Hello community, here is the log from the commit of package shorewall for openSUSE:Leap:15.2 checked in at 2020-05-18 10:59:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/shorewall (Old) and /work/SRC/openSUSE:Leap:15.2/.shorewall.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shorewall" Mon May 18 10:59:42 2020 rev:19 rq:806040 version:5.2.4.4 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/shorewall/shorewall.changes 2020-01-15 16:02:18.651890177 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.shorewall.new.2738/shorewall.changes 2020-05-18 10:59:44.342679268 +0200 @@ -1,0 +2,222 @@ +Thu Apr 30 08:19:02 UTC 2020 - Bruno Friedmann <[email protected]> + +- Update to bugfix version 5.2.4.4 + + When DYNAMIC_BLACKLIST=ipset... or when SAVE_IPSETS=Yes in + shorewall[6].conf, 'shorewall[6] start' could hang. Fixed. + + 'shorewall[6] start' would not automatically create dynamic + blacklisting ipsets. That has been corrected. +- This version will served also as maintenance upgrade for Leap + +------------------------------------------------------------------- +Wed Apr 22 14:50:24 UTC 2020 - Bruno Friedmann <[email protected]> + +- Update to version 5.2.4.2 + https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt + + Fixes for debian +- Update to version 5.2.4.1 + + Fixes for openSUSE shorewall-init + will now ignore 'start' and 'stop' commands, for running firewalls + + Spurious messages have been removed +- Packaging + + Move /usr/sbin/shorewall to shorewall-core so -lite version + doesn't need main shorewall package + + To make shorewall remote-* command working we patch lib.cli-std + to use /usr/sbin instead of /sbin + commented spec + + Desactivate for the moment the upgrade warning. we need to + find a 100% working solution. + + use %{var} form everywhere + +------------------------------------------------------------------- +Tue Apr 14 14:35:51 UTC 2020 - Bruno Friedmann <[email protected]> + +- Add perl-base as buildrequirement to force choice of SHA-DIGEST + new problem in TW +- To fix boo#1166114 never restart shorewall-init.service + macro service_del_postun is replaced by simplier systemd_postun +- Remove conflict between main and lite package. + A managing station need main to build configuration and can use + -lite to execute it. Users are in charge of choosing which + service has to be started and used. ❤ Freedom + +------------------------------------------------------------------- +Sat Apr 4 07:31:53 UTC 2020 - Bruno Friedmann <[email protected]> + +- Remove shorewall require from shorewall-init (was a forgoten + action) + +------------------------------------------------------------------- +Tue Mar 31 14:37:38 UTC 2020 - Bruno Friedmann <[email protected]> + +- Update to version 5.2.4 + https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt + + Previously, when a Shorewall6 firewall was placed into the + 'stopped' state, ICMP6 packets required by RFC 4890 were not + automatically accepted by the generated ruleset. + Beginning with this release, those packets are automatically + accepted. + + Previously, the output of 'shorewall[6] help' displayed the + superseded 'load' command. That text has been deleted. + + The QOSExample.html file in the documentation and on the web site + previously showed tcrules content for the /etc/shorewall/mangle + file (recall that 'mangle' superseded 'tcrules'). That page has + been corrected. + + The 'Starting and Stopping' and 'Configuration file basics' + documents have been updated to align them with the current product + behavior. + + The 'ipsets' document has been updated to clarify the use of + ipsets in the stoppedrules file. +- Packaging + + shorewall-init package has a removed %service_del_postun + macro to close bug boo#1166114 Restarting this service can + lock down admin out of the system. + + shorewall(6) and shorewall(6)-lite conflict has they shouldn't + be installed together on the same system. + + conf_update flag is set to 