9ea1208ce0
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/925376 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/ebtables?expand=0&rev=75
299 lines
11 KiB
Plaintext
299 lines
11 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Oct 15 07:30:28 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Added hardening to systemd service(s) (bsc#1181400). Modified:
|
|
* ebtables.service
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 20 18:06:09 UTC 2021 - Stefan Schubert <schubi@suse.de>
|
|
|
|
- Use libalternatives instead of update-alternatives.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 2 14:23:48 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Have the source .service file hold a placeholder for LIBEXECDIR,
|
|
which we replace during build/install phase, allowing the package
|
|
to be used no matter what value %{_libexecdir} has.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 1 12:11:49 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
|
|
|
|
- replace /usr/lib with /usr/libexec in .service files to follow
|
|
%_libexecdir macro changes
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 5 10:15:21 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Revert last /bin/bash -> /bin/sh change
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 29 14:05:24 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Use /bin/sh for ebtables.systemd
|
|
- Don't hard require systemd, we don't need that in a container
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 10 14:26:56 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
|
|
|
|
- rename /usr/lib/ebtables helper file to /usr/lib/ebtables-helper
|
|
otherwise it conflicts with /usr/lib/ebtables library directory
|
|
on 32-bit systems [bsc#1159769]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 10 14:12:00 UTC 2019 - Kristyna Streitova <kstreitova@suse.com>
|
|
|
|
- add ebtables.keyring as a Source
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 2 19:26:41 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Update to release 2.0.11
|
|
* Add --noflush command line support for ebtables-restore
|
|
* Do not print IPv6 mask if it is all ones
|
|
* Allow RETURN target rules in user defined chains
|
|
* ebt_ip: add support for matching ICMP type and code
|
|
* ebt_ip: add support for matching IGMP type
|
|
* extensions: Add string filter to ebtables
|
|
* Print IPv6 prefixes in CIDR notation
|
|
* extensions: Add AUDIT target
|
|
* Fix incorrect IPv6 prefix formatting
|
|
- Drop ebtables-v2.0.8-makefile.diff (no longer needed)
|
|
- Drop ebtables-v2.0.8-initscript.diff, include-linux-if.patch
|
|
(not applicable)
|
|
- Drop ebtables-v2.0.10-4-audit.patch,
|
|
0001-fix-compilation-warning.patch,
|
|
0001-Use-flock-for-concurrent-option.patch,
|
|
0002-Fix-locking-if-LOCKDIR-does-not-exist.patch (merged)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 10 11:30:50 UTC 2019 - Kristyna Streitova <kstreitova@suse.com>
|
|
|
|
- fix path (/sbin -> /usr/sbin) in ebtables.systemd [bsc#1140898]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 22 14:04:30 UTC 2019 - Michał Rostecki <mrostecki@opensuse.org>
|
|
|
|
- Add upstream patches which improve handling stale locks.
|
|
(boo#1126094)
|
|
* 0001-Use-flock-for-concurrent-option.patch
|
|
* 0002-Fix-locking-if-LOCKDIR-does-not-exist.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 24 10:20:05 UTC 2018 - jengelh@inai.de
|
|
|
|
- Move ebtables to ebtables-legacy and use update-alternatives to
|
|
offer a selection mechanism.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 15 13:30:35 UTC 2018 - kstreitova@suse.com
|
|
|
|
- fix ExecStart/ExecStop path in ebtables.service [bnc#1085228]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 12 10:08:51 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
- Fix ethertypes ownership, should be %exclude, not %ghost.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 16:22:33 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
- Resolve conflict with iptables-nft and obtain ethertypes from new netcfg
|
|
minor version. FATE#320520
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 23 13:37:47 UTC 2017 - rbrown@suse.com
|
|
|
|
- Replace references to /var/adm/fillup-templates with new
|
|
%_fillupdir macro (boo#1069468)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 23 15:14:46 UTC 2017 - kstreitova@suse.com
|
|
|
|
- cleanup with spec-cleaner
|
|
