commit firewalld for openSUSE:Factory

Mon, 01 Feb 2021 04:25:50 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package firewalld for openSUSE:Factory 
checked in at 2021-02-01 13:25:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/firewalld (Old)
 and      /work/SRC/openSUSE:Factory/.firewalld.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "firewalld"

Mon Feb  1 13:25:19 2021 rev:55 rq:866985 version:0.9.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes      2021-01-18 
11:30:45.444498720 +0100
+++ /work/SRC/openSUSE:Factory/.firewalld.new.28504/firewalld.changes   
2021-02-01 13:25:24.957842445 +0100
@@ -1,0 +2,18 @@
+Tue Jan 26 16:33:10 UTC 2021 - Micha?? Rostecki <mroste...@suse.com>
+
+- Disable FlushAllOnReload option to not retain interface to zone
+  assignments and direct rules when using --reload option.
+  * 0002-Disable-FlushAllOnReload-option.patch
+
+-------------------------------------------------------------------
+Mon Jan 25 11:29:37 UTC 2021 - Micha?? Rostecki <mroste...@suse.com>
+
+- Update to 0.9.3 (jsc#SLE-17336):
+  * docs(dbus): fix invalid method names
+  * fix(forward): iptables: ipset used as zone source
+  * fix(rich): non-printable characters removed from rich rules
+  * docs(firewall-cmd): small description grammar fix
+  * fix(rich): limit table to strip non-printables to C0 and C1
+  * fix(zone): add source with mac address
+
+-------------------------------------------------------------------
@@ -10 +28 @@
-  nftables:
+  nftables (jsc#SLE-16300):
@@ -15 +33 @@
-  (rhbz#1817022)
+  (rhbz#1817022, jsc#SLE-16300)

Old:
----
  firewalld-0.9.1.tar.gz

New:
----
  0002-Disable-FlushAllOnReload-option.patch
  firewalld-0.9.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ firewalld.spec ++++++
--- /var/tmp/diff_new_pack.0tOtq5/_old  2021-02-01 13:25:25.737843669 +0100
+++ /var/tmp/diff_new_pack.0tOtq5/_new  2021-02-01 13:25:25.737843669 +0100
@@ -21,7 +21,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           firewalld
-Version:        0.9.1
+Version:        0.9.3
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic 
firewall
 License:        GPL-2.0-or-later
@@ -29,7 +29,7 @@
 Url:            http://www.firewalld.org
 Source0:        
https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
 Source1:        docker-zone.xml
-
+Patch0:         0002-Disable-FlushAllOnReload-option.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  desktop-file-utils

++++++ 0002-Disable-FlushAllOnReload-option.patch ++++++
>From b1145d3efc58220f58a4e67189c4ff4a8bd789ce Mon Sep 17 00:00:00 2001
From: Michal Rostecki <mroste...@opensuse.org>
Date: Mon, 25 Jan 2021 12:58:00 +0100
Subject: [PATCH] Disable FlushAllOnReload option

Disabling the FlushAllOnReload option restores the old behavior where
--reload does not retain interface to zone assignmnets and direct rules.
We want to keep that behavior in openSUSE and SLE

Signed-off-by: Michal Rostecki <mroste...@opensuse.org>
---
 config/firewalld.conf              | 4 ++--
 doc/xml/firewalld.conf.xml         | 2 +-
 src/firewall/config/__init__.py.in | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/firewalld.conf b/config/firewalld.conf
index 532f0452..e789f2a7 100644
--- a/config/firewalld.conf
+++ b/config/firewalld.conf
@@ -52,8 +52,8 @@ FirewallBackend=nftables
 # configuration was retained during a reload, namely; interface to zone
 # assignment, and direct rules. This was confusing to users. To get the old
 # behavior set this to "no".
-# Default: yes
-FlushAllOnReload=yes
+# Default: no
+FlushAllOnReload=no
 
 # RFC3964_IPv4
 # As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
index fcfbfd2b..8415ba3e 100644
--- a/doc/xml/firewalld.conf.xml
+++ b/doc/xml/firewalld.conf.xml
@@ -166,7 +166,7 @@
                 runtime configuration was retained during a reload, namely;
                 interface to zone assignment, and direct rules. This was
                 confusing to users. To get the old behavior set this to "no".
-                Defaults to "yes".
+                Defaults to "no".
                 </para>
             </listitem>
         </varlistentry>
diff --git a/src/firewall/config/__init__.py.in 
b/src/firewall/config/__init__.py.in
index e875e849..df6f449b 100644
--- a/src/firewall/config/__init__.py.in
+++ b/src/firewall/config/__init__.py.in
@@ -131,6 +131,6 @@ FALLBACK_INDIVIDUAL_CALLS = False
 FALLBACK_LOG_DENIED = "off"
 FALLBACK_AUTOMATIC_HELPERS = "no"
 FALLBACK_FIREWALL_BACKEND = "nftables"
-FALLBACK_FLUSH_ALL_ON_RELOAD = True
+FALLBACK_FLUSH_ALL_ON_RELOAD = False
 FALLBACK_RFC3964_IPV4 = True
 FALLBACK_ALLOW_ZONE_DRIFTING = False
-- 
2.30.0

++++++ firewalld-0.9.1.tar.gz -> firewalld-0.9.3.tar.gz ++++++
++++ 5092 lines of diff (skipped)

Reply via email to