    * Add /0 network support to hash:net,iface type
* Sat Jun 30 2012 jengelh@inai.de
  - Update to new upstream release 6.13
    * more restrictive command-line parser
    * documentation updates w.r.t. src/dst for hash:net,iface
    * allow saving to/restoring from a file without shell redirection
    * kernel: hash:net,iface: fix interface comparison
    * timeout fixing bug broke SET target special timeout value, fixed
* Thu May 10 2012 jengelh@inai.de
  - Update to new upstream release 6.12
    * Report syntax error messages immediately
    * Add dynamic module support to ipset userspace tool
    * Fix timeout value overflow bug at large timeout parameters
    * gcc 4.7 support
* Fri Jan 20 2012 jengelh@medozas.de
  - Update to new upstream release 6.11
    * libipset is now complete; ipset is just a frontend
    * Log warning when a hash type of set gets full
    * Exceptions support added to hash:*net* types
    * hash:net,iface timeout bug fixed
    * Support hostnames and service names with dash
* Sun Jan 01 2012 jengelh@medozas.de
  - Populate ipset package on build.opensuse.org after disabling
    ipset-genl compilation in xtables-addons

Files

/usr/sbin/ipset
/usr/share/man/man8/ipset.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Aug 9 16:10:54 2022