Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-04-07 14:18:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "SuSEfirewall2" Fri Apr 7 14:18:15 2017 rev:81 rq:483163 version:3.6.346 Changes: -------- --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-03-20 17:04:28.952910054 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-04-07 14:18:19.455468038 +0200 @@ -0,0 +1,43 @@ +Mon Mar 20 18:11:15 CET 2017 - [email protected] + +Update to new git release 3.6.346: + +- harmonized the logic of setting IPv4/IPv6 forwarding when FW_ROUTE is set to + "yes". Previously only IPv4 forwarding was exclusively set by SuSEfirewall2, + while IPv6 forwarding could only be set via "yast2 firewall". With this + update you should always configure IPv4/IPv6 forwarding with yast. + SuSEfirewall2 will still provide backwards compatibility to temporarily + enable IPv4/IPv6 forwarding if not already enabled system wide. Also + forwarding can now be configured separately for IPv4/IPv6 if only one of + both is required. See FW_ROUTE documentation. (bnc#572202) +- ignore the bootlock when incremental updates for hotplugged or virtual + devices are coming in during boot. This prevents lockups for example when + drbd is used with FB_BOOT_FULL_INIT. (bnc#785299) +- fixed a race condition in systemd unit files that could cause the + SuSEfirewall2_init unit to sporadically fail, because /tmp was not + there/writable yet. (bnc#1014987) +- support new kernels >= 4.7 that run with + net.netfilter.nf_conntrack_helper = 0 + by default. Currently only netbios/samba is fully covered. (bnc#986527) +- allow mdns multicast packets input in unconfigured firewall setups (no zones + configured) to make zeroconf setups (like avahi) work out of the box for + typical desktops connecting via DSL/WiFi router scenarios. (bnc#959707) +- refurbished the documentation in /usr/share/doc. (bnc#884037) +- updated GPL license texts with the current address from FSF +- support for IPv6 in FW_TRUSTED_NETS config variable. (bnc#841046) +- don't log dropped broadcast IPv6 broadcast/multicast packets by default to + avoid cluttering the kernel log. (bnc#847193) +- recognize a running libvirtd instance and cause it to recreate its custom + firewall rules on SuSEfirewall2 reload, to not break VM networking. + (bnc#884398) +- only apply FW_KERNEL_SECURITY proc settings, if not overriden by the + administrator in /etc/sysctl.conf (bnc#906136). This allows you to benefit + from some of the kernel security settings, while overwriting others. +- don't enable FW_LO_NOTRACK by default any more, because it breaks expected + behaviour in some scenarios (bnc#916771) +- increase security when sourcing external script files by checking file + ownership and permissions first (to avoid sourcing untrusted files owned by + non-root or world-writable) +- fixed "/usr/sbin/SUSEfirewall log" pretty logfile parsing functionality when + running under systemd with journald. + @@ -15 +58 @@ - +: Old: ---- SuSEfirewall2-3.6.322.tar.bz2 New: ---- SuSEfirewall2-3.6.346.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.yRzdEw/_old 2017-04-07 14:18:22.535033153 +0200 +++ /var/tmp/diff_new_pack.yRzdEw/_new 2017-04-07 14:18:22.535033153 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version: 3.6.322 +Version: 3.6.346 Release: 0 Url: http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++++++ SuSEfirewall2-3.6.322.tar.bz2 -> SuSEfirewall2-3.6.346.tar.bz2 ++++++ ++++ 3093 lines of diff (skipped)
