Hello community,
here is the log from the commit of package SuSEfirewall2 for
openSUSE:12.1:Update:Test checked in at 2011-12-01 15:44:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update:Test/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:12.1:Update:Test/.SuSEfirewall2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "SuSEfirewall2", Maintainer is "lnus...@suse.com"
Changes:
--------
New Changes file:
--- /dev/null 2010-08-26 16:28:41.000000000 +0200
+++
/work/SRC/openSUSE:12.1:Update:Test/.SuSEfirewall2.new/SuSEfirewall2.changes
2011-12-01 15:44:55.000000000 +0100
@@ -0,0 +1,1180 @@
+-------------------------------------------------------------------
+Mon Nov 7 10:56:04 UTC 2011 - lnus...@suse.de
+
+- use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438)
+
+-------------------------------------------------------------------
+Wed Nov 2 15:27:04 UTC 2011 - lnus...@suse.de
+
+- set SYSTEMD_NO_WRAP for status (bnc#727445)
+
+-------------------------------------------------------------------
+Fri Oct 14 09:46:33 UTC 2011 - lnus...@suse.de
+
+- fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583)
+
+-------------------------------------------------------------------
+Tue Oct 4 14:53:13 UTC 2011 - lnus...@suse.de
+
+- fix typo (bnc#721845)
+- atomic zone status writing
+
+-------------------------------------------------------------------
+Sat Sep 17 10:25:23 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant tags/sections from specfile
+
+-------------------------------------------------------------------
+Wed Sep 7 11:38:14 UTC 2011 - lnus...@suse.de
+
+- sanitize FW_ZONE_DEFAULT (bnc#716013)
+- add warning about iptables-batch to SuSEfirewall2-custom
+- fix warning about /proc/net/ip_tables_names not readable
+- don't install input rules for interfaces in default zone
+- Add hook fw_custom_after_finished
+- update FAQ (bnc#694464)
+- clean up overrides when stopping the firewall (bnc#630961)
+- change default FW_LOG_ACCEPT_CRIT to "no"
+- allow redir without port specification
+- make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997)
+- fix zonein and zoneout parameters
+- fix reverse direction of forwarding rules (bnc#679192)
+
+-------------------------------------------------------------------
+Tue Feb 1 13:16:53 UTC 2011 - lnus...@suse.de
+
+- introduce rpcusers file to allow statd to run as non-root
+ (bnc#668553)
+
+-------------------------------------------------------------------
+Wed Jan 19 14:04:48 UTC 2011 - lnus...@suse.de
+
+- add zonein and zoneout parameters for FW_FORWARD
+- fix typos
+
+-------------------------------------------------------------------
+Mon Jan 10 13:15:05 UTC 2011 - lnus...@suse.de
+
+- don't start in runlevel 4 by default (bnc#656520)
+- cut off long zone names (bnc#644527)
+- fix and enhance output of log command (bnc#663262)
+
+-------------------------------------------------------------------
+Thu Dec 2 13:33:59 UTC 2010 - lnus...@suse.de
+
+- don't unload rules when using systemd
+
+-------------------------------------------------------------------
+Tue Nov 16 15:01:04 UTC 2010 - lnus...@suse.de
+
+- list some known rpc services as Should-Start
+- don't filter outgoing packets at all
+- fix an example (bnc#641907)
+- fix status check in SuSEfirewall2_init (bnc#628751)
+
+-------------------------------------------------------------------
+Mon Aug 16 07:32:31 UTC 2010 - lnus...@suse.de
+
+- don't use fillup anymore as it keeps corrupting the config file
+ (bnc#340926)
+
+-------------------------------------------------------------------
+Tue Jun 29 12:20:30 UTC 2010 - lnus...@suse.de
+
+- remove "batch committing..." message
+- read defaults from separate file
+- warn if highports config options are set
+- finally drop 'highports' misfeature
+- remove kernel ipv6 module detection (bnc#617033)
+- silence warning about default zone (bnc#616841)
+- SuSEfirewall2-open: don't add values multiple times
+- Use multiprotocol xt_conntrack
+
+-------------------------------------------------------------------
+Mon May 31 08:11:54 UTC 2010 - lnus...@suse.de
+
+- only directories in /sys/class/net are real interfaces (bnc#609810)
+
+-------------------------------------------------------------------
+Fri Mar 19 13:34:10 UTC 2010 - lnus...@suse.de
+
+- add entry about drbd to FAQ
+- update docu
+- implement FW_BOOT_FULL_INIT
+
+-------------------------------------------------------------------
+Tue Feb 16 13:51:48 UTC 2010 - lnus...@suse.de
