commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2019-03-27 16:13:38
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new.25356 (New)
Package is "SuSEfirewall2"
Wed Mar 27 16:13:38 2019 rev:92 rq:688192 version:3.6.378
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2019-02-28 21:26:02.553880145 +0100
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new.25356/SuSEfirewall2.changes
2019-03-27 16:13:41.411632555 +0100
@@ -1,0 +2,6 @@
+Sun Mar 17 10:33:37 UTC 2019 - Jan Engelhardt
+
+- Reduce too broad systemd requires.
+- Fix rpmlint complaint about unlisted SuSEfirewall2_init.service.
+
+---
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.01NZHm/_old 2019-03-27 16:13:42.031632397 +0100
+++ /var/tmp/diff_new_pack.01NZHm/_new 2019-03-27 16:13:42.031632397 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# icecream 0
@@ -40,9 +40,8 @@
Source1:SuSEfirewall2-rpmlintrc
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-# for the service_* macros
-%{?systemd_requires}
-BuildRequires: pkgconfig(systemd)
+%{?systemd_ordering}
+BuildRequires: systemd-rpm-macros
%description
SuSEfirewall2 implements a packet filter that protects hosts and
@@ -60,7 +59,7 @@
%build
%install
-make DESTDIR="%{buildroot}" install install_doc
+%make_install install_doc
install -d -m 755 %{buildroot}%{_fillupdir}/
install -m 644 SuSEfirewall2.sysconfig
%{buildroot}%{_fillupdir}/sysconfig.SuSEfirewall2
install -D -m 644 SuSEfirewall2.sysconfig
%{buildroot}/etc/sysconfig/SuSEfirewall2
@@ -108,7 +107,7 @@
%ghost
%{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-deprecation-warning
%pre
-%service_add_pre SuSEfirewall2.service
+%service_add_pre SuSEfirewall2.service SuSEfirewall2_init.service
# Upgrade case means more than 1 package in system, so probably 2
# if we still have the LSB init script, save its state, remove _setup
# and store it in the database.
@@ -122,7 +121,7 @@
fi
%post
-%service_add_post SuSEfirewall2.service
+%service_add_post SuSEfirewall2.service SuSEfirewall2_init.service
cat
>%{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-deprecation-warning
<
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2019-02-28 21:26:00
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new.28833 (New)
Package is "SuSEfirewall2"
Thu Feb 28 21:26:00 2019 rev:91 rq:680146 version:3.6.378
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2018-03-26 11:56:39.508680283 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new.28833/SuSEfirewall2.changes
2019-02-28 21:26:02.553880145 +0100
@@ -1,0 +2,18 @@
+Thu Feb 28 14:33:03 UTC 2019 - matthias.gerst...@suse.com
+
+- Add deprecation warning messages for zypper to make the last users more
+ aware of the upcoming removal of SuSEfirewall2.
+
+---
+Thu Feb 21 18:14:20 UTC 2019 - Franck Bui
+
+- Drop use of $FIRST_ARG in .spec
+
+ The use of $FIRST_ARG was probably required because of the
+ %service_* rpm macros were playing tricks with the shell positional
+ parameters. This is bad practice and error prones so let's assume
+ that no macros should do that anymore and hence it's safe to assume
+ that positional parameters remains unchanged after any rpm macro
+ call.
+
+---
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.61FFqe/_old 2019-02-28 21:26:03.105879960 +0100
+++ /var/tmp/diff_new_pack.61FFqe/_new 2019-02-28 21:26:03.105879960 +0100
@@ -1,7 +1,7 @@
#
# spec file for package SuSEfirewall2
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -34,7 +34,7 @@
Recommends: perl-Net-DNS
Requires: sysconfig
Summary:Stateful Packet Filter Using iptables and netfilter
-License:GPL-2.0
+License:GPL-2.0-only
Group: Productivity/Networking/Security
Source: SuSEfirewall2-%{version}.tar.bz2
Source1:SuSEfirewall2-rpmlintrc
@@ -105,13 +105,14 @@
/usr/share/SuSEfirewall2/defaults/50-default.cfg
/usr/share/SuSEfirewall2/rpcusers
%{_fillupdir}/sysconfig.SuSEfirewall2
+%ghost
%{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-deprecation-warning
%pre
%service_add_pre SuSEfirewall2.service
# Upgrade case means more than 1 package in system, so probably 2
# if we still have the LSB init script, save its state, remove _setup
# and store it in the database.
-if [ $FIRST_ARG -gt 1 ]; then
+if [ $1 -gt 1 ]; then
if test -e /etc/init.d/SuSEfirewall2_setup ; then
if test ! -e /var/lib/systemd/migrated/SuSEfirewall2 ; then
/usr/sbin/systemd-sysv-convert --save
SuSEfirewall2_setup
@@ -123,6 +124,15 @@
%post
%service_add_post SuSEfirewall2.service
+cat
>%{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-deprecation-warning
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2018-03-26 11:56:36 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Mon Mar 26 11:56:36 2018 rev:90 rq:588606 version:3.6.378 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2018-03-12 12:02:38.082995156 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2018-03-26 11:56:39.508680283 +0200 @@ -1,0 +2,7 @@ +Mon Mar 19 13:36:47 UTC 2018 - matthias.gerst...@suse.com + +- Reverted previous change. The rpm level conflict between the old and new + default firewall result in migration issues. Also the original problem + cannot be reproduced (bnc#1085260, bnc#1084177). + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.nybvlQ/_old 2018-03-26 11:56:40.372649114 +0200 +++ /var/tmp/diff_new_pack.nybvlQ/_new 2018-03-26 11:56:40.384648681 +0200 @@ -32,9 +32,6 @@ Requires: iptables Requires: perl Recommends: perl-Net-DNS -# bnc#1084177: starting both firewallds results in trouble. -# solving this on systemd level is complicated so we go for the conflict. -Conflicts: firewalld Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter License:GPL-2.0
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2018-03-12 12:02:19 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Mon Mar 12 12:02:19 2018 rev:89 rq:584969 version:3.6.378 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2018-01-20 11:22:41.883634105 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2018-03-12 12:02:38.082995156 +0100 @@ -1,0 +2,6 @@ +Fri Mar 9 11:01:22 UTC 2018 - matthias.gerst...@suse.com + +- Have SuSEfirewall2 conflict firewalld to avoid a messed up netfilter setup + (bnc#1084177) + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.nSLfvt/_old 2018-03-12 12:02:39.366949144 +0100 +++ /var/tmp/diff_new_pack.nSLfvt/_new 2018-03-12 12:02:39.374948856 +0100 @@ -32,6 +32,9 @@ Requires: iptables Requires: perl Recommends: perl-Net-DNS +# bnc#1084177: starting both firewallds results in trouble. +# solving this on systemd level is complicated so we go for the conflict. +Conflicts: firewalld Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter License:GPL-2.0
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2018-01-20 11:22:40
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Sat Jan 20 11:22:40 2018 rev:88 rq:566446 version:3.6.378
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2017-11-30 12:38:39.016624239 +0100
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2018-01-20 11:22:41.883634105 +0100
@@ -1,0 +2,6 @@
+Tue Jan 16 10:58:23 UTC 2018 - matthias.gerst...@suse.com
+
+- Fixed a regression in setting up the final LOG/DROP/REJECT rules for IPv6
(bnc#1075251)
+- Set RPC related rules also for IPv6 (bnc#1074933)
+
+---
Old:
SuSEfirewall2-3.6.376.tar.bz2
New:
SuSEfirewall2-3.6.378.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.RGwOsa/_old 2018-01-20 11:22:42.547603063 +0100
+++ /var/tmp/diff_new_pack.RGwOsa/_new 2018-01-20 11:22:42.547603063 +0100
@@ -1,7 +1,7 @@
#
# spec file for package SuSEfirewall2
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
%define newname SUSEfirewall2
Name: SuSEfirewall2
-Version:3.6.376
+Version:3.6.378
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: /bin/sed textutils fileutils grep filesystem
++ SuSEfirewall2-3.6.376.tar.bz2 -> SuSEfirewall2-3.6.378.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.376/SuSEfirewall2
new/SuSEfirewall2-3.6.378/SuSEfirewall2
--- old/SuSEfirewall2-3.6.376/SuSEfirewall2 2017-11-28 14:32:03.0
+0100
+++ new/SuSEfirewall2-3.6.378/SuSEfirewall2 2018-01-16 11:49:38.0
+0100
@@ -2319,10 +2319,10 @@
port="$3"
sport="$4"
- iptables="$IPTABLES $IP6TABLES"
+ iptables_list=$IPTABLES_LIST
case "$net" in
- *:*) iptables="$IP6TABLES" ;;
- [0-9]*.*.*.*) iptables="$IPTABLES" ;;
+ *:*) iptables_list="$IP6TABLES" ;;
+ [0-9]*.*.*.*) iptables_list="$IPTABLES" ;;
esac
if [ "$proto" = "_rpc_" ]; then
@@ -2331,8 +2331,10 @@
comment_pars "rpc.$port"
set -o pipefail
rpcservicerules $service | while read ARG; do
- $LDC $IPTABLES $rpc_insert $comment ${LOG}"-`rulelog
$chain`-$action " -m conntrack --ctstate NEW $ARG
- $IPTABLES $rpc_insert $comment -j "$target" $ARG
+ for iptables in $iptables_list; do
+ $LDC $iptables $rpc_insert $comment
${LOG}"-`rulelog $chain`-$action " -m conntrack --ctstate NEW $ARG
+ $iptables $rpc_insert $comment -j "$target" $ARG
+ done
done
[ $? -eq 0 ] || die "Failed to setup rpc service rules for
$service"
set +o pipefail
@@ -2340,7 +2342,7 @@
# don't add any other rules in update rpc mode
continue
elif check_proto_port "$proto" "$port" "$sport" "$var"; then
- for iptables in $iptables; do
+ for iptables in $iptables_list; do
$LDA $iptables -A $chain -s $net $proto $port $sport -m
conntrack --ctstate NEW ${LOG}"-`rulelog $chain`-$action "
$iptables -A $chain -s $net $proto $port $sport -m
conntrack --ctstate NEW -j "$target"
done
@@ -2406,10 +2408,10 @@
ipt_recent_set="-m recent --set$ipt_recent_set"
fi
- iptables="$IPTABLES $IP6TABLES"
+ iptables_list=$IPTABLES_LIST
case "$net" in
- *:*) iptables="$IP6TABLES" ;;
- [0-9]*.*.*.*) iptables="$IPTABLES" ;;
+ *:*) iptables_list="$IP6TABLES" ;;
+ [0-9]*.*.*.*) iptables_list="$IPTABLES" ;;
esac
if [ "$proto" = "_rpc_" ]; then
@@ -2418,14 +2420,16 @@
comment_pars "rpc.$port"
set -o pipefail
rpcservicerules $service | while read ARG; do
- if [ -n "$ipt_recent_set" ]; then
- $LDC $IPTABLES $rpc_insert $comment ${LOG}"-`rulelog
$chain`-DROPr
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2017-11-30 12:38:37
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Thu Nov 30 12:38:37 2017 rev:87 rq:546247 version:3.6.376
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2017-10-28 14:17:05.817616093 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2017-11-30 12:38:39.016624239 +0100
@@ -1,0 +2,17 @@
+Tue Nov 28 13:42:07 UTC 2017 - matthias.gerst...@suse.com
+
+- logging: correctly set the PID of the logging process
+
+---
+Tue Nov 28 10:33:24 UTC 2017 - matthias.gerst...@suse.com
+
+- main script: remove duplicate rules in the rpc rules area (bnc#1069760)
+- main script: support --trace messages
+
+---
+Thu Nov 23 13:37:44 UTC 2017 - rbr...@suse.com
+
+- Replace references to /var/adm/fillup-templates with new
+ %_fillupdir macro (boo#1069468)
+
+---
Old:
SuSEfirewall2-3.6.369.tar.bz2
New:
SuSEfirewall2-3.6.376.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.5oOHEB/_old 2017-11-30 12:38:39.840594277 +0100
+++ /var/tmp/diff_new_pack.5oOHEB/_new 2017-11-30 12:38:39.840594277 +0100
@@ -17,9 +17,14 @@
# icecream 0
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+ %define _fillupdir /var/adm/fillup-templates
+%endif
+
%define newname SUSEfirewall2
Name: SuSEfirewall2
-Version:3.6.369
+Version:3.6.376
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: /bin/sed textutils fileutils grep filesystem
@@ -56,8 +61,8 @@
%install
make DESTDIR="%{buildroot}" install install_doc
-install -d -m 755 %{buildroot}/var/adm/fillup-templates/
-install -m 644 SuSEfirewall2.sysconfig
%{buildroot}/var/adm/fillup-templates/sysconfig.SuSEfirewall2
+install -d -m 755 %{buildroot}%{_fillupdir}/
+install -m 644 SuSEfirewall2.sysconfig
%{buildroot}%{_fillupdir}/sysconfig.SuSEfirewall2
install -D -m 644 SuSEfirewall2.sysconfig
%{buildroot}/etc/sysconfig/SuSEfirewall2
install -d -m 755 %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity
install -m 644 doc/SuSEfirewall2-doc.desktop \
@@ -99,7 +104,7 @@
/usr/lib/systemd/system/SuSEfirewall2_init.service
/usr/share/SuSEfirewall2/defaults/50-default.cfg
/usr/share/SuSEfirewall2/rpcusers
-/var/adm/fillup-templates/sysconfig.SuSEfirewall2
+%{_fillupdir}/sysconfig.SuSEfirewall2
%pre
%service_add_pre SuSEfirewall2.service
++ SuSEfirewall2-3.6.369.tar.bz2 -> SuSEfirewall2-3.6.376.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.369/SuSEfirewall2
new/SuSEfirewall2-3.6.376/SuSEfirewall2
--- old/SuSEfirewall2-3.6.369/SuSEfirewall2 2017-10-17 13:18:06.0
+0200
+++ new/SuSEfirewall2-3.6.376/SuSEfirewall2 2017-11-28 14:32:03.0
+0100
@@ -118,7 +118,7 @@
pri="-p auth.warn"
fi
shift
-/bin/logger $dashs $pri -t SuSEfirewall2 "$*"
+/bin/logger $dashs $pri --id=$$ -t SuSEfirewall2 "$*"
}
message()
@@ -138,6 +138,13 @@
message ${FUNCNAME[1]} $*
}
+tracemessage()
+{
+$TRACE || return
+
+message ${FUNCNAME[1]} $*
+}
+
deprecated()
{
warning "$@ is deprecated and will likely be removed in the future."
