From root@hilbert.suse.de Wed Aug 20 08:51:53 2014 From: root@hilbert.suse.de To: commit@lists.opensuse.org Subject: commit SuSEfirewall2 for openSUSE:Factory Date: Wed, 20 Aug 2014 10:51:51 +0200 Message-ID: <20140820085151.CA5F4AE050@hilbert.suse.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1096354490834222747==" --===============1096354490834222747== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory= checked in at 2014-08-20 10:51:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "SuSEfirewall2" Changes: -------- --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2014-07-31= 21:50:03.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2014-= 08-20 10:51:50.000000000 +0200 @@ -1,0 +2,12 @@ +Mon Aug 18 08:17:30 UTC 2014 - lnussel(a)suse.de + +- perl-Net-DNS is only needed by some ancillary helper tool but not for the + core features. So set it to Recommended. + +------------------------------------------------------------------- +Fri Aug 15 16:02:46 UTC 2014 - meissner(a)suse.com + +- hosting moved to github.com/opensuse/susefirewall2 +- added a sysvinit -> systemd conversion hack (bnc#891669) + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.6.310.tar.bz2 New: ---- SuSEfirewall2-3.6.312.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.Yp5dvk/_old 2014-08-20 10:51:51.000000000 +0200 +++ /var/tmp/diff_new_pack.Yp5dvk/_new 2014-08-20 10:51:51.000000000 +0200 @@ -18,14 +18,14 @@ =20 =20 Name: SuSEfirewall2 -Version: 3.6.310 +Version: 3.6.312 Release: 0 Url: http://en.opensuse.org/SuSEfirewall2 PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils = grep filesystem Requires: coreutils Requires: iptables Requires: perl -Requires: perl-Net-DNS +Recommends: perl-Net-DNS Requires: sysconfig Summary: Stateful Packet Filter Using iptables and netfilter License: GPL-2.0 @@ -96,6 +96,17 @@ =20 %pre %service_add_pre SuSEfirewall2.service +# Upgrade case means more than 1 package in system, so probably 2 +# if we still have the LSB init script, save its state, remove _setup +# and store it in the database. +if [ $FIRST_ARG -gt 1 ]; then = =20 + if test -e /etc/init.d/SuSEfirewall2_setup ; then + if test ! -e /var/lib/systemd/migrated/SuSEfirewall2 ; then + /usr/sbin/systemd-sysv-convert --save SuSEfirewall2_setup + sed -i -e 's/SuSEfirewall2_setup/SuSEfirewall2/' /var/lib/systemd/sysv-co= nvert/database + fi + fi +fi =20 %post %service_add_post SuSEfirewall2.service ++++++ SuSEfirewall2-3.6.310.tar.bz2 -> SuSEfirewall2-3.6.312.tar.bz2 ++++++ diff -urN '--exclude=3DCVS' '--exclude=3D.cvsignore' '--exclude=3D.svn' '--ex= clude=3D.svnignore' old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.html n= ew/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.html --- old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.html 2014-07-31 10:50:= 49.000000000 +0200 +++ new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.html 2014-08-15 18:02:= 23.000000000 +0200 @@ -1,6 +1,5 @@ - -SuSEfirewall2</title= ><link rel=3D"stylesheet" href=3D"susebooks.css" type=3D"text/css" /><meta na= me=3D"generator" content=3D"DocBook XSL Stylesheets V1.75.2" /></head><body><= div class=3D"article" title=3D"SuSEfirewall2"><div class=3D"titlepage"><div><= div><h2 class=3D"title"><a id=3D"id301523"></a>SuSEfirewall2</h2></div></div>= <hr /></div><div class=3D"toc"><p><b>Table of Contents</b></p><dl><dt><span c= lass=3D"section"><a href=3D"#id301537">1. Introduction</a></span></dt><dt><sp= an class=3D"section"><a href=3D"#id265879">2. Quickstart</a></span></dt><dd><= dl><dt><span class=3D"section"><a href=3D"#id265884">2.1. YaST2 firewall modu= le</a></span></dt><dt><span class=3D"section"><a href=3D"#id265896">2.2. Manu= al configuration</a></span></dt></dl></dd><dt><span class=3D"section"><a href= =3D"#id283926">3. Some words about security</a></span></dt><dt><span class=3D= "section"><a href=3D"#id265245">4. Source Code</a></span></dt><dt><span class= =3D"section"><a href=3D"#id265261">5. Reporting bugs</a></span></dt><dt><span= class=3D"section"><a href=3D"#id265283">6. Links</a></span></dt><dt><span cl= ass=3D"section"><a href=3D"#id265307">7. Author</a></span></dt></dl></div><di= v class=3D"section" title=3D"1. Introduction"><div class=3D"titlepage"><= div><div><h2 class=3D"title" style=3D"clear: both"><a id=3D"id301537"></a>1.= =C2=A0Introduction</h2></div></div></div><p> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w= 3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns=3D"http://www.w3.org= /1999/xhtml"><head><meta http-equiv=3D"Content-Type" content=3D"text/html; ch= arset=3DUTF-8" /><title>SuSEfirewall2