+
+- use new versioning scheme after switch of repo to git
+- update and rebuild docu
+- remove really old rc.config conversion code from spec file
+
+-------------------------------------------------------------------
+Tue Sep 15 13:33:06 UTC 2009 - lnus...@suse.de
+
+- fix spelling error in sysconfig file (bnc#537427)
+- polishing of log drop policy (bnc#538053)
+ * drop multicast packets silently
+ * separate drop rule for broadcast packets at end of chain
+ * only consider NEW udp packets as critical
+ * don't log INVALID packets as critical
+
+-------------------------------------------------------------------
+Fri Aug 21 11:09:40 UTC 2009 - lnus...@suse.de
+
+- implement runtime override of interface zones
+- allow disabling NOTRACK rules on lo (bnc#519526)
+
+-------------------------------------------------------------------
+Fri Jul 17 10:04:48 UTC 2009 - lnus...@suse.de
+
+- remove chkconfig calls (bnc#522268)
+
+-------------------------------------------------------------------
+Thu Jul 9 13:50:47 UTC 2009 - lnus...@suse.de
+
+- add note about use as bridging firewall
+- allow to set FW_ZONE_DEFAULT via config file
+- deprecate fw_custom_before_antispoofing and
+ fw_custom_after_antispoofing, use fw_custom_after_chain_creation
+ instead
+
+-------------------------------------------------------------------
+Tue Jun 9 14:19:27 UTC 2009 - lnus...@suse.de
+
+- add note that ulog doesn't work with IPv6 (bnc#442756)
+- fix version number in help text
+- allow service files to specify kernel modules and allow related packets
+- silence an error from bash if a service config file is not available
(bnc#487870)
+- better wording for BROADCAST in template
+- update firewall hook script (patch by Marius)
+
+-------------------------------------------------------------------
+Thu Nov 6 13:18:31 CET 2008 - lnus...@suse.de
+
+- check whether IPv6 support is available when stopping the firewall
+ (bnc#442118)
+- point to correct path for service files (bnc#425187)
+
+-------------------------------------------------------------------
+Wed Oct 15 15:50:36 CEST 2008 - lnus...@suse.de
+
+- check status of SuSEfirewall2 without triggering module load (bnc#435653)
+- add missing iptables-batch commitpoint for IPv4
+
+-------------------------------------------------------------------
+Tue Sep 30 10:48:19 CEST 2008 - lnus...@suse.de
+
+- don't modify the ip local port range
+- allow negated rules via ! in FW_FORWARD_MASQ (bnc#413046)
+- explain some common pitfalls around FW_SERVICES_ACCEPT_EXT
+- SuSEfirewall2_init: don't fail if /usr is not available (bnc#429899)
+
+-------------------------------------------------------------------
+Tue Sep 2 11:22:53 CEST 2008 - lnus...@suse.de
+
+- fix "recent" match (bnc#421806)
+
+-------------------------------------------------------------------
+Mon Aug 25 01:44:41 CEST 2008 - r...@suse.de
+
+- remove outdated start variables from fillup_and_insserv call
+
+-------------------------------------------------------------------
+Thu Jul 31 19:21:51 CEST 2008 - wer...@suse.de
+
+- Make boot script know about new upcoming startpar and insserv
+
+-------------------------------------------------------------------
+Tue Jul 22 10:48:18 CEST 2008 - lnus...@suse.de
+
+- add NOTRACK/raw table support (fate#978788)
+
+-------------------------------------------------------------------
+Mon Jul 14 09:32:40 CEST 2008 - lnus...@suse.de
+
+- use correct rules to accept RELATED icmpv6 packets (bnc#396667)
+
++++ 983 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:12.1:Update:Test/.SuSEfirewall2.new/SuSEfirewall2.changes
New:
----
SuSEfirewall2-3.6.282.tar.bz2
SuSEfirewall2.changes
SuSEfirewall2.rpmlintrc
SuSEfirewall2.spec
_link
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ SuSEfirewall2.spec ++++++
#
# spec file for package SuSEfirewall2
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# icecream 0
Name: SuSEfirewall2
Version: 3.6.282
Release: 1
License: GPLv2+
Group: Productivity/Networking/Security
Url: http://en.opensuse.org/SuSEfirewall2
PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils
grep filesystem
Requires: iptables coreutils perl sysconfig
Summary: Stateful Packet Filter Using iptables and netfilter
Source: SuSEfirewall2-%{version}.tar.bz2
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
SuSEfirewall2 implements a packet filter that protects hosts and
routers by limiting which services or networks are accessible on the
host or via the router.
