commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2019-03-27 16:13:38 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new.25356 (New) Package is "SuSEfirewall2" Wed Mar 27 16:13:38 2019 rev:92 rq:688192 version:3.6.378 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2019-02-28 21:26:02.553880145 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new.25356/SuSEfirewall2.changes 2019-03-27 16:13:41.411632555 +0100 @@ -1,0 +2,6 @@ +Sun Mar 17 10:33:37 UTC 2019 - Jan Engelhardt + +- Reduce too broad systemd requires. +- Fix rpmlint complaint about unlisted SuSEfirewall2_init.service. + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.01NZHm/_old 2019-03-27 16:13:42.031632397 +0100 +++ /var/tmp/diff_new_pack.01NZHm/_new 2019-03-27 16:13:42.031632397 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # icecream 0 @@ -40,9 +40,8 @@ Source1:SuSEfirewall2-rpmlintrc BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build -# for the service_* macros -%{?systemd_requires} -BuildRequires: pkgconfig(systemd) +%{?systemd_ordering} +BuildRequires: systemd-rpm-macros %description SuSEfirewall2 implements a packet filter that protects hosts and @@ -60,7 +59,7 @@ %build %install -make DESTDIR="%{buildroot}" install install_doc +%make_install install_doc install -d -m 755 %{buildroot}%{_fillupdir}/ install -m 644 SuSEfirewall2.sysconfig %{buildroot}%{_fillupdir}/sysconfig.SuSEfirewall2 install -D -m 644 SuSEfirewall2.sysconfig %{buildroot}/etc/sysconfig/SuSEfirewall2 @@ -108,7 +107,7 @@ %ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-deprecation-warning %pre -%service_add_pre SuSEfirewall2.service +%service_add_pre SuSEfirewall2.service SuSEfirewall2_init.service # Upgrade case means more than 1 package in system, so probably 2 # if we still have the LSB init script, save its state, remove _setup # and store it in the database. @@ -122,7 +121,7 @@ fi %post -%service_add_post SuSEfirewall2.service +%service_add_post SuSEfirewall2.service SuSEfirewall2_init.service cat >%{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-deprecation-warning <
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2019-02-28 21:26:00 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new.28833 (New) Package is "SuSEfirewall2" Thu Feb 28 21:26:00 2019 rev:91 rq:680146 version:3.6.378 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2018-03-26 11:56:39.508680283 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new.28833/SuSEfirewall2.changes 2019-02-28 21:26:02.553880145 +0100 @@ -1,0 +2,18 @@ +Thu Feb 28 14:33:03 UTC 2019 - matthias.gerst...@suse.com + +- Add deprecation warning messages for zypper to make the last users more + aware of the upcoming removal of SuSEfirewall2. + +--- +Thu Feb 21 18:14:20 UTC 2019 - Franck Bui + +- Drop use of $FIRST_ARG in .spec + + The use of $FIRST_ARG was probably required because of the + %service_* rpm macros were playing tricks with the shell positional + parameters. This is bad practice and error prones so let's assume + that no macros should do that anymore and hence it's safe to assume + that positional parameters remains unchanged after any rpm macro + call. + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.61FFqe/_old 2019-02-28 21:26:03.105879960 +0100 +++ /var/tmp/diff_new_pack.61FFqe/_new 2019-02-28 21:26:03.105879960 +0100 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -34,7 +34,7 @@ Recommends: perl-Net-DNS Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter -License:GPL-2.0 +License:GPL-2.0-only Group: Productivity/Networking/Security Source: SuSEfirewall2-%{version}.tar.bz2 Source1:SuSEfirewall2-rpmlintrc @@ -105,13 +105,14 @@ /usr/share/SuSEfirewall2/defaults/50-default.cfg /usr/share/SuSEfirewall2/rpcusers %{_fillupdir}/sysconfig.SuSEfirewall2 +%ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-deprecation-warning %pre %service_add_pre SuSEfirewall2.service # Upgrade case means more than 1 package in system, so probably 2 # if we still have the LSB init script, save its state, remove _setup # and store it in the database. -if [ $FIRST_ARG -gt 1 ]; then +if [ $1 -gt 1 ]; then if test -e /etc/init.d/SuSEfirewall2_setup ; then if test ! -e /var/lib/systemd/migrated/SuSEfirewall2 ; then /usr/sbin/systemd-sysv-convert --save SuSEfirewall2_setup @@ -123,6 +124,15 @@ %post %service_add_post SuSEfirewall2.service +cat >%{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-deprecation-warning
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2018-03-26 11:56:36 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Mon Mar 26 11:56:36 2018 rev:90 rq:588606 version:3.6.378 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2018-03-12 12:02:38.082995156 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2018-03-26 11:56:39.508680283 +0200 @@ -1,0 +2,7 @@ +Mon Mar 19 13:36:47 UTC 2018 - matthias.gerst...@suse.com + +- Reverted previous change. The rpm level conflict between the old and new + default firewall result in migration issues. Also the original problem + cannot be reproduced (bnc#1085260, bnc#1084177). + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.nybvlQ/_old 2018-03-26 11:56:40.372649114 +0200 +++ /var/tmp/diff_new_pack.nybvlQ/_new 2018-03-26 11:56:40.384648681 +0200 @@ -32,9 +32,6 @@ Requires: iptables Requires: perl Recommends: perl-Net-DNS -# bnc#1084177: starting both firewallds results in trouble. -# solving this on systemd level is complicated so we go for the conflict. -Conflicts: firewalld Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter License:GPL-2.0
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2018-03-12 12:02:19 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Mon Mar 12 12:02:19 2018 rev:89 rq:584969 version:3.6.378 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2018-01-20 11:22:41.883634105 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2018-03-12 12:02:38.082995156 +0100 @@ -1,0 +2,6 @@ +Fri Mar 9 11:01:22 UTC 2018 - matthias.gerst...@suse.com + +- Have SuSEfirewall2 conflict firewalld to avoid a messed up netfilter setup + (bnc#1084177) + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.nSLfvt/_old 2018-03-12 12:02:39.366949144 +0100 +++ /var/tmp/diff_new_pack.nSLfvt/_new 2018-03-12 12:02:39.374948856 +0100 @@ -32,6 +32,9 @@ Requires: iptables Requires: perl Recommends: perl-Net-DNS +# bnc#1084177: starting both firewallds results in trouble. +# solving this on systemd level is complicated so we go for the conflict. +Conflicts: firewalld Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter License:GPL-2.0
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2018-01-20 11:22:40 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Sat Jan 20 11:22:40 2018 rev:88 rq:566446 version:3.6.378 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-11-30 12:38:39.016624239 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2018-01-20 11:22:41.883634105 +0100 @@ -1,0 +2,6 @@ +Tue Jan 16 10:58:23 UTC 2018 - matthias.gerst...@suse.com + +- Fixed a regression in setting up the final LOG/DROP/REJECT rules for IPv6 (bnc#1075251) +- Set RPC related rules also for IPv6 (bnc#1074933) + +--- Old: SuSEfirewall2-3.6.376.tar.bz2 New: SuSEfirewall2-3.6.378.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.RGwOsa/_old 2018-01-20 11:22:42.547603063 +0100 +++ /var/tmp/diff_new_pack.RGwOsa/_new 2018-01-20 11:22:42.547603063 +0100 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.376 +Version:3.6.378 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.376.tar.bz2 -> SuSEfirewall2-3.6.378.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.376/SuSEfirewall2 new/SuSEfirewall2-3.6.378/SuSEfirewall2 --- old/SuSEfirewall2-3.6.376/SuSEfirewall2 2017-11-28 14:32:03.0 +0100 +++ new/SuSEfirewall2-3.6.378/SuSEfirewall2 2018-01-16 11:49:38.0 +0100 @@ -2319,10 +2319,10 @@ port="$3" sport="$4" - iptables="$IPTABLES $IP6TABLES" + iptables_list=$IPTABLES_LIST case "$net" in - *:*) iptables="$IP6TABLES" ;; - [0-9]*.*.*.*) iptables="$IPTABLES" ;; + *:*) iptables_list="$IP6TABLES" ;; + [0-9]*.*.*.*) iptables_list="$IPTABLES" ;; esac if [ "$proto" = "_rpc_" ]; then @@ -2331,8 +2331,10 @@ comment_pars "rpc.$port" set -o pipefail rpcservicerules $service | while read ARG; do - $LDC $IPTABLES $rpc_insert $comment ${LOG}"-`rulelog $chain`-$action " -m conntrack --ctstate NEW $ARG - $IPTABLES $rpc_insert $comment -j "$target" $ARG + for iptables in $iptables_list; do + $LDC $iptables $rpc_insert $comment ${LOG}"-`rulelog $chain`-$action " -m conntrack --ctstate NEW $ARG + $iptables $rpc_insert $comment -j "$target" $ARG + done done [ $? -eq 0 ] || die "Failed to setup rpc service rules for $service" set +o pipefail @@ -2340,7 +2342,7 @@ # don't add any other rules in update rpc mode continue elif check_proto_port "$proto" "$port" "$sport" "$var"; then - for iptables in $iptables; do + for iptables in $iptables_list; do $LDA $iptables -A $chain -s $net $proto $port $sport -m conntrack --ctstate NEW ${LOG}"-`rulelog $chain`-$action " $iptables -A $chain -s $net $proto $port $sport -m conntrack --ctstate NEW -j "$target" done @@ -2406,10 +2408,10 @@ ipt_recent_set="-m recent --set$ipt_recent_set" fi - iptables="$IPTABLES $IP6TABLES" + iptables_list=$IPTABLES_LIST case "$net" in - *:*) iptables="$IP6TABLES" ;; - [0-9]*.*.*.*) iptables="$IPTABLES" ;; + *:*) iptables_list="$IP6TABLES" ;; + [0-9]*.*.*.*) iptables_list="$IPTABLES" ;; esac if [ "$proto" = "_rpc_" ]; then @@ -2418,14 +2420,16 @@ comment_pars "rpc.$port" set -o pipefail rpcservicerules $service | while read ARG; do - if [ -n "$ipt_recent_set" ]; then - $LDC $IPTABLES $rpc_insert $comment ${LOG}"-`rulelog $chain`-DROPr