1 to activate update reminder + + Adjust and cleanup requires + +------------------------------------------------------------------- +Sun Mar 15 19:34:02 UTC 2020 - Bruno Friedmann <[email protected]> + +- Add version to requires in -lite version + +------------------------------------------------------------------- +Wed Mar 11 13:53:14 UTC 2020 - Bruno Friedmann <[email protected]> + +- Update to minor bugfix version 5.2.3.7 + + When DOCKER=Yes, if both the DOCKER-ISOLATE and + DOCKER-ISOLATE-STAGE-1 existed then the DOCKER-ISOLATE-STAGE-* + chains were not preserved through shorewall state changes. + That has been corrected so that both chains are preserved if + present. + + Previously, the compiler always detected the OLD_CONNTRACK_MATCH + capability as being available in IPv6. When OLD_CONNTRACK_MATCH + was available, the compiler also mishandled inversion ('!') in the + ORIGDEST columns, leading to an assertion failure. + Both the incorrect capability detection and the mishandled + inversion have been corrected. + + During 'enable' processing, if address variables associated with + the interface have values different than those when the firewall + was last started/restarted/reloaded, then a 'reload' is performed + rather than a simple 'enable'. The logic that checks for those + changes was incorrect in some configurations, leading to unneeded + reload operations. That has been corrected. + + When MANGLE_ENABLED=No in shorewall[6].conf, some features + requiring use of the mangle table can be allowed, even though the + mangle table is not updated. That has been corrected such that use + of such features will raise an error. + + When the IfEvent(...,reset) action was invoked, the compiler + previously emitted a spurious "Resetting..." message. That message + has been suppressed. +- Packaging + + Do not provide anymore unsused notrack file + + Introduce define conf_need_update to track when we activate the + post update warning for users when there's minor or major version + update of shorewall bnc#1166114 + +------------------------------------------------------------------- +Mon Feb 17 12:09:31 UTC 2020 - Bruno Friedmann <[email protected]> + +- Update to bugfix minor 5.2.3.6 + + Fix for possible start failure when both Docker containers + and Libvirt VMs were in use. + +------------------------------------------------------------------- +Mon Feb 3 16:30:24 UTC 2020 - Dominique Leuenberger <[email protected]> + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut through the -mini flavors. + +------------------------------------------------------------------- +Thu Jan 23 07:27:41 UTC 2020 - Bruno Friedmann <[email protected]> + +- Update to bugfix minor 5.2.3.5 + + A typo in the FTP documentation has been corrected. + + The recommended mss setting when using IPSec with ipcomp + has been corrected. + + A number of incorrect links in the manpages have been + corrected. + + The 'bypass' option is now allowed when specifying an + NFQUEUE policy. Previously, specifying that option resulted + in an error. + + Corrected IPv6 Address Range parsing. + + Previously, such ranges were required to be of the form + [<addr1>-<addr2>] rather than the more standard form + [<addr1>]-[<addr2>]. In the snat file (and in nat actions), + the latter form was actually flagged as an error while in + other contexts, it resulted in a less obvious error being + raised. + + The manpages have been updated to refer to + https://shorewall.org rather than http://www.shorewall.org. +- Refresh spec file + +------------------------------------------------------------------- +Wed Sep 4 16:35:45 UTC 2019 - Bruno Friedmann <[email protected]> + +- Update to bugfix minor 5.2.3.4 + + Update release documents. + + Correct handling of multi-queue NFQUEUE as a policy. + + Correct handling of multi-queue NFQUEUE as a macro parameter. + + Make 'AUTOMAKE=No' the update default. + + Correct the description of the 'bypass' NFQUEUE option in + shorewall-rules(5). + +------------------------------------------------------------------- +Mon Apr 15 08:41:56 UTC 2019 - Bruno Friedmann <[email protected]> + +- Update to bugfix minor 5.2.3.3 + Previously, if an ipset was specified in an SPORT column, the + compiler would raise an error similar to: + ERROR: Invalid ipset name () /etc/shorewall/rules (line 44) +- Update to bugfix minor 5.2.3.2 + Shorewall 5.2 automatically converts an existing 'masq' file to an + equivalent 'snat' file. Regrettably, Shorewall 5.2.3 broke that + automatic update, such that the following error message was issued: + Use of uninitialized value $Shorewall::Nat::raw::currentline in + pattern match (m//) at /usr/share/shorewall/Shorewall/Nat.pm + line 511, <$currentfile> line nnn. and the generated 'masq' + file contains only initial comments. That has been corrected. + +------------------------------------------------------------------- +Wed Feb 27 15:52:39 UTC 2019 - Bruno Friedmann <[email protected]> + +- Update to bugfix minor 5.2.3.1 release + + An issue in the implementation of policy file zone exclusion, + released in 5.2.3 has been resolved. In the original release, + if more than one zone was excluded then the following error was + raised: + ERROR: 'all' is not allowed in a source zone list + etc/shorewall/policy (line ...) + +------------------------------------------------------------------- +Sat Feb 23 09:46:07 UTC 2019 - Bruno Friedmann <[email protected]> + +- Update to new 5.2.3 bugfix release + http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/releasenotes.txt + This is the retirement of Tom Eastep see. + https://sourceforge.net/p/shorewall/mailman/message/36589782/ +- Removed module* in file section ++++ 25 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/shorewall/shorewall.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.shorewall.new.2738/shorewall.changes Old: ---- shorewall-4.4.22.rpmlintrc shorewall-5.1.12.4.tar.bz2 shorewall-core-5.1.12.4.tar.bz2 shorewall-docs-html-5.1.12.4.tar.bz2 shorewall-init-5.1.12.4.tar.bz2 shorewall-lite-5.1.12.4.tar.bz2 shorewall6-5.1.12.4.tar.bz2 shorewall6-lite-5.1.12.4.tar.bz2 New: ---- shorewall-5.2.4.4.tar.bz2 shorewall-5.2.rpmlintrc shorewall-core-5.2.4.4.tar.bz2 shorewall-docs-html-5.2.4.4.tar.bz2 shorewall-init-5.2.4.4.tar.bz2 shorewall-lite-5.2.4.4.tar.bz2 shorewall6-5.2.4.4.tar.bz2 shorewall6-lite-5.2.4.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shorewall.spec ++++++ --- /var/tmp/diff_new_pack.n7gkgI/_old 2020-05-18 10:59:44.814680245 +0200 +++ /var/tmp/diff_new_pack.n7gkgI/_new 2020-05-18 10:59:44.818680253 +0200 @@ -1,7 +1,7 @@ # # spec file for package shorewall # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,24 +12,26 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define have_systemd 1 -%define dmaj 5.1 -%define dmin 5.1.12 +%define dmaj 5.2 +%define dmin 5.2.4 +# Warn users for upgrading configuration but only on major or minor version changes +%define conf_need_update 0 #2017+ New fillup location %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: shorewall -Version: 5.1.12.4 +Version: 5.2.4.4 Release: 0 -Summary: Shoreline Firewall is an iptables-based firewall for Linux systems +Summary: An iptables-based firewall for Linux systems License: GPL-2.0-only Group: Productivity/Networking/Security -Url: http://www.shorewall.net/ +URL: http://www.shorewall.net/ Source: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-%version.tar.bz2 Source1: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-core-%version.tar.bz2 Source2: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-lite-%version.tar.bz2 @@ -37,7 +39,7 @@ Source4: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}6-lite-%version.tar.bz2 Source5: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}6-%version.tar.bz2 Source6: http://www.shorewall.net/pub/shorewall/%{dmaj}/shorewall-%{dmin}/%{name}-docs-html-%version.tar.bz2 -Source7: %{name}-4.4.22.rpmlintrc +Source7: %{name}-5.2.rpmlintrc