Hello community, here is the log from the commit of package firewalld for openSUSE:Factory checked in at 2020-09-21 17:07:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firewalld (Old) and /work/SRC/openSUSE:Factory/.firewalld.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firewalld" Mon Sep 21 17:07:15 2020 rev:49 rq:833252 version:0.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/firewalld/firewalld.changes 2020-08-14 09:33:27.140402208 +0200 +++ /work/SRC/openSUSE:Factory/.firewalld.new.4249/firewalld.changes 2020-09-21 17:09:18.515239519 +0200 @@ -1,0 +2,64 @@ +Wed Sep 9 14:47:20 UTC 2020 - Michał Rostecki <[email protected]> + +- Add python3-nftables as a requirement. + +------------------------------------------------------------------- +Fri Sep 4 16:10:06 UTC 2020 - Callum Farmer <[email protected]> + +- update to 0.9.0: + * New major features + * prevention of Zone Drifting + * Intra Zone Forwarding + * Policy Objects + * For a full list of changes, see + https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0 + +------------------------------------------------------------------- +Sun Aug 16 17:09:43 UTC 2020 - Dirk Mueller <[email protected]> + +- update to 0.8.3: + * nftables: convert to libnftables JSON interface + * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”. + * allow custom helpers using standard helper modules (rhbz 1733066) + * testsuite is now shipped in the dist tarball + * Typo in firewall-config(1) + * Fix typo in TFTP service description + * doc: README: add note about language translations + * fix: rich: source/dest only matching with mark action + * feat: AllowZoneDrifting config option + * feat: nftables: support AllowZoneDrifting=yes + * feat: ipXtables: support AllowZoneDrifting=yes + * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting + * fix: add logrotate policy + * doc: direct: add CAVEATS section + * fix: checkIP6: strip leading/trailing square brackets + * fix: nftables: remove square brackets from IPv6 addresses + * fix: ipXtables: remove square brackets from IPv6 addresses + * fix: nftables: ipset types using “port” + * fix: nftables: zone dispatch with multidimensional ipsets + * fix: ipset: destroy runtime sets on reload/stop + * fix: port: support querying sub ranges + * fix: source_port: support querying sub ranges + * doc: specify accepted characters for object names + * fix: doc: address copy/paste mistakes in short/description + * fix: configure: atlocal: quote variable values + * fix: nftables: allow set intervals with concatenations + * doc: clarify –set-target values “default” vs “reject” + * fix: update dynamic DCE RPC ports in freeipa-trust service + * fix: nftables: ipset: port ranges for non-default protocols + * fix(systemd): Conflict with nftables.service + * fix(direct): rule in a zone chain + * fix(client): addService needs to reduce tuple size + * fix(doc): dbus: signatures for zone tuple based APIs + * fix(config): bool values in dict based import/export + * fix(dbus): service: don’t cleanup config for old set APIs + * fix(ipset): flush the set if IndividiualCalls=yes + * fix(firewall-offline-cmd): remove instances of “[P]” in help text + * fix(rich): source mac with nftables backend + * docs: replace occurrences of the term blacklist with denylist + * fix: core: rich: Catch ValueError on non-numeric priority values + * docs(README): add libxslt for doc generation + * fix(cli): add –zone is an invalid option with –direct + * fix(cli): add ipset type hash:mac is incompatible with the family parameter + +------------------------------------------------------------------- Old: ---- _service _servicedata firewalld-0.7.5.obscpio firewalld.obsinfo New: ---- firewalld-0.9.