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-11-30 12:38:37 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Thu Nov 30 12:38:37 2017 rev:87 rq:546247 version:3.6.376 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-10-28 14:17:05.817616093 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-11-30 12:38:39.016624239 +0100 @@ -1,0 +2,17 @@ +Tue Nov 28 13:42:07 UTC 2017 - matthias.gerst...@suse.com + +- logging: correctly set the PID of the logging process + +--- +Tue Nov 28 10:33:24 UTC 2017 - matthias.gerst...@suse.com + +- main script: remove duplicate rules in the rpc rules area (bnc#1069760) +- main script: support --trace messages + +--- +Thu Nov 23 13:37:44 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +--- Old: SuSEfirewall2-3.6.369.tar.bz2 New: SuSEfirewall2-3.6.376.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.5oOHEB/_old 2017-11-30 12:38:39.840594277 +0100 +++ /var/tmp/diff_new_pack.5oOHEB/_new 2017-11-30 12:38:39.840594277 +0100 @@ -17,9 +17,14 @@ # icecream 0 +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.369 +Version:3.6.376 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem @@ -56,8 +61,8 @@ %install make DESTDIR="%{buildroot}" install install_doc -install -d -m 755 %{buildroot}/var/adm/fillup-templates/ -install -m 644 SuSEfirewall2.sysconfig %{buildroot}/var/adm/fillup-templates/sysconfig.SuSEfirewall2 +install -d -m 755 %{buildroot}%{_fillupdir}/ +install -m 644 SuSEfirewall2.sysconfig %{buildroot}%{_fillupdir}/sysconfig.SuSEfirewall2 install -D -m 644 SuSEfirewall2.sysconfig %{buildroot}/etc/sysconfig/SuSEfirewall2 install -d -m 755 %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity install -m 644 doc/SuSEfirewall2-doc.desktop \ @@ -99,7 +104,7 @@ /usr/lib/systemd/system/SuSEfirewall2_init.service /usr/share/SuSEfirewall2/defaults/50-default.cfg /usr/share/SuSEfirewall2/rpcusers -/var/adm/fillup-templates/sysconfig.SuSEfirewall2 +%{_fillupdir}/sysconfig.SuSEfirewall2 %pre %service_add_pre SuSEfirewall2.service ++ SuSEfirewall2-3.6.369.tar.bz2 -> SuSEfirewall2-3.6.376.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.369/SuSEfirewall2 new/SuSEfirewall2-3.6.376/SuSEfirewall2 --- old/SuSEfirewall2-3.6.369/SuSEfirewall2 2017-10-17 13:18:06.0 +0200 +++ new/SuSEfirewall2-3.6.376/SuSEfirewall2 2017-11-28 14:32:03.0 +0100 @@ -118,7 +118,7 @@ pri="-p auth.warn" fi shift -/bin/logger $dashs $pri -t SuSEfirewall2 "$*" +/bin/logger $dashs $pri --id=$$ -t SuSEfirewall2 "$*" } message() @@ -138,6 +138,13 @@ message ${FUNCNAME[1]} $* } +tracemessage() +{ +$TRACE || return + +message ${FUNCNAME[1]} $* +} + deprecated() { warning "$@ is deprecated and will likely be removed in the future." @@ -298,6 +305,7 @@ ACTION="start" MODE="standard" +TRACE=false INITSCRIPTS="" # on|off needconfig= needlock=1 @@ -309,7 +317,7 @@ quiet=1 fi -getopttmp=`/usr/bin/getopt -o hqi:s: --long help,scriptsdir:,batch,nobatch,file:,debug,test,bootlock,bootunlock,quiet,interface:,service: \ +getopttmp=`/usr/bin/getopt -o hqi:s: --long help,scriptsdir:,batch,nobatch,file:,debug,trace,test,bootlock,bootunlock,quiet,interface:,service: \ -n 'SuSEfirewall2' -- "$@"` [ $? != 0 ] && die 1 "getopt error" @@ -324,6 +332,7 @@ --scriptsdir) SCRIPTSDIR="$2" ; shift 2 ;; --test) MODE="test" ; shift ;; --debug) MODE="debug"; needlock=0 ; shift ;; +--trace) TRACE=true ; shift ;; --bootlock) create_bootlock=1 ; shift ;; --bootunlock) remove_bootlock=1 ; shift ;; -h|--help) help ; shift ;; @@ -2452,7 +2461,7 @@ { local zone chain services comment local selected="$1" - [ -z "$add_portmapper" ] &&
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-10-28 14:17:04 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Sat Oct 28 14:17:04 2017 rev:86 rq:535172 version:3.6.369 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-07-30 11:26:37.675762321 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-10-28 14:17:05.817616093 +0200 @@ -1,0 +2,9 @@ +Wed Oct 18 15:47:48 UTC 2017 - matthias.gerst...@suse.com + +- rpcinfo: recognize execution errors of the perl script and terminate accordingly +- rpcinfo: fixed security issue with too open implicit portmapper rules + (bnc#1064127): A source net restriction for _rpc_ services was not taken + into account for the implicitly added rules for port 111, making the portmap + service accessible to everyone in the affected zone. + +--- Old: SuSEfirewall2-3.6.365.tar.bz2 New: SuSEfirewall2-3.6.369.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.Zul6SG/_old 2017-10-28 14:17:08.357523211 +0200 +++ /var/tmp/diff_new_pack.Zul6SG/_new 2017-10-28 14:17:08.357523211 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.365 +Version:3.6.369 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.365.tar.bz2 -> SuSEfirewall2-3.6.369.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.365/.gitignore new/SuSEfirewall2-3.6.369/.gitignore --- old/SuSEfirewall2-3.6.365/.gitignore2017-07-28 10:40:25.0 +0200 +++ new/SuSEfirewall2-3.6.369/.gitignore2017-10-17 13:18:06.0 +0200 @@ -1 +1,2 @@ *.swp +package diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.365/SuSEfirewall2 new/SuSEfirewall2-3.6.369/SuSEfirewall2 --- old/SuSEfirewall2-3.6.365/SuSEfirewall2 2017-07-28 10:40:25.0 +0200 +++ new/SuSEfirewall2-3.6.369/SuSEfirewall2 2017-10-17 13:18:06.0 +0200 @@ -2265,27 +2265,15 @@ # parameter fragment # # parameters: -# $1: names of rpc services, e.g. ypbind mountd -# $2: whether portmapper ports shall be implicitly added (boolean) +# $1: names of rpc services, e.g. ypbind mountd or a comma separated tuple +# like 192.168.1.0/24,_rpc_,nfs rpcservicerules() { + # The -rpcinfo script by default implicitly adds extra rules for portmap # itself. This is because portmap needs to be reached in order for other # rpc services to work at all. -# In some contexts this generates superfluous portmap rules, however. In -# conjunction with the update-rpc functionality we might end up with a lot -# of redundant rules. Thus we can selectively disabled this implicit -# behaviour. -# It would be better to only explicitly add the portmap rules. But this -# required more refactoring, and also the current solution is buggy: The -# implicit portmap rules don't take source subnet restrictions into -# account. -if [ $# -eq 2 ] && ! $2; then - export NOPORTMAP=1 -fi - -perl "$SCRIPTSDIR/SuSEfirewall2-rpcinfo" "$@" 2>/dev/null -unset NOPORTMAP +perl "$SCRIPTSDIR/SuSEfirewall2-rpcinfo" "$1" } # parameters: @@ -2309,7 +2297,7 @@ chain=input_$zone var="FW_SERVICES_${action}_`cibiz $zone`" eval services="\"\$$var\"" - + local rpc_insert get_rpc_insert_pars $update_rpc $chain @@ -2332,10 +2320,13 @@ [ -n "$selected" -a "$selected" != $port ] && continue local comment comment_pars "rpc.$port" + set -o pipefail rpcservicerules $service | while read ARG; do $LDC $IPTABLES $rpc_insert $comment ${LOG}"-`rulelog $chain`-$action " -m conntrack --ctstate NEW $ARG $IPTABLES $rpc_insert $comment -j "$target" $ARG done + [ $? -eq 0 ] || die "Failed to setup rpc service rules for $service" + set +o pipefail elif $update_rpc; then # don't add any other rules in update rpc mode continue @@ -2416,6 +2407,7 @@ [ -n "$selected" -a "$selected" != "$port" ] && continue local comment comment_pars "rpc.$port"
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-07-30 11:26:25 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Sun Jul 30 11:26:25 2017 rev:85 rq:512885 version:3.6.365 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-07-02 13:37:21.174044525 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-07-30 11:26:37.675762321 +0200 @@ -1,0 +2,25 @@ +Fri Jul 28 08:40:55 UTC 2017 - matthias.gerst...@suse.com + +- Removed bogus nfs alias units, added correct nfs-client target in + SuSEfirewall2.service (bnc#946325). + + The nfs alias units are false friends, because they don't fix the startup + ordering between nfs and SuSEfirewall2. + + The missing nfs-client target could cause nfs mounts for nfs versions < 4.1 + to be unable to receive callbacks from the server, when the nfs client was + started before the SuSEfirewall2 was started on boot. + +--- +Wed Jul 12 13:40:57 UTC 2017 - matthias.gerst...@suse.com + +- sysctl settings: make list of sysctl.d directories configurable via + FW_SYSCTL_PATHS (bnc#1044523) + +--- +Thu Jul 6 10:05:41 UTC 2017 - matthias.gerst...@suse.com + +- clarified warning message about FW_ROUTE being enabled but ip_forwarding not configured +- sysctl.d: avoid error messages if no /etc/sysctl.d/*.conf files are existing (bnc#1044523) + +--- Old: SuSEfirewall2-3.6.360.tar.bz2 New: SuSEfirewall2-3.6.365.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.sRUgFr/_old 2017-07-30 11:26:38.419657352 +0200 +++ /var/tmp/diff_new_pack.sRUgFr/_new 2017-07-30 11:26:38.419657352 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.360 +Version:3.6.365 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.360.tar.bz2 -> SuSEfirewall2-3.6.365.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.360/SuSEfirewall2 new/SuSEfirewall2-3.6.365/SuSEfirewall2 --- old/SuSEfirewall2-3.6.360/SuSEfirewall2 2017-06-28 11:18:23.0 +0200 +++ new/SuSEfirewall2-3.6.365/SuSEfirewall2 2017-07-28 10:40:25.0 +0200 @@ -135,7 +135,7 @@ { [ "$MODE" != "debug" ] && return -message $* +message ${FUNCNAME[1]} $* } deprecated() @@ -628,23 +628,53 @@ # checks multiple sysctl.d config locations for configure values function get_any_sysctl_cfg() { - local path="$1" + local value="$1" + + if [ -z "$FW_SYSCTL_PATHS" ]; then + # don't check all available sysctl.d directories for the + # reason discussed in bnc#1044523 + FW_SYSCTL_PATHS="/etc/sysctl.conf /etc/sysctl.d /usr/local/lib/sysctl.d" + fi + + local path + for path in $FW_SYSCTL_PATHS; do + dbgmessage "Checking for sysctl value $value in path $path" + if [ -d "$path" ]; then + # expand to any config files found in the sysctl.d + # style directory + paths=$path/*.conf + dbgmessage "Expanded $path to $paths" + else + paths=$path + fi - for file in /etc/sysctl.conf /etc/sysctl.d/*.conf; do - get_sysctl_cfg "$path" "$file" && return 0 + for file in $paths; do + # check for existence, because the wildcard match + # above might yield no matches, which would result in + # error messages otherwise + if [ -r "$file" ]; then + dbgmessage "Checking in file $file" + get_sysctl_cfg "$value" "$file" && sysctl_file="$file" && return 0 + dbgmessage "no match" + fi + done done + sysctl_file="" return 1 } -# outputs the configured value of the sysctl setting passed as $1 in the +# returns the configured value of the sysctl setting passed as $1 in the # configuration file $2. -# return code of 0 if a value was found and output, 1 if none was found +# return code of 0 if
