Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2014-08-20 10:51:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "SuSEfirewall2" Changes: -------- --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-07-31 21:50:03.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-08-20 10:51:50.000000000 +0200 @@ -1,0 +2,12 @@ +Mon Aug 18 08:17:30 UTC 2014 - [email protected] + +- perl-Net-DNS is only needed by some ancillary helper tool but not for the + core features. So set it to Recommended. + +------------------------------------------------------------------- +Fri Aug 15 16:02:46 UTC 2014 - [email protected] + +- hosting moved to github.com/opensuse/susefirewall2 +- added a sysvinit -> systemd conversion hack (bnc#891669) + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.6.310.tar.bz2 New: ---- SuSEfirewall2-3.6.312.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.Yp5dvk/_old 2014-08-20 10:51:51.000000000 +0200 +++ /var/tmp/diff_new_pack.Yp5dvk/_new 2014-08-20 10:51:51.000000000 +0200 @@ -18,14 +18,14 @@ Name: SuSEfirewall2 -Version: 3.6.310 +Version: 3.6.312 Release: 0 Url: http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem Requires: coreutils Requires: iptables Requires: perl -Requires: perl-Net-DNS +Recommends: perl-Net-DNS Requires: sysconfig Summary: Stateful Packet Filter Using iptables and netfilter License: GPL-2.0 @@ -96,6 +96,17 @@ %pre %service_add_pre SuSEfirewall2.service +# Upgrade case means more than 1 package in system, so probably 2 +# if we still have the LSB init script, save its state, remove _setup +# and store it in the database. +if [ $FIRST_ARG -gt 1 ]; then + if test -e /etc/init.d/SuSEfirewall2_setup ; then + if test ! -e /var/lib/systemd/migrated/SuSEfirewall2 ; then + /usr/sbin/systemd-sysv-convert --save SuSEfirewall2_setup + sed -i -e 's/SuSEfirewall2_setup/SuSEfirewall2/' /var/lib/systemd/sysv-convert/database + fi + fi +fi %post %service_add_post SuSEfirewall2.service ++++++ SuSEfirewall2-3.6.310.tar.bz2 -> SuSEfirewall2-3.6.312.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.html new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.html --- old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.html 2014-07-31 10:50:49.000000000 +0200 +++ new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.html 2014-08-15 18:02:23.000000000 +0200 @@ -1,6 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> -<html xmlns="http://www.w3.org/1999/xhtml";><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SuSEfirewall2</title><link rel="stylesheet" href="susebooks.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="SuSEfirewall2"><div class="titlepage"><div><div><h2 class="title"><a id="id301523"></a>SuSEfirewall2</h2></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#id301537">1. Introduction</a></span></dt><dt><span class="section"><a href="#id265879">2. Quickstart</a></span></dt><dd><dl><dt><span class="section"><a href="#id265884">2.1. YaST2 firewall module</a></span></dt><dt><span class="section"><a href="#id265896">2.2. Manual configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#id283926">3. Some words about security</a></span></dt><dt><span class="section"><a href="#id265245">4. Source Code</a></span></dt><dt><span class="section"><a href="#id265261">5. Reporting bugs</a></span></dt><dt><span class="section"><a href="#id265283">6. Links</a></span></dt><dt><span class="section"><a href="#id265307">7. Author</a></span></dt></dl></div><div class="section" title="1. Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id301537"></a>1. Introduction</h2></div></div></div><p> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";><html xmlns="http://www.w3.org/1999/xhtml";><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>SuSEfirewall2</title><link rel="stylesheet" type="text/css" href="susebooks.css" /><meta name="generator" content="DocBook XSL Stylesheets V1.78.0" /></head><body><div class="article"><div class="titlepage"><div><div><h2 class="title"><a id="idm140488827897456"></a>SuSEfirewall2</h2></div></div><hr /></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="section"><a href="#idm140488827895712">1. Introduction</a></span></dt><dt><span class="section"><a href="#idm140488827931776">2. Quickstart</a></span></dt><dd><dl><dt><span class="section"><a href="#idm140488827931104">2.1. YaST2 firewall module</a></span></dt><dt><span class="section"><a href="#idm140488825655632">2.2. Manual configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#idm140488825648944">3. Some words about security</a></span></dt><dt><span class="section"><a href="#idm140488823542032">4. Source Code</a></span></dt><dt><span class="section"><a href="#idm140488823540128">5. Reporting bugs</a></span></dt><dt><span class="section"><a href="#idm140488823537488">6. Links</a></span></dt><dt><span class="section"><a href="#idm140488823534528">7. Author</a></span></dt></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="idm140488827895712"></a>1. Introduction</h2></div></div></div><p> <code class="literal">SuSEfirewall2</code> is a shell script wrapper