Source8: README.openSUSE # PATCH-FIX-OPENSUSE Shorewall-init use of fillup template Patch1: shorewall-init-fillup-install.patch @@ -46,10 +48,12 @@ # PATCH-FIX-OPENSUSE Shorewall-lite (6) use of fillup template Patch3: shorewall-lite-fillup-install.patch BuildRequires: bash >= 4 -BuildRequires: systemd +BuildRequires: perl-base BuildRequires: perl(Digest::SHA) +BuildRequires: pkgconfig(systemd) Requires: %{_sbindir}/service Requires: %{name}-core = %{version}-%{release} +Requires: bc Requires: iproute2 Requires: iptables Requires: logrotate @@ -58,7 +62,7 @@ Suggests: xtables-addons Provides: shoreline_firewall = %{version}-%{release} BuildArch: noarch -%{?systemd_requires} +%{?systemd_ordering} %{perl_requires} %description @@ -71,7 +75,7 @@ License: GPL-2.0-only Group: Productivity/Networking/Security Requires: %{_sbindir}/service -Requires: %{name}-core +Requires: %{name}-core = %{version}-%{release} Requires: bc Requires: iproute2 Requires: iptables @@ -94,6 +98,9 @@ Group: Productivity/Networking/Security Requires: %{_sbindir}/service Requires: %{name}-core = %{version}-%{release} +Requires: bc +Requires: iproute2 +Requires: iptables Requires: logrotate Requires: perl-base PreReq: %fillup_prereq @@ -110,7 +117,10 @@ License: GPL-2.0-only Group: Productivity/Networking/Security Requires: %{_sbindir}/service -Requires: %{name}-core +Requires: %{name}-core = %{version}-%{release} +Requires: bc +Requires: iproute2 +Requires: iptables Requires: logrotate PreReq: %fillup_prereq Provides: shoreline_firewall = %{version}-%{release} @@ -125,12 +135,12 @@ administrators to centralize the configuration of Shorewall6-based firewalls. %package init -Summary: Adds functionality to Shoreline Firewall (Shorewall) +Summary: Adds functionality during boot to Shoreline Firewall (Shorewall) License: GPL-2.0-only Group: Productivity/Networking/Security Requires: %{_sbindir}/service -Requires: %{name} >= 5.0 Requires: logrotate +Requires: shoreline_firewall = %{version}-%{release} PreReq: %fillup_prereq %{?systemd_requires} @@ -165,37 +175,42 @@ %prep %setup -q -c -a1 -a2 -a3 -a4 -a5 -a6 # Patch for fillup -pushd %{name}-init-%version +pushd %{name}-init-%{version} %patch1 -p1 popd -pushd %{name}-%version +pushd %{name}-%{version} %patch2 -p1 popd -pushd %{name}6-%version +pushd %{name}6-%{version} %patch2 -p1 popd -pushd %{name}-lite-%version +pushd %{name}-lite-%{version} %patch3 -p1 popd -pushd %{name}6-lite-%version +pushd %{name}6-lite-%{version} %patch3 -p1 popd -chmod -x %{name}-docs-html-%version/images/*.png -chmod -x %{name}6-%version/tunnel -chmod -x %{name}6-%version/ipv6 -chmod -x %{name}-%version/Contrib/swping.init -chmod -x %{name}-%version/Contrib/tunnel - -cp %{SOURCE8} %{name}-%version/. +chmod -x %{name}-docs-html-%{version}/images/*.png +chmod -x %{name}6-%{version}/tunnel +chmod -x %{name}6-%{version}/ipv6 +chmod -x %{name}-%{version}/Contrib/swping.init +chmod -x %{name}-%{version}/Contrib/tunnel + +cp %{SOURCE8} %{name}-%{version}/. + +# We don't have /sbin /bin merged on /usr so symlinks can't work. +# so we dynamically patch last /sbin calls in lib.cli-std +# and make shorewall remote working without hacks +sed -i 's#/sbin/shorewall#/usr/sbin/shorewall#g' %{name}-%{version}/lib.cli-std %build %install -# find the systemd version inorder to install correct service files +# find the systemd version in order to install correct service files %define systemd_version \ -systemd --version |grep systemd|cut -d" " -f 2 +systemd --version | awk '/^systemd/ {print $2}' # NOTE For REVIEWERS # @@ -209,23 +224,20 @@ for i in $targets; do pushd ${i}-%{version} ./configure \ - vendor=%_vendor \ - host=%_vendor \ - prefix=%_prefix \ + vendor=%{_vendor} \ + host=%{_vendor} \ + prefix=%{_prefix} \ perllibdir=%{perl_vendorlib} \ libexecdir=%{_libexecdir} \ sbindir=%{_sbindir} \ %if 0%{?have_systemd} servicedir=%{_unitdir} \ + initdir= \ %endif -# ensure correct service files are installed - %if 0%{?systemd_version} >= 