@@ -298,6 +305,7 @@
ACTION="start"
MODE="standard"
+TRACE=false
INITSCRIPTS="" # on|off
needconfig=
needlock=1
@@ -309,7 +317,7 @@
quiet=1
fi
-getopttmp=`/usr/bin/getopt -o hqi:s: --long
help,scriptsdir:,batch,nobatch,file:,debug,test,bootlock,bootunlock,quiet,interface:,service:
\
+getopttmp=`/usr/bin/getopt -o hqi:s: --long
help,scriptsdir:,batch,nobatch,file:,debug,trace,test,bootlock,bootunlock,quiet,interface:,service:
\
-n 'SuSEfirewall2' -- "$@"`
[ $? != 0 ] && die 1 "getopt error"
@@ -324,6 +332,7 @@
--scriptsdir) SCRIPTSDIR="$2" ; shift 2 ;;
--test) MODE="test" ; shift ;;
--debug) MODE="debug"; needlock=0 ; shift ;;
+--trace) TRACE=true ; shift ;;
--bootlock) create_bootlock=1 ; shift ;;
--bootunlock) remove_bootlock=1 ; shift ;;
-h|--help) help ; shift ;;
@@ -2452,7 +2461,7 @@
{
local zone chain services comment
local selected="$1"
- [ -z "$add_portmapper" ] &&
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2017-10-28 14:17:04
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Sat Oct 28 14:17:04 2017 rev:86 rq:535172 version:3.6.369
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2017-07-30 11:26:37.675762321 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2017-10-28 14:17:05.817616093 +0200
@@ -1,0 +2,9 @@
+Wed Oct 18 15:47:48 UTC 2017 - matthias.gerst...@suse.com
+
+- rpcinfo: recognize execution errors of the perl script and terminate
accordingly
+- rpcinfo: fixed security issue with too open implicit portmapper rules
+ (bnc#1064127): A source net restriction for _rpc_ services was not taken
+ into account for the implicitly added rules for port 111, making the portmap
+ service accessible to everyone in the affected zone.
+
+---
Old:
SuSEfirewall2-3.6.365.tar.bz2
New:
SuSEfirewall2-3.6.369.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.Zul6SG/_old 2017-10-28 14:17:08.357523211 +0200
+++ /var/tmp/diff_new_pack.Zul6SG/_new 2017-10-28 14:17:08.357523211 +0200
@@ -19,7 +19,7 @@
%define newname SUSEfirewall2
Name: SuSEfirewall2
-Version:3.6.365
+Version:3.6.369
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: /bin/sed textutils fileutils grep filesystem
++ SuSEfirewall2-3.6.365.tar.bz2 -> SuSEfirewall2-3.6.369.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.365/.gitignore
new/SuSEfirewall2-3.6.369/.gitignore
--- old/SuSEfirewall2-3.6.365/.gitignore2017-07-28 10:40:25.0
+0200
+++ new/SuSEfirewall2-3.6.369/.gitignore2017-10-17 13:18:06.0
+0200
@@ -1 +1,2 @@
*.swp
+package
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.365/SuSEfirewall2
new/SuSEfirewall2-3.6.369/SuSEfirewall2
--- old/SuSEfirewall2-3.6.365/SuSEfirewall2 2017-07-28 10:40:25.0
+0200
+++ new/SuSEfirewall2-3.6.369/SuSEfirewall2 2017-10-17 13:18:06.0
+0200
@@ -2265,27 +2265,15 @@
# parameter fragment
#
# parameters:
-# $1: names of rpc services, e.g. ypbind mountd
-# $2: whether portmapper ports shall be implicitly added (boolean)
+# $1: names of rpc services, e.g. ypbind mountd or a comma separated tuple
+# like 192.168.1.0/24,_rpc_,nfs
rpcservicerules()
{
+
# The -rpcinfo script by default implicitly adds extra rules for portmap
# itself. This is because portmap needs to be reached in order for other
# rpc services to work at all.
-# In some contexts this generates superfluous portmap rules, however. In
-# conjunction with the update-rpc functionality we might end up with a lot
-# of redundant rules. Thus we can selectively disabled this implicit
-# behaviour.
-# It would be better to only explicitly add the portmap rules. But this
-# required more refactoring, and also the current solution is buggy: The
-# implicit portmap rules don't take source subnet restrictions into
-# account.
-if [ $# -eq 2 ] && ! $2; then
- export NOPORTMAP=1
-fi
-
-perl "$SCRIPTSDIR/SuSEfirewall2-rpcinfo" "$@" 2>/dev/null
-unset NOPORTMAP
+perl "$SCRIPTSDIR/SuSEfirewall2-rpcinfo" "$1"
}
# parameters:
@@ -2309,7 +2297,7 @@
chain=input_$zone
var="FW_SERVICES_${action}_`cibiz $zone`"
eval services="\"\$$var\""
-
+
local rpc_insert
get_rpc_insert_pars $update_rpc $chain
@@ -2332,10 +2320,13 @@
[ -n "$selected" -a "$selected" != $port ] && continue
local comment
comment_pars "rpc.$port"
+ set -o pipefail
rpcservicerules $service | while read ARG; do
$LDC $IPTABLES $rpc_insert $comment ${LOG}"-`rulelog
$chain`-$action " -m conntrack --ctstate NEW $ARG
$IPTABLES $rpc_insert $comment -j "$target" $ARG
done
+ [ $? -eq 0 ] || die "Failed to setup rpc service rules for
$service"
+ set +o pipefail
elif $update_rpc; then
# don't add any other rules in update rpc mode
continue
@@ -2416,6 +2407,7 @@
[ -n "$selected" -a "$selected" != "$port" ] && continue
local comment
comment_pars "rpc.$port"
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2017-07-30 11:26:25
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Sun Jul 30 11:26:25 2017 rev:85 rq:512885 version:3.6.365
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2017-07-02 13:37:21.174044525 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2017-07-30 11:26:37.675762321 +0200
@@ -1,0 +2,25 @@
+Fri Jul 28 08:40:55 UTC 2017 - matthias.gerst...@suse.com
+
+- Removed bogus nfs alias units, added correct nfs-client target in
+ SuSEfirewall2.service (bnc#946325).
+
+ The nfs alias units are false friends, because they don't fix the startup
+ ordering between nfs and SuSEfirewall2.
+
+ The missing nfs-client target could cause nfs mounts for nfs versions < 4.1
+ to be unable to receive callbacks from the server, when the nfs client was
+ started before the SuSEfirewall2 was started on boot.
+
+---
+Wed Jul 12 13:40:57 UTC 2017 - matthias.gerst...@suse.com
+
+- sysctl settings: make list of sysctl.d directories configurable via
+ FW_SYSCTL_PATHS (bnc#1044523)
+
+---
+Thu Jul 6 10:05:41 UTC 2017 - matthias.gerst...@suse.com
+
+- clarified warning message about FW_ROUTE being enabled but ip_forwarding not
configured
+- sysctl.d: avoid error messages if no /etc/sysctl.d/*.conf files are existing
(bnc#1044523)
+
+---
Old:
SuSEfirewall2-3.6.360.tar.bz2
New:
SuSEfirewall2-3.6.365.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.sRUgFr/_old 2017-07-30 11:26:38.419657352 +0200
+++ /var/tmp/diff_new_pack.sRUgFr/_new 2017-07-30 11:26:38.419657352 +0200
@@ -19,7 +19,7 @@
%define newname SUSEfirewall2
Name: SuSEfirewall2
-Version:3.6.360
+Version:3.6.365
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: /bin/sed textutils fileutils grep filesystem
++ SuSEfirewall2-3.6.360.tar.bz2 -> SuSEfirewall2-3.6.365.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.360/SuSEfirewall2
new/SuSEfirewall2-3.6.365/SuSEfirewall2
--- old/SuSEfirewall2-3.6.360/SuSEfirewall2 2017-06-28 11:18:23.0
+0200
+++ new/SuSEfirewall2-3.6.365/SuSEfirewall2 2017-07-28 10:40:25.0
+0200
@@ -135,7 +135,7 @@
{
[ "$MODE" != "debug" ] && return
-message $*
+message ${FUNCNAME[1]} $*
}
deprecated()
@@ -628,23 +628,53 @@
# checks multiple sysctl.d config locations for configure values
function get_any_sysctl_cfg()
{
- local path="$1"
+ local value="$1"
+
+ if [ -z "$FW_SYSCTL_PATHS" ]; then
+ # don't check all available sysctl.d directories for the
+ # reason discussed in bnc#1044523
+ FW_SYSCTL_PATHS="/etc/sysctl.conf /etc/sysctl.d
/usr/local/lib/sysctl.d"
+ fi
+
+ local path
+ for path in $FW_SYSCTL_PATHS; do
+ dbgmessage "Checking for sysctl value $value in path $path"
+ if [ -d "$path" ]; then
+ # expand to any config files found in the sysctl.d
+ # style directory
+ paths=$path/*.conf
+ dbgmessage "Expanded $path to $paths"
+ else
+ paths=$path
+ fi
- for file in /etc/sysctl.conf /etc/sysctl.d/*.conf; do
- get_sysctl_cfg "$path" "$file" && return 0
+ for file in $paths; do
+ # check for existence, because the wildcard match
+ # above might yield no matches, which would result in
+ # error messages otherwise
+ if [ -r "$file" ]; then
+ dbgmessage "Checking in file $file"
+ get_sysctl_cfg "$value" "$file" &&
sysctl_file="$file" && return 0
+ dbgmessage "no match"
+ fi
+ done
done
+ sysctl_file=""