for the Linux firewall setup tool (<code class="literal">iptables</code>). It's controlled by a @@ -10,17 +9,17 @@ Main features of SuSEfirewall2: - </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>sets up secure filter rules by default</p></li><li class="listitem"><p>easy to configure</p></li><li class="listitem"><p>requires only a small configuration effort</p></li><li class="listitem"><p>zone based setup. Interfaces are grouped into zones</p></li><li class="listitem"><p>supports an arbitrary number of zones</p></li><li class="listitem"><p>supports forwarding, masquerading, port redirection</p></li><li class="listitem"><p>supports RPC services with dynamically assigned ports</p></li><li class="listitem"><p>allows special treatment of IPsec packets</p></li><li class="listitem"><p>IPv6 support</p></li><li class="listitem"><p>allows insertion of custom rules through hooks</p></li><li class="listitem"><p>graphical <a class="ulink" href="http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/"; target="_top">zone + </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>sets up secure filter rules by default</p></li><li class="listitem"><p>easy to configure</p></li><li class="listitem"><p>requires only a small configuration effort</p></li><li class="listitem"><p>zone based setup. Interfaces are grouped into zones</p></li><li class="listitem"><p>supports an arbitrary number of zones</p></li><li class="listitem"><p>supports forwarding, masquerading, port redirection</p></li><li class="listitem"><p>supports RPC services with dynamically assigned ports</p></li><li class="listitem"><p>allows special treatment of IPsec packets</p></li><li class="listitem"><p>IPv6 support</p></li><li class="listitem"><p>allows insertion of custom rules through hooks</p></li><li class="listitem"><p>graphical <a class="ulink" href="http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/"; target="_top">zone switcher applet</a> for desktop use</p></li></ul></div><p> - </p></div><div class="section" title="2. Quickstart"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265879"></a>2. Quickstart</h2></div></div></div><div class="section" title="2.1. YaST2 firewall module"><div class="titlepage"><div><div><h3 class="title"><a id="id265884"></a>2.1. YaST2 firewall module</h3></div></div></div><p> + </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="idm140488827931776"></a>2. Quickstart</h2></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="idm140488827931104"></a>2.1. YaST2 firewall module</h3></div></div></div><p> The YaST2 firewall module is the recommended tool for configuring SuSEfirewall2. It offers the most common features with a nice user interface and help texts. It also takes care of proper activation of the init scripts. - </p></div><div class="section" title="2.2. Manual configuration"><div class="titlepage"><div><div><h3 class="title"><a id="id265896"></a>2.2. Manual configuration</h3></div></div></div><p> + </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="idm140488825655632"></a>2.2. Manual configuration</h3></div></div></div><p> Enable the SuSEfirewall2 boot scripts: @@ -38,7 +37,7 @@ <code class="filename">EXAMPLES</code> file in <code class="filename">/usr/share/doc/packages/SuSEfirewall2</code> - </p></div></div><div class="section" title="3. Some words about security"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id283926"></a>3. Some words about security</h2></div></div></div><p> + </p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="idm140488825648944"></a>3. Some words about security</h2></div></div></div><p> SuSEfirewall2 is a frontend for iptables which sets up kernel packet filters, nothing more and nothing less. This means that you are not @@ -46,7 +45,7 @@ To minimize security risks on a networked system obey the following rules: - </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> + </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> Run only those services you actually need. Think twice before opening them to the internet. </p></li><li class="listitem"><p> @@ -77,22 +76,22 @@ Check your log files regularly for unusual entries. </p></li></ul></div><p> - </p></div><div class="section" title="4. Source Code"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265245"></a>4. Source Code</h2></div></div></div><p> + </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="idm140488823542032"></a>4. Source Code</h2></div></div></div><p> Source code is available at - <a class="ulink" href="http://gitorious.org/opensuse/susefirewall2"; target="_top">Gitorious</a> + <a class="ulink" href="http://github.com/opensuse/susefirewall2"; target="_top">Github</a> - </p></div><div class="section" title="5. Reporting bugs"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265261"></a>5. Reporting bugs</h2></div></div></div><p> + </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="idm140488823540128"></a>5. Reporting bugs</h2></div></div></div><p> Report any problems via <a class="ulink" href="https://bugzilla.novell.com/"; target="_top">Bugzilla</a>. For discussion about