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-07-02 13:37:19 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Sun Jul 2 13:37:19 2017 rev:84 rq:506733 version:3.6.360 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-06-28 10:33:44.848928581 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-07-02 13:37:21.174044525 +0200 @@ -1,0 +2,5 @@ +Wed Jun 28 09:19:26 UTC 2017 - matthias.gerst...@suse.com + +- Only consider *.conf files to ignore backup files and similar (bnc#1044523) + +--- Old: SuSEfirewall2-3.6.359.tar.bz2 New: SuSEfirewall2-3.6.360.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.uOMIv7/_old 2017-07-02 13:37:21.761961620 +0200 +++ /var/tmp/diff_new_pack.uOMIv7/_new 2017-07-02 13:37:21.765961056 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.359 +Version:3.6.360 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.359.tar.bz2 -> SuSEfirewall2-3.6.360.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.359/SuSEfirewall2 new/SuSEfirewall2-3.6.360/SuSEfirewall2 --- old/SuSEfirewall2-3.6.359/SuSEfirewall2 2017-06-20 18:12:11.0 +0200 +++ new/SuSEfirewall2-3.6.360/SuSEfirewall2 2017-06-28 11:18:23.0 +0200 @@ -630,7 +630,7 @@ { local path="$1" - for file in /etc/sysctl.conf /etc/sysctl.d/*; do + for file in /etc/sysctl.conf /etc/sysctl.d/*.conf; do get_sysctl_cfg "$path" "$file" && return 0 done
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-06-28 10:33:43 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Wed Jun 28 10:33:43 2017 rev:83 rq:505515 version:3.6.359 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-05-03 15:52:54.820449645 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-06-28 10:33:44.848928581 +0200 @@ -1,0 +2,6 @@ +Tue Jun 20 16:16:45 UTC 2017 - matthias.gerst...@suse.com + +- Also check /etc/sysctl.d for custom sysctl overrides (bnc#1044523) +- improved documentation of FW_SERVICES_DROP_... to mention "all" protocols + +--- Old: SuSEfirewall2-3.6.357.tar.bz2 New: SuSEfirewall2-3.6.359.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.zxmN5o/_old 2017-06-28 10:33:45.472840312 +0200 +++ /var/tmp/diff_new_pack.zxmN5o/_new 2017-06-28 10:33:45.476839746 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.357 +Version:3.6.359 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.357.tar.bz2 -> SuSEfirewall2-3.6.359.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.357/SuSEfirewall2 new/SuSEfirewall2-3.6.359/SuSEfirewall2 --- old/SuSEfirewall2-3.6.357/SuSEfirewall2 2017-04-24 14:09:10.0 +0200 +++ new/SuSEfirewall2-3.6.359/SuSEfirewall2 2017-06-20 18:12:11.0 +0200 @@ -625,15 +625,32 @@ PROC_IPV4_FWD="/proc/sys/net/ipv4/ip_forward" PROC_IPV6_FWD="/proc/sys/net/ipv6/conf/all/forwarding" +# checks multiple sysctl.d config locations for configure values +function get_any_sysctl_cfg() +{ + local path="$1" + + for file in /etc/sysctl.conf /etc/sysctl.d/*; do + get_sysctl_cfg "$path" "$file" && return 0 + done + + return 1 +} + +# outputs the configured value of the sysctl setting passed as $1 in the +# configuration file $2. +# return code of 0 if a value was found and output, 1 if none was found function get_sysctl_cfg() { local path="$1" - local sysctl="/etc/sysctl.conf" + local sysctl="$2" local line # translate the proc path to a sysctl path syspath=`echo "$path" | /usr/bin/cut -d '/' -f 4- | /usr/bin/tr '/' '.'` + # iterate two times in case a more general setting should be checked, + # too # no while true to avoid infinite loops for try in 1 2; do @@ -673,7 +690,7 @@ [ -z "$path" -o ! -w "$path" ] && return -cfg_value=`get_sysctl_cfg $path` && have_cfg=true || have_cfg=false +cfg_value=`get_any_sysctl_cfg $path` && have_cfg=true || have_cfg=false if $have_cfg; then [ "$cfg_value" = "$value" ] && same_value=true || same_value=false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.357/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6.359/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6.357/SuSEfirewall2.sysconfig 2017-04-24 14:09:10.0 +0200 +++ new/SuSEfirewall2-3.6.359/SuSEfirewall2.sysconfig 2017-06-20 18:12:11.0 +0200 @@ -381,6 +381,8 @@ # Format: space separated list of net,protocol[,port][,sport] # Example: "0/0,tcp,445 0/0,udp,4662" # +# If you specify "all" as protocol then all protocols will be dropped. +# # The special value _rpc_ is recognized as protocol and means that dport is # interpreted as rpc service name. See FW_SERVICES_EXT_RPC for # details.
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-05-03 15:52:53 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Wed May 3 15:52:53 2017 rev:82 rq:490302 version:3.6.357 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-04-07 14:18:19.455468038 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-05-03 15:52:54.820449645 +0200 @@ -0,0 +1,34 @@ +--- +Mon Apr 24 12:19:12 UTC 2017 - matthias.gerst...@suse.com + +- implementation of feature FATE#316295: allow incremental update of rpc + rules: + + By calling "/usr/sbin/SuSEfirewall2 update-rpc [-s service]" you can now + cause SuSEfirewall to update its rpc related firewall rules to reflect the + current portmapper state in the system, without affecting the rest of the + firewall rule set. + + This can for example be put in systemd unit files as ExecStartPost + directives, to always keep port mapping rules up to date, for certain rpc + services. Note that you still need to configure the rpc rules in + /etc/sysconfig/SuSEfirewall2 to make this work. See configuration variables: + + FW_SERVICES_DROP_{EXT,INT,DMZ} + FW_SERVICES_ACCEPT_{EXT,INT,DMZ} + FW_SERVICES_{EXT,INT,DMZ}_RPC + +- conntrack helpers: explicitly load kernel module to make sure conntrack + helper rules can be applied and to avoid errors messages if kernel module is + not loaded + +--- +Tue Apr 18 16:07:56 UTC 2017 - matthias.gerst...@suse.com + +Update to new git release 3.6.351: + +- ship ftp-client service file for allowing active ftp client connections + easily. Also fix use of connection tracker helper on kernel >= 4.7 for ftp. + (boo#1034341) + +--- Old: SuSEfirewall2-3.6.346.tar.bz2 New: SuSEfirewall2-3.6.357.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.Zb8SFr/_old 2017-05-03 15:52:55.740319782 +0200 +++ /var/tmp/diff_new_pack.Zb8SFr/_new 2017-05-03 15:52:55.744319217 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.346 +Version:3.6.357 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.346.tar.bz2 -> SuSEfirewall2-3.6.357.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.346/Makefile new/SuSEfirewall2-3.6.357/Makefile --- old/SuSEfirewall2-3.6.346/Makefile 2017-03-20 18:10:06.0 +0100 +++ new/SuSEfirewall2-3.6.357/Makefile 2017-04-24 14:09:10.0 +0200 @@ -46,6 +46,7 @@ ln -sf SuSEfirewall2 $(DESTDIR)/etc/sysconfig/network/scripts/firewall install -m 755 SuSEfirewall2-custom.sysconfig $(DESTDIR)/etc/sysconfig/scripts/SuSEfirewall2-custom install -m 644 SuSEfirewall2.service.TEMPLATE $(DESTDIR)/etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE + install -m 644 services/* $(DESTDIR)/etc/sysconfig/SuSEfirewall2.d/services install -m 644 SuSEfirewall2.defaults $(DESTDIR)/usr/share/SuSEfirewall2/defaults/50-default.cfg install -m 644 rpcusers $(DESTDIR)/usr/share/SuSEfirewall2/rpcusers diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.346/SuSEfirewall2 new/SuSEfirewall2-3.6.357/SuSEfirewall2 --- old/SuSEfirewall2-3.6.346/SuSEfirewall2 2017-03-20 18:10:06.0 +0100 +++ new/SuSEfirewall2-3.6.357/SuSEfirewall2 2017-04-24 14:09:10.0 +0200 @@ -57,23 +57,28 @@ $0 basic|stop|close|status|help $0 open ZONE TYPE services... $0 on|off +$0 [-s ] update-rpc Options: - start generate and load the firewall filter rules from - /etc/sysconfig/SuSEfirewall2 - stopunload all filter rules - close no incoming network traffic except bootp+ping (for boot security) - basic set basic filter rules that drop all incoming access - testgenerate and load the filter rules but do not drop any packet but log - to syslog anything which *would* be denied - status print the output of "iptables -nvL" - debug print the iptables command to stdout instead of executing them - log show SuSEfirewall2 related syslog messages in a better readable format - helpthis output - openopen the specified services in the specified zone.
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-04-07 14:18:15 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Fri Apr 7 14:18:15 2017 rev:81 rq:483163 version:3.6.346 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-03-20 17:04:28.952910054 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-04-07 14:18:19.455468038 +0200 @@ -0,0 +1,43 @@ +Mon Mar 20 18:11:15 CET 2017 - mgerst...@suse.de + +Update to new git release 3.6.346: + +- harmonized the logic of setting IPv4/IPv6 forwarding when FW_ROUTE is set to + "yes". Previously only IPv4 forwarding was exclusively set by SuSEfirewall2, + while IPv6 forwarding could only be set via "yast2 firewall". With this + update you should always configure IPv4/IPv6 forwarding with yast. + SuSEfirewall2 will still provide backwards compatibility to temporarily + enable IPv4/IPv6 forwarding if not already enabled system wide. Also + forwarding can now be configured separately for IPv4/IPv6 if only one of + both is required. See FW_ROUTE documentation. (bnc#572202) +- ignore the bootlock when incremental updates for hotplugged or virtual + devices are coming in during boot. This prevents lockups for example when + drbd is used with FB_BOOT_FULL_INIT. (bnc#785299) +- fixed a race condition in systemd unit files that could cause the + SuSEfirewall2_init unit to sporadically fail, because /tmp was not + there/writable yet. (bnc#1014987) +- support new kernels >= 4.7 that run with + net.netfilter.nf_conntrack_helper = 0 + by default. Currently only netbios/samba is fully covered. (bnc#986527) +- allow mdns multicast packets input in unconfigured firewall setups (no zones + configured) to make zeroconf setups (like avahi) work out of the box for + typical desktops connecting via DSL/WiFi router scenarios. (bnc#959707) +- refurbished the documentation in /usr/share/doc. (bnc#884037) +- updated GPL license texts with the current address from FSF +- support for IPv6 in FW_TRUSTED_NETS config variable. (bnc#841046) +- don't log dropped broadcast IPv6 broadcast/multicast packets by default to + avoid cluttering the kernel log. (bnc#847193) +- recognize a running libvirtd instance and cause it to recreate its custom + firewall rules on SuSEfirewall2 reload, to not break VM networking. + (bnc#884398) +- only apply FW_KERNEL_SECURITY proc settings, if not overriden by the + administrator in /etc/sysctl.conf (bnc#906136). This allows you to benefit + from some of the kernel security settings, while overwriting others. +- don't enable FW_LO_NOTRACK by default any more, because it breaks expected + behaviour in some scenarios (bnc#916771) +- increase security when sourcing external script files by checking file + ownership and permissions first (to avoid sourcing untrusted files owned by + non-root or world-writable) +- fixed "/usr/sbin/SUSEfirewall log" pretty logfile parsing functionality when + running under systemd with journald. + @@ -15 +58 @@ - +: Old: SuSEfirewall2-3.6.322.tar.bz2 New: SuSEfirewall2-3.6.346.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.yRzdEw/_old 2017-04-07 14:18:22.535033153 +0200 +++ /var/tmp/diff_new_pack.yRzdEw/_new 2017-04-07 14:18:22.535033153 +0200 @@ -19,7 +19,7 @@ %define newname SUSEfirewall2 Name: SuSEfirewall2 -Version:3.6.322 +Version:3.6.346 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.322.tar.bz2 -> SuSEfirewall2-3.6.346.tar.bz2 ++ 3093 lines of diff (skipped)