return 1
}
-# outputs the configured value of the sysctl setting passed as $1 in the
+# returns the configured value of the sysctl setting passed as $1 in the
# configuration file $2.
-# return code of 0 if a value was found and output, 1 if none was found
+# return code of 0 if
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2017-07-02 13:37:19
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Sun Jul 2 13:37:19 2017 rev:84 rq:506733 version:3.6.360
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2017-06-28 10:33:44.848928581 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2017-07-02 13:37:21.174044525 +0200
@@ -1,0 +2,5 @@
+Wed Jun 28 09:19:26 UTC 2017 - matthias.gerst...@suse.com
+
+- Only consider *.conf files to ignore backup files and similar (bnc#1044523)
+
+---
Old:
SuSEfirewall2-3.6.359.tar.bz2
New:
SuSEfirewall2-3.6.360.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.uOMIv7/_old 2017-07-02 13:37:21.761961620 +0200
+++ /var/tmp/diff_new_pack.uOMIv7/_new 2017-07-02 13:37:21.765961056 +0200
@@ -19,7 +19,7 @@
%define newname SUSEfirewall2
Name: SuSEfirewall2
-Version:3.6.359
+Version:3.6.360
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: /bin/sed textutils fileutils grep filesystem
++ SuSEfirewall2-3.6.359.tar.bz2 -> SuSEfirewall2-3.6.360.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.359/SuSEfirewall2
new/SuSEfirewall2-3.6.360/SuSEfirewall2
--- old/SuSEfirewall2-3.6.359/SuSEfirewall2 2017-06-20 18:12:11.0
+0200
+++ new/SuSEfirewall2-3.6.360/SuSEfirewall2 2017-06-28 11:18:23.0
+0200
@@ -630,7 +630,7 @@
{
local path="$1"
- for file in /etc/sysctl.conf /etc/sysctl.d/*; do
+ for file in /etc/sysctl.conf /etc/sysctl.d/*.conf; do
get_sysctl_cfg "$path" "$file" && return 0
done
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2017-06-28 10:33:43
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Wed Jun 28 10:33:43 2017 rev:83 rq:505515 version:3.6.359
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2017-05-03 15:52:54.820449645 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2017-06-28 10:33:44.848928581 +0200
@@ -1,0 +2,6 @@
+Tue Jun 20 16:16:45 UTC 2017 - matthias.gerst...@suse.com
+
+- Also check /etc/sysctl.d for custom sysctl overrides (bnc#1044523)
+- improved documentation of FW_SERVICES_DROP_... to mention "all" protocols
+
+---
Old:
SuSEfirewall2-3.6.357.tar.bz2
New:
SuSEfirewall2-3.6.359.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.zxmN5o/_old 2017-06-28 10:33:45.472840312 +0200
+++ /var/tmp/diff_new_pack.zxmN5o/_new 2017-06-28 10:33:45.476839746 +0200
@@ -19,7 +19,7 @@
%define newname SUSEfirewall2
Name: SuSEfirewall2
-Version:3.6.357
+Version:3.6.359
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: /bin/sed textutils fileutils grep filesystem
++ SuSEfirewall2-3.6.357.tar.bz2 -> SuSEfirewall2-3.6.359.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.357/SuSEfirewall2
new/SuSEfirewall2-3.6.359/SuSEfirewall2
--- old/SuSEfirewall2-3.6.357/SuSEfirewall2 2017-04-24 14:09:10.0
+0200
+++ new/SuSEfirewall2-3.6.359/SuSEfirewall2 2017-06-20 18:12:11.0
+0200
@@ -625,15 +625,32 @@
PROC_IPV4_FWD="/proc/sys/net/ipv4/ip_forward"
PROC_IPV6_FWD="/proc/sys/net/ipv6/conf/all/forwarding"
+# checks multiple sysctl.d config locations for configure values
+function get_any_sysctl_cfg()
+{
+ local path="$1"
+
+ for file in /etc/sysctl.conf /etc/sysctl.d/*; do
+ get_sysctl_cfg "$path" "$file" && return 0
+ done
+
+ return 1
+}
+
+# outputs the configured value of the sysctl setting passed as $1 in the
+# configuration file $2.
+# return code of 0 if a value was found and output, 1 if none was found
function get_sysctl_cfg()
{
local path="$1"
- local sysctl="/etc/sysctl.conf"
+ local sysctl="$2"
local line
# translate the proc path to a sysctl path
syspath=`echo "$path" | /usr/bin/cut -d '/' -f 4- | /usr/bin/tr '/' '.'`
+ # iterate two times in case a more general setting should be checked,
+ # too
# no while true to avoid infinite loops
for try in 1 2; do
@@ -673,7 +690,7 @@
[ -z "$path" -o ! -w "$path" ] && return
-cfg_value=`get_sysctl_cfg $path` && have_cfg=true || have_cfg=false
+cfg_value=`get_any_sysctl_cfg $path` && have_cfg=true || have_cfg=false
if $have_cfg; then
[ "$cfg_value" = "$value" ] && same_value=true || same_value=false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.357/SuSEfirewall2.sysconfig
new/SuSEfirewall2-3.6.359/SuSEfirewall2.sysconfig
--- old/SuSEfirewall2-3.6.357/SuSEfirewall2.sysconfig 2017-04-24
14:09:10.0 +0200
+++ new/SuSEfirewall2-3.6.359/SuSEfirewall2.sysconfig 2017-06-20
18:12:11.0 +0200
@@ -381,6 +381,8 @@
# Format: space separated list of net,protocol[,port][,sport]
# Example: "0/0,tcp,445 0/0,udp,4662"
#
+# If you specify "all" as protocol then all protocols will be dropped.
+#
# The special value _rpc_ is recognized as protocol and means that dport is
# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for
# details.
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2017-05-03 15:52:53
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Wed May 3 15:52:53 2017 rev:82 rq:490302 version:3.6.357
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2017-04-07 14:18:19.455468038 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2017-05-03 15:52:54.820449645 +0200
@@ -0,0 +1,34 @@
+---
+Mon Apr 24 12:19:12 UTC 2017 - matthias.gerst...@suse.com
+
+- implementation of feature FATE#316295: allow incremental update of rpc
+ rules:
+
+ By calling "/usr/sbin/SuSEfirewall2 update-rpc [-s service]" you can now
+ cause SuSEfirewall to update its rpc related firewall rules to reflect the
+ current portmapper state in the system, without affecting the rest of the
+ firewall rule set.
+
+ This can for example be put in systemd unit files as ExecStartPost
+ directives, to always keep port mapping rules up to date, for certain rpc
+ services. Note that you still need to configure the rpc rules in
+ /etc/sysconfig/SuSEfirewall2 to make this work. See configuration variables:
+
+ FW_SERVICES_DROP_{EXT,INT,DMZ}
+ FW_SERVICES_ACCEPT_{EXT,INT,DMZ}
+ FW_SERVICES_{EXT,INT,DMZ}_RPC
+
+- conntrack helpers: explicitly load kernel module to make sure conntrack
+ helper rules can be applied and to avoid errors messages if kernel module is
+ not loaded
+
+---
+Tue Apr 18 16:07:56 UTC 2017 - matthias.gerst...@suse.com
+
+Update to new git release 3.6.351:
+
+- ship ftp-client service file for allowing active ftp client connections
+ easily. Also fix use of connection tracker helper on kernel >= 4.7 for ftp.
+ (boo#1034341)
+
+---
Old:
SuSEfirewall2-3.6.346.tar.bz2
New:
SuSEfirewall2-3.6.357.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.Zb8SFr/_old 2017-05-03 15:52:55.740319782 +0200
+++ /var/tmp/diff_new_pack.Zb8SFr/_new 2017-05-03 15:52:55.744319217 +0200
@@ -19,7 +19,7 @@
%define newname SUSEfirewall2
Name: SuSEfirewall2
-Version:3.6.346
+Version:3.6.357
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: /bin/sed textutils fileutils grep filesystem
++ SuSEfirewall2-3.6.346.tar.bz2 -> SuSEfirewall2-3.6.357.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.346/Makefile
new/SuSEfirewall2-3.6.357/Makefile
--- old/SuSEfirewall2-3.6.346/Makefile 2017-03-20 18:10:06.0 +0100
+++ new/SuSEfirewall2-3.6.357/Makefile 2017-04-24 14:09:10.0 +0200
@@ -46,6 +46,7 @@
ln -sf SuSEfirewall2 $(DESTDIR)/etc/sysconfig/network/scripts/firewall
install -m 755 SuSEfirewall2-custom.sysconfig
$(DESTDIR)/etc/sysconfig/scripts/SuSEfirewall2-custom
install -m 644 SuSEfirewall2.service.TEMPLATE
$(DESTDIR)/etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE
+ install -m 644 services/*
$(DESTDIR)/etc/sysconfig/SuSEfirewall2.d/services
install -m 644 SuSEfirewall2.defaults
$(DESTDIR)/usr/share/SuSEfirewall2/defaults/50-default.cfg
install -m 644 rpcusers $(DESTDIR)/usr/share/SuSEfirewall2/rpcusers
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.346/SuSEfirewall2
new/SuSEfirewall2-3.6.357/SuSEfirewall2
--- old/SuSEfirewall2-3.6.346/SuSEfirewall2 2017-03-20 18:10:06.0
+0100
+++ new/SuSEfirewall2-3.6.357/SuSEfirewall2 2017-04-24 14:09:10.0
+0200
@@ -57,23 +57,28 @@
$0 basic|stop|close|status|help
$0 open ZONE TYPE services...
$0 on|off
+$0 [-s ] update-rpc
Options:
- start generate and load the firewall filter rules from
- /etc/sysconfig/SuSEfirewall2
- stopunload all filter rules
- close no incoming network traffic except bootp+ping (for boot security)
- basic set basic filter rules that drop all incoming access
- testgenerate and load the filter rules but do not drop any packet but log
- to syslog anything which *would* be denied
- status print the output of "iptables -nvL"
- debug print the iptables command to stdout instead of executing them
- log show SuSEfirewall2 related syslog messages in a better readable
format
- helpthis output
- openopen the specified services in the specified zone.
