Hello community, here is the log from the commit of package firewalld for openSUSE:Factory checked in at 2019-11-25 11:24:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firewalld (Old) and /work/SRC/openSUSE:Factory/.firewalld.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firewalld" Mon Nov 25 11:24:22 2019 rev:43 rq:750645 version:0.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes 2019-05-10 09:10:08.735094504 +0200 +++ /work/SRC/openSUSE:Factory/.firewalld.new.26869/firewalld.changes 2019-11-25 11:24:29.458103725 +0100 @@ -1,0 +2,86 @@ +Sun Nov 24 17:36:31 UTC 2019 - Neal Gompa <[email protected]> + +- Replace incorrect usage of %_libexecdir with %_prefix/lib + +------------------------------------------------------------------- +Thu Oct 10 12:40:49 UTC 2019 - Mathias Homann <[email protected]> + +- rebased the original patch from revision 19 +- apply patch only on openSUSE < TW, and SLES. + +------------------------------------------------------------------- +Fri Oct 4 09:44:37 UTC 2019 - Mathias Homann <[email protected]> + +- Added a patch to make iptables the default again on openSUSE + +------------------------------------------------------------------- +Fri Oct 4 09:10:54 UTC 2019 - Mathias Homann <[email protected]> + +- Update to version 0.7.2: +This is a bug fix only release. + + * fix: direct: removeRules() was mistakenly removing all rules + * fix: guarantee zone source dispatch is sorted by zone name + * fix: nftables: fix zone dispatch using ipset sources in nat chains + * doc: add --default-config and --system-config + * fix: --add-masquerade should only affect ipv4 + * fix: nftables: --forward-ports should only affect IPv4 + * fix: direct: removeRules() not removing all rules in chain + * dbus: service: fix service includes individual APIs + * fix: allow custom helpers using standard helper modules + * fix: service: usage of helpers with '-' in name + * fix: Revert "ebtables: drop support for broute table" + * fix: ebtables: don't use tables that aren't available + * fix: fw: initialize _rfc3964_ipv4 + + +------------------------------------------------------------------- +Mon Sep 09 09:59:00 UTC 2019 - [email protected] + +- Update to version 0.7.1: + * Rich Rule Priorities + * Service Definition Includes - Service definitions can now + include lines like: <include service="https"/> which will + include all the ports, etc from the https service. + * RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in + firewalld.conf is available. It does filtering based on RFC3964 + in regards to IPv4 addresses. This functionality was + traditionally in network-scripts. + * FlushAllOnReload - A new option FlushAllOnReload in + firewalld.conf is available. Older release retained some + settings (direct rules, interface to zone assignments) during a + --reload. With the introduction of this configuration option + that is no longer the case. Old behavior can be restored by + setting FlushAllOnReload=no. + * 15 new service definitions + * fix: firewall-offline-cmd: service: use dict based APIs + * fix: client: service: use dict based dbus APIs + * test: dbus: coverage for new service APIs + * fix: dbus: new dict based APIs for services + * test: dbus: service API coverage + * test: functions: add macro DBUS_INTROSPECT + * test: functions: add CHOMP macro for shell output + * fix: tests/functions: use gdbus instead of dbus-send + * fix: dbus: add missing APIs for service includes +- Remove patch for using iptables instead of nftables - we should + finally switch to nftables and fix its issues properly if they + occur again: + * 0001-firewall-backend-Switch-default-backend-to-iptables.patch +- Remove patch which was released upstream: + * 0002-Add-FlushAllOnReload-config-option.patch + +------------------------------------------------------------------- +Tue Jun 11 16:27:57 UTC 2019 - [email protected] + +- Update to version 0.6.4: + * chore: update translations + * treewide: fix over indentation (flake8 E117) + * test: travis: add another test matrix for omitting ip6tables + * chore: travis: split test matrix by keywords + * chore: tests: add AT_KEYWORDS for firewall-offline-cmd + * improvement: tests: Use AT_KEYWORDS for backends + * fix: tests: guard occurrences of IPv6 + * fix: tests/functions: ignore warnings about missing ip6tables + * test: add macro IF_IPV6_SUPPORTED + +------------------------------------------------------------------- Old: ---- 0002-Add-FlushAllOnReload-config-option.patch firewalld-0.6.3.tar.gz New: ---- _service _servicedata firewalld-0.7.2.obscpio firewalld.obsinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firewalld.spec ++++++ --- /var/tmp/diff_new_pack.X2am0K/_old 2019-11-25 11:24:31.018103446 +0100 +++ /var/tmp/diff_new_pack.X2am0K/_new 2019-11-25 11:24:31.018103446 +0100 @@ -21,17 +21,15 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: firewalld -Version: 0.6.3 +Version: 0.7.2 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.firewalld.org -Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -# PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761) +Source: %{name}-%{version}.tar.xz Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch -# PATCH-FIX-SUSE: 0002-Add-FlushAllOnReload-config-option.patch (bsc#1121277) -Patch1: 0002-Add-FlushAllOnReload-config-option.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils @@ -114,12 +112,18 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 # bsc#1078223 rm config/services/high-availability.xml +# +# Patch added: opensuse still uses iptables by default, +# so let's make this the default for anything << Tumbleweed +# +%if 0%{?sle_version} > 0 && 0%{?suse_version} < 1550 +%patch0 -p1 +%endif + %build export PYTHON="%{_bindir}/python3" ./autogen.sh @@ -213,20 +217,22 @@ %{_bindir}/firewall-offline-cmd %dir %{_datadir}/bash-completion/completions %{_datadir}/bash-completion/completions/firewall-cmd -%dir %{_libexecdir}/firewalld -%dir %{_libexecdir}/firewalld/icmptypes -%dir %{_libexecdir}/firewalld/ipsets -%dir %{_libexecdir}/firewalld/services -%dir %{_libexecdir}/firewalld/zones -%dir %{_libexecdir}/firewalld/helpers -%{_libexecdir}/firewalld/icmptypes/*.xml -%{_libexecdir}/firewalld/ipsets/README -%{_libexecdir}/firewalld/services/*.xml -%{_libexecdir}/firewalld/zones/*.xml -%{_libexecdir}/firewalld/helpers/*.xml +%dir %{_datadir}/zsh/site-functions +%{_datadir}/zsh/site-functions/_firewalld +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/icmptypes +%dir %{_prefix}/lib/firewalld/ipsets +%dir %{_prefix}/lib/firewalld/services +%dir %{_prefix}/lib/firewalld/zones +%dir %{_prefix}/lib/firewalld/helpers +%{_prefix}/lib/firewalld/icmptypes/*.xml +%{_prefix}/lib/firewalld/ipsets/README +%{_prefix}/lib/firewalld/services/*.xml +%{_prefix}/lib/firewalld/zones/*.xml +%{_prefix}/lib/firewalld/helpers/*.xml %{_datadir}/polkit-1 -%dir %{_sysconfdir}/dbus-1 -%dir %{_sysconfdir}/dbus-1/system.d +%dir %{_datadir}/dbus-1 +%dir %{_datadir}/dbus-1/system.d %dir %{_sysconfdir}/modprobe.d %config(noreplace) %{_sysconfdir}/modprobe.d/firewalld-sysctls.conf %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf @@ -239,7 +245,7 @@ %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers %{_unitdir}/firewalld.service %{_fillupdir}/sysconfig.