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-03-20 17:04:27 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Mon Mar 20 17:04:27 2017 rev:80 rq:479216 version:3.6.322 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2017-02-16 16:47:34.75090 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-03-20 17:04:28.952910054 +0100 @@ -1,0 +2,7 @@ +Tue Mar 7 10:39:28 CET 2017 - mgerst...@suse.de + +- Install symlink to SuSEfirewall2 with the updated SUSE spelling + (bsc#938727, FATE#316521) +- Added rpmlintrc file to suppress some bogus warnings during building + +--- New: SuSEfirewall2-rpmlintrc Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.Ub5WY4/_old 2017-03-20 17:04:29.800790333 +0100 +++ /var/tmp/diff_new_pack.Ub5WY4/_new 2017-03-20 17:04:29.804789769 +0100 @@ -17,6 +17,7 @@ # icecream 0 +%define newname SUSEfirewall2 Name: SuSEfirewall2 Version:3.6.322 Release:0 @@ -31,6 +32,7 @@ License:GPL-2.0 Group: Productivity/Networking/Security Source: SuSEfirewall2-%{version}.tar.bz2 +Source1:SuSEfirewall2-rpmlintrc BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build # for the service_* macros @@ -47,8 +49,8 @@ %prep %setup -# please send patches to lnussel for inclusion in git first -# http://gitorious.org/opensuse/susefirewall2 +# please send patches to mgerstner for inclusion in git first +# https://github.com/openSUSE/susefirewall2/ %build @@ -63,8 +65,11 @@ # # compat symlink mkdir -p %{buildroot}/sbin -ln -s /usr/sbin/SuSEfirewall2 %{buildroot}/sbin/SuSEfirewall2 -ln -s /usr/sbin/rcSuSEfirewall2 %{buildroot}/sbin/rcSuSEfirewall2 +ln -s /usr/sbin/%{name} %{buildroot}/sbin/%{name} +ln -s /usr/sbin/rc%{name} %{buildroot}/sbin/rc%{name} +# symlinks using the new SUSE spelling +ln -s %{name} %{buildroot}/sbin/%{newname} +ln -s %{name} %{buildroot}/usr/sbin/%{newname} %files %defattr(-, root, root) @@ -86,6 +91,8 @@ /sbin/rcSuSEfirewall2 /usr/sbin/rcSuSEfirewall2 /usr/sbin/SuSEfirewall2 +/usr/sbin/%{newname} +/sbin/%{newname} %dir /usr/share/SuSEfirewall2 %dir /usr/share/SuSEfirewall2/defaults /usr/lib/systemd/system/SuSEfirewall2.service ++ SuSEfirewall2-rpmlintrc ++ addFilter("non-conffile-in-etc .*/etc/sysconfig/script/*") addFilter("script-without-shebang .*/etc/sysconfig/script/*") addFilter("non-conffile-in-etc .*/etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE") addFilter("non-executable-script .*/etc/sysconfig/script/*")
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2017-02-16 16:47:33 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2016-02-18 12:35:44.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2017-02-16 16:47:34.75090 +0100 @@ -1,0 +2,5 @@ +Fri Feb 10 22:39:10 CET 2017 - ku...@suse.de + +- Remove unused PreReq for insserv and fillup + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.0jUDUA/_old 2017-02-16 16:47:34.916408075 +0100 +++ /var/tmp/diff_new_pack.0jUDUA/_new 2017-02-16 16:47:34.920407507 +0100 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ Version:3.6.322 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 -PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem +PreReq: /bin/sed textutils fileutils grep filesystem Requires: coreutils Requires: iptables Requires: perl
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2016-02-18 11:06:29 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2016-01-23 01:16:11.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2016-02-18 12:35:44.0 +0100 @@ -1,0 +2,20 @@ +Wed Feb 10 15:18:40 UTC 2016 - meiss...@suse.com + +- add nfs-server.service too as dependency, remove default.target again + as it makes trouble (bsc#963740) +- basic.target and SuSEfirewall2 have a loop, remove it bsc#961258 + +--- +Tue Feb 9 11:01:25 UTC 2016 - meiss...@suse.com + +- change dependencies of SUSEfirewall2_init, so it gets run after systemd + version update brought new dependencies somehow (bsc#963969) + +--- +Thu Jan 28 12:23:06 UTC 2016 - meiss...@suse.com + +- add default.target, so SuSEfirewall2 final will be started after + all other services. This is relevant for rpc services like the NFS rpc + process group, where ports are opened dynamically. bsc#963740 + +--- Old: SuSEfirewall2-3.6.318.tar.bz2 New: SuSEfirewall2-3.6.322.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.MOlTnT/_old 2016-02-18 12:35:45.0 +0100 +++ /var/tmp/diff_new_pack.MOlTnT/_new 2016-02-18 12:35:45.0 +0100 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.318 +Version:3.6.322 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.318.tar.bz2 -> SuSEfirewall2-3.6.322.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.318/SuSEfirewall2.service new/SuSEfirewall2-3.6.322/SuSEfirewall2.service --- old/SuSEfirewall2-3.6.318/SuSEfirewall2.service 2016-01-18 13:00:33.0 +0100 +++ new/SuSEfirewall2-3.6.322/SuSEfirewall2.service 2016-02-10 16:17:50.0 +0100 @@ -1,6 +1,6 @@ [Unit] Description=SuSEfirewall2 phase 2 -After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service SuSEfirewall2_init.service +After=network.target ypbind.service nfs.service nfsserver.service nfs-server.service rpcbind.service SuSEfirewall2_init.service Wants=SuSEfirewall2_init.service Conflicts=firewalld.service diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.318/SuSEfirewall2_init.service new/SuSEfirewall2-3.6.322/SuSEfirewall2_init.service --- old/SuSEfirewall2-3.6.318/SuSEfirewall2_init.service2016-01-18 13:00:33.0 +0100 +++ new/SuSEfirewall2-3.6.322/SuSEfirewall2_init.service2016-02-10 16:17:50.0 +0100 @@ -1,7 +1,8 @@ [Unit] Description=SuSEfirewall2 phase 1 Before=network.service -Before=basic.target +DefaultDependencies=false +Requires=sysinit.target Conflicts=firewalld.service [Service]
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2016-01-23 01:16:10 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is "SuSEfirewall2" Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2015-06-30 10:15:01.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2016-01-23 01:16:11.0 +0100 @@ -1,0 +2,11 @@ +Mon Jan 18 12:44:38 UTC 2016 - meiss...@suse.com + +- Merge pull request #5 from hwoarang/firewalld-conflict +- SuSEfirewall2{,_init}.service: Conflict with firewalld service + +--- +Fri Jan 15 16:36:15 UTC 2016 - meiss...@suse.com + +- basic.service -> basic.target (bsc#961258) + +--- Old: SuSEfirewall2-3.6.315.tar.bz2 New: SuSEfirewall2-3.6.318.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.a78Wpt/_old 2016-01-23 01:16:12.0 +0100 +++ /var/tmp/diff_new_pack.a78Wpt/_new 2016-01-23 01:16:12.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.315 +Version:3.6.318 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.315.tar.bz2 -> SuSEfirewall2-3.6.318.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.315/SuSEfirewall2.service new/SuSEfirewall2-3.6.318/SuSEfirewall2.service --- old/SuSEfirewall2-3.6.315/SuSEfirewall2.service 2015-06-24 14:06:41.0 +0200 +++ new/SuSEfirewall2-3.6.318/SuSEfirewall2.service 2016-01-18 13:00:33.0 +0100 @@ -2,6 +2,7 @@ Description=SuSEfirewall2 phase 2 After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service SuSEfirewall2_init.service Wants=SuSEfirewall2_init.service +Conflicts=firewalld.service [Service] ExecStart=/usr/sbin/SuSEfirewall2 boot_setup diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.315/SuSEfirewall2_init.service new/SuSEfirewall2-3.6.318/SuSEfirewall2_init.service --- old/SuSEfirewall2-3.6.315/SuSEfirewall2_init.service2015-06-24 14:06:41.0 +0200 +++ new/SuSEfirewall2-3.6.318/SuSEfirewall2_init.service2016-01-18 13:00:33.0 +0100 @@ -1,7 +1,8 @@ [Unit] Description=SuSEfirewall2 phase 1 Before=network.service -Before=basic.service +Before=basic.target +Conflicts=firewalld.service [Service] ExecStart=/usr/sbin/SuSEfirewall2 boot_init
