Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at Fri Jan 14 03:33:53 CET 2011. -------- --- SuSEfirewall2/SuSEfirewall2.changes 2010-12-02 14:35:58.000000000 +0100 +++ SuSEfirewall2/SuSEfirewall2.changes 2011-01-10 14:15:55.000000000 +0100 @@ -1,0 +2,7 @@ +Mon Jan 10 13:15:05 UTC 2011 - lnussel@suse.de + +- don't start in runlevel 4 by default (bnc#656520) +- cut off long zone names (bnc#644527) +- fix and enhance output of log command (bnc#663262) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- SuSEfirewall2-3.6.254.tar.bz2 New: ---- SuSEfirewall2-3.6.257.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.HxzOxp/_old 2011-01-14 03:33:16.000000000 +0100 +++ /var/tmp/diff_new_pack.HxzOxp/_new 2011-01-14 03:33:16.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package SuSEfirewall2 (Version 3.6.254) +# spec file for package SuSEfirewall2 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Name: SuSEfirewall2 -Version: 3.6.254 +Version: 3.6.257 Release: 1 License: GPLv2+ Group: Productivity/Networking/Security ++++++ SuSEfirewall2-3.6.254.tar.bz2 -> SuSEfirewall2-3.6.257.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.254/SuSEfirewall2 new/SuSEfirewall2-3.6.257/SuSEfirewall2 --- old/SuSEfirewall2-3.6.254/SuSEfirewall2 2010-12-02 14:32:47.000000000 +0100 +++ new/SuSEfirewall2-3.6.257/SuSEfirewall2 2011-01-10 14:14:08.000000000 +0100 @@ -581,15 +581,14 @@ function rulelog() { - rule=$1 - case $rule in - input_*) - echo IN${rule#input_} - ;; - forward_*) - echo FWD${rule#forward_} - ;; - esac + local chain="$1" + if [ "$chain" != "${chain#input_}" ]; then + chain="IN${chain#input_}" + else + chain="FWD${chain#forward_}" + fi + # cut off too long strings (bnc#644527) + echo "${chain:0:11}" } @@ -1514,7 +1513,7 @@ if [ "$FW_ALLOW_FW_SOURCEQUENCH" != "no" ]; then for chain in $input_zones; do chain=input_$chain - $LAA $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-SOURCEQUENCH " -p icmp --icmp-type source-quench + $LAA $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-SQUENCH " -p icmp --icmp-type source-quench $IPTABLES -A $chain -j "$ACCEPT" -p icmp --icmp-type source-quench done fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.254/SuSEfirewall2-showlog new/SuSEfirewall2-3.6.257/SuSEfirewall2-showlog --- old/SuSEfirewall2-3.6.254/SuSEfirewall2-showlog 2010-12-02 14:32:47.000000000 +0100 +++ new/SuSEfirewall2-3.6.257/SuSEfirewall2-showlog 2011-01-10 14:14:08.000000000 +0100 @@ -57,22 +57,29 @@ my $hostname = hostname; -my ($sflog,$src,$dst,$spt,$dpt,$interface,$proto); +my ($dir, $zone, $sflog,$src,$dst,$spt,$dpt,$interface,$proto); format STDOUT = -@<<<<<<<<<<<<<<< @<<<<<< @>>>>>>>>>>>>>>>>>>>>>>>>>>>@<<<<< @|||||| @>>>>>>>>>>>>>>>>>>>>>>>>>>>@<<<<< -$sflog, $proto, $src, $spt, $interface, $dst,$dpt +@< @<<<< @<<<<<<<<< @<<<<<< @>>>>>>>>>>>>>>>>>>>>>>>>>>>@<<<<< @|||||| @>>>>>>>>>>>>>>>>>>>>>>>>>>>@<<<<< +$dir, $zone, $sflog, $proto, $src, $spt, $interface, $dst,$dpt . while(<>) { - next unless /^.*$hostname kernel: SFW2/; + next unless s/^.*$hostname kernel: (?:\[.*\] )?//; chomp; - s/^.*$hostname kernel: //; s/OPT \((.*)\)/OPT=$1/; my @arr = split(/ /); - $sflog = shift @arr; - $sflog =~ s/^SFW2-//; + if ($arr[0] =~ s/^SFW2-//) { + $sflog = shift @arr; + if ($sflog =~ /(IN|OUT)([^-]*)-(.*)/) { + $dir = ($1 eq 'IN')?'i':(($1 eq 'OUT')?'o':'?'); + $zone = $2; + $sflog = $3; + } + } else { + $sflog = $dir = '?'; + } my %tags = map { my @a = split(/=/,$_,2); $a[0] => $a[1]; } @arr; @@ -99,8 +106,8 @@ $spt = ' '.$tags{TYPE} if ($proto =~ /ICMP.*/); - $src =~ s/(.*):.*:.*:.*:(.*:.*:.*:.*)/$1...$2/; - $dst =~ s/(.*):.*:.*:.*:(.*:.*:.*:.*)/$1...$2/; + $src =~ s/:(0000:)+/::/; + $dst =~ s/:(0000:)+/::/; write; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.254/SuSEfirewall2_init new/SuSEfirewall2-3.6.257/SuSEfirewall2_init --- old/SuSEfirewall2-3.6.254/SuSEfirewall2_init 2010-12-02 14:32:47.000000000 +0100 +++ new/SuSEfirewall2-3.6.257/SuSEfirewall2_init 2011-01-10 14:14:08.000000000 +0100 @@ -12,7 +12,7 @@ # Provides: SuSEfirewall2_init # Required-Start: $local_fs # Required-Stop: $local_fs -# Default-Start: 3 4 5 +# Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: SuSEfirewall2 phase 1 # Description: SuSEfirewall2_init does some basic setup and is the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.254/SuSEfirewall2_setup new/SuSEfirewall2-3.6.257/SuSEfirewall2_setup --- old/SuSEfirewall2-3.6.254/SuSEfirewall2_setup 2010-12-02 14:32:47.000000000 +0100 +++ new/SuSEfirewall2-3.6.257/SuSEfirewall2_setup 2011-01-10 14:14:08.000000000 +0100 @@ -14,7 +14,7 @@ # Should-Start: $ALL network-remotefs ypbind nfs nfsserver rpcbind # Required-Stop: $remote_fs # Should-Stop: $null -# Default-Start: 3 4 5 +# Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: SuSEfirewall2 phase 2 # Description: SuSEfirewall2_setup does some basic setup and is the ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org