%{name} -%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf +%{_datadir}/dbus-1/system.d/FirewallD.conf %{_mandir}/man1/firewall*cmd*.1%{?ext_man} %{_mandir}/man1/firewalld*.1%{?ext_man} %{_mandir}/man5/firewall*.5%{?ext_man} ++++++ 0001-firewall-backend-Switch-default-backend-to-iptables.patch ++++++ --- /var/tmp/diff_new_pack.X2am0K/_old 2019-11-25 11:24:31.034103443 +0100 +++ /var/tmp/diff_new_pack.X2am0K/_new 2019-11-25 11:24:31.034103443 +0100 @@ -1,25 +1,7 @@ -From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001 -From: Markos Chandras <[email protected]> -Date: Mon, 13 Aug 2018 22:31:04 +0300 -Subject: [PATCH] firewall: backend: Switch default backend to 'iptables' - -Switch default backend to 'iptables'. Some packages (eg docker) -are not able to work well with nftables right now, so lets stick -with iptables as default backend. - -Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761 -Signed-off-by: Markos Chandras <[email protected]> ---- - config/firewalld.conf | 6 +++--- - doc/xml/firewalld.conf.xml | 4 ++-- - src/firewall/config/__init__.py.in | 2 +- - 3 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/config/firewalld.conf b/config/firewalld.conf -index b53c0aa5..e6afde19 100644 ---- a/config/firewalld.conf -+++ b/config/firewalld.conf -@@ -59,6 +59,6 @@ AutomaticHelpers=system +diff -burNE firewalld-0.7.2_orig/config/firewalld.conf firewalld-0.7.2/config/firewalld.conf +--- firewalld-0.7.2_orig/config/firewalld.conf 2019-10-10 14:29:04.022394133 +0200 ++++ firewalld-0.7.2/config/firewalld.conf 2019-10-10 14:30:12.102256167 +0200 +@@ -53,9 +53,9 @@ # FirewallBackend # Selects the firewall backend implementation. # Choices are: @@ -27,12 +9,14 @@ -# - iptables (iptables, ip6tables, ebtables and ipset) -FirewallBackend=nftables +# - nftables -+# - iptables (default) ++# - iptables (iptables, ip6tables, ebtables and ipset) (default) +FirewallBackend=iptables -diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml -index df4b9521..fee0d3ca 100644 ---- a/doc/xml/firewalld.conf.xml -+++ b/doc/xml/firewalld.conf.xml + + # FlushAllOnReload + # Flush all runtime rules on a reload. In previous releases some runtime +diff -burNE firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml firewalld-0.7.2/doc/xml/firewalld.conf.xml +--- firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml 2019-10-10 14:29:04.026394125 +0200 ++++ firewalld-0.7.2/doc/xml/firewalld.conf.xml 2019-10-10 14:29:19.766362228 +0200 @@ -149,8 +149,8 @@ <listitem> <para> @@ -44,16 +28,14 @@ firewalld primitives. The only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends. -diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in -index 955be320..cff7c3fe 100644 ---- a/src/firewall/config/__init__.py.in -+++ b/src/firewall/config/__init__.py.in -@@ -129,4 +129,4 @@ FALLBACK_IPV6_RPFILTER = True +diff -burNE firewalld-0.7.2_orig/src/firewall/config/__init__.py.in firewalld-0.7.2/src/firewall/config/__init__.py.in +--- firewalld-0.7.2_orig/src/firewall/config/__init__.py.in 2019-10-10 14:29:04.030394117 +0200 ++++ firewalld-0.7.2/src/firewall/config/__init__.py.in 2019-10-10 14:31:06.522145883 +0200 +@@ -129,6 +129,6 @@ FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" FALLBACK_AUTOMATIC_HELPERS = "system" -FALLBACK_FIREWALL_BACKEND = "nftables" +FALLBACK_FIREWALL_BACKEND = "iptables" --- -2.16.4 - + FALLBACK_FLUSH_ALL_ON_RELOAD = True + FALLBACK_RFC3964_IPV4 = True ++++++ _service ++++++ <services> <service mode="disabled" name="obs_scm"> <param name="url">https://github.com/firewalld/firewalld</param> <param name="scm">git</param> <param name="filename">firewalld</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="revision">v0.7.2</param> <param name="changesgenerate">enable</param> </service> <service mode="buildtime" name="tar" /> <service mode="buildtime" name="recompress"> <param name="file">*.tar</param> <param name="compression">xz</param> </service> <service mode="disabled" name="set_version" /> </services> ++++++ _servicedata ++++++ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/firewalld/firewalld</param> <param name="changesrevision">06de1841cfe41cc8c3c3f7c073aabc1f9f5d0ad0</param></service></servicedata>++++++ firewalld.obsinfo ++++++ name: firewalld version: 0.7.2 mtime: 1569950644 commit: 06de1841cfe41cc8c3c3f7c073aabc1f9f5d0ad0