214 - servicefile=${i}.service.214 \ - %endif - sharedir=%{_datadir} - if [ $i != shorewall-init ];then + if [ $i != shorewall-init ]; + then DESTDIR=%{buildroot} FILLUPDIR=%{_fillupdir} ./install.sh shorewallrc else install -d %buildroot/%{_sysconfdir}/NetworkManager/dispatcher.d @@ -241,11 +253,9 @@ done fi fi - popd done -# FIXME linkto /usr/sbin/service should follow usr_move thing rctargets="shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init" mkdir -p %buildroot/%{_sbindir} for i in $rctargets; do @@ -257,28 +267,16 @@ # Since 5.12 we need to remove them again rm -f %{buildroot}/%{_sysconfdir}/sysconfig/%{name}* -touch %{buildroot}%{_sysconfdir}/%{name}/notrack -touch %{buildroot}%{_sysconfdir}/%{name}6/notrack %pretrans -# Check if we need to warn users for upgrading configuration but only on dmaj changes -if [[ -x /sbin/%{name} ]];then -SHVER=$(/sbin/%{name} version | cut -d "." -f1-2 | sed 's/\.//g') -CTVER=$(echo %{dmaj} | sed 's/\.//g') - if [[ ${SHVER} -lt ${CTVER} ]];then - echo "upgrade configuration" > /run/%{name}_upgrade - fi -fi +%if %conf_need_update +echo "upgrade configuration" > /run/%{name}_upgrade +%endif %pretrans -n %{name}6 -# Check if we need to warn users for upgrading configuration but only on dmaj changes -if [[ -x /sbin/%{name}6 ]];then -SHVER=$(/sbin/%{name}6 version | cut -d "." -f1-2 | sed 's/\.//g') -CTVER=$(echo %{dmaj} | sed 's/\.//g') - if [[ ${SHVER} -lt ${CTVER} ]];then - echo "upgrade configuration" > /run/%{name}6_upgrade - fi -fi +%if %conf_need_update +echo "upgrade configuration" > /run/%{name}6_upgrade +%endif %pre %service_add_pre shorewall.service @@ -301,6 +299,8 @@ %{name} update -a %{_sysconfdir}/%{name} Warning: Adjust changes and try the new configuration %{name} try %{_sysconfdir}/%{name} +Warning: If everything work run +systemctl try-reload-or-restart %{name} EOF rm -f /run/%{name}_upgrade fi @@ -326,6 +326,8 @@ %{name}6 update -a %{_sysconfdir}/%{name}6 Warning: Adjust changes and try the new configuration %{name}6 try %{_sysconfdir}/%{name}6 +Warning: If everything work run +systemctl try-reload-or-restart %{name}6 EOF rm -f /run/%{name}6_upgrade fi @@ -363,17 +365,19 @@ %{fillup_only} %service_add_post shorewall-init.service -%postun init -%service_del_postun shorewall-init.service - %preun init %service_del_preun shorewall-init.service +%postun init +# boo#1166114 Never try to restart shorewall-init +# You can lock down the system so never use +#%%service_del_postun shorewall-init.service macro +%systemd_postun + %files %defattr(-,root,root,-) %doc %{name}-%version/{COPYING,changelog.txt,releasenotes.txt,README.openSUSE} %{_sbindir}/rc%{name} -%{_sbindir}/%{name} %{_fillupdir}/sysconfig.%{name} %dir %{_sysconfdir}/%{name} %ghost %{_sysconfdir}/%{name}/isusable @@ -390,13 +394,10 @@ %{_datadir}/%{name}/action.* %{_datadir}/%{name}/lib.base %{_datadir}/%{name}/macro.* -%{_datadir}/%{name}/modules* %{_datadir}/%{name}/prog.* %{_datadir}/%{name}/helpers %{_datadir}/%{name}/configpath %{_datadir}/%{name}/configfiles/* -%{_datadir}/%{name}/deprecated/action.* -%{_datadir}/%{name}/deprecated/macro.* %attr(755,root,root) %{_libexecdir}/%{name}/getparams %attr(755,root,root) %{_libexecdir}/%{name}/compiler.pl %dir %{perl_vendorlib}/Shorewall @@ -410,11 +411,9 @@ %files lite %defattr(-,root,root,-) %doc %{name}-lite-%version/{COPYING,changelog.txt,releasenotes.txt} -# FIXME %{_fillupdir}/sysconfig.%{name}-lite %dir %{_sysconfdir}/%{name}-lite -%config(noreplace) %{_sysconfdir}/%{name}-lite/%{name}-lite.conf -# FIXME +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}-lite/%{name}-lite.conf %{_sbindir}/rc%{name}-lite %{_sbindir}/%{name}-lite %dir %{_datadir}/%{name}-lite @@ -425,7 +424,6 @@ %{_datadir}/%{name}-lite/configpath %attr(- ,root,root) %{_datadir}/%{name}-lite/functions %{_datadir}/%{name}-lite/lib.base -%{_datadir}/%{name}-lite/modules* %{_datadir}/%{name}-lite/helpers %attr(0544,root,root) %{_libexecdir}/%{name}-lite/shorecap %{_mandir}/man5/%{name}-lite*.5* @@ -453,13 +451,10 @@ %{_datadir}/%{name}6/functions %{_datadir}/%{name}6/lib.base %{_datadir}/%{name}6/macro.