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2015-06-30 10:15:00 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-08-20 10:51:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2015-06-30 10:15:01.0 +0200 @@ -1,0 +2,8 @@ +Wed Jun 24 12:07:08 UTC 2015 - meiss...@suse.com + +- reduce amount of setprocinfo set values, adjusted to existence and + also current kernel defaults. +- missing IPv6 commands to enable broadcast (e.g.: avahi over ipv6) + (bsc#935716) + +--- Old: SuSEfirewall2-3.6.312.tar.bz2 New: SuSEfirewall2-3.6.315.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.aKcojP/_old 2015-06-30 10:15:02.0 +0200 +++ /var/tmp/diff_new_pack.aKcojP/_new 2015-06-30 10:15:02.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.312 +Version:3.6.315 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.312.tar.bz2 - SuSEfirewall2-3.6.315.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.312/SuSEfirewall2 new/SuSEfirewall2-3.6.315/SuSEfirewall2 --- old/SuSEfirewall2-3.6.312/SuSEfirewall2 2014-08-15 18:02:23.0 +0200 +++ new/SuSEfirewall2-3.6.315/SuSEfirewall2 2015-06-24 14:06:41.0 +0200 @@ -1181,24 +1181,24 @@ set_proc_stuff() { if [ $FW_KERNEL_SECURITY != no ]; then - setproc 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts + # kernel default 1: setproc 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # test $FW_ALLOW_PING_FW = yes || setproc 1 /proc/sys/net/ipv4/icmp_echo_ignore_all # XXX - setproc 1 /proc/sys/net/ipv4/ip_always_defrag # XXX not there? - setproc 1 /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses - setproc 5 /proc/sys/net/ipv4/icmp_echoreply_rate - setproc 5 /proc/sys/net/ipv4/icmp_destunreach_rate - setproc 5 /proc/sys/net/ipv4/icmp_paramprob_rate - setproc 6 /proc/sys/net/ipv4/icmp_timeexceed_rate - setproc 20 /proc/sys/net/ipv4/ipfrag_time + # gone? setproc 1 /proc/sys/net/ipv4/ip_always_defrag # XXX not there? + # kernel default 1: setproc 1 /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses + # gone? setproc 5 /proc/sys/net/ipv4/icmp_echoreply_rate + # gone? setproc 5 /proc/sys/net/ipv4/icmp_destunreach_rate + # gone? setproc 5 /proc/sys/net/ipv4/icmp_paramprob_rate + # gone? setproc 6 /proc/sys/net/ipv4/icmp_timeexceed_rate + # 30*HZ in the kernel, setproc 20 /proc/sys/net/ipv4/ipfrag_time for i in /proc/sys/net/ipv4/conf/*; do - setproc 1 $i/log_martians - setproc 0 $i/bootp_relay - [ $FW_ROUTE != yes ] setproc 0 $i/forwarding - setproc 0 $i/proxy_arp - setproc 1 $i/secure_redirects + setproc 1 $i/log_martians # default is 0 in the kernel + #kernel default 0: setproc 0 $i/bootp_relay + [ $FW_ROUTE != yes ] setproc 0 $i/forwarding # should stay + # kernel default 0: setproc 0 $i/proxy_arp + # kernel default 1: setproc 1 $i/secure_redirects #setproc 0 $i/accept_redirects # let kernel decide this - setproc 0 $i/accept_source_route - setproc 1 $i/rp_filter + setproc 0 $i/accept_source_route# default is 1, should stay? + setproc 1 $i/rp_filter # default is 0, should stay? done setproc 1 /proc/sys/net/ipv4/route/flush fi @@ -1324,21 +1324,26 @@ [ $port = no -o $port = yes ] continue $LAA $IPTABLES $match -p udp --dport $port ${LOG}-ACC-BCAST${zone:0:1} $IPTABLES $match -p udp --dport $port -j $ACCEPT + $LAA $IP6TABLES $match -p udp --dport $port ${LOG}-ACC-BCAST${zone:0:1} + $IP6TABLES $match -p udp --dport
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2014-08-20 10:51:18 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-07-31 21:50:03.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-08-20 10:51:50.0 +0200 @@ -1,0 +2,12 @@ +Mon Aug 18 08:17:30 UTC 2014 - lnus...@suse.de + +- perl-Net-DNS is only needed by some ancillary helper tool but not for the + core features. So set it to Recommended. + +--- +Fri Aug 15 16:02:46 UTC 2014 - meiss...@suse.com + +- hosting moved to github.com/opensuse/susefirewall2 +- added a sysvinit - systemd conversion hack (bnc#891669) + +--- Old: SuSEfirewall2-3.6.310.tar.bz2 New: SuSEfirewall2-3.6.312.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.Yp5dvk/_old 2014-08-20 10:51:51.0 +0200 +++ /var/tmp/diff_new_pack.Yp5dvk/_new 2014-08-20 10:51:51.0 +0200 @@ -18,14 +18,14 @@ Name: SuSEfirewall2 -Version:3.6.310 +Version:3.6.312 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem Requires: coreutils Requires: iptables Requires: perl -Requires: perl-Net-DNS +Recommends: perl-Net-DNS Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter License:GPL-2.0 @@ -96,6 +96,17 @@ %pre %service_add_pre SuSEfirewall2.service +# Upgrade case means more than 1 package in system, so probably 2 +# if we still have the LSB init script, save its state, remove _setup +# and store it in the database. +if [ $FIRST_ARG -gt 1 ]; then + if test -e /etc/init.d/SuSEfirewall2_setup ; then + if test ! -e /var/lib/systemd/migrated/SuSEfirewall2 ; then + /usr/sbin/systemd-sysv-convert --save SuSEfirewall2_setup + sed -i -e 's/SuSEfirewall2_setup/SuSEfirewall2/' /var/lib/systemd/sysv-convert/database + fi + fi +fi %post %service_add_post SuSEfirewall2.service ++ SuSEfirewall2-3.6.310.tar.bz2 - SuSEfirewall2-3.6.312.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.html new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.html --- old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.html 2014-07-31 10:50:49.0 +0200 +++ new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.html 2014-08-15 18:02:23.0 +0200 @@ -1,6 +1,5 @@ ?xml version=1.0 encoding=UTF-8? -!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; -html xmlns=http://www.w3.org/1999/xhtml;headmeta http-equiv=Content-Type content=text/html; charset=UTF-8 /titleSuSEfirewall2/titlelink rel=stylesheet href=susebooks.css type=text/css /meta name=generator content=DocBook XSL Stylesheets V1.75.2 //headbodydiv class=article title=SuSEfirewall2div class=titlepagedivdivh2 class=titlea id=id301523/aSuSEfirewall2/h2/div/divhr //divdiv class=tocpbTable of Contents/b/pdldtspan class=sectiona href=#id3015371. Introduction/a/span/dtdtspan class=sectiona href=#id2658792. Quickstart/a/span/dtdddldtspan class=sectiona href=#id2658842.1. YaST2 firewall module/a/span/dtdtspan class=sectiona href=#id2658962.2. Manual configuration/a/span/dt/dl/dddtspan class=sectiona href=#id2839263. Some words about security/a/span/dtdtspan class=sectiona href=#id2652454. Source Code/a/span/dtdtspan class=sectiona href=#id2652615. Reporting bugs/a/span/dtdtspan class=sectiona href=#id2652836. Links/a/span/dtdtspan class=sectiona href=#id2653077. Author/a/span/dt/dl/divdiv class=section title=1.#xA0;Introductiondiv class=titlepagedivdivh2 class=title style=clear: botha id=id301537/a1. Introduction/h2/div/div/divp +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;html xmlns=http://www.w3.org/1999/xhtml;headmeta http-equiv=Content-Type content=text/html; charset=UTF-8 /titleSuSEfirewall2/titlelink rel=stylesheet type=text/css href=susebooks.css /meta name=generator content=DocBook XSL Stylesheets V1.78.0
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2014-07-31 21:50:00 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-06-18 07:47:41.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-07-31 21:50:03.0 +0200 @@ -1,0 +2,6 @@ +Thu Jul 31 08:51:43 UTC 2014 - meiss...@suse.com + +- SuSEfirewall2, ACCEPT from services is a local variable, otherwise + ACCEPT would be used a service name (bnc#889406 bnc#889555 bnc#887040) + +--- Old: SuSEfirewall2-3.6.309.tar.bz2 New: SuSEfirewall2-3.6.310.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.aEEyoe/_old 2014-07-31 21:50:04.0 +0200 +++ /var/tmp/diff_new_pack.aEEyoe/_new 2014-07-31 21:50:04.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.309 +Version:3.6.310 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.309.tar.bz2 - SuSEfirewall2-3.6.310.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.309/SuSEfirewall2 new/SuSEfirewall2-3.6.310/SuSEfirewall2 --- old/SuSEfirewall2-3.6.309/SuSEfirewall2 2014-06-11 10:45:57.0 +0200 +++ new/SuSEfirewall2-3.6.310/SuSEfirewall2 2014-07-31 10:50:49.0 +0200 @@ -1261,6 +1261,7 @@ local BROADCAST='' local RELATED='' local MODULES='' + local ACCEPT='' # XXX: could use a sub shell in order to enforce use of known variables only if [ ! -r $CONFIGURATIONSDIR_0/$config ] || ! . $CONFIGURATIONSDIR_0/$config; then -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2014-06-18 07:47:40 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-06-01 18:56:03.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-06-18 07:47:41.0 +0200 @@ -1,0 +2,5 @@ +Wed Jun 11 08:49:18 UTC 2014 - m...@suse.com + +- Added ACCEPT to TEMPLATE using FW_SERVICES_ACCEPT + +--- Old: SuSEfirewall2-3.6.307.tar.bz2 New: SuSEfirewall2-3.6.309.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.NBpEKL/_old 2014-06-18 07:47:42.0 +0200 +++ /var/tmp/diff_new_pack.NBpEKL/_new 2014-06-18 07:47:42.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.307 +Version:3.6.309 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.307.tar.bz2 - SuSEfirewall2-3.6.309.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.307/SuSEfirewall2 new/SuSEfirewall2-3.6.309/SuSEfirewall2 --- old/SuSEfirewall2-3.6.307/SuSEfirewall2 2014-05-27 10:50:25.0 +0200 +++ new/SuSEfirewall2-3.6.309/SuSEfirewall2 2014-06-11 10:45:57.0 +0200 @@ -1287,6 +1287,10 @@ eval FW_SERVICES_ACCEPT_RELATED_`cibiz $zone`=\\$FW_SERVICES_ACCEPT_RELATED_`cibiz $zone` \$RELATED\ fi + if [ -n $ACCEPT ]; then + eval FW_SERVICES_ACCEPT_`cibiz $zone`=\\$FW_SERVICES_ACCEPT_`cibiz $zone` \$ACCEPT\ + fi + if [ -n $MODULES ]; then eval FW_LOAD_MODULES=\\$FW_LOAD_MODULES \$MODULES\ fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.307/SuSEfirewall2.service.TEMPLATE new/SuSEfirewall2-3.6.309/SuSEfirewall2.service.TEMPLATE --- old/SuSEfirewall2-3.6.307/SuSEfirewall2.service.TEMPLATE2014-05-27 10:50:25.0 +0200 +++ new/SuSEfirewall2-3.6.309/SuSEfirewall2.service.TEMPLATE2014-06-11 10:45:57.0 +0200 @@ -36,6 +36,13 @@ # IPv4 use 0.0.0.0/0 RELATED= +# space separated list of net,protocol[,sport[,dport]] +# sets FW_SERVICES_ACCEPT_*_EXT +# Alternative to TCP,UDP,... variants above allowing to +# open ports for IPv6 only or IPv4 only, using ::/0 or +# 0.0.0.0/0 as net (source address net). +ACCEPT= + # additional kernel modules needed for this service # see FW_LOAD_MODULES MODULES= -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2014-06-01 18:55:59 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2013-12-30 10:44:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-06-01 18:56:03.0 +0200 @@ -1,0 +2,7 @@ +Tue May 27 08:59:59 UTC 2014 - meiss...@suse.com + +- Allow incoming DHCPv6 replies, currently unlimited. + bnc#867819,bnc#868031,bnc#783002,bnc#822959 +- typo fix customary - custom bnc#835677 + +--- Old: SuSEfirewall2-3.6.305.tar.bz2 New: SuSEfirewall2-3.6.307.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.AIfWfv/_old 2014-06-01 18:56:04.0 +0200 +++ /var/tmp/diff_new_pack.AIfWfv/_new 2014-06-01 18:56:04.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.305 +Version:3.6.307 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.305.tar.bz2 - SuSEfirewall2-3.6.307.