Feature update for ipset

Announcement ID:	SUSE-FU-2022:4380-1
Rating:	important
References:	bsc#1116432 bsc#1122853 jsc#PED-2086
Affected Products:	Basesystem Module 15-SP4 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3

An update that contains one feature and has two fixes can now be installed.

Description:

This update for ipset fixes the following issues:

Version update from 6.36 to 7.15 (jsc#PED-2086):

• Update needed to match kernel protocol version
• Fix bug with 'ipset save -file <filename>' that wrongly produced empty files (bsc#1116432)
• A new internal protocol version between the kernel and userspace is used. This is required in order to support two new functions and the extendend LIST operation, which makes possible to run ipset in every case entirely over netlink without the need to use getsockopt()
• Allow specifying protocols by number
• Enable memory accounting for ipset allocations
• Fix argument parsing buffer overflow in ipset_parse_argv
• Fix parsing the service names for ports
• Fix memory accounting for hash types on resize
• Fix rename concurrency with listing, which can result broken list/save results
• Fix to list/save into file specified by option
• Implement sorting for hash types in the ipset tool
• Limit the maximum range of consecutive elements to add/delete
• Support the '-exist' flag with the destroy command
• For the full list of changes please consult the changelog at https://ipset.netfilter.org/changelog.html

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap Micro 5.3
  zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4380=1
• openSUSE Leap 15.4
  zypper in -t patch openSUSE-SLE-15.4-2022-4380=1
• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2022-4380=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2022-4380=1
• Basesystem Module 15-SP4
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4380=1

Package List:

• openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64)
  • ipset-7.15-150400.12.3.2
  • libipset13-debuginfo-7.15-150400.12.3.2
  • libipset13-7.15-150400.12.3.2
• openSUSE Leap Micro 5.3 (aarch64 x86_64)
  • ipset-debuginfo-7.15-150400.12.3.2
  • ipset-debugsource-7.15-150400.12.3.2
• openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
  • ipset-devel-7.15-150400.12.3.2
  • ipset-debuginfo-7.15-150400.12.3.2
  • libipset13-7.15-150400.12.3.2
  • ipset-7.15-150400.12.3.2
  • libipset13-debuginfo-7.15-150400.12.3.2
  • ipset-debugsource-7.15-150400.12.3.2
• SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
  • ipset-debuginfo-7.15-150400.12.3.2
  • libipset13-7.15-150400.12.3.2
  • ipset-7.15-150400.12.3.2
  • libipset13-debuginfo-7.15-150400.12.3.2
  • ipset-debugsource-7.15-150400.12.3.2
• SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
  • ipset-debuginfo-7.15-150400.12.3.2
  • libipset13-7.15-150400.12.3.2
  • ipset-7.15-150400.12.3.2
  • libipset13-debuginfo-7.15-150400.12.3.2
  • ipset-debugsource-7.15-150400.12.3.2
• Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
  • ipset-devel-7.15-150400.12.3.2
  • ipset-debuginfo-7.15-150400.12.3.2
  • libipset13-7.15-150400.12.3.2
  • ipset-7.15-150400.12.3.2
  • libipset13-debuginfo-7.15-150400.12.3.2
  • ipset-debugsource-7.15-150400.12.3.2

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1116432
• https://bugzilla.suse.com/show_bug.cgi?id=1122853
• https://jira.suse.com/browse/PED-2086