SuSEfirewall2 uses the iptables/netfilter packet filtering
infrastructure to create a flexible rule set for a stateful firewall.
%prep
%setup
# please send patches to lnussel for inclusion in git first
# http://gitorious.org/opensuse/susefirewall2
%build
%install
make DESTDIR="%{buildroot}" install install_doc
install -d -m 755 %{buildroot}/var/adm/fillup-templates/
install -m 644 SuSEfirewall2.sysconfig
%{buildroot}/var/adm/fillup-templates/sysconfig.SuSEfirewall2
install -D -m 644 SuSEfirewall2.sysconfig
%{buildroot}/etc/sysconfig/SuSEfirewall2
install -d -m 755 %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity
install -m 644 doc/SuSEfirewall2-doc.desktop \
%{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop
#
%files
%defattr(-, root, root)
%doc %{_docdir}/%{name}
%doc %{_datadir}/susehelp
%config(noreplace) /etc/sysconfig/scripts/SuSEfirewall2-custom
%config(noreplace) /etc/sysconfig/SuSEfirewall2
%config /etc/init.d/SuSEfirewall2_init
%config /etc/init.d/SuSEfirewall2_setup
/etc/sysconfig/SuSEfirewall2.d/services/*
/etc/sysconfig/scripts/SuSEfirewall2-rpcinfo
/etc/sysconfig/scripts/SuSEfirewall2-showlog
/etc/sysconfig/scripts/SuSEfirewall2-open
/etc/sysconfig/scripts/SuSEfirewall2-batch
/etc/sysconfig/scripts/SuSEfirewall2-qdisc
/etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast
/etc/sysconfig/network/scripts/SuSEfirewall2
/etc/sysconfig/network/scripts/firewall
/etc/sysconfig/network/if-up.d/SuSEfirewall2
/sbin/rcSuSEfirewall2
/sbin/SuSEfirewall2
%dir /usr/share/SuSEfirewall2
%dir /usr/share/SuSEfirewall2/defaults
/usr/share/SuSEfirewall2/defaults/50-default.cfg
/usr/share/SuSEfirewall2/rpcusers
/var/adm/fillup-templates/sysconfig.SuSEfirewall2
%postun
%insserv_cleanup
%post
# SuSEfirewall2_init is no longer a boot.d script, need to remove
# and add it again
for i in etc/init.d/boot.d/S??SuSEfirewall2_init; do
if [ -e "$i" ]; then
/sbin/insserv -r -f SuSEfirewall2_init
/sbin/insserv -f SuSEfirewall2_init
break
fi
done
if [ -e etc/sysconfig/SuSEfirewall2 ] \
&& grep -q '^FW_MASQ_DEV="\$FW_DEV_EXT"$' etc/sysconfig/SuSEfirewall2;
then
sed 's/^FW_MASQ_DEV="\$FW_DEV_EXT"$/FW_MASQ_DEV="zone:ext"/' \
< etc/sysconfig/SuSEfirewall2 \
> etc/sysconfig/SuSEfirewall2.new \
&& mv etc/sysconfig/SuSEfirewall2.new
etc/sysconfig/SuSEfirewall2 \
&& echo "FW_MASQ_DEV converted"
fi
#
%insserv_cleanup
#
exit 0
%changelog
++++++ SuSEfirewall2.rpmlintrc ++++++
# fillup is known to break SuSEfirewall's sysconfig file on many
# systems as people tend to break up long lines into several ones.
# This bug remains unfixed since years (bnc#340926).
# So we have to avoid fillup and therefore break the SUSE policy
setBadness("suse-filelist-forbidden-sysconfig", 0)
++++++ _link ++++++
<link project="openSUSE:12.1" package="SuSEfirewall2"
baserev="1764d9131befb71b94e56acb1a95f001">
<patches>
<branch/>
</patches>
</link>
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