SuSEfirewall2

Tabl= e of Contents

1. Introduction
2. Quickstart
2.1. YaST2 firew= all module
2.2. Manual configuration
3. Some words about security=
4. So= urce Code
5. Reporting bugs
6. Links
= 7. Author

1.=C2=A0Introduction

=20 SuSEfirewall2 is a shell script wrapper= for the Linux firewall setup tool (iptables). It's co= ntrolled by a @@ -10,17 +9,17 @@ =20 Main features of SuSEfirewall2: =20 -

2.=C2=A0Quickstart

=

2.1.=C2=A0YaST2 firewall module

+

2.=C2= =A0Quickstart

2.1.=C2= =A0YaST2 firewall module

=20 The YaST2 firewall module is the recommended tool for configuring SuSEfirewall2. It offers the most common features with a nice user interface and help texts. It also takes care of proper activation of the init scripts. =20 -

2.2.=C2=A0Manual configuration

+

2.2.=C2=A0Manual configura= tion

=20 Enable the SuSEfirewall2 boot scripts: =20 @@ -38,7 +37,7 @@ EXAMPLES file in /usr/share/doc/packages/SuSEfirewall2 =20 -

3.=C2=A0Some words about security

+

=20 SuSEfirewall2 is a frontend for iptables which sets up kernel packet filters, nothing more and nothing less. This means that you are not @@ -46,7 +45,7 @@ To minimize security risks on a networked system obey the following rules: =20 -

4.=C2=A0Source Code

+

4.=C2= =A0Source Code

=20 Source code is available at=20 - Gitorious + Github =20 -

5.=C2=A0Reporting bugs

+

5.=C2= =A0Reporting bugs

=20 Report any problems via Bugzilla. For discussion about SuSEfirewall2 join the opensuse-se= curity mailinglist. =20 -

6.=C2=A0Links

+

6.=C2= =A0Links

Examples

Frequently Asked = Questions -

7.=C2=A0Author

+

7.=C2= =A0Author

=20 SuSEfirewall2 was originally created by Marc Heuse. @@ -101,4 +100,4 @@ Ludwig Nussel =20 -