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.305/SuSEfirewall2 new/SuSEfirewall2-3.6.307/SuSEfirewall2 --- old/SuSEfirewall2-3.6.305/SuSEfirewall2 2013-06-27 13:15:00.0 +0200 +++ new/SuSEfirewall2-3.6.307/SuSEfirewall2 2014-05-27 10:50:25.0 +0200 @@ -798,6 +798,11 @@ allow_basic_established +# Allow DHCPv6 by default. While the requests go out to multicast address, they +# can come back from unicast hosts and we might not know them. +$LAA $IP6TABLES -A INPUT -p udp --dport dhcpv6-client ${LOG}-IN-DHCPv6 +$IP6TABLES -A INPUT -p udp --dport dhcpv6-client -j $ACCEPT + # make sure basic rules get committed even if there are errors later [ -n $USE_IPTABLES_BATCH ] iptables_batch_commitpoint } @@ -1098,10 +1103,10 @@ ### Load custom rules if [ -n $FW_CUSTOMRULES ]; then if [ ! -r $FW_CUSTOMRULES ]; then - die 1 Firewall customary rules file can not be read from $FW_CUSTOMRULES + die 1 Firewall custom rules file can not be read from $FW_CUSTOMRULES fi . $FW_CUSTOMRULES - message Firewall customary rules loaded from $FW_CUSTOMRULES + message Firewall custom rules loaded from $FW_CUSTOMRULES fi } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-12-30 10:44:24 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2013-08-21 13:45:18.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-12-30 10:44:25.0 +0100 @@ -1,0 +2,5 @@ +Fri Dec 27 11:13:55 UTC 2013 - meiss...@suse.com + +- add perl-Net-DNS requires for SuSEfirewall2 log (bnc#856705) + +--- Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.df53IK/_old 2013-12-30 10:44:26.0 +0100 +++ /var/tmp/diff_new_pack.df53IK/_new 2013-12-30 10:44:26.0 +0100 @@ -25,6 +25,7 @@ Requires: coreutils Requires: iptables Requires: perl +Requires: perl-Net-DNS Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter License:GPL-2.0 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-08-21 13:45:16 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2013-05-16 19:22:01.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-08-21 13:45:18.0 +0200 @@ -1,0 +2,5 @@ +Wed Aug 21 08:43:32 UTC 2013 - lnus...@suse.de + +- adjust service files so manual starts work better (bnc#819499) + +--- Old: SuSEfirewall2-3.6.304.tar.bz2 New: SuSEfirewall2-3.6.305.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.2DvgjF/_old 2013-08-21 13:45:19.0 +0200 +++ /var/tmp/diff_new_pack.2DvgjF/_new 2013-08-21 13:45:19.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.304 +Version:3.6.305 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.304.tar.bz2 - SuSEfirewall2-3.6.305.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.304/SuSEfirewall2.service new/SuSEfirewall2-3.6.305/SuSEfirewall2.service --- old/SuSEfirewall2-3.6.304/SuSEfirewall2.service 2013-05-02 16:41:38.0 +0200 +++ new/SuSEfirewall2-3.6.305/SuSEfirewall2.service 2013-06-27 13:15:00.0 +0200 @@ -1,12 +1,13 @@ [Unit] Description=SuSEfirewall2 phase 2 -After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service +After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service SuSEfirewall2_init.service Wants=SuSEfirewall2_init.service [Service] ExecStart=/usr/sbin/SuSEfirewall2 boot_setup ExecStop=/usr/sbin/SuSEfirewall2 systemd_stop RemainAfterExit=true +Type=oneshot [Install] WantedBy=multi-user.target diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.304/SuSEfirewall2_init.service new/SuSEfirewall2-3.6.305/SuSEfirewall2_init.service --- old/SuSEfirewall2-3.6.304/SuSEfirewall2_init.service2013-05-02 16:41:38.0 +0200 +++ new/SuSEfirewall2-3.6.305/SuSEfirewall2_init.service2013-06-27 13:15:00.0 +0200 @@ -6,6 +6,7 @@ [Service] ExecStart=/usr/sbin/SuSEfirewall2 boot_init RemainAfterExit=true +Type=oneshot [Install] WantedBy=multi-user.target -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-05-16 19:22:00 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2 Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2013-01-29 14:46:19.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-05-16 19:22:01.0 +0200 @@ -1,0 +2,12 @@ +Mon May 6 13:15:59 UTC 2013 - cfarr...@suse.com + +- license update: GPL-2.0 + Various GPL-2.0 (only) licensed files + +--- +Fri May 3 13:25:35 UTC 2013 - meiss...@suse.com + +- clarify what the default is in FW_MASQ_NETS (bnc#817233) +- removed the --rttl option in recent matches, as this could also be used by attackers (bnc#800719) + +--- Old: SuSEfirewall2-3.6.302.tar.bz2 New: SuSEfirewall2-3.6.304.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.Z4D2FU/_old 2013-05-16 19:22:03.0 +0200 +++ /var/tmp/diff_new_pack.Z4D2FU/_new 2013-05-16 19:22:03.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.302 +Version:3.6.304 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem @@ -27,7 +27,7 @@ Requires: perl Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter -License:GPL-2.0+ +License:GPL-2.0 Group: Productivity/Networking/Security Source: SuSEfirewall2-%{version}.tar.bz2 BuildArch: noarch ++ SuSEfirewall2-3.6.302.tar.bz2 - SuSEfirewall2-3.6.304.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.302/SuSEfirewall2 new/SuSEfirewall2-3.6.304/SuSEfirewall2 --- old/SuSEfirewall2-3.6.302/SuSEfirewall2 2013-01-29 09:04:56.0 +0100 +++ new/SuSEfirewall2-3.6.304/SuSEfirewall2 2013-05-02 16:41:38.0 +0200 @@ -1776,7 +1776,7 @@ if [ -n $ipt_recent_update ]; then ipt_recent_rcheck=-m recent --rcheck$ipt_recent_update - ipt_recent_update=-m recent --update$ipt_recent_update --rttl + ipt_recent_update=-m recent --update$ipt_recent_update ipt_recent_set=-m recent --set$ipt_recent_set fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.302/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6.304/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6.302/SuSEfirewall2.sysconfig 2013-01-29 09:04:56.0 +0100 +++ new/SuSEfirewall2-3.6.304/SuSEfirewall2.sysconfig 2013-05-02 16:41:38.0 +0200 @@ -180,6 +180,7 @@ # If the protocol is icmp then port is interpreted as icmp type # # Examples: - 0/0 unrestricted access to the internet +# This is also the default if you leave FW_MASQ_NETS empty. # - 10.0.0.0/8 allows the whole 10.0.0.0 network with # unrestricted access. # - 10.0.1.0/24,0/0,tcp,80 10.0.1.0/24,0/0,tcp,21 allows -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-01-29 14:46:16 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2013-01-20 08:19:10.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-01-29 14:46:19.0 +0100 @@ -1,0 +2,5 @@ +Tue Jan 29 08:05:15 UTC 2013 - lnus...@suse.de + +- do not add dependency information about YaST2 Second Stage (bnc#800365) + +--- Old: SuSEfirewall2-3.6.300.tar.bz2 New: SuSEfirewall2-3.6.302.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.IJqr4g/_old 2013-01-29 14:46:20.0 +0100 +++ /var/tmp/diff_new_pack.IJqr4g/_new 2013-01-29 14:46:20.0 +0100 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.300 +Version:3.6.302 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.300.tar.bz2 - SuSEfirewall2-3.6.302.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.300/SuSEfirewall2_init.service new/SuSEfirewall2-3.6.302/SuSEfirewall2_init.service --- old/SuSEfirewall2-3.6.300/SuSEfirewall2_init.service2013-01-17 12:10:33.0 +0100 +++ new/SuSEfirewall2-3.6.302/SuSEfirewall2_init.service2013-01-29 09:04:56.0 +0100 @@ -1,6 +1,5 @@ [Unit] Description=SuSEfirewall2 phase 1 -After=YaST2-Second-Stage.service Before=network.service Before=basic.service diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.300/TODO new/SuSEfirewall2-3.6.302/TODO --- old/SuSEfirewall2-3.6.300/TODO 2013-01-17 12:10:33.0 +0100 +++ new/SuSEfirewall2-3.6.302/TODO 2013-01-29 09:04:56.0 +0100 @@ -1,3 +1,5 @@ * only create forward/dmz etc. tables when devices are there/used * add rule numbers to logged packets + +* reload feature (bnc#419913) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2013-01-20 08:19:08 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2012-12-17 09:39:49.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2013-01-20 08:19:10.0 +0100 @@ -1,0 +2,5 @@ +Thu Jan 17 11:11:51 UTC 2013 - lnus...@suse.de + +- fix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834) + +--- Old: SuSEfirewall2-3.6.299.tar.bz2 New: SuSEfirewall2-3.6.300.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.nqilyM/_old 2013-01-20 08:19:16.0 +0100 +++ /var/tmp/diff_new_pack.nqilyM/_new 2013-01-20 08:19:16.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.299 +Version:3.6.300 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.299.tar.bz2 - SuSEfirewall2-3.6.300.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.299/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6.300/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6.299/SuSEfirewall2.sysconfig 2012-12-13 13:22:03.0 +0100 +++ new/SuSEfirewall2-3.6.300/SuSEfirewall2.sysconfig 2013-01-17 12:10:33.0 +0100 @@ -216,8 +216,7 @@ # FW_NOMASQ_NETS= -## Type: list(yes,no,notrack) -## Default:no +## Type: list(yes,no,notrack,) # # Do you want to protect the firewall from the internal network? # Requires: FW_DEV_INT @@ -232,7 +231,7 @@ # This is useful to gain better performance on high speed # interfaces. # -# defaults to yes if not set +# defaults to no if not set # # see also FW_REJECT_INT # -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2012-12-17 09:39:46 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is meiss...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2012-09-11 11:38:06.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2012-12-17 09:39:49.0 +0100 @@ -1,0 +2,12 @@ +Thu Dec 13 12:23:01 UTC 2012 - lnus...@suse.de + +- move to /usr, remove init scripts + +--- +Wed Dec 12 15:31:58 UTC 2012 - lnus...@suse.de + +- adjust for starting via systemd service files +- move lock files to /run +- just CT instead of NOTRACK (bnc#793459) + +--- Old: SuSEfirewall2-3.6.295.tar.bz2 New: SuSEfirewall2-3.6.299.