SuSEfirewall2 join the <a class="ulink" href="http://en.opensuse.org/Communicate/Mailinglists"; target="_top">opensuse-security</a> mailinglist. - </p></div><div class="section" title="6. Links"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265283"></a>6. Links</h2></div></div></div><p> + </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="idm140488823537488"></a>6. Links</h2></div></div></div><p> <a class="ulink" href="EXAMPLES.html" target="_top">Examples</a> </p><p> <a class="ulink" href="FAQ.html" target="_top">Frequently Asked Questions</a> - </p></div><div class="section" title="7. Author"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id265307"></a>7. Author</h2></div></div></div><p> + </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="idm140488823534528"></a>7. Author</h2></div></div></div><p> SuSEfirewall2 was originally created by <span class="author"><span class="firstname">Marc</span> <span class="surname">Heuse</span></span>. @@ -101,4 +100,4 @@ <span class="author"><span class="firstname">Ludwig</span> <span class="surname">Nussel</span></span> </a> - </p></div></div></body></html> + </p></div></div></body></html> \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.txt new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.txt --- old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.txt 2014-07-31 10:50:49.000000000 +0200 +++ new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.txt 2014-08-15 18:02:23.000000000 +0200 @@ -23,27 +23,27 @@ Main features of SuSEfirewall2: - ● sets up secure filter rules by default + • sets up secure filter rules by default - ● easy to configure + • easy to configure - ● requires only a small configuration effort + • requires only a small configuration effort - ● zone based setup. Interfaces are grouped into zones + • zone based setup. Interfaces are grouped into zones - ● supports an arbitrary number of zones + • supports an arbitrary number of zones - ● supports forwarding, masquerading, port redirection + • supports forwarding, masquerading, port redirection - ● supports RPC services with dynamically assigned ports + • supports RPC services with dynamically assigned ports - ● allows special treatment of IPsec packets + • allows special treatment of IPsec packets - ● IPv6 support + • IPv6 support - ● allows insertion of custom rules through hooks + • allows insertion of custom rules through hooks - ● graphical zone switcher applet for desktop use + • graphical zone switcher applet for desktop use 2. Quickstart @@ -74,36 +74,36 @@ protected from all security hazards by using SuSEfirewall2. To minimize security risks on a networked system obey the following rules: - ● Run only those services you actually need. Think twice before opening them + • Run only those services you actually need. Think twice before opening them to the internet. - ● Use only software which has been designed with security in mind (like + • Use only software which has been designed with security in mind (like postfix, vsftpd, OpenSSH). - ● Do not expose services that are designed for use in a LAN to the internet + • Do not expose services that are designed for use in a LAN to the internet (like e.g. samba, NFS, cups). - ● Do not run untrusted software. (philosophical question, can you trust SUSE + • Do not run untrusted software. (philosophical question, can you trust SUSE or any other software distributor?) - ● Run YaST Online Update on a regular basis or enable it's automatic mode to + • Run YaST Online Update on a regular basis or enable it's automatic mode to get the latest security fixes. - ● Subscribe to the opensuse-security-announce mailinglist to keep yourself + • Subscribe to the opensuse-security-announce mailinglist to keep yourself informed about new and upcoming security issues. - ● If you are using a server as a firewall/bastion host to the internet for an + • If you are using a server as a firewall/bastion host to the internet for an internal network, try to run proxy services for everything and disable routing on that machine. - ● If you run DNS on the firewall: disable untrusted zone transfers and either + • If you run DNS on the firewall: disable untrusted zone transfers and either don't allow access to it from the internet or run it split-brained. - ● Check your log files regularly for unusual entries. + • Check your log files regularly for unusual entries. 4. Source Code -Source code is available at Gitorious +Source code is available at Github 5. Reporting bugs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.xml new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.xml --- old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.xml 2014-07-31 10:50:49.000000000 +0200 +++ new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.xml 2014-08-15 18:02:23.000000000 +0200 @@ -187,7 +187,7 @@ <para> Source code is available at - <ulink url="http://gitorious.org/opensuse/susefirewall2";>Gitorious</ulink> + <ulink url="http://github.com/opensuse/susefirewall2";>Github</ulink> </para> </section> -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