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-04-07 14:18:15 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Fri Apr 7 14:18:15 2017 rev:81 rq:483163 version:3.6.346 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-03-20 17:04:28.952910054 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-04-07 14:18:19.455468038 +0200 @@ -0,0 +1,43 @@ +Mon Mar 20 18:11:15 CET 2017 - mgerst...@suse.de + +Update to new git release 3.6.346: + +- harmonized the logic of setting IPv4/IPv6 forwarding when FW_ROUTE is set to + "yes". Previously only IPv4 forwarding was exclusively set by SuSEfirewall2, + while IPv6 forwarding could only be set via "yast2 firewall". With this + update you should always configure IPv4/IPv6 forwarding with yast. + SuSEfirewall2 will still provide backwards compatibility to temporarily + enable IPv4/IPv6 forwarding if not already enabled system wide. Also + forwarding can now be configured separately for IPv4/IPv6 if only one of + both is required. See FW_ROUTE documentation. (bnc#572202) +- ignore the bootlock when incremental updates for hotplugged or virtual + devices are coming in during boot. This prevents lockups for example when + drbd is used with FB_BOOT_FULL_INIT. (bnc#785299) +- fixed a race condition in systemd unit files that could cause the + SuSEfirewall2_init unit to sporadically fail, because /tmp was not + there/writable yet. (bnc#1014987) +- support new kernels >= 4.7 that run with + net.netfilter.nf_conntrack_helper = 0 + by default. Currently only netbios/samba is fully covered. (bnc#986527) +- allow mdns multicast packets input in unconfigured firewall setups (no zones + configured) to make zeroconf setups (like avahi) work out of the box for + typical desktops connecting via DSL/WiFi router scenarios. (bnc#959707) +- refurbished the documentation in /usr/share/doc. (bnc#884037) +- updated GPL license texts with the current address from FSF +- support for IPv6 in FW_TRUSTED_NETS config variable. (bnc#841046) +- don't log dropped broadcast IPv6 broadcast/multicast packets by default to + avoid cluttering the kernel log. (bnc#847193) +- recognize a running libvirtd instance and cause it to recreate its custom + firewall rules on SuSEfirewall2 reload, to not break VM networking. + (bnc#884398) +- only apply FW_KERNEL_SECURITY proc settings, if not overriden by the + administrator in /etc/sysctl.conf (bnc#906136). This allows you to benefit + from some of the kernel security settings, while overwriting others. +- don't enable FW_LO_NOTRACK by default any more, because it breaks expected + behaviour in some scenarios (bnc#916771) +- increase security when sourcing external script files by checking file + ownership and permissions first (to avoid sourcing untrusted files owned by + non-root or world-writable) +- fixed "/usr/sbin/SUSEfirewall log" pretty logfile parsing functionality when + running under systemd with journald. + @@ -15 +58 @@ - +: Old: SuSEfirewall2-3.6.322.tar.bz2 New: SuSEfirewall2-3.6.346.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.yRzdEw/_old 2017-04-07 14:18:22.535033153 +0200 +++ /var/tmp/diff_new_pack.yRzdEw/_new 2017-04-07 14:18:22.535033153 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.322 +Version:3.6.346 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.322.tar.bz2 -> SuSEfirewall2-3.6.346.tar.bz2 ++ 3093 lines of diff (skipped)
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2017-03-20 17:04:27
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Mon Mar 20 17:04:27 2017 rev:80 rq:479216 version:3.6.322
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2017-02-16 16:47:34.75090 +0100
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2017-03-20 17:04:28.952910054 +0100
@@ -1,0 +2,7 @@
+Tue Mar 7 10:39:28 CET 2017 - mgerst...@suse.de
+
+- Install symlink to SuSEfirewall2 with the updated SUSE spelling
+ (bsc#938727, FATE#316521)
+- Added rpmlintrc file to suppress some bogus warnings during building
+
+---
New:
SuSEfirewall2-rpmlintrc
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.Ub5WY4/_old 2017-03-20 17:04:29.800790333 +0100
+++ /var/tmp/diff_new_pack.Ub5WY4/_new 2017-03-20 17:04:29.804789769 +0100
@@ -17,6 +17,7 @@
# icecream 0
+%define newname SUSEfirewall2
Name: SuSEfirewall2
Version:3.6.322
Release:0
@@ -31,6 +32,7 @@
License:GPL-2.0
Group: Productivity/Networking/Security
Source: SuSEfirewall2-%{version}.tar.bz2
+Source1:SuSEfirewall2-rpmlintrc
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# for the service_* macros
@@ -47,8 +49,8 @@
%prep
%setup
-# please send patches to lnussel for inclusion in git first
-# http://gitorious.org/opensuse/susefirewall2
+# please send patches to mgerstner for inclusion in git first
+# https://github.com/openSUSE/susefirewall2/
%build
@@ -63,8 +65,11 @@
#
# compat symlink
mkdir -p %{buildroot}/sbin
-ln -s /usr/sbin/SuSEfirewall2 %{buildroot}/sbin/SuSEfirewall2
-ln -s /usr/sbin/rcSuSEfirewall2 %{buildroot}/sbin/rcSuSEfirewall2
+ln -s /usr/sbin/%{name} %{buildroot}/sbin/%{name}
+ln -s /usr/sbin/rc%{name} %{buildroot}/sbin/rc%{name}
+# symlinks using the new SUSE spelling
+ln -s %{name} %{buildroot}/sbin/%{newname}
+ln -s %{name} %{buildroot}/usr/sbin/%{newname}
%files
%defattr(-, root, root)
@@ -86,6 +91,8 @@
/sbin/rcSuSEfirewall2
/usr/sbin/rcSuSEfirewall2
/usr/sbin/SuSEfirewall2
+/usr/sbin/%{newname}
+/sbin/%{newname}
%dir /usr/share/SuSEfirewall2
%dir /usr/share/SuSEfirewall2/defaults
/usr/lib/systemd/system/SuSEfirewall2.service
++ SuSEfirewall2-rpmlintrc ++
addFilter("non-conffile-in-etc .*/etc/sysconfig/script/*")
addFilter("script-without-shebang .*/etc/sysconfig/script/*")
addFilter("non-conffile-in-etc
.*/etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE")
addFilter("non-executable-script .*/etc/sysconfig/script/*")
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-02-16 16:47:33 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2016-02-18 12:35:44.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-02-16 16:47:34.75090 +0100 @@ -1,0 +2,5 @@ +Fri Feb 10 22:39:10 CET 2017 - ku...@suse.de + +- Remove unused PreReq for insserv and fillup + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.0jUDUA/_old 2017-02-16 16:47:34.916408075 +0100 +++ /var/tmp/diff_new_pack.0jUDUA/_new 2017-02-16 16:47:34.920407507 +0100 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Version:3.6.322 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 -PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem +PreReq: /bin/sed textutils fileutils grep filesystem Requires: coreutils Requires: iptables Requires: perl
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2016-02-18 11:06:29 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2016-01-23 01:16:11.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2016-02-18 12:35:44.0 +0100 @@ -1,0 +2,20 @@ +Wed Feb 10 15:18:40 UTC 2016 - meiss...@suse.com + +- add nfs-server.service too as dependency, remove default.target again + as it makes trouble (bsc#963740) +- basic.target and SuSEfirewall2 have a loop, remove it bsc#961258 + +--- +Tue Feb 9 11:01:25 UTC 2016 - meiss...@suse.com + +- change dependencies of SUSEfirewall2_init, so it gets run after systemd + version update brought new dependencies somehow (bsc#963969) + +--- +Thu Jan 28 12:23:06 UTC 2016 - meiss...@suse.com + +- add default.target, so SuSEfirewall2 final will be started after + all other services. This is relevant for rpc services like the NFS rpc + process group, where ports are opened dynamically. bsc#963740 + +--- Old: SuSEfirewall2-3.6.318.tar.bz2 New: SuSEfirewall2-3.6.322.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.MOlTnT/_old 2016-02-18 12:35:45.0 +0100 +++ /var/tmp/diff_new_pack.MOlTnT/_new 2016-02-18 12:35:45.0 +0100 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.318 +Version:3.6.322 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.318.tar.bz2 -> SuSEfirewall2-3.6.322.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.318/SuSEfirewall2.service new/SuSEfirewall2-3.6.322/SuSEfirewall2.service --- old/SuSEfirewall2-3.6.318/SuSEfirewall2.service 2016-01-18 13:00:33.0 +0100 +++ new/SuSEfirewall2-3.6.322/SuSEfirewall2.service 2016-02-10 16:17:50.0 +0100 @@ -1,6 +1,6 @@ [Unit] Description=SuSEfirewall2 phase 2 -After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service SuSEfirewall2_init.service +After=network.target ypbind.service nfs.service nfsserver.service nfs-server.service rpcbind.service SuSEfirewall2_init.service Wants=SuSEfirewall2_init.service Conflicts=firewalld.service diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.318/SuSEfirewall2_init.service new/SuSEfirewall2-3.6.322/SuSEfirewall2_init.service --- old/SuSEfirewall2-3.6.318/SuSEfirewall2_init.service2016-01-18 13:00:33.0 +0100 +++ new/SuSEfirewall2-3.6.322/SuSEfirewall2_init.service2016-02-10 16:17:50.0 +0100 @@ -1,7 +1,8 @@ [Unit] Description=SuSEfirewall2 phase 1 Before=network.service -Before=basic.target +DefaultDependencies=false +Requires=sysinit.target Conflicts=firewalld.service [Service]
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2016-01-23 01:16:10
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is "SuSEfirewall2"
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2015-06-30 10:15:01.0 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2016-01-23 01:16:11.0 +0100
@@ -1,0 +2,11 @@
+Mon Jan 18 12:44:38 UTC 2016 - meiss...@suse.com
+
+- Merge pull request #5 from hwoarang/firewalld-conflict
+- SuSEfirewall2{,_init}.service: Conflict with firewalld service
+
+---
+Fri Jan 15 16:36:15 UTC 2016 - meiss...@suse.com
+
+- basic.service -> basic.target (bsc#961258)
+
+---
Old:
SuSEfirewall2-3.6.315.tar.bz2
New:
SuSEfirewall2-3.6.318.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.a78Wpt/_old 2016-01-23 01:16:12.0 +0100
+++ /var/tmp/diff_new_pack.a78Wpt/_new 2016-01-23 01:16:12.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package SuSEfirewall2
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: SuSEfirewall2
-Version:3.6.315
+Version:3.6.318
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils
grep filesystem
++ SuSEfirewall2-3.6.315.tar.bz2 -> SuSEfirewall2-3.6.318.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.315/SuSEfirewall2.service
new/SuSEfirewall2-3.6.318/SuSEfirewall2.service
--- old/SuSEfirewall2-3.6.315/SuSEfirewall2.service 2015-06-24
14:06:41.0 +0200
+++ new/SuSEfirewall2-3.6.318/SuSEfirewall2.service 2016-01-18
13:00:33.0 +0100
@@ -2,6 +2,7 @@
Description=SuSEfirewall2 phase 2
After=network.target ypbind.service nfs.service nfsserver.service
rpcbind.service SuSEfirewall2_init.service
Wants=SuSEfirewall2_init.service
+Conflicts=firewalld.service
[Service]
ExecStart=/usr/sbin/SuSEfirewall2 boot_setup
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.315/SuSEfirewall2_init.service
new/SuSEfirewall2-3.6.318/SuSEfirewall2_init.service
--- old/SuSEfirewall2-3.6.315/SuSEfirewall2_init.service2015-06-24
14:06:41.0 +0200
+++ new/SuSEfirewall2-3.6.318/SuSEfirewall2_init.service2016-01-18
13:00:33.0 +0100
@@ -1,7 +1,8 @@
[Unit]
Description=SuSEfirewall2 phase 1
Before=network.service
-Before=basic.service
+Before=basic.target
+Conflicts=firewalld.service
[Service]
ExecStart=/usr/sbin/SuSEfirewall2 boot_init
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2015-06-30 10:15:00
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is SuSEfirewall2
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2014-08-20 10:51:50.0 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2015-06-30 10:15:01.0 +0200
@@ -1,0 +2,8 @@
+Wed Jun 24 12:07:08 UTC 2015 - meiss...@suse.com
+
+- reduce amount of setprocinfo set values, adjusted to existence and
+ also current kernel defaults.
+- missing IPv6 commands to enable broadcast (e.g.: avahi over ipv6)
+ (bsc#935716)
+
+---
Old:
SuSEfirewall2-3.6.312.tar.bz2
New:
SuSEfirewall2-3.6.315.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.aKcojP/_old 2015-06-30 10:15:02.0 +0200
+++ /var/tmp/diff_new_pack.aKcojP/_new 2015-06-30 10:15:02.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package SuSEfirewall2
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: SuSEfirewall2
-Version:3.6.312
+Version:3.6.315
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils
grep filesystem
++ SuSEfirewall2-3.6.312.tar.bz2 - SuSEfirewall2-3.6.315.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.312/SuSEfirewall2
new/SuSEfirewall2-3.6.315/SuSEfirewall2
--- old/SuSEfirewall2-3.6.312/SuSEfirewall2 2014-08-15 18:02:23.0
+0200
+++ new/SuSEfirewall2-3.6.315/SuSEfirewall2 2015-06-24 14:06:41.0
+0200
@@ -1181,24 +1181,24 @@
set_proc_stuff()
{
if [ $FW_KERNEL_SECURITY != no ]; then
- setproc 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+ # kernel default 1: setproc 1
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# test $FW_ALLOW_PING_FW = yes || setproc 1
/proc/sys/net/ipv4/icmp_echo_ignore_all # XXX
- setproc 1 /proc/sys/net/ipv4/ip_always_defrag # XXX not there?
- setproc 1 /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
- setproc 5 /proc/sys/net/ipv4/icmp_echoreply_rate
- setproc 5 /proc/sys/net/ipv4/icmp_destunreach_rate
- setproc 5 /proc/sys/net/ipv4/icmp_paramprob_rate
- setproc 6 /proc/sys/net/ipv4/icmp_timeexceed_rate
- setproc 20 /proc/sys/net/ipv4/ipfrag_time
+ # gone? setproc 1 /proc/sys/net/ipv4/ip_always_defrag # XXX not there?
