Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:12.1:Update:Test checked in at 2011-12-01 15:44:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/SuSEfirewall2 (Old) and /work/SRC/openSUSE:12.1:Update:Test/.SuSEfirewall2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "SuSEfirewall2", Maintainer is "lnussel@suse.com" Changes: -------- New Changes file: --- /dev/null 2010-08-26 16:28:41.000000000 +0200 +++ /work/SRC/openSUSE:12.1:Update:Test/.SuSEfirewall2.new/SuSEfirewall2.changes 2011-12-01 15:44:55.000000000 +0100 @@ -0,0 +1,1180 @@ +------------------------------------------------------------------- +Mon Nov 7 10:56:04 UTC 2011 - lnussel@suse.de + +- use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438) + +------------------------------------------------------------------- +Wed Nov 2 15:27:04 UTC 2011 - lnussel@suse.de + +- set SYSTEMD_NO_WRAP for status (bnc#727445) + +------------------------------------------------------------------- +Fri Oct 14 09:46:33 UTC 2011 - lnussel@suse.de + +- fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583) + +------------------------------------------------------------------- +Tue Oct 4 14:53:13 UTC 2011 - lnussel@suse.de + +- fix typo (bnc#721845) +- atomic zone status writing + +------------------------------------------------------------------- +Sat Sep 17 10:25:23 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Wed Sep 7 11:38:14 UTC 2011 - lnussel@suse.de + +- sanitize FW_ZONE_DEFAULT (bnc#716013) +- add warning about iptables-batch to SuSEfirewall2-custom +- fix warning about /proc/net/ip_tables_names not readable +- don't install input rules for interfaces in default zone +- Add hook fw_custom_after_finished +- update FAQ (bnc#694464) +- clean up overrides when stopping the firewall (bnc#630961) +- change default FW_LOG_ACCEPT_CRIT to "no" +- allow redir without port specification +- make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997) +- fix zonein and zoneout parameters +- fix reverse direction of forwarding rules (bnc#679192) + +------------------------------------------------------------------- +Tue Feb 1 13:16:53 UTC 2011 - lnussel@suse.de + +- introduce rpcusers file to allow statd to run as non-root + (bnc#668553) + +------------------------------------------------------------------- +Wed Jan 19 14:04:48 UTC 2011 - lnussel@suse.de + +- add zonein and zoneout parameters for FW_FORWARD +- fix typos + +------------------------------------------------------------------- +Mon Jan 10 13:15:05 UTC 2011 - lnussel@suse.de + +- don't start in runlevel 4 by default (bnc#656520) +- cut off long zone names (bnc#644527) +- fix and enhance output of log command (bnc#663262) + +------------------------------------------------------------------- +Thu Dec 2 13:33:59 UTC 2010 - lnussel@suse.de + +- don't unload rules when using systemd + +------------------------------------------------------------------- +Tue Nov 16 15:01:04 UTC 2010 - lnussel@suse.de + +- list some known rpc services as Should-Start +- don't filter outgoing packets at all +- fix an example (bnc#641907) +- fix status check in SuSEfirewall2_init (bnc#628751) + +------------------------------------------------------------------- +Mon Aug 16 07:32:31 UTC 2010 - lnussel@suse.de + +- don't use fillup anymore as it keeps corrupting the config file + (bnc#340926) + +------------------------------------------------------------------- +Tue Jun 29 12:20:30 UTC 2010 - lnussel@suse.de + +- remove "batch committing..." message +- read defaults from separate file +- warn if highports config options are set +- finally drop 'highports' misfeature +- remove kernel ipv6 module detection (bnc#617033) +- silence warning about default zone (bnc#616841) +- SuSEfirewall2-open: don't add values multiple times +- Use multiprotocol xt_conntrack + +------------------------------------------------------------------- +Mon