Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ipset for openSUSE:Factory checked in at 2021-08-16 10:08:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ipset (Old) and /work/SRC/openSUSE:Factory/.ipset.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset" Mon Aug 16 10:08:48 2021 rev:43 rq:911409 version:7.15 Changes: -------- --- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2021-08-02 12:05:29.137650728 +0200 +++ /work/SRC/openSUSE:Factory/.ipset.new.1899/ipset.changes 2021-08-16 10:13:26.830966979 +0200 @@ -1,0 +2,7 @@ +Wed Aug 4 09:37:44 UTC 2021 - Paolo Stivanin <i...@paolostivanin.com> + +- Update to release 7.15 + * netfilter: ipset: Fix maximal range check in + hash_ipportnet4_uadt() + +------------------------------------------------------------------- Old: ---- ipset-7.14.tar.bz2 New: ---- ipset-7.15.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipset.spec ++++++ --- /var/tmp/diff_new_pack.63j42Y/_old 2021-08-16 10:13:27.278966407 +0200 +++ /var/tmp/diff_new_pack.63j42Y/_new 2021-08-16 10:13:27.282966402 +0200 @@ -25,13 +25,12 @@ %define ipset_build_kmp 0 %endif Name: ipset -Version: 7.14 +Version: 7.15 Release: 0 Summary: Netfilter ipset administration utility License: GPL-2.0-only Group: Productivity/Networking/Security -URL: http://ipset.netfilter.org/ - +URL: https://ipset.netfilter.org/ #Git-Clone: git://git.netfilter.org/ipset #Git-Web: http://git.netfilter.org/ Source: http://ipset.netfilter.org/%name-%version.tar.bz2 @@ -46,8 +45,8 @@ %if 0%{?ipset_build_kmp} BuildRequires: %kernel_module_package_buildreqs BuildRequires: kernel-devel >= 2.6.39 -%kernel_module_package -p %name-preamble BuildRequires: kmod-compat +%kernel_module_package -p %name-preamble %endif %description @@ -117,13 +116,13 @@ --with-kbuild="%_prefix/src/linux-obj/%_target_cpu/$flavor" \ --with-ksource="%_prefix/src/linux" \ --includedir="%_includedir/%name" - make %{?_smp_mflags} all modules + %make_build all modules popd done %endif %configure --disable-static --with-kmod=no \ --includedir="%_includedir/%name" -make %{?_smp_mflags} V=1 +%make_build %install export PATH="$PATH:%_sbindir" @@ -137,7 +136,7 @@ done %endif %make_install -find "$b/%_libdir/" -type f -name "*.la" -delete -print +find "$b/%_libdir" -type f -name "*.la" -delete -print %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig ++++++ ipset-7.14.tar.bz2 -> ipset-7.15.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.14/configure new/ipset-7.15/configure --- old/ipset-7.14/configure 2021-07-28 16:24:30.000000000 +0200 +++ new/ipset-7.15/configure 2021-08-04 08:20:22.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ipset 7.14. +# Generated by GNU Autoconf 2.69 for ipset 7.15. # # Report bugs to <kad...@netfilter.org>. # @@ -594,8 +594,8 @@ # Identity of this package. PACKAGE_NAME='ipset' PACKAGE_TARNAME='ipset' -PACKAGE_VERSION='7.14' -PACKAGE_STRING='ipset 7.14' +PACKAGE_VERSION='7.15' +PACKAGE_STRING='ipset 7.15' PACKAGE_BUGREPORT='kad...@netfilter.org' PACKAGE_URL='' @@ -1452,7 +1452,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ipset 7.14 to adapt to many kinds of systems. +\`configure' configures ipset 7.15 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1523,7 +1523,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ipset 7.14:";; + short | recursive ) echo "Configuration of ipset 7.15:";; esac cat <<\_ACEOF @@ -1661,7 +1661,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ipset configure 7.14 +ipset configure 7.15 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2039,7 +2039,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ipset $as_me 7.14, which was +It was created by ipset $as_me 7.15, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2976,7 +2976,7 @@ # Define the identity of the package. PACKAGE='ipset' - VERSION='7.14' + VERSION='7.15' cat >>confdefs.h <<_ACEOF @@ -18261,7 +18261,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ipset $as_me 7.14, which was +This file was extended by ipset $as_me 7.15, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18327,7 +18327,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ipset config.status 7.14 +ipset config.status 7.15 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.14/configure.ac new/ipset-7.15/configure.ac --- old/ipset-7.14/configure.ac 2021-07-28 16:23:06.000000000 +0200 +++ new/ipset-7.15/configure.ac 2021-08-04 08:18:14.000000000 +0200 @@ -1,5 +1,5 @@ dnl Boilerplate -AC_INIT([ipset], [7.14], [kad...@netfilter.org]) +AC_INIT([ipset], [7.15], [kad...@netfilter.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.14/kernel/ChangeLog new/ipset-7.15/kernel/ChangeLog --- old/ipset-7.14/kernel/ChangeLog 2021-07-28 16:23:06.000000000 +0200 +++ new/ipset-7.15/kernel/ChangeLog 2021-08-04 08:18:14.000000000 +0200 @@ -1,3 +1,7 @@ +7.15 + - netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() + (Nathan Chancellor) + 7.14 - 64bit division isn't allowed on 32bit, replace it with shift diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.14/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c new/ipset-7.15/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c --- old/ipset-7.14/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c 2021-07-28 16:23:06.000000000 +0200 +++ new/ipset-7.15/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c 2021-08-04 08:18:14.000000000 +0200 @@ -247,9 +247,6 @@ ip_set_mask_from_to(ip, ip_to, cidr); } - if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE) - return -ERANGE; - port_to = port = ntohs(e.port); if (tb[IPSET_ATTR_PORT_TO]) { port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); @@ -257,6 +254,9 @@ swap(port, port_to); } + if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE) + return -ERANGE; + ip2_to = ip2_from; if (tb[IPSET_ATTR_IP2_TO]) { ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to);