+ # kernel default 1: setproc 1
/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+ # gone? setproc 5 /proc/sys/net/ipv4/icmp_echoreply_rate
+ # gone? setproc 5 /proc/sys/net/ipv4/icmp_destunreach_rate
+ # gone? setproc 5 /proc/sys/net/ipv4/icmp_paramprob_rate
+ # gone? setproc 6 /proc/sys/net/ipv4/icmp_timeexceed_rate
+ # 30*HZ in the kernel, setproc 20 /proc/sys/net/ipv4/ipfrag_time
for i in /proc/sys/net/ipv4/conf/*; do
- setproc 1 $i/log_martians
- setproc 0 $i/bootp_relay
- [ $FW_ROUTE != yes ] setproc 0 $i/forwarding
- setproc 0 $i/proxy_arp
- setproc 1 $i/secure_redirects
+ setproc 1 $i/log_martians # default is 0 in the kernel
+ #kernel default 0: setproc 0 $i/bootp_relay
+ [ $FW_ROUTE != yes ] setproc 0 $i/forwarding # should stay
+ # kernel default 0: setproc 0 $i/proxy_arp
+ # kernel default 1: setproc 1 $i/secure_redirects
#setproc 0 $i/accept_redirects # let kernel decide this
- setproc 0 $i/accept_source_route
- setproc 1 $i/rp_filter
+ setproc 0 $i/accept_source_route# default is 1, should stay?
+ setproc 1 $i/rp_filter # default is 0, should stay?
done
setproc 1 /proc/sys/net/ipv4/route/flush
fi
@@ -1324,21 +1324,26 @@
[ $port = no -o $port = yes ] continue
$LAA $IPTABLES $match -p udp --dport $port
${LOG}-ACC-BCAST${zone:0:1}
$IPTABLES $match -p udp --dport $port -j $ACCEPT
+ $LAA $IP6TABLES $match -p udp --dport $port
${LOG}-ACC-BCAST${zone:0:1}
+ $IP6TABLES $match -p udp --dport
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2014-08-20 10:51:18 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-07-31 21:50:03.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-08-20 10:51:50.0 +0200 @@ -1,0 +2,12 @@ +Mon Aug 18 08:17:30 UTC 2014 - lnus...@suse.de + +- perl-Net-DNS is only needed by some ancillary helper tool but not for the + core features. So set it to Recommended. + +--- +Fri Aug 15 16:02:46 UTC 2014 - meiss...@suse.com + +- hosting moved to github.com/opensuse/susefirewall2 +- added a sysvinit - systemd conversion hack (bnc#891669) + +--- Old: SuSEfirewall2-3.6.310.tar.bz2 New: SuSEfirewall2-3.6.312.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.Yp5dvk/_old 2014-08-20 10:51:51.0 +0200 +++ /var/tmp/diff_new_pack.Yp5dvk/_new 2014-08-20 10:51:51.0 +0200 @@ -18,14 +18,14 @@ Name: SuSEfirewall2 -Version:3.6.310 +Version:3.6.312 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem Requires: coreutils Requires: iptables Requires: perl -Requires: perl-Net-DNS +Recommends: perl-Net-DNS Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter License:GPL-2.0 @@ -96,6 +96,17 @@ %pre %service_add_pre SuSEfirewall2.service +# Upgrade case means more than 1 package in system, so probably 2 +# if we still have the LSB init script, save its state, remove _setup +# and store it in the database. +if [ $FIRST_ARG -gt 1 ]; then + if test -e /etc/init.d/SuSEfirewall2_setup ; then + if test ! -e /var/lib/systemd/migrated/SuSEfirewall2 ; then + /usr/sbin/systemd-sysv-convert --save SuSEfirewall2_setup + sed -i -e 's/SuSEfirewall2_setup/SuSEfirewall2/' /var/lib/systemd/sysv-convert/database + fi + fi +fi %post %service_add_post SuSEfirewall2.service ++ SuSEfirewall2-3.6.310.tar.bz2 - SuSEfirewall2-3.6.312.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.html new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.html --- old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.html 2014-07-31 10:50:49.0 +0200 +++ new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.html 2014-08-15 18:02:23.0 +0200 @@ -1,6 +1,5 @@ ?xml version=1.0 encoding=UTF-8? -!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; -html xmlns=http://www.w3.org/1999/xhtml;headmeta http-equiv=Content-Type content=text/html; charset=UTF-8 /titleSuSEfirewall2/titlelink rel=stylesheet href=susebooks.css type=text/css /meta name=generator content=DocBook XSL Stylesheets V1.75.2 //headbodydiv class=article title=SuSEfirewall2div class=titlepagedivdivh2 class=titlea id=id301523/aSuSEfirewall2/h2/div/divhr //divdiv class=tocpbTable of Contents/b/pdldtspan class=sectiona href=#id3015371. Introduction/a/span/dtdtspan class=sectiona href=#id2658792. Quickstart/a/span/dtdddldtspan class=sectiona href=#id2658842.1. YaST2 firewall module/a/span/dtdtspan class=sectiona href=#id2658962.2. Manual configuration/a/span/dt/dl/dddtspan class=sectiona href=#id2839263. Some words about security/a/span/dtdtspan class=sectiona href=#id2652454. Source Code/a/span/dtdtspan class=sectiona href=#id2652615. Reporting bugs/a/span/dtdtspan class=sectiona href=#id2652836. Links/a/span/dtdtspan class=sectiona href=#id2653077. Author/a/span/dt/dl/divdiv class=section title=1.#xA0;Introductiondiv class=titlepagedivdivh2 class=title style=clear: botha id=id301537/a1. Introduction/h2/div/div/divp +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;html xmlns=http://www.w3.org/1999/xhtml;headmeta http-equiv=Content-Type content=text/html; charset=UTF-8 /titleSuSEfirewall2/titlelink rel=stylesheet type=text/css href=susebooks.css /meta name=generator content=DocBook XSL Stylesheets V1.78.0
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2014-07-31 21:50:00 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-06-18 07:47:41.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-07-31 21:50:03.0 +0200 @@ -1,0 +2,6 @@ +Thu Jul 31 08:51:43 UTC 2014 - meiss...@suse.com + +- SuSEfirewall2, ACCEPT from services is a local variable, otherwise + ACCEPT would be used a service name (bnc#889406 bnc#889555 bnc#887040) + +--- Old: SuSEfirewall2-3.6.309.tar.bz2 New: SuSEfirewall2-3.6.310.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.aEEyoe/_old 2014-07-31 21:50:04.0 +0200 +++ /var/tmp/diff_new_pack.aEEyoe/_new 2014-07-31 21:50:04.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.309 +Version:3.6.310 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.309.tar.bz2 - SuSEfirewall2-3.6.310.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.309/SuSEfirewall2 new/SuSEfirewall2-3.6.310/SuSEfirewall2 --- old/SuSEfirewall2-3.6.309/SuSEfirewall2 2014-06-11 10:45:57.0 +0200 +++ new/SuSEfirewall2-3.6.310/SuSEfirewall2 2014-07-31 10:50:49.0 +0200 @@ -1261,6 +1261,7 @@ local BROADCAST='' local RELATED='' local MODULES='' + local ACCEPT='' # XXX: could use a sub shell in order to enforce use of known variables only if [ ! -r $CONFIGURATIONSDIR_0/$config ] || ! . $CONFIGURATIONSDIR_0/$config; then -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2014-06-18 07:47:40 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-06-01 18:56:03.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-06-18 07:47:41.0 +0200 @@ -1,0 +2,5 @@ +Wed Jun 11 08:49:18 UTC 2014 - m...@suse.com + +- Added ACCEPT to TEMPLATE using FW_SERVICES_ACCEPT + +--- Old: SuSEfirewall2-3.6.307.tar.bz2 New: SuSEfirewall2-3.6.309.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.NBpEKL/_old 2014-06-18 07:47:42.0 +0200 +++ /var/tmp/diff_new_pack.NBpEKL/_new 2014-06-18 07:47:42.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.307 +Version:3.6.309 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.307.tar.bz2 - SuSEfirewall2-3.6.309.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.307/SuSEfirewall2 new/SuSEfirewall2-3.6.309/SuSEfirewall2 --- old/SuSEfirewall2-3.6.307/SuSEfirewall2 2014-05-27 10:50:25.0 +0200 +++ new/SuSEfirewall2-3.6.309/SuSEfirewall2 2014-06-11 10:45:57.0 +0200 @@ -1287,6 +1287,10 @@ eval FW_SERVICES_ACCEPT_RELATED_`cibiz $zone`=\\$FW_SERVICES_ACCEPT_RELATED_`cibiz $zone` \$RELATED\ fi + if [ -n $ACCEPT ]; then + eval FW_SERVICES_ACCEPT_`cibiz $zone`=\\$FW_SERVICES_ACCEPT_`cibiz $zone` \$ACCEPT\ + fi + if [ -n $MODULES ]; then eval FW_LOAD_MODULES=\\$FW_LOAD_MODULES \$MODULES\ fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.307/SuSEfirewall2.service.TEMPLATE new/SuSEfirewall2-3.6.309/SuSEfirewall2.service.TEMPLATE --- old/SuSEfirewall2-3.6.307/SuSEfirewall2.service.TEMPLATE2014-05-27 10:50:25.0 +0200 +++ new/SuSEfirewall2-3.6.309/SuSEfirewall2.service.TEMPLATE2014-06-11 10:45:57.0 +0200 @@ -36,6 +36,13 @@ # IPv4 use 0.0.0.0/0 RELATED= +# space separated list of net,protocol[,sport[,dport]] +# sets FW_SERVICES_ACCEPT_*_EXT +# Alternative to TCP,UDP,... variants above allowing to +# open ports for IPv6 only or IPv4 only, using ::/0 or +# 0.0.0.0/0 as net (source address net). +ACCEPT= + # additional kernel modules needed for this service # see FW_LOAD_MODULES MODULES= -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2014-06-01 18:55:59
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is SuSEfirewall2
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2013-12-30 10:44:25.0 +0100
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2014-06-01 18:56:03.0 +0200
@@ -1,0 +2,7 @@
+Tue May 27 08:59:59 UTC 2014 - meiss...@suse.com
+
+- Allow incoming DHCPv6 replies, currently unlimited.
+ bnc#867819,bnc#868031,bnc#783002,bnc#822959
+- typo fix customary - custom bnc#835677
+
+---
Old:
SuSEfirewall2-3.6.305.tar.bz2
New:
SuSEfirewall2-3.6.307.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.AIfWfv/_old 2014-06-01 18:56:04.0 +0200
+++ /var/tmp/diff_new_pack.AIfWfv/_new 2014-06-01 18:56:04.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package SuSEfirewall2
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: SuSEfirewall2
-Version:3.6.305
+Version:3.6.307
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils
grep filesystem
++ SuSEfirewall2-3.6.305.tar.bz2 - SuSEfirewall2-3.6.307.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.305/SuSEfirewall2
new/SuSEfirewall2-3.6.307/SuSEfirewall2
--- old/SuSEfirewall2-3.6.305/SuSEfirewall2 2013-06-27 13:15:00.0
+0200
+++ new/SuSEfirewall2-3.6.307/SuSEfirewall2 2014-05-27 10:50:25.0
+0200
@@ -798,6 +798,11 @@
allow_basic_established
+# Allow DHCPv6 by default. While the requests go out to multicast address,
they
+# can come back from unicast hosts and we might not know them.