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firewalld.spec ++++++ --- /var/tmp/diff_new_pack.1wWjzN/_old 2020-09-21 17:09:24.943245298 +0200 +++ /var/tmp/diff_new_pack.1wWjzN/_new 2020-09-21 17:09:24.947245302 +0200 @@ -21,13 +21,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: firewalld -Version: 0.7.5 +Version: 0.9.0 Release: 0 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.firewalld.org -Source: %{name}-%{version}.tar.xz +Source: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz Patch0: 0001-firewall-backend-Switch-default-backend-to-iptables.patch BuildRequires: autoconf @@ -55,6 +55,7 @@ Requires: logrotate Requires: nftables Requires: python3-firewall = %{version} +Requires: python3-nftables Requires: sysconfig Requires(post): %fillup_prereq Suggests: susefirewall2-to-firewalld @@ -217,11 +218,13 @@ %dir %{_prefix}/lib/firewalld/services %dir %{_prefix}/lib/firewalld/zones %dir %{_prefix}/lib/firewalld/helpers +%dir %{_prefix}/lib/firewalld/policies %{_prefix}/lib/firewalld/icmptypes/*.xml %{_prefix}/lib/firewalld/ipsets/README %{_prefix}/lib/firewalld/services/*.xml %{_prefix}/lib/firewalld/zones/*.xml %{_prefix}/lib/firewalld/helpers/*.xml +%{_prefix}/lib/firewalld/policies/*.xml %{_datadir}/polkit-1 %dir %{_datadir}/dbus-1 %dir %{_datadir}/dbus-1/system.d @@ -236,6 +239,7 @@ %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/ipsets %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers +%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/policies %{_unitdir}/firewalld.service %{_fillupdir}/sysconfig.%{name} %{_datadir}/dbus-1/system.d/FirewallD.conf ++++++ 0001-firewall-backend-Switch-default-backend-to-iptables.patch ++++++ --- /var/tmp/diff_new_pack.1wWjzN/_old 2020-09-21 17:09:24.967245319 +0200 +++ /var/tmp/diff_new_pack.1wWjzN/_new 2020-09-21 17:09:24.971245323 +0200 @@ -1,7 +1,8 @@ -diff -burNE firewalld-0.7.4_orig/config/firewalld.conf firewalld-0.7.4/config/firewalld.conf ---- firewalld-0.7.4_orig/config/firewalld.conf 2020-04-03 09:45:04.363964087 +0200 -+++ firewalld-0.7.4/config/firewalld.conf 2020-04-03 09:45:21.495215479 +0200 -@@ -53,9 +53,9 @@ +Index: firewalld-0.8.3/config/firewalld.conf +=================================================================== +--- firewalld-0.8.3.orig/config/firewalld.conf ++++ firewalld-0.8.3/config/firewalld.conf +@@ -43,9 +43,9 @@ LogDenied=off # FirewallBackend # Selects the firewall backend implementation. # Choices are: @@ -14,9 +15,10 @@ # FlushAllOnReload # Flush all runtime rules on a reload. In previous releases some runtime -diff -burNE firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml firewalld-0.7.4/doc/xml/firewalld.conf.xml ---- firewalld-0.7.4_orig/doc/xml/firewalld.conf.xml 2020-04-03 09:45:05.071933150 +0200 -+++ firewalld-0.7.4/doc/xml/firewalld.conf.xml 2020-04-03 09:45:21.499215305 +0200 +Index: firewalld-0.8.3/doc/xml/firewalld.conf.xml +=================================================================== +--- firewalld-0.8.3.orig/doc/xml/firewalld.conf.xml ++++ firewalld-0.8.3/doc/xml/firewalld.conf.xml @@ -149,8 +149,8 @@ <listitem> <para> @@ -28,13 +30,14 @@ firewalld primitives. The only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends. -diff -burNE firewalld-0.7.4_orig/src/firewall/config/__init__.py.in firewalld-0.7.4/src/firewall/config/__init__.py.in ---- firewalld-0.7.4_orig/src/firewall/config/__init__.py.in 2020-04-03 09:45:05.367920215 +0200 -+++ firewalld-0.7.4/src/firewall/config/__init__.py.in 2020-04-03 09:45:21.503215130 +0200 -@@ -128,7 +128,7 @@ +Index: firewalld-0.8.3/src/firewall/config/__init__.py.in +=================================================================== +--- firewalld-0.8.3.orig/src/firewall/config/__init__.py.in ++++ firewalld-0.8.3/src/firewall/config/__init__.py.in +@@ -127,7 +127,7 @@ FALLBACK_IPV6_RPFILTER = True FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" - FALLBACK_AUTOMATIC_HELPERS = "system" + FALLBACK_AUTOMATIC_HELPERS = "no" -FALLBACK_FIREWALL_BACKEND = "nftables" +FALLBACK_FIREWALL_BACKEND = "iptables" FALLBACK_FLUSH_ALL_ON_RELOAD = True
