Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-06-28 10:33:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "SuSEfirewall2" Wed Jun 28 10:33:43 2017 rev:83 rq:505515 version:3.6.359 Changes: -------- --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-05-03 15:52:54.820449645 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-06-28 10:33:44.848928581 +0200 @@ -1,0 +2,6 @@ +Tue Jun 20 16:16:45 UTC 2017 - [email protected] + +- Also check /etc/sysctl.d for custom sysctl overrides (bnc#1044523) +- improved documentation of FW_SERVICES_DROP_... to mention "all" protocols + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.6.357.tar.bz2 New: ---- SuSEfirewall2-3.6.359.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.zxmN5o/_old 2017-06-28 10:33:45.472840312 +0200 +++ /var/tmp/diff_new_pack.zxmN5o/_new 2017-06-28 10:33:45.476839746 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version: 3.6.357 +Version: 3.6.359 Release: 0 Url: http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++++++ SuSEfirewall2-3.6.357.tar.bz2 -> SuSEfirewall2-3.6.359.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.357/SuSEfirewall2 new/SuSEfirewall2-3.6.359/SuSEfirewall2 --- old/SuSEfirewall2-3.6.357/SuSEfirewall2 2017-04-24 14:09:10.000000000 +0200 +++ new/SuSEfirewall2-3.6.359/SuSEfirewall2 2017-06-20 18:12:11.000000000 +0200 @@ -625,15 +625,32 @@ PROC_IPV4_FWD="/proc/sys/net/ipv4/ip_forward" PROC_IPV6_FWD="/proc/sys/net/ipv6/conf/all/forwarding" +# checks multiple sysctl.d config locations for configure values +function get_any_sysctl_cfg() +{ + local path="$1" + + for file in /etc/sysctl.conf /etc/sysctl.d/*; do + get_sysctl_cfg "$path" "$file" && return 0 + done + + return 1 +} + +# outputs the configured value of the sysctl setting passed as $1 in the +# configuration file $2. +# return code of 0 if a value was found and output, 1 if none was found function get_sysctl_cfg() { local path="$1" - local sysctl="/etc/sysctl.conf" + local sysctl="$2" local line # translate the proc path to a sysctl path syspath=`echo "$path" | /usr/bin/cut -d '/' -f 4- | /usr/bin/tr '/' '.'` + # iterate two times in case a more general setting should be checked, + # too # no while true to avoid infinite loops for try in 1 2; do @@ -673,7 +690,7 @@ [ -z "$path" -o ! -w "$path" ] && return - cfg_value=`get_sysctl_cfg $path` && have_cfg=true || have_cfg=false + cfg_value=`get_any_sysctl_cfg $path` && have_cfg=true || have_cfg=false if $have_cfg; then [ "$cfg_value" = "$value" ] && same_value=true || same_value=false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.357/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6.359/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6.357/SuSEfirewall2.sysconfig 2017-04-24 14:09:10.000000000 +0200 +++ new/SuSEfirewall2-3.6.359/SuSEfirewall2.sysconfig 2017-06-20 18:12:11.000000000 +0200 @@ -381,6 +381,8 @@ # Format: space separated list of net,protocol[,port][,sport] # Example: "0/0,tcp,445 0/0,udp,4662" # +# If you specify "all" as protocol then all protocols will be dropped. +# # The special value _rpc_ is recognized as protocol and means that dport is # interpreted as rpc service name. See FW_SERVICES_EXT_RPC for # details.