+$LAA $IP6TABLES -A INPUT -p udp --dport dhcpv6-client ${LOG}-IN-DHCPv6
+$IP6TABLES -A INPUT -p udp --dport dhcpv6-client -j $ACCEPT
+
# make sure basic rules get committed even if there are errors later
[ -n $USE_IPTABLES_BATCH ] iptables_batch_commitpoint
}
@@ -1098,10 +1103,10 @@
### Load custom rules
if [ -n $FW_CUSTOMRULES ]; then
if [ ! -r $FW_CUSTOMRULES ]; then
- die 1 Firewall customary rules file can not be read from
$FW_CUSTOMRULES
+ die 1 Firewall custom rules file can not be read from
$FW_CUSTOMRULES
fi
. $FW_CUSTOMRULES
- message Firewall customary rules loaded from $FW_CUSTOMRULES
+ message Firewall custom rules loaded from $FW_CUSTOMRULES
fi
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-12-30 10:44:24 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2013-08-21 13:45:18.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-12-30 10:44:25.0 +0100 @@ -1,0 +2,5 @@ +Fri Dec 27 11:13:55 UTC 2013 - meiss...@suse.com + +- add perl-Net-DNS requires for SuSEfirewall2 log (bnc#856705) + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.df53IK/_old 2013-12-30 10:44:26.0 +0100 +++ /var/tmp/diff_new_pack.df53IK/_new 2013-12-30 10:44:26.0 +0100 @@ -25,6 +25,7 @@ Requires: coreutils Requires: iptables Requires: perl +Requires: perl-Net-DNS Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter License:GPL-2.0 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-08-21 13:45:16 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2013-05-16 19:22:01.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-08-21 13:45:18.0 +0200 @@ -1,0 +2,5 @@ +Wed Aug 21 08:43:32 UTC 2013 - lnus...@suse.de + +- adjust service files so manual starts work better (bnc#819499) + +--- Old: SuSEfirewall2-3.6.304.tar.bz2 New: SuSEfirewall2-3.6.305.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.2DvgjF/_old 2013-08-21 13:45:19.0 +0200 +++ /var/tmp/diff_new_pack.2DvgjF/_new 2013-08-21 13:45:19.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.304 +Version:3.6.305 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.304.tar.bz2 - SuSEfirewall2-3.6.305.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.304/SuSEfirewall2.service new/SuSEfirewall2-3.6.305/SuSEfirewall2.service --- old/SuSEfirewall2-3.6.304/SuSEfirewall2.service 2013-05-02 16:41:38.0 +0200 +++ new/SuSEfirewall2-3.6.305/SuSEfirewall2.service 2013-06-27 13:15:00.0 +0200 @@ -1,12 +1,13 @@ [Unit] Description=SuSEfirewall2 phase 2 -After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service +After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service SuSEfirewall2_init.service Wants=SuSEfirewall2_init.service [Service] ExecStart=/usr/sbin/SuSEfirewall2 boot_setup ExecStop=/usr/sbin/SuSEfirewall2 systemd_stop RemainAfterExit=true +Type=oneshot [Install] WantedBy=multi-user.target diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.304/SuSEfirewall2_init.service new/SuSEfirewall2-3.6.305/SuSEfirewall2_init.service --- old/SuSEfirewall2-3.6.304/SuSEfirewall2_init.service2013-05-02 16:41:38.0 +0200 +++ new/SuSEfirewall2-3.6.305/SuSEfirewall2_init.service2013-06-27 13:15:00.0 +0200 @@ -6,6 +6,7 @@ [Service] ExecStart=/usr/sbin/SuSEfirewall2 boot_init RemainAfterExit=true +Type=oneshot [Install] WantedBy=multi-user.target -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2013-05-16 19:22:00
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is SuSEfirewall2
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2013-01-29 14:46:19.0 +0100
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2013-05-16 19:22:01.0 +0200
@@ -1,0 +2,12 @@
+Mon May 6 13:15:59 UTC 2013 - cfarr...@suse.com
+
+- license update: GPL-2.0
+ Various GPL-2.0 (only) licensed files
+
+---
+Fri May 3 13:25:35 UTC 2013 - meiss...@suse.com
+
+- clarify what the default is in FW_MASQ_NETS (bnc#817233)
+- removed the --rttl option in recent matches, as this could also be used by
attackers (bnc#800719)
+
+---
Old:
SuSEfirewall2-3.6.302.tar.bz2
New:
SuSEfirewall2-3.6.304.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.Z4D2FU/_old 2013-05-16 19:22:03.0 +0200
+++ /var/tmp/diff_new_pack.Z4D2FU/_new 2013-05-16 19:22:03.0 +0200
@@ -18,7 +18,7 @@
Name: SuSEfirewall2
-Version:3.6.302
+Version:3.6.304
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils
grep filesystem
@@ -27,7 +27,7 @@
Requires: perl
Requires: sysconfig
Summary:Stateful Packet Filter Using iptables and netfilter
-License:GPL-2.0+
+License:GPL-2.0
Group: Productivity/Networking/Security
Source: SuSEfirewall2-%{version}.tar.bz2
BuildArch: noarch
++ SuSEfirewall2-3.6.302.tar.bz2 - SuSEfirewall2-3.6.304.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.302/SuSEfirewall2
new/SuSEfirewall2-3.6.304/SuSEfirewall2
--- old/SuSEfirewall2-3.6.302/SuSEfirewall2 2013-01-29 09:04:56.0
+0100
+++ new/SuSEfirewall2-3.6.304/SuSEfirewall2 2013-05-02 16:41:38.0
+0200
@@ -1776,7 +1776,7 @@
if [ -n $ipt_recent_update ]; then
ipt_recent_rcheck=-m recent --rcheck$ipt_recent_update
- ipt_recent_update=-m recent --update$ipt_recent_update --rttl
+ ipt_recent_update=-m recent --update$ipt_recent_update
ipt_recent_set=-m recent --set$ipt_recent_set
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.302/SuSEfirewall2.sysconfig
new/SuSEfirewall2-3.6.304/SuSEfirewall2.sysconfig
--- old/SuSEfirewall2-3.6.302/SuSEfirewall2.sysconfig 2013-01-29
09:04:56.0 +0100
+++ new/SuSEfirewall2-3.6.304/SuSEfirewall2.sysconfig 2013-05-02
16:41:38.0 +0200
@@ -180,6 +180,7 @@
# If the protocol is icmp then port is interpreted as icmp type
#
# Examples: - 0/0 unrestricted access to the internet
+# This is also the default if you leave FW_MASQ_NETS empty.
# - 10.0.0.0/8 allows the whole 10.0.0.0 network with
# unrestricted access.
# - 10.0.1.0/24,0/0,tcp,80 10.0.1.0/24,0/0,tcp,21 allows
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-01-29 14:46:16 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2013-01-20 08:19:10.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-01-29 14:46:19.0 +0100 @@ -1,0 +2,5 @@ +Tue Jan 29 08:05:15 UTC 2013 - lnus...@suse.de + +- do not add dependency information about YaST2 Second Stage (bnc#800365) + +--- Old: SuSEfirewall2-3.6.300.tar.bz2 New: SuSEfirewall2-3.6.302.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.IJqr4g/_old 2013-01-29 14:46:20.0 +0100 +++ /var/tmp/diff_new_pack.IJqr4g/_new 2013-01-29 14:46:20.0 +0100 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.300 +Version:3.6.302 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.300.tar.bz2 - SuSEfirewall2-3.6.302.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.300/SuSEfirewall2_init.service new/SuSEfirewall2-3.6.302/SuSEfirewall2_init.service --- old/SuSEfirewall2-3.6.300/SuSEfirewall2_init.service2013-01-17 12:10:33.0 +0100 +++ new/SuSEfirewall2-3.6.302/SuSEfirewall2_init.service2013-01-29 09:04:56.0 +0100 @@ -1,6 +1,5 @@ [Unit] Description=SuSEfirewall2 phase 1 -After=YaST2-Second-Stage.service Before=network.service Before=basic.service diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.300/TODO new/SuSEfirewall2-3.6.302/TODO --- old/SuSEfirewall2-3.6.300/TODO 2013-01-17 12:10:33.0 +0100 +++ new/SuSEfirewall2-3.6.302/TODO 2013-01-29 09:04:56.0 +0100 @@ -1,3 +1,5 @@ * only create forward/dmz etc. tables when devices are there/used * add rule numbers to logged packets + +* reload feature (bnc#419913) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-01-20 08:19:08 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2012-12-17 09:39:49.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-01-20 08:19:10.0 +0100 @@ -1,0 +2,5 @@ +Thu Jan 17 11:11:51 UTC 2013 - lnus...@suse.de + +- fix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834) + +--- Old: SuSEfirewall2-3.6.299.tar.bz2 New: SuSEfirewall2-3.6.300.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.nqilyM/_old 2013-01-20 08:19:16.0 +0100 +++ /var/tmp/diff_new_pack.nqilyM/_new 2013-01-20 08:19:16.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.299 +Version:3.6.300 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.299.tar.bz2 - SuSEfirewall2-3.6.300.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.299/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6.300/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6.299/SuSEfirewall2.sysconfig 2012-12-13 13:22:03.0 +0100 +++ new/SuSEfirewall2-3.6.300/SuSEfirewall2.sysconfig 2013-01-17 12:10:33.0 +0100 @@ -216,8 +216,7 @@ # FW_NOMASQ_NETS= -## Type: list(yes,no,notrack) -## Default:no +## Type: list(yes,no,notrack,) # # Do you want to protect the firewall from the internal network? # Requires: FW_DEV_INT @@ -232,7 +231,7 @@ # This is useful to gain better performance on high speed # interfaces. # -# defaults to yes if not set +# defaults to no if not set # # see also FW_REJECT_INT # -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2012-12-17 09:39:46
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is SuSEfirewall2, Maintainer is meiss...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2012-09-11 11:38:06.0 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2012-12-17 09:39:49.0 +0100
@@ -1,0 +2,12 @@
+Thu Dec 13 12:23:01 UTC 2012 - lnus...@suse.de
+
+- move to /usr, remove init scripts
+
+---
+Wed Dec 12 15:31:58 UTC 2012 - lnus...@suse.de
+
+- adjust for starting via systemd service files
+- move lock files to /run
+- just CT instead of NOTRACK (bnc#793459)
+
+---
Old:
SuSEfirewall2-3.6.295.tar.bz2
New:
SuSEfirewall2-3.6.299.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.19U1x2/_old 2012-12-17 09:39:51.0 +0100
+++ /var/tmp/diff_new_pack.19U1x2/_new 2012-12-17 09:39:51.0 +0100
@@ -18,7 +18,7 @@
Name: SuSEfirewall2
-Version:3.6.295
+Version:3.6.299
Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils
grep filesystem
@@ -32,6 +32,9 @@
Source: SuSEfirewall2-%{version}.tar.bz2
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+# for the service_* macros
+%{?systemd_requires}
+BuildRequires: pkgconfig(systemd)
%description
SuSEfirewall2 implements a packet filter that protects hosts and
@@ -57,6 +60,10 @@
install -m 644 doc/SuSEfirewall2-doc.desktop \
%{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop
#
+# compat symlink
+mkdir -p %{buildroot}/sbin
+ln -s /usr/sbin/SuSEfirewall2 %{buildroot}/sbin/SuSEfirewall2
+ln -s /usr/sbin/rcSuSEfirewall2 %{buildroot}/sbin/rcSuSEfirewall2
%files
%defattr(-, root, root)
@@ -64,8 +71,6 @@
%doc %{_datadir}/susehelp
%config(noreplace) /etc/sysconfig/scripts/SuSEfirewall2-custom
%config(noreplace) /etc/sysconfig/SuSEfirewall2
-%config /etc/init.d/SuSEfirewall2_init
-%config /etc/init.d/SuSEfirewall2_setup
/etc/sysconfig/SuSEfirewall2.d/services/*
/etc/sysconfig/scripts/SuSEfirewall2-rpcinfo
/etc/sysconfig/scripts/SuSEfirewall2-showlog
@@ -76,38 +81,28 @@
/etc/sysconfig/network/scripts/SuSEfirewall2
/etc/sysconfig/network/scripts/firewall
/etc/sysconfig/network/if-up.d/SuSEfirewall2
-/sbin/rcSuSEfirewall2
/sbin/SuSEfirewall2
+/sbin/rcSuSEfirewall2
+/usr/sbin/rcSuSEfirewall2
+/usr/sbin/SuSEfirewall2
%dir /usr/share/SuSEfirewall2
%dir /usr/share/SuSEfirewall2/defaults
+/usr/lib/systemd/system/SuSEfirewall2.service
+/usr/lib/systemd/system/SuSEfirewall2_init.service
/usr/share/SuSEfirewall2/defaults/50-default.cfg
/usr/share/SuSEfirewall2/rpcusers
/var/adm/fillup-templates/sysconfig.SuSEfirewall2