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.19U1x2/_old 2012-12-17 09:39:51.0 +0100 +++ /var/tmp/diff_new_pack.19U1x2/_new 2012-12-17 09:39:51.0 +0100 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.295 +Version:3.6.299 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem @@ -32,6 +32,9 @@ Source: SuSEfirewall2-%{version}.tar.bz2 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build +# for the service_* macros +%{?systemd_requires} +BuildRequires: pkgconfig(systemd) %description SuSEfirewall2 implements a packet filter that protects hosts and @@ -57,6 +60,10 @@ install -m 644 doc/SuSEfirewall2-doc.desktop \ %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop # +# compat symlink +mkdir -p %{buildroot}/sbin +ln -s /usr/sbin/SuSEfirewall2 %{buildroot}/sbin/SuSEfirewall2 +ln -s /usr/sbin/rcSuSEfirewall2 %{buildroot}/sbin/rcSuSEfirewall2 %files %defattr(-, root, root) @@ -64,8 +71,6 @@ %doc %{_datadir}/susehelp %config(noreplace) /etc/sysconfig/scripts/SuSEfirewall2-custom %config(noreplace) /etc/sysconfig/SuSEfirewall2 -%config /etc/init.d/SuSEfirewall2_init -%config /etc/init.d/SuSEfirewall2_setup /etc/sysconfig/SuSEfirewall2.d/services/* /etc/sysconfig/scripts/SuSEfirewall2-rpcinfo /etc/sysconfig/scripts/SuSEfirewall2-showlog @@ -76,38 +81,28 @@ /etc/sysconfig/network/scripts/SuSEfirewall2 /etc/sysconfig/network/scripts/firewall /etc/sysconfig/network/if-up.d/SuSEfirewall2 -/sbin/rcSuSEfirewall2 /sbin/SuSEfirewall2 +/sbin/rcSuSEfirewall2 +/usr/sbin/rcSuSEfirewall2 +/usr/sbin/SuSEfirewall2 %dir /usr/share/SuSEfirewall2 %dir /usr/share/SuSEfirewall2/defaults +/usr/lib/systemd/system/SuSEfirewall2.service +/usr/lib/systemd/system/SuSEfirewall2_init.service /usr/share/SuSEfirewall2/defaults/50-default.cfg /usr/share/SuSEfirewall2/rpcusers /var/adm/fillup-templates/sysconfig.SuSEfirewall2 -%postun -%insserv_cleanup +%pre +%service_add_pre SuSEfirewall2.service %post -# SuSEfirewall2_init is no longer a boot.d script, need to remove -# and add it again -for i in etc/init.d/boot.d/S??SuSEfirewall2_init; do -if [ -e $i ]; then - /sbin/insserv -r -f SuSEfirewall2_init - /sbin/insserv -f SuSEfirewall2_init - break -fi -done -if [ -e etc/sysconfig/SuSEfirewall2 ] \ -grep -q '^FW_MASQ_DEV=\$FW_DEV_EXT$' etc/sysconfig/SuSEfirewall2; then - sed 's/^FW_MASQ_DEV=\$FW_DEV_EXT$/FW_MASQ_DEV=zone:ext/' \ -etc/sysconfig/SuSEfirewall2 \ -etc/sysconfig/SuSEfirewall2.new \ -mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2 \ -echo FW_MASQ_DEV converted -fi -# -%insserv_cleanup -# -exit 0 +%service_add_post SuSEfirewall2.service + +%preun +%service_del_preun SuSEfirewall2.service + +%postun +%service_del_postun SuSEfirewall2.service %changelog ++ SuSEfirewall2-3.6.295.tar.bz2 - SuSEfirewall2-3.6.299.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.295/Makefile new/SuSEfirewall2-3.6.299/Makefile --- old/SuSEfirewall2-3.6.295/Makefile 2012-09-11 10:29:29.0 +0200 +++ new/SuSEfirewall2-3.6.299/Makefile 2012-12-13 13:22:03.0 +0100 @@ -8,8 +8,8 @@ DESTDIR= allfiles= \ - SuSEfirewall2_init \ - SuSEfirewall2_setup \ + SuSEfirewall2_init.service \ + SuSEfirewall2.service \ $(SCRIPTS) \ SuSEfirewall2_ifup \
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2012-09-11 11:38:03 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2012-07-14 13:15:51.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2012-09-11 11:38:06.0 +0200 @@ -1,0 +2,5 @@ +Tue Sep 11 08:29:41 UTC 2012 - lnus...@suse.de + +- getdevinfo is gone as per commit 0c5ac93 (bnc#777271) + +--- Old: SuSEfirewall2-3.6.293.tar.bz2 New: SuSEfirewall2-3.6.295.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.KSBW5c/_old 2012-09-11 11:38:07.0 +0200 +++ /var/tmp/diff_new_pack.KSBW5c/_new 2012-09-11 11:38:07.0 +0200 @@ -18,7 +18,7 @@ Name: SuSEfirewall2 -Version:3.6.293 +Version:3.6.295 Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem ++ SuSEfirewall2-3.6.293.tar.bz2 - SuSEfirewall2-3.6.295.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.293/SuSEfirewall2-qdisc new/SuSEfirewall2-3.6.295/SuSEfirewall2-qdisc --- old/SuSEfirewall2-3.6.293/SuSEfirewall2-qdisc 2012-07-13 14:42:35.0 +0200 +++ new/SuSEfirewall2-3.6.295/SuSEfirewall2-qdisc 2012-09-11 10:29:29.0 +0200 @@ -38,10 +38,9 @@ for DEVICE_DATA in $FW_HTB_TUNE_DEV; do IFS=, read DEV BANDWIDTH (echo $DEVICE_DATA) - DEV=`getdevinfo $DEV` || continue - # sanity check if [ -n $DEV -a -n $BANDWIDTH ]; then +test -e /sys/class/net/$DEV || continue # reserve about 15% for small packets (TCP ACK), # interactive SSH from and to us and DNS querys. # We don't need too much bandwidth but we need it fast. -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2012-07-14 13:15:49 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2012-06-25 12:03:08.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2012-07-14 13:15:51.0 +0200 @@ -1,0 +2,5 @@ +Fri Jul 13 12:43:17 UTC 2012 - lnus...@suse.de + +- honor FW_IPv6 setting also in debug mode (bnc#769411) + +--- Old: SuSEfirewall2-3.6.292.tar.bz2 New: SuSEfirewall2-3.6.293.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.IfEfZN/_old 2012-07-14 13:15:56.0 +0200 +++ /var/tmp/diff_new_pack.IfEfZN/_new 2012-07-14 13:15:56.0 +0200 @@ -14,19 +14,21 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - # icecream 0 Name: SuSEfirewall2 -Version:3.6.292 -Release:1 -License:GPL-2.0+ -Group: Productivity/Networking/Security +Version:3.6.293 +Release:0 Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem -Requires: iptables coreutils perl sysconfig +Requires: coreutils +Requires: iptables +Requires: perl +Requires: sysconfig Summary:Stateful Packet Filter Using iptables and netfilter +License:GPL-2.0+ +Group: Productivity/Networking/Security Source: SuSEfirewall2-%{version}.tar.bz2 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build ++ SuSEfirewall2-3.6.292.tar.bz2 - SuSEfirewall2-3.6.293.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.292/SuSEfirewall2 new/SuSEfirewall2-3.6.293/SuSEfirewall2 --- old/SuSEfirewall2-3.6.292/SuSEfirewall2 2012-06-19 13:31:34.0 +0200 +++ new/SuSEfirewall2-3.6.293/SuSEfirewall2 2012-07-13 14:42:35.0 +0200 @@ -325,6 +325,13 @@ { echo # $1 ${*:2} } + +### ipv6 checks +case $FW_IPv6 in + drop|reject) IP6TABLES_HAVE_STATE=0 ;; + no) IP6TABLES=: ;; + *) FW_IPv6= ;; +esac else IPTABLES=$IPTABLES_BIN IP6TABLES=$IP6TABLES_BIN @@ -336,7 +343,6 @@ *) FW_IPv6= ;; esac - if [ -n $USE_IPTABLES_BATCH ]; then -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2012-05-31 17:10:37 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2011-11-07 15:56:52.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2012-05-31 17:10:40.0 +0200 @@ -1,0 +2,17 @@ +Tue May 29 13:16:20 UTC 2012 - lnus...@suse.de + +- fix typo spotted by Frederic + +--- +Wed Jan 18 14:17:19 UTC 2012 - lnus...@suse.de + +- assume all interface names are correct (bnc#739084) + +--- +Wed Dec 14 16:55:43 UTC 2011 - lnus...@suse.de + +- fix forward masquerading (bnc#736205) +- compat syntax for negated options no longer works (bnc#660156, bnc#731088) +- enhance debug mode + +--- Old: SuSEfirewall2-3.6.282.tar.bz2 SuSEfirewall2.rpmlintrc New: SuSEfirewall2-3.6.289.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.GJHq1k/_old 2012-05-31 17:10:42.0 +0200 +++ /var/tmp/diff_new_pack.GJHq1k/_new 2012-05-31 17:10:42.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package SuSEfirewall2 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ Name: SuSEfirewall2 -Version:3.6.282 +Version:3.6.289 Release:1 License:GPL-2.0+ Group: Productivity/Networking/Security ++ SuSEfirewall2-3.6.282.tar.bz2 - SuSEfirewall2-3.6.289.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.282/Makefile new/SuSEfirewall2-3.6.289/Makefile --- old/SuSEfirewall2-3.6.282/Makefile 2011-11-07 11:55:00.0 +0100 +++ new/SuSEfirewall2-3.6.289/Makefile 2012-05-29 15:10:20.0 +0200 @@ -69,8 +69,8 @@ install -m 644 LICENCE $(DESTDIR)$(pkgdocdir)/ install -m 644 SuSEfirewall2.sysconfig $(DESTDIR)$(pkgdocdir)/ -dist: - @./mktar +package: + @./obs/mkpackage doc: $(MAKE) -C doc @@ -78,4 +78,4 @@ clean: rm -f $(ARCHIVE) -.PHONY: clean doc dist install install_doc all +.PHONY: clean doc package install install_doc all diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.282/SuSEfirewall2 new/SuSEfirewall2-3.6.289/SuSEfirewall2 --- old/SuSEfirewall2-3.6.282/SuSEfirewall2 2011-11-07 11:55:00.0 +0100 +++ new/SuSEfirewall2-3.6.289/SuSEfirewall2 2012-05-29 15:10:20.0 +0200 @@ -72,7 +72,7 @@ openopen the specified services in the specified zone. You need to restart SuSEfirewall2 for changes to take effect. on add SuSEfirewall2 initscripts to boot process and start - off remove SuSEefirwall2 initscripts from boot process and stop + off remove SuSEfirwall2 initscripts from boot process and stop file FILENAME same as start but load alternate config file FILENAME @@ -321,6 +321,10 @@ { echo modprobe $@ } +syslog() +{ + echo # $1 ${*:2} +} else IPTABLES=$IPTABLES_BIN IP6TABLES=$IP6TABLES_BIN @@ -772,38 +776,6 @@ esac } -# set $dev to actual name of device $1 -getdevinfo() -{ -local dev= -local d=$1 -local var=$2 -if [ -d /sys/class/net/$d ]; then - dev=$d -else - local deprecatediface= - if [ -x /sbin/getcfg-interface ]; then - dev=`/sbin/getcfg-interface $d` - elif [ -x $hwdesc2iface ]; then - case $d in - *-id-*) dev=`$hwdesc2iface id ${d#*-id-}`; deprecatediface=1 ;; - *-bus-*) dev=`$hwdesc2iface bus ${d#*-bus-}`; deprecatediface=1 ;; - esac - fi - - if [ -z $dev -o ! -d /sys/class/net/$dev ]; then - return 1 - fi - - if [ -n $deprecatediface ]; then - warning $var: the notation '$d' is deprecated. Please use '$dev' instead - fi -fi - -echo $dev -return 0 -} - setlock() { if [ $remove_bootlock -ne 0 ]; then @@ -872,7 +844,6 @@ warning ignoring deprecated interface 'auto' in $var