May 31 08:11:54 UTC 2010 - lnussel@suse.de + +- only directories in /sys/class/net are real interfaces (bnc#609810) + +------------------------------------------------------------------- +Fri Mar 19 13:34:10 UTC 2010 - lnussel@suse.de + +- add entry about drbd to FAQ +- update docu +- implement FW_BOOT_FULL_INIT + +------------------------------------------------------------------- +Tue Feb 16 13:51:48 UTC 2010 - lnussel@suse.de + +- use new versioning scheme after switch of repo to git +- update and rebuild docu +- remove really old rc.config conversion code from spec file + +------------------------------------------------------------------- +Tue Sep 15 13:33:06 UTC 2009 - lnussel@suse.de + +- fix spelling error in sysconfig file (bnc#537427) +- polishing of log drop policy (bnc#538053) + * drop multicast packets silently + * separate drop rule for broadcast packets at end of chain + * only consider NEW udp packets as critical + * don't log INVALID packets as critical + +------------------------------------------------------------------- +Fri Aug 21 11:09:40 UTC 2009 - lnussel@suse.de + +- implement runtime override of interface zones +- allow disabling NOTRACK rules on lo (bnc#519526) + +------------------------------------------------------------------- +Fri Jul 17 10:04:48 UTC 2009 - lnussel@suse.de + +- remove chkconfig calls (bnc#522268) + +------------------------------------------------------------------- +Thu Jul 9 13:50:47 UTC 2009 - lnussel@suse.de + +- add note about use as bridging firewall +- allow to set FW_ZONE_DEFAULT via config file +- deprecate fw_custom_before_antispoofing and + fw_custom_after_antispoofing, use fw_custom_after_chain_creation + instead + +------------------------------------------------------------------- +Tue Jun 9 14:19:27 UTC 2009 - lnussel@suse.de + +- add note that ulog doesn't work with IPv6 (bnc#442756) +- fix version number in help text +- allow service files to specify kernel modules and allow related packets +- silence an error from bash if a service config file is not available (bnc#487870) +- better wording for BROADCAST in template +- update firewall hook script (patch by Marius) + +------------------------------------------------------------------- +Thu Nov 6 13:18:31 CET 2008 - lnussel@suse.de + +- check whether IPv6 support is available when stopping the firewall + (bnc#442118) +- point to correct path for service files (bnc#425187) + +------------------------------------------------------------------- +Wed Oct 15 15:50:36 CEST 2008 - lnussel@suse.de + +- check status of SuSEfirewall2 without triggering module load (bnc#435653) +- add missing iptables-batch commitpoint for IPv4 + +------------------------------------------------------------------- +Tue Sep 30 10:48:19 CEST 2008 - lnussel@suse.de + +- don't modify the ip local port range +- allow negated rules via ! in FW_FORWARD_MASQ (bnc#413046) +- explain some common pitfalls around FW_SERVICES_ACCEPT_EXT +- SuSEfirewall2_init: don't fail if /usr is not available (bnc#429899) + +------------------------------------------------------------------- +Tue Sep 2 11:22:53 CEST 2008 - lnussel@suse.de + +- fix "recent" match (bnc#421806) + +------------------------------------------------------------------- +Mon Aug 25 01:44:41 CEST 2008 - ro@suse.de + +- remove outdated start variables from fillup_and_insserv call + +------------------------------------------------------------------- +Thu Jul 31 19:21:51 CEST 2008 - werner@suse.de + +- Make boot script know about new upcoming startpar and insserv + +------------------------------------------------------------------- +Tue Jul 22 10:48:18 CEST 2008 - lnussel@suse.de + +- add NOTRACK/raw table support (fate#978788) + +------------------------------------------------------------------- +Mon Jul 14 09:32:40 CEST 2008 - lnussel@suse.de + +- use correct rules