-%postun
-%insserv_cleanup
+%pre
+%service_add_pre SuSEfirewall2.service
%post
-# SuSEfirewall2_init is no longer a boot.d script, need to remove
-# and add it again
-for i in etc/init.d/boot.d/S??SuSEfirewall2_init; do
-if [ -e $i ]; then
- /sbin/insserv -r -f SuSEfirewall2_init
- /sbin/insserv -f SuSEfirewall2_init
- break
-fi
-done
-if [ -e etc/sysconfig/SuSEfirewall2 ] \
-grep -q '^FW_MASQ_DEV=\$FW_DEV_EXT$' etc/sysconfig/SuSEfirewall2;
then
- sed 's/^FW_MASQ_DEV=\$FW_DEV_EXT$/FW_MASQ_DEV=zone:ext/' \
-etc/sysconfig/SuSEfirewall2 \
-etc/sysconfig/SuSEfirewall2.new \
-mv etc/sysconfig/SuSEfirewall2.new
etc/sysconfig/SuSEfirewall2 \
-echo FW_MASQ_DEV converted
-fi
-#
-%insserv_cleanup
-#
-exit 0
+%service_add_post SuSEfirewall2.service
+
+%preun
+%service_del_preun SuSEfirewall2.service
+
+%postun
+%service_del_postun SuSEfirewall2.service
%changelog
++ SuSEfirewall2-3.6.295.tar.bz2 - SuSEfirewall2-3.6.299.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.295/Makefile
new/SuSEfirewall2-3.6.299/Makefile
--- old/SuSEfirewall2-3.6.295/Makefile 2012-09-11 10:29:29.0 +0200
+++ new/SuSEfirewall2-3.6.299/Makefile 2012-12-13 13:22:03.0 +0100
@@ -8,8 +8,8 @@
DESTDIR=
allfiles= \
- SuSEfirewall2_init \
- SuSEfirewall2_setup \
+ SuSEfirewall2_init.service \
+ SuSEfirewall2.service \
$(SCRIPTS) \
SuSEfirewall2_ifup \
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2012-09-11 11:38:03 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2012-07-14 13:15:51.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2012-09-11 11:38:06.0 +0200 @@ -1,0 +2,5 @@ +Tue Sep 11 08:29:41 UTC 2012 - lnus...@suse.de + +- getdevinfo is gone as per commit 0c5ac93 (bnc#777271) + +--- Old: SuSEfirewall2-3.6.293.tar.bz2 New: SuSEfirewall2-3.6.295.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.KSBW5c/_old 2012-09-11 11:38:07.0 +0200 +++ /var/tmp/diff_new_pack.KSBW5c/_new 2012-09-11 11:38:07.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.293 +Version:3.6.295 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.293.tar.bz2 - SuSEfirewall2-3.6.295.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.293/SuSEfirewall2-qdisc new/SuSEfirewall2-3.6.295/SuSEfirewall2-qdisc --- old/SuSEfirewall2-3.6.293/SuSEfirewall2-qdisc 2012-07-13 14:42:35.0 +0200 +++ new/SuSEfirewall2-3.6.295/SuSEfirewall2-qdisc 2012-09-11 10:29:29.0 +0200 @@ -38,10 +38,9 @@ for DEVICE_DATA in $FW_HTB_TUNE_DEV; do IFS=, read DEV BANDWIDTH (echo $DEVICE_DATA) - DEV=`getdevinfo $DEV` || continue - # sanity check if [ -n $DEV -a -n $BANDWIDTH ]; then +test -e /sys/class/net/$DEV || continue # reserve about 15% for small packets (TCP ACK), # interactive SSH from and to us and DNS querys. # We don't need too much bandwidth but we need it fast. -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2012-07-14 13:15:49
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is SuSEfirewall2, Maintainer is lnus...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2012-06-25 12:03:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2012-07-14 13:15:51.0 +0200
@@ -1,0 +2,5 @@
+Fri Jul 13 12:43:17 UTC 2012 - lnus...@suse.de
+
+- honor FW_IPv6 setting also in debug mode (bnc#769411)
+
+---
Old:
SuSEfirewall2-3.6.292.tar.bz2
New:
SuSEfirewall2-3.6.293.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.IfEfZN/_old 2012-07-14 13:15:56.0 +0200
+++ /var/tmp/diff_new_pack.IfEfZN/_new 2012-07-14 13:15:56.0 +0200
@@ -14,19 +14,21 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-
# icecream 0
Name: SuSEfirewall2
-Version:3.6.292
-Release:1
-License:GPL-2.0+
-Group: Productivity/Networking/Security
+Version:3.6.293
+Release:0
Url:http://en.opensuse.org/SuSEfirewall2
PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils
grep filesystem
-Requires: iptables coreutils perl sysconfig
+Requires: coreutils
+Requires: iptables
+Requires: perl
+Requires: sysconfig
Summary:Stateful Packet Filter Using iptables and netfilter
+License:GPL-2.0+
+Group: Productivity/Networking/Security
Source: SuSEfirewall2-%{version}.tar.bz2
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++ SuSEfirewall2-3.6.292.tar.bz2 - SuSEfirewall2-3.6.293.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.292/SuSEfirewall2
new/SuSEfirewall2-3.6.293/SuSEfirewall2
--- old/SuSEfirewall2-3.6.292/SuSEfirewall2 2012-06-19 13:31:34.0
+0200
+++ new/SuSEfirewall2-3.6.293/SuSEfirewall2 2012-07-13 14:42:35.0
+0200
@@ -325,6 +325,13 @@
{
echo # $1 ${*:2}
}
+
+### ipv6 checks
+case $FW_IPv6 in
+ drop|reject) IP6TABLES_HAVE_STATE=0 ;;
+ no) IP6TABLES=: ;;
+ *) FW_IPv6= ;;
+esac
else
IPTABLES=$IPTABLES_BIN
IP6TABLES=$IP6TABLES_BIN
@@ -336,7 +343,6 @@
*) FW_IPv6= ;;
esac
-
if [ -n $USE_IPTABLES_BATCH ]; then
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2012-05-31 17:10:37
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is SuSEfirewall2, Maintainer is lnus...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2011-11-07 15:56:52.0 +0100
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2012-05-31 17:10:40.0 +0200
@@ -1,0 +2,17 @@
+Tue May 29 13:16:20 UTC 2012 - lnus...@suse.de
+
+- fix typo spotted by Frederic
+
+---
+Wed Jan 18 14:17:19 UTC 2012 - lnus...@suse.de
+
+- assume all interface names are correct (bnc#739084)
+
+---
+Wed Dec 14 16:55:43 UTC 2011 - lnus...@suse.de
+
+- fix forward masquerading (bnc#736205)
+- compat syntax for negated options no longer works (bnc#660156, bnc#731088)
+- enhance debug mode
+
+---
Old:
SuSEfirewall2-3.6.282.tar.bz2
SuSEfirewall2.rpmlintrc
New:
SuSEfirewall2-3.6.289.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.GJHq1k/_old 2012-05-31 17:10:42.0 +0200
+++ /var/tmp/diff_new_pack.GJHq1k/_new 2012-05-31 17:10:42.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package SuSEfirewall2
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
Name: SuSEfirewall2
-Version:3.6.282
+Version:3.6.289
Release:1
License:GPL-2.0+
Group: Productivity/Networking/Security
++ SuSEfirewall2-3.6.282.tar.bz2 - SuSEfirewall2-3.6.289.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.282/Makefile
new/SuSEfirewall2-3.6.289/Makefile
--- old/SuSEfirewall2-3.6.282/Makefile 2011-11-07 11:55:00.0 +0100
+++ new/SuSEfirewall2-3.6.289/Makefile 2012-05-29 15:10:20.0 +0200
@@ -69,8 +69,8 @@
install -m 644 LICENCE $(DESTDIR)$(pkgdocdir)/
install -m 644 SuSEfirewall2.sysconfig $(DESTDIR)$(pkgdocdir)/
-dist:
- @./mktar
+package:
+ @./obs/mkpackage
doc:
$(MAKE) -C doc
@@ -78,4 +78,4 @@
clean:
rm -f $(ARCHIVE)
-.PHONY: clean doc dist install install_doc all
+.PHONY: clean doc package install install_doc all
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.282/SuSEfirewall2
new/SuSEfirewall2-3.6.289/SuSEfirewall2
--- old/SuSEfirewall2-3.6.282/SuSEfirewall2 2011-11-07 11:55:00.0
+0100
+++ new/SuSEfirewall2-3.6.289/SuSEfirewall2 2012-05-29 15:10:20.0
+0200
@@ -72,7 +72,7 @@
openopen the specified services in the specified zone. You need to
restart SuSEfirewall2 for changes to take effect.
on add SuSEfirewall2 initscripts to boot process and start
- off remove SuSEefirwall2 initscripts from boot process and stop
+ off remove SuSEfirwall2 initscripts from boot process and stop
file FILENAME same as start but load alternate config file FILENAME
@@ -321,6 +321,10 @@
{
echo modprobe $@
}
+syslog()
+{
+ echo # $1 ${*:2}
+}
else
IPTABLES=$IPTABLES_BIN
IP6TABLES=$IP6TABLES_BIN
@@ -772,38 +776,6 @@
esac
}
-# set $dev to actual name of device $1
-getdevinfo()
-{
-local dev=
-local d=$1
-local var=$2
-if [ -d /sys/class/net/$d ]; then
- dev=$d
-else
- local deprecatediface=
- if [ -x /sbin/getcfg-interface ]; then
- dev=`/sbin/getcfg-interface $d`
- elif [ -x $hwdesc2iface ]; then
- case $d in
- *-id-*) dev=`$hwdesc2iface id ${d#*-id-}`; deprecatediface=1 ;;
- *-bus-*) dev=`$hwdesc2iface bus ${d#*-bus-}`; deprecatediface=1
;;
- esac
- fi
-
- if [ -z $dev -o ! -d /sys/class/net/$dev ]; then
- return 1
- fi
-
- if [ -n $deprecatediface ]; then
- warning $var: the notation '$d' is deprecated. Please use '$dev'
instead
- fi
-fi
-
-echo $dev
-return 0
-}
-
setlock()
{
if [ $remove_bootlock -ne 0 ]; then
@@ -872,7 +844,6 @@
warning ignoring deprecated interface 'auto' in $var
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2011-12-06 19:06:21 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.tK5cKs/_old 2011-12-06 20:10:24.0 +0100 +++ /var/tmp/diff_new_pack.tK5cKs/_new 2011-12-06 20:10:24.0 +0100 @@ -21,7 +21,7 @@ Name: SuSEfirewall2 Version:3.6.282 Release:1 -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Networking/Security Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at 2011-11-07 15:56:49
Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old)
and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New)
Package is SuSEfirewall2, Maintainer is lnus...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes
2011-11-05 12:02:09.0 +0100
+++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes
2011-11-07 15:56:52.0 +0100
@@ -1,0 +2,5 @@
+Mon Nov 7 10:56:04 UTC 2011 - lnus...@suse.de
+
+- use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438)
+
+---
Old:
SuSEfirewall2-3.6.281.tar.bz2
New:
SuSEfirewall2-3.6.282.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.tRFg7U/_old 2011-11-07 15:56:57.0 +0100
+++ /var/tmp/diff_new_pack.tRFg7U/_new 2011-11-07 15:56:57.0 +0100
@@ -19,7 +19,7 @@
Name: SuSEfirewall2
-Version:3.6.281
+Version:3.6.282
Release:1
License:GPLv2+
Group: Productivity/Networking/Security
++ SuSEfirewall2-3.6.281.tar.bz2 - SuSEfirewall2-3.6.282.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.281/SuSEfirewall2-rpcinfo
new/SuSEfirewall2-3.6.282/SuSEfirewall2-rpcinfo
--- old/SuSEfirewall2-3.6.281/SuSEfirewall2-rpcinfo 2011-11-02
16:26:04.0 +0100
+++ new/SuSEfirewall2-3.6.282/SuSEfirewall2-rpcinfo 2011-11-07
11:55:00.0 +0100
@@ -92,7 +92,7 @@
my %tcpports = ();
# collect registered rpc services
-open (RPCINFO, '/usr/sbin/rpcinfo -p localhost|') or die;
+open (RPCINFO, '/sbin/rpcinfo -p localhost|') or die;
RPCINFO; # header line
while(RPCINFO)
{
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2011-11-05 11:27:16 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2011-10-16 12:43:09.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2011-11-05 12:02:09.0 +0100 @@ -1,0 +2,5 @@ +Wed Nov 2 15:27:04 UTC 2011 - lnus...@suse.de + +- set SYSTEMD_NO_WRAP for status (bnc#727445) + +--- Old: SuSEfirewall2-3.6.280.tar.bz2 New: SuSEfirewall2-3.6.281.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.LFduHs/_old 2011-11-05 12:02:32.0 +0100 +++ /var/tmp/diff_new_pack.LFduHs/_new 2011-11-05 12:02:32.0 +0100 @@ -19,7 +19,7 @@ Name: SuSEfirewall2 -Version:3.6.280 +Version:3.6.281 Release:1 License:GPLv2+ Group: Productivity/Networking/Security ++ SuSEfirewall2-3.6.280.tar.bz2 - SuSEfirewall2-3.6.281.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.280/SuSEfirewall2_setup new/SuSEfirewall2-3.6.281/SuSEfirewall2_setup --- old/SuSEfirewall2-3.6.280/SuSEfirewall2_setup 2011-10-14 11:45:56.0 +0200 +++ new/SuSEfirewall2-3.6.281/SuSEfirewall2_setup 2011-11-02 16:26:04.0 +0100 @@ -26,6 +26,7 @@ test -x $SUSEFWALL || exit 5 +test $1 != 'status' || SYSTEMD_NO_WRAP=1 # bnc#727445 . /etc/rc.status rc_reset -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at Sun Oct 16 12:40:18 CEST 2011.
--- openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes2011-09-23
01:51:16.0 +0200
+++ /mounts/work_src_done/STABLE/SuSEfirewall2/SuSEfirewall2.changes
2011-10-14 11:46:56.0 +0200
@@ -1,0 +2,11 @@
+Fri Oct 14 09:46:33 UTC 2011 - lnus...@suse.de
+
+- fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583)
+
+---
+Tue Oct 4 14:53:13 UTC 2011 - lnus...@suse.de
+
+- fix typo (bnc#721845)
+- atomic zone status writing
+
+---
calling whatdependson for head-i586
Old:
SuSEfirewall2-3.6.277.tar.bz2
New:
SuSEfirewall2-3.6.280.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.CJkEOl/_old 2011-10-16 12:40:14.0 +0200
+++ /var/tmp/diff_new_pack.CJkEOl/_new 2011-10-16 12:40:14.0 +0200
@@ -19,7 +19,7 @@
Name: SuSEfirewall2
-Version:3.6.277
+Version:3.6.280
Release:1
License:GPLv2+
Group: Productivity/Networking/Security
++ SuSEfirewall2-3.6.277.tar.bz2 - SuSEfirewall2-3.6.280.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.277/SuSEfirewall2
new/SuSEfirewall2-3.6.280/SuSEfirewall2
--- old/SuSEfirewall2-3.6.277/SuSEfirewall2 2011-09-06 11:33:05.0
+0200
+++ new/SuSEfirewall2-3.6.280/SuSEfirewall2 2011-10-14 11:45:56.0
+0200
@@ -997,7 +997,8 @@
rm -rf $STATUSDIR/status/interfaces/$d
else
eval local seen_$d=1
- echo $z $STATUSDIR/status/interfaces/$d/zone
+ echo $z $STATUSDIR/status/interfaces/$d/.zone.new
+ mv $STATUSDIR/status/interfaces/$d/.zone.new
$STATUSDIR/status/interfaces/$d/zone
fi
done
for d in ${!iface_*}; do
@@ -1005,7 +1006,8 @@
d=${d#iface_}
eval [ -n \\$seen_$d\ ] continue
mkdir $STATUSDIR/status/interfaces/$d
- echo $z $STATUSDIR/status/interfaces/$d/zone
+ echo $z $STATUSDIR/status/interfaces/$d/.zone.new
+ mv $STATUSDIR/status/interfaces/$d/.zone.new
$STATUSDIR/status/interfaces/$d/zone
done
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.277/SuSEfirewall2.sysconfig
new/SuSEfirewall2-3.6.280/SuSEfirewall2.sysconfig
--- old/SuSEfirewall2-3.6.277/SuSEfirewall2.sysconfig 2011-09-06
11:33:05.0 +0200
+++ new/SuSEfirewall2-3.6.280/SuSEfirewall2.sysconfig 2011-10-14
11:45:56.0 +0200
@@ -382,7 +382,7 @@
# details.
#
# Note: In older SuSEfirewall2 version this setting took place after
-# FW_SERVICES_ACCEPT_*, not it takes precedence.
+# FW_SERVICES_ACCEPT_*, now it takes precedence.
#
FW_SERVICES_DROP_EXT=
@@ -411,7 +411,7 @@
# details.
#
# Note: In older SuSEfirewall2 version this setting took place after
-# FW_SERVICES_ACCEPT_*, not it takes precedence.
+# FW_SERVICES_ACCEPT_*, now it takes precedence.
#
FW_SERVICES_REJECT_EXT=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.277/SuSEfirewall2_setup
new/SuSEfirewall2-3.6.280/SuSEfirewall2_setup
--- old/SuSEfirewall2-3.6.277/SuSEfirewall2_setup 2011-09-06
11:33:05.0 +0200
+++ new/SuSEfirewall2-3.6.280/SuSEfirewall2_setup 2011-10-14
11:45:56.0 +0200
@@ -36,14 +36,16 @@
rc_status -v
;;
stop)
+ called_manually=''
if [ -e /sys/fs/cgroup/systemd ]; then
- # when using systemd we don't know whether we are
- # called due to shutdown of the machine. So we can't
- # unload rules here. Call /sbin/SuSEfirewall2
- # directly instead to unload rules.
- echo -n Not unloading firewall rules when using systemd
- rc_status -s
+ # XXX: find a better way to check whether shutdown is in
progress
+ if ! systemctl --no-pager --full --all list-units | grep -q
'basic\.target.*active.*stop'; then
+ called_manually=yes
+ fi
elif [ -z $REDIRECT ]; then
+ called_manually=yes
+ fi
+ if [ $called_manually = yes ]; then
echo -n Unloading firewall rules
$SUSEFWALL -q stop
rc_status -v
continue with q...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at Mon Sep 19 15:30:41 CEST 2011.
--- SuSEfirewall2/SuSEfirewall2.changes 2011-09-07 13:41:09.0 +0200
+++ /mounts/work_src_done/STABLE/SuSEfirewall2/SuSEfirewall2.changes
2011-09-17 12:25:41.0 +0200
@@ -1,0 +2,5 @@
+Sat Sep 17 10:25:23 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant tags/sections from specfile
+
+---
calling whatdependson for head-i586
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.7Zmu0P/_old 2011-09-19 15:30:37.0 +0200
+++ /var/tmp/diff_new_pack.7Zmu0P/_new 2011-09-19 15:30:37.0 +0200
@@ -15,7 +15,6 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
# icecream 0
@@ -40,13 +39,6 @@
SuSEfirewall2 uses the iptables/netfilter packet filtering
infrastructure to create a flexible rule set for a stateful firewall.
-
-
-Authors:
-
-Ludwig Nussel ludwig.nus...@suse.de
-Marc Heuse
-
%prep
%setup
# please send patches to lnussel for inclusion in git first
@@ -116,7 +108,4 @@
#
exit 0
-%clean
-rm -rf %{buildroot}
-
%changelog
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at Wed Sep 7 18:00:47 CEST 2011.
--- SuSEfirewall2/SuSEfirewall2.changes 2011-02-01 14:17:18.0 +0100
+++ /mounts/work_src_done/STABLE/SuSEfirewall2/SuSEfirewall2.changes
2011-09-07 13:41:09.0 +0200
@@ -1,0 +2,16 @@
+Wed Sep 7 11:38:14 UTC 2011 - lnus...@suse.de
+
+- sanitize FW_ZONE_DEFAULT (bnc#716013)
+- add warning about iptables-batch to SuSEfirewall2-custom
+- fix warning about /proc/net/ip_tables_names not readable
+- don't install input rules for interfaces in default zone
+- Add hook fw_custom_after_finished
+- update FAQ (bnc#694464)
+- clean up overrides when stopping the firewall (bnc#630961)
+- change default FW_LOG_ACCEPT_CRIT to no
+- allow redir without port specification
+- make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997)
+- fix zonein and zoneout parameters
+- fix reverse direction of forwarding rules (bnc#679192)
+
+---
calling whatdependson for head-i586
Old:
SuSEfirewall2-3.6.261.tar.bz2
New:
SuSEfirewall2-3.6.277.tar.bz2
Other differences:
--
++ SuSEfirewall2.spec ++
--- /var/tmp/diff_new_pack.NTJJNy/_old 2011-09-07 18:00:31.0 +0200
+++ /var/tmp/diff_new_pack.NTJJNy/_new 2011-09-07 18:00:31.0 +0200
@@ -20,7 +20,7 @@
Name: SuSEfirewall2
-Version:3.6.261
+Version:3.6.277
Release:1
License:GPLv2+
Group: Productivity/Networking/Security
++ SuSEfirewall2-3.6.261.tar.bz2 - SuSEfirewall2-3.6.277.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SuSEfirewall2-3.6.261/SuSEfirewall2
new/SuSEfirewall2-3.6.277/SuSEfirewall2
--- old/SuSEfirewall2-3.6.261/SuSEfirewall2 2011-02-01 14:16:22.0
+0100
+++ new/SuSEfirewall2-3.6.277/SuSEfirewall2 2011-09-06 11:33:05.0
+0200
@@ -443,7 +443,7 @@
if [ $FW_LOG_ACCEPT_ALL != yes ]; then
LAA=:
- if [ $FW_LOG_ACCEPT_CRIT = no ]; then
+ if [ $FW_LOG_ACCEPT_CRIT != yes ]; then
LAC=:
LAAC=:
fi
@@ -546,7 +546,13 @@
$IPTABLES -P OUTPUT $policy_output
$IPTABLES -P FORWARD $policy_forward
# yes we need cat for /proc
-for i in `sort /proc/net/ip_tables_names`; do
+local names
+if [ -r /proc/net/ip_tables_names ]; then
+ names=`sort /proc/net/ip_tables_names`
+else
+ names=filter nat raw
+fi
+for i in $names; do
$IPTABLES -t $i -F
$IPTABLES -t $i -X
done
@@ -554,7 +560,12 @@
$IP6TABLES -P INPUT $policy_input
$IP6TABLES -P OUTPUT $policy_output
$IP6TABLES -P FORWARD $policy_forward
- for i in `sort /proc/net/ip6_tables_names`; do
+ if [ -r /proc/net/ip6_tables_names ]; then
+ names=`sort /proc/net/ip6_tables_names`
+ else
+ names=filter nat raw
+ fi
+ for i in $names; do
$IP6TABLES -t $i -F
$IP6TABLES -t $i -X
done
@@ -840,6 +851,7 @@
fw_custom_before_port_handling() { true; }
fw_custom_before_masq() { true; }
fw_custom_before_denyall() { true; }
+fw_custom_after_finished() { true; }
evaluateinterfaces()
{
@@ -950,8 +962,8 @@
error invalid zone '$z' specified for interface '$d'
fi
elif [ -n $FW_ZONE_DEFAULT -a $FW_ZONE_DEFAULT != 'no' ]; then
- message using default zone '$FW_ZONE_DEFAULT' for interface $d
- z=$FW_ZONE_DEFAULT
+ z=${FW_ZONE_DEFAULT//[^A-Za-z0-9]/_}
+ message using default zone '$z' for interface $d
eval FW_DEV_$z=\\$FW_DEV_$z \$d\
# fix vim syntax
eval iface_$d=$z
@@ -1204,7 +1216,7 @@
for iptables in $IPTABLES $IP6TABLES; do
$iptables -N $chain
for dev in $devs; do
- $iptables -A $chain -j $target -i $dev
+ $iptables -A $chain -j $target -${dir:0:1} $dev
done
done
eval ${chain}_created=1
@@ -1406,6 +1418,10 @@
# already have rules for that
continue
fi
+ if [ -n $FW_ZONE_DEFAULT -a $FW_ZONE_DEFAULT = $zone ]; then
+ # default rule will catch it
+ continue
+ fi
eval devs=\$FW_DEV_$zone
for dev in $devs; do
$iptables -A INPUT -j input_$zone -i $dev
@@ -1871,15 +1887,21 @@
if [ -n $6 ]; then
error Too many arguments in FW_REDIRECT - $nets
- elif [ -z $net1 -o -z $net2 -o -z $proto -o -z $port1 -o -z
$port2 ]; then
+ elif [ -z $net1 -o -z $net2 -o -z $proto ]; then
error Missing parameter in FW_REDIRECT - $nets
elif [ $proto != tcp -a $proto != udp ];