+

\ No newline at end of file diff -urN '--exclude=3DCVS' '--exclude=3D.cvsignore' '--exclude=3D.svn' '--ex= clude=3D.svnignore' old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.txt ne= w/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.txt --- old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.txt 2014-07-31 10:50:4= 9.000000000 +0200 +++ new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.txt 2014-08-15 18:02:2= 3.000000000 +0200 @@ -23,27 +23,27 @@ =20 Main features of SuSEfirewall2: =20 - =E2=97=8F sets up secure filter rules by default + =E2=80=A2 sets up secure filter rules by default =20 - =E2=97=8F easy to configure + =E2=80=A2 easy to configure =20 - =E2=97=8F requires only a small configuration effort + =E2=80=A2 requires only a small configuration effort =20 - =E2=97=8F zone based setup. Interfaces are grouped into zones + =E2=80=A2 zone based setup. Interfaces are grouped into zones =20 - =E2=97=8F supports an arbitrary number of zones + =E2=80=A2 supports an arbitrary number of zones =20 - =E2=97=8F supports forwarding, masquerading, port redirection + =E2=80=A2 supports forwarding, masquerading, port redirection =20 - =E2=97=8F supports RPC services with dynamically assigned ports + =E2=80=A2 supports RPC services with dynamically assigned ports =20 - =E2=97=8F allows special treatment of IPsec packets + =E2=80=A2 allows special treatment of IPsec packets =20 - =E2=97=8F IPv6 support + =E2=80=A2 IPv6 support =20 - =E2=97=8F allows insertion of custom rules through hooks + =E2=80=A2 allows insertion of custom rules through hooks =20 - =E2=97=8F graphical zone switcher applet for desktop use + =E2=80=A2 graphical zone switcher applet for desktop use =20 2.=C2=A0Quickstart =20 @@ -74,36 +74,36 @@ protected from all security hazards by using SuSEfirewall2. To minimize security risks on a networked system obey the following rules: =20 - =E2=97=8F Run only those services you actually need. Think twice before op= ening them + =E2=80=A2 Run only those services you actually need. Think twice before op= ening them to the internet. =20 - =E2=97=8F Use only software which has been designed with security in mind = (like + =E2=80=A2 Use only software which has been designed with security in mind = (like postfix, vsftpd, OpenSSH). =20 - =E2=97=8F Do not expose services that are designed for use in a LAN to the= internet + =E2=80=A2 Do not expose services that are designed for use in a LAN to the= internet (like e.g. samba, NFS, cups). =20 - =E2=97=8F Do not run untrusted software. (philosophical question, can you = trust SUSE + =E2=80=A2 Do not run untrusted software. (philosophical question, can you = trust SUSE or any other software distributor?) =20 - =E2=97=8F Run YaST Online Update on a regular basis or enable it's automat= ic mode to + =E2=80=A2 Run YaST Online Update on a regular basis or enable it's automat= ic mode to get the latest security fixes. =20 - =E2=97=8F Subscribe to the opensuse-security-announce mailinglist to keep = yourself + =E2=80=A2 Subscribe to the opensuse-security-announce mailinglist to keep = yourself informed about new and upcoming security issues. =20 - =E2=97=8F If you are using a server as a firewall/bastion host to the inte= rnet for an + =E2=80=A2 If you are using a server as a firewall/bastion host to the inte= rnet for an internal network, try to run proxy services for everything and disable routing on that machine. =20 - =E2=97=8F If you run DNS on the firewall: disable untrusted zone transfers= and either + =E2=80=A2 If you run DNS on the firewall: disable untrusted zone transfers= and either don't allow access to it from the internet or run it split-brained. =20 - =E2=97=8F Check your log files regularly for unusual entries. + =E2=80=A2 Check your log files regularly for unusual entries. =20 4.=C2=A0Source Code =20 -Source code is available at Gitorious +Source code is available at Github =20 5.=C2=A0Reporting bugs =20 diff -urN '--exclude=3DCVS' '--exclude=3D.cvsignore' '--exclude=3D.svn' '--ex= clude=3D.svnignore' old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.xml ne= w/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.xml --- old/SuSEfirewall2-3.6.310/doc/README.SuSEfirewall2.xml 2014-07-31 10:50:4= 9.000000000 +0200 +++ new/SuSEfirewall2-3.6.312/doc/README.SuSEfirewall2.xml 2014-08-15 18:02:2= 3.000000000 +0200 @@ -187,7 +187,7 @@ =20 Source code is available at=20 - Gitorious + Github =20 --=20 To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org --===============1096354490834222747==--