to accept RELATED icmpv6 packets (bnc#396667) + ++++ 983 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update:Test/.SuSEfirewall2.new/SuSEfirewall2.changes New: ---- SuSEfirewall2-3.6.282.tar.bz2 SuSEfirewall2.changes SuSEfirewall2.rpmlintrc SuSEfirewall2.spec _link ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ # # spec file for package SuSEfirewall2 # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # icecream 0 Name: SuSEfirewall2 Version: 3.6.282 Release: 1 License: GPLv2+ Group: Productivity/Networking/Security Url: http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem Requires: iptables coreutils perl sysconfig Summary: Stateful Packet Filter Using iptables and netfilter Source: SuSEfirewall2-%{version}.tar.bz2 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description SuSEfirewall2 implements a packet filter that protects hosts and routers by limiting which services or networks are accessible on the host or via the router. SuSEfirewall2 uses the iptables/netfilter packet filtering infrastructure to create a flexible rule set for a stateful firewall. %prep %setup # please send patches to lnussel for inclusion in git first # http://gitorious.org/opensuse/susefirewall2 %build %install make DESTDIR="%{buildroot}" install install_doc install -d -m 755 %{buildroot}/var/adm/fillup-templates/ install -m 644 SuSEfirewall2.sysconfig %{buildroot}/var/adm/fillup-templates/sysconfig.SuSEfirewall2 install -D -m 644 SuSEfirewall2.sysconfig %{buildroot}/etc/sysconfig/SuSEfirewall2 install -d -m 755 %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity install -m 644 doc/SuSEfirewall2-doc.desktop \ %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop # %files %defattr(-, root, root) %doc %{_docdir}/%{name} %doc %{_datadir}/susehelp %config(noreplace) /etc/sysconfig/scripts/SuSEfirewall2-custom %config(noreplace) /etc/sysconfig/SuSEfirewall2 %config /etc/init.d/SuSEfirewall2_init %config /etc/init.d/SuSEfirewall2_setup /etc/sysconfig/SuSEfirewall2.d/services/* /etc/sysconfig/scripts/SuSEfirewall2-rpcinfo /etc/sysconfig/scripts/SuSEfirewall2-showlog /etc/sysconfig/scripts/SuSEfirewall2-open /etc/sysconfig/scripts/SuSEfirewall2-batch /etc/sysconfig/scripts/SuSEfirewall2-qdisc /etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast /etc/sysconfig/network/scripts/SuSEfirewall2 /etc/sysconfig/network/scripts/firewall /etc/sysconfig/network/if-up.d/SuSEfirewall2 /sbin/rcSuSEfirewall2 /sbin/SuSEfirewall2 %dir /usr/share/SuSEfirewall2 %dir /usr/share/SuSEfirewall2/defaults /usr/share/SuSEfirewall2/defaults/50-default.cfg /usr/share/SuSEfirewall2/rpcusers /var/adm/fillup-templates/sysconfig.SuSEfirewall2 %postun %insserv_cleanup %post # SuSEfirewall2_init is no longer a boot.d script, need to remove # and add it again for i in etc/init.d/boot.d/S??SuSEfirewall2_init; do if [ -e "$i" ]; then /sbin/insserv -r -f SuSEfirewall2_init /sbin/insserv -f SuSEfirewall2_init break fi done if [ -e etc/sysconfig/SuSEfirewall2 ] \ && grep -q '^FW_MASQ_DEV="\$FW_DEV_EXT"$' etc/sysconfig/SuSEfirewall2; then sed 's/^FW_MASQ_DEV="\$FW_DEV_EXT"$/FW_MASQ_DEV="zone:ext"/' \ < etc/sysconfig/SuSEfirewall2 \ > etc/sysconfig/SuSEfirewall2.new \ && mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2 \ && echo "FW_MASQ_DEV converted" fi # %insserv_cleanup # exit 0 %changelog ++++++ SuSEfirewall2.rpmlintrc ++++++ # fillup is known to break SuSEfirewall's sysconfig file on many # systems as people tend to break up long lines into several ones. # This bug remains unfixed since years (bnc#340926). # So we have to avoid fillup and therefore break the SUSE policy setBadness("suse-filelist-forbidden-sysconfig", 0) ++++++ _link ++++++ <link project="openSUSE:12.1" package="SuSEfirewall2" baserev="1764d9131befb71b94e56acb1a95f001"> <patches> <branch/> </patches> </link> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org