* -%{_datadir}/%{name}6/modules* %{_datadir}/%{name}6/helpers %{_datadir}/%{name}6/configpath %{_datadir}/%{name}6/configfiles/* %{_mandir}/man5/%{name}6-[a-k,m-z]*.5* -# bug upstream ? -#%%{_mandir}/man5/%%{name}6-logging.5* %{_mandir}/man5/%{name}6.conf.5* %{_mandir}/man8/%{name}6.8* %attr(644,root,root) %{_unitdir}/%{name}6.service @@ -471,7 +466,7 @@ %doc %{name}6-lite-%version/{COPYING,changelog.txt,releasenotes.txt} %{_fillupdir}/sysconfig.%{name}6-lite %dir %{_sysconfdir}/%{name}6-lite -%config(noreplace) %{_sysconfdir}/%{name}6-lite/%{name}6-lite.conf +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}6-lite/%{name}6-lite.conf %{_sbindir}/rc%{name}6-lite %{_sbindir}/%{name}6-lite %dir %{_datadir}/%{name}6-lite @@ -482,7 +477,6 @@ %{_datadir}/%{name}6-lite/configpath %attr(- ,root,root) %{_datadir}/%{name}6-lite/functions %{_datadir}/%{name}6-lite/lib.base -%{_datadir}/%{name}6-lite/modules* %{_datadir}/%{name}6-lite/helpers %attr(0544,root,root) %{_libexecdir}/%{name}6-lite/shorecap %attr(644,root,root) %{_unitdir}/%{name}6-lite.service @@ -509,6 +503,7 @@ %files core %defattr(-,root,root,-) %doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt} +%{_sbindir}/%{name} %dir %{_datadir}/shorewall/ %{_datadir}/shorewall/coreversion %{_datadir}/shorewall/functions ++++++ README.openSUSE ++++++ --- /var/tmp/diff_new_pack.n7gkgI/_old 2020-05-18 10:59:44.850680320 +0200 +++ /var/tmp/diff_new_pack.n7gkgI/_new 2020-05-18 10:59:44.850680320 +0200 @@ -2,16 +2,18 @@ ======== Some openSUSE packages include a service file for ease of the -SuSEfirewall2 configuration and opening the necessary ports. +SuSEfirewall2 or firewalld configuration, opening the necessary ports. You have to open the required ports yourself using the Shorewall configuration files. -SuSEfirewall2 is integrated with Yast so configuration can be done via -a GUI. This is not the case for Shorewall. +SuSEfirewall2, firewalld are integrated with Yast so configuration +can be done via a GUI. +This is not the case for Shorewall. Enabling Firewall in /etc/sysconfig/network/config or in individual -ifcfg-xxx files is not enough. /etc/sysconfig/shorewall-init should be +ifcfg-xxx files is not enough. +If using shorewall-init /etc/sysconfig/shorewall-init should be configured. As the shorewall web page states @@ -26,5 +28,5 @@ upgrade your configuration with the shorewall update -a command. -Now that you are warned remember to have fun +Now that you are warned, remember to have fun ! ++++++ shorewall-5.1.12.4.tar.bz2 -> shorewall-5.2.4.4.tar.bz2 ++++++ ++++ 24807 lines of diff (skipped) ++++++ shorewall-4.4.22.rpmlintrc -> shorewall-5.2.rpmlintrc ++++++ --- /work/SRC/openSUSE:Leap:15.2/shorewall/shorewall-4.4.22.rpmlintrc 2020-01-15 16:02:12.387886857 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.shorewall.new.2738/shorewall-5.2.rpmlintrc 2020-05-18 10:59:44.058678680 +0200 @@ -8,3 +8,4 @@ addFilter("non-executable-script /usr/share/shorewall6/configfiles/scfilter") addFilter("non-executable-script /etc/shorewall6/scfilter") addFilter("perl5-naming-policy-not-applied") +addFilter("systemd-service-without-service_del_postun shorewall-init.service") ++++++ shorewall-core-5.1.12.4.tar.bz2 -> shorewall-core-5.2.4.4.tar.bz2 ++++++ ++++ 8781 lines of diff (skipped) ++++++ shorewall-docs-html-5.1.12.4.tar.bz2 -> shorewall-docs-html-5.2.4.4.tar.bz2 ++++++ ++++ 8138 lines of diff (skipped) ++++++ shorewall-init-5.1.12.4.tar.bz2 -> shorewall-init-5.2.4.4.tar.bz2 ++++++ ++++ 4069 lines of diff (skipped) ++++++ shorewall-lite-5.1.12.4.tar.bz2 -> shorewall-lite-5.2.4.4.tar.bz2 ++++++ ++++ 4295 lines of diff (skipped) ++++++ shorewall-5.1.12.4.tar.bz2 -> shorewall6-5.2.4.4.tar.bz2 ++++++ ++++ 124853 lines of diff (skipped) ++++++ shorewall-lite-5.1.12.4.tar.bz2 -> shorewall6-lite-5.2.4.4.tar.bz2 ++++++ ++++ 6924 lines of diff (skipped)