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2011-12-06 19:06:21 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.tK5cKs/_old 2011-12-06 20:10:24.0 +0100 +++ /var/tmp/diff_new_pack.tK5cKs/_new 2011-12-06 20:10:24.0 +0100 @@ -21,7 +21,7 @@ Name: SuSEfirewall2 Version:3.6.282 Release:1 -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Networking/Security Url:http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2011-11-07 15:56:49 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2011-11-05 12:02:09.0 +0100 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2011-11-07 15:56:52.0 +0100 @@ -1,0 +2,5 @@ +Mon Nov 7 10:56:04 UTC 2011 - lnus...@suse.de + +- use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438) + +--- Old: SuSEfirewall2-3.6.281.tar.bz2 New: SuSEfirewall2-3.6.282.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.tRFg7U/_old 2011-11-07 15:56:57.0 +0100 +++ /var/tmp/diff_new_pack.tRFg7U/_new 2011-11-07 15:56:57.0 +0100 @@ -19,7 +19,7 @@ Name: SuSEfirewall2 -Version:3.6.281 +Version:3.6.282 Release:1 License:GPLv2+ Group: Productivity/Networking/Security ++ SuSEfirewall2-3.6.281.tar.bz2 - SuSEfirewall2-3.6.282.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.281/SuSEfirewall2-rpcinfo new/SuSEfirewall2-3.6.282/SuSEfirewall2-rpcinfo --- old/SuSEfirewall2-3.6.281/SuSEfirewall2-rpcinfo 2011-11-02 16:26:04.0 +0100 +++ new/SuSEfirewall2-3.6.282/SuSEfirewall2-rpcinfo 2011-11-07 11:55:00.0 +0100 @@ -92,7 +92,7 @@ my %tcpports = (); # collect registered rpc services -open (RPCINFO, '/usr/sbin/rpcinfo -p localhost|') or die; +open (RPCINFO, '/sbin/rpcinfo -p localhost|') or die; RPCINFO; # header line while(RPCINFO) { -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2011-11-05 11:27:16 Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) Package is SuSEfirewall2, Maintainer is lnus...@suse.com Changes: --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2011-10-16 12:43:09.0 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2011-11-05 12:02:09.0 +0100 @@ -1,0 +2,5 @@ +Wed Nov 2 15:27:04 UTC 2011 - lnus...@suse.de + +- set SYSTEMD_NO_WRAP for status (bnc#727445) + +--- Old: SuSEfirewall2-3.6.280.tar.bz2 New: SuSEfirewall2-3.6.281.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.LFduHs/_old 2011-11-05 12:02:32.0 +0100 +++ /var/tmp/diff_new_pack.LFduHs/_new 2011-11-05 12:02:32.0 +0100 @@ -19,7 +19,7 @@ Name: SuSEfirewall2 -Version:3.6.280 +Version:3.6.281 Release:1 License:GPLv2+ Group: Productivity/Networking/Security ++ SuSEfirewall2-3.6.280.tar.bz2 - SuSEfirewall2-3.6.281.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.280/SuSEfirewall2_setup new/SuSEfirewall2-3.6.281/SuSEfirewall2_setup --- old/SuSEfirewall2-3.6.280/SuSEfirewall2_setup 2011-10-14 11:45:56.0 +0200 +++ new/SuSEfirewall2-3.6.281/SuSEfirewall2_setup 2011-11-02 16:26:04.0 +0100 @@ -26,6 +26,7 @@ test -x $SUSEFWALL || exit 5 +test $1 != 'status' || SYSTEMD_NO_WRAP=1 # bnc#727445 . /etc/rc.status rc_reset -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at Sun Oct 16 12:40:18 CEST 2011. --- openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes2011-09-23 01:51:16.0 +0200 +++ /mounts/work_src_done/STABLE/SuSEfirewall2/SuSEfirewall2.changes 2011-10-14 11:46:56.0 +0200 @@ -1,0 +2,11 @@ +Fri Oct 14 09:46:33 UTC 2011 - lnus...@suse.de + +- fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583) + +--- +Tue Oct 4 14:53:13 UTC 2011 - lnus...@suse.de + +- fix typo (bnc#721845) +- atomic zone status writing + +--- calling whatdependson for head-i586 Old: SuSEfirewall2-3.6.277.tar.bz2 New: SuSEfirewall2-3.6.280.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.CJkEOl/_old 2011-10-16 12:40:14.0 +0200 +++ /var/tmp/diff_new_pack.CJkEOl/_new 2011-10-16 12:40:14.0 +0200 @@ -19,7 +19,7 @@ Name: SuSEfirewall2 -Version:3.6.277 +Version:3.6.280 Release:1 License:GPLv2+ Group: Productivity/Networking/Security ++ SuSEfirewall2-3.6.277.tar.bz2 - SuSEfirewall2-3.6.280.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.277/SuSEfirewall2 new/SuSEfirewall2-3.6.280/SuSEfirewall2 --- old/SuSEfirewall2-3.6.277/SuSEfirewall2 2011-09-06 11:33:05.0 +0200 +++ new/SuSEfirewall2-3.6.280/SuSEfirewall2 2011-10-14 11:45:56.0 +0200 @@ -997,7 +997,8 @@ rm -rf $STATUSDIR/status/interfaces/$d else eval local seen_$d=1 - echo $z $STATUSDIR/status/interfaces/$d/zone + echo $z $STATUSDIR/status/interfaces/$d/.zone.new + mv $STATUSDIR/status/interfaces/$d/.zone.new $STATUSDIR/status/interfaces/$d/zone fi done for d in ${!iface_*}; do @@ -1005,7 +1006,8 @@ d=${d#iface_} eval [ -n \\$seen_$d\ ] continue mkdir $STATUSDIR/status/interfaces/$d - echo $z $STATUSDIR/status/interfaces/$d/zone + echo $z $STATUSDIR/status/interfaces/$d/.zone.new + mv $STATUSDIR/status/interfaces/$d/.zone.new $STATUSDIR/status/interfaces/$d/zone done } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.277/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6.280/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6.277/SuSEfirewall2.sysconfig 2011-09-06 11:33:05.0 +0200 +++ new/SuSEfirewall2-3.6.280/SuSEfirewall2.sysconfig 2011-10-14 11:45:56.0 +0200 @@ -382,7 +382,7 @@ # details. # # Note: In older SuSEfirewall2 version this setting took place after -# FW_SERVICES_ACCEPT_*, not it takes precedence. +# FW_SERVICES_ACCEPT_*, now it takes precedence. # FW_SERVICES_DROP_EXT= @@ -411,7 +411,7 @@ # details. # # Note: In older SuSEfirewall2 version this setting took place after -# FW_SERVICES_ACCEPT_*, not it takes precedence. +# FW_SERVICES_ACCEPT_*, now it takes precedence. # FW_SERVICES_REJECT_EXT= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.277/SuSEfirewall2_setup new/SuSEfirewall2-3.6.280/SuSEfirewall2_setup --- old/SuSEfirewall2-3.6.277/SuSEfirewall2_setup 2011-09-06 11:33:05.0 +0200 +++ new/SuSEfirewall2-3.6.280/SuSEfirewall2_setup 2011-10-14 11:45:56.0 +0200 @@ -36,14 +36,16 @@ rc_status -v ;; stop) + called_manually='' if [ -e /sys/fs/cgroup/systemd ]; then - # when using systemd we don't know whether we are - # called due to shutdown of the machine. So we can't - # unload rules here. Call /sbin/SuSEfirewall2 - # directly instead to unload rules. - echo -n Not unloading firewall rules when using systemd - rc_status -s + # XXX: find a better way to check whether shutdown is in progress + if ! systemctl --no-pager --full --all list-units | grep -q 'basic\.target.*active.*stop'; then + called_manually=yes + fi elif [ -z $REDIRECT ]; then + called_manually=yes + fi + if [ $called_manually = yes ]; then echo -n Unloading firewall rules $SUSEFWALL -q stop rc_status -v continue with q... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at Mon Sep 19 15:30:41 CEST 2011. --- SuSEfirewall2/SuSEfirewall2.changes 2011-09-07 13:41:09.0 +0200 +++ /mounts/work_src_done/STABLE/SuSEfirewall2/SuSEfirewall2.changes 2011-09-17 12:25:41.0 +0200 @@ -1,0 +2,5 @@ +Sat Sep 17 10:25:23 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections from specfile + +--- calling whatdependson for head-i586 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.7Zmu0P/_old 2011-09-19 15:30:37.0 +0200 +++ /var/tmp/diff_new_pack.7Zmu0P/_new 2011-09-19 15:30:37.0 +0200 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild # icecream 0 @@ -40,13 +39,6 @@ SuSEfirewall2 uses the iptables/netfilter packet filtering infrastructure to create a flexible rule set for a stateful firewall. - - -Authors: - -Ludwig Nussel ludwig.nus...@suse.de -Marc Heuse - %prep %setup # please send patches to lnussel for inclusion in git first @@ -116,7 +108,4 @@ # exit 0 -%clean -rm -rf %{buildroot} - %changelog Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit SuSEfirewall2 for openSUSE:Factory
Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at Wed Sep 7 18:00:47 CEST 2011. --- SuSEfirewall2/SuSEfirewall2.changes 2011-02-01 14:17:18.0 +0100 +++ /mounts/work_src_done/STABLE/SuSEfirewall2/SuSEfirewall2.changes 2011-09-07 13:41:09.0 +0200 @@ -1,0 +2,16 @@ +Wed Sep 7 11:38:14 UTC 2011 - lnus...@suse.de + +- sanitize FW_ZONE_DEFAULT (bnc#716013) +- add warning about iptables-batch to SuSEfirewall2-custom +- fix warning about /proc/net/ip_tables_names not readable +- don't install input rules for interfaces in default zone +- Add hook fw_custom_after_finished +- update FAQ (bnc#694464) +- clean up overrides when stopping the firewall (bnc#630961) +- change default FW_LOG_ACCEPT_CRIT to no +- allow redir without port specification +- make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997) +- fix zonein and zoneout parameters +- fix reverse direction of forwarding rules (bnc#679192) + +--- calling whatdependson for head-i586 Old: SuSEfirewall2-3.6.261.tar.bz2 New: SuSEfirewall2-3.6.277.tar.bz2 Other differences: -- ++ SuSEfirewall2.spec ++ --- /var/tmp/diff_new_pack.NTJJNy/_old 2011-09-07 18:00:31.0 +0200 +++ /var/tmp/diff_new_pack.NTJJNy/_new 2011-09-07 18:00:31.0 +0200 @@ -20,7 +20,7 @@ Name: SuSEfirewall2 -Version:3.6.261 +Version:3.6.277 Release:1 License:GPLv2+ Group: Productivity/Networking/Security ++ SuSEfirewall2-3.6.261.tar.bz2 - SuSEfirewall2-3.6.277.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.261/SuSEfirewall2 new/SuSEfirewall2-3.6.277/SuSEfirewall2 --- old/SuSEfirewall2-3.6.261/SuSEfirewall2 2011-02-01 14:16:22.0 +0100 +++ new/SuSEfirewall2-3.6.277/SuSEfirewall2 2011-09-06 11:33:05.0 +0200 @@ -443,7 +443,7 @@ if [ $FW_LOG_ACCEPT_ALL != yes ]; then LAA=: - if [ $FW_LOG_ACCEPT_CRIT = no ]; then + if [ $FW_LOG_ACCEPT_CRIT != yes ]; then LAC=: LAAC=: fi @@ -546,7 +546,13 @@ $IPTABLES -P OUTPUT $policy_output $IPTABLES -P FORWARD $policy_forward # yes we need cat for /proc -for i in `sort /proc/net/ip_tables_names`; do +local names +if [ -r /proc/net/ip_tables_names ]; then + names=`sort /proc/net/ip_tables_names` +else + names=filter nat raw +fi +for i in $names; do $IPTABLES -t $i -F $IPTABLES -t $i -X done @@ -554,7 +560,12 @@ $IP6TABLES -P INPUT $policy_input $IP6TABLES -P OUTPUT $policy_output $IP6TABLES -P FORWARD $policy_forward - for i in `sort /proc/net/ip6_tables_names`; do + if [ -r /proc/net/ip6_tables_names ]; then + names=`sort /proc/net/ip6_tables_names` + else + names=filter nat raw + fi + for i in $names; do $IP6TABLES -t $i -F $IP6TABLES -t $i -X done @@ -840,6 +851,7 @@ fw_custom_before_port_handling() { true; } fw_custom_before_masq() { true; } fw_custom_before_denyall() { true; } +fw_custom_after_finished() { true; } evaluateinterfaces() { @@ -950,8 +962,8 @@ error invalid zone '$z' specified for interface '$d' fi elif [ -n $FW_ZONE_DEFAULT -a $FW_ZONE_DEFAULT != 'no' ]; then - message using default zone '$FW_ZONE_DEFAULT' for interface $d - z=$FW_ZONE_DEFAULT + z=${FW_ZONE_DEFAULT//[^A-Za-z0-9]/_} + message using default zone '$z' for interface $d eval FW_DEV_$z=\\$FW_DEV_$z \$d\ # fix vim syntax eval iface_$d=$z @@ -1204,7 +1216,7 @@ for iptables in $IPTABLES $IP6TABLES; do $iptables -N $chain for dev in $devs; do - $iptables -A $chain -j $target -i $dev + $iptables -A $chain -j $target -${dir:0:1} $dev done done eval ${chain}_created=1 @@ -1406,6 +1418,10 @@ # already have rules for that continue fi + if [ -n $FW_ZONE_DEFAULT -a $FW_ZONE_DEFAULT = $zone ]; then + # default rule will catch it + continue + fi eval devs=\$FW_DEV_$zone for dev in $devs; do $iptables -A INPUT -j input_$zone -i $dev @@ -1871,15 +1887,21 @@ if [ -n $6 ]; then error Too many arguments in FW_REDIRECT - $nets - elif [ -z $net1 -o -z $net2 -o -z $proto -o -z $port1 -o -z $port2 ]; then + elif [ -z $net1 -o -z $net2 -o -z $proto ]; then error Missing parameter in FW_REDIRECT - $nets elif [ $proto != tcp -a $proto != udp ];