- get rid of %{name} macros in the patch names
|
|
- remove sysvinit support
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 6 10:43:55 UTC 2016 - p.drouand@gmail.com
|
|
|
|
- Add systemd support for openSUSE > 12.10
|
|
- Do not depend on fillup when building with sysvinit support; the
|
|
package doesn't provide any sysconfig file
|
|
- Change Requires(post) tag for Requires(pre); sysvinit must be
|
|
available before the package installation, according to the policy
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 26 12:13:47 UTC 2016 - kstreitova@suse.com
|
|
|
|
- add "Requires(post): %insserv_prereq %fillup_prereq" to fix
|
|
problem with missing sed during the installation [bnc#976919]
|
|
- remove non-break space from specfile
|
|
- use spec-cleaner to clean the specfile
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Aug 29 15:07:16 UTC 2015 - bwiedemann@suse.com
|
|
|
|
- fix compilation
|
|
add include-linux-if.patch 0001-fix-compilation-warning.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 16 11:19:33 UTC 2015 - kstreitova@suse.com
|
|
|
|
- add ebtables-v2.0.10-4-audit.patch needed for CC certification
|
|
[bnc#934680]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 13 18:52:25 UTC 2014 - dimstar@opensuse.org
|
|
|
|
- Also save include/linux/netfilter_bridge/ebt_ulog.h, as it no
|
|
longer exists in the mainline kernel.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 23 15:28:21 UTC 2014 - jengelh@inai.de
|
|
|
|
- Remove support for old distros from specfile
|
|
(prjconf can do substitutions instead)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 28 08:42:42 UTC 2014 - vcizek@suse.com
|
|
|
|
- add missing BuildRequires: sed (bnc#865848)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 19 10:08:54 UTC 2012 - jengelh@inai.de
|
|
|
|
- Have build succeed on non-SUSE
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 15 21:44:32 UTC 2011 - jengelh@medozas.de
|
|
|
|
- Update to new upstream release 2.0.10.4
|
|
* previous counter bug was still present and has been addressed now
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 4 16:27:22 UTC 2011 - jengelh@medozas.de
|
|
|
|
- Update to new upstream release 2.0.10.3
|
|
* fix a counter setting bug
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 11 23:23:35 UTC 2011 - jengelh@medozas.de
|
|
|
|
- Update to new upstream release 2.0.10.2
|
|
* minor compilation fixes: respect LDFLAGS in Makefiles
|
|
- Remove obsolete ebtables-typepuns.diff patch (fixed upstream)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 10 23:03:57 UTC 2011 - jengelh@medozas.de
|
|
|
|
- update to 2.0.10.1
|
|
* fix --among-dst-file, which translated to --among-src
|
|
* Makefile: respect LDFLAGS during ebtables build
|
|
* Makefile: create directories to avoid build failure when DESTDIR
|
|
is supplied
|
|
* incorporate fixes for possible issues found by Coverity analysis
|
|
* extend ebt_ip6 to allow matching on ipv6-icmp types/codes
|
|
* add --concurrent option, which enables using a file lock to
|
|
support concurrent scripts updating the ebtables kernel tables
|
|
- run spec-beautifier over specfile
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 6 11:18:31 UTC 2011 - puzel@novell.com
|
|
|
|
- update to 2.0.9-2
|
|
* fix unwanted zeroing of counters in the last user-defined chain
|
|
* fix hidden symbol compilation error when using ld directly
|
|
* fix return value checking of creat to give a correct error
|
|
message if the atomic file couldn't be created
|
|
* correct info in INSTALL about compilation of ulog
|
|
- use spec-cleaner
|
|
- update ebtables-v2.0.8-makefile.diff
|
|
- license is GPLv2, not GPLv2+
|
|
- package COPYING and ChangeLog files
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 31 12:34:34 UTC 2011 - lnussel@suse.de
|
|
|
|
- cleanup up initscript
|
|
* don't use /var/lock/subsys
|
|
* read /etc/sysconfig/ebtables for setting and restore state from
|
|
/etc/ebtables where the script actually saved the state to.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 18 07:09:55 UTC 2010 - coolo@novell.com
|
|
|
|
- use rc_status (uncredited change)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 25 23:19:23 CET 2010 - jengelh@medozas.de
|
|
|
|
- Switch to SUSE_ASNEEDED=0 to fix segmentation fault/NULL dereference
|
|
(caused by plugins not being loaded, due to them not being linked in)
|
|
[bnc#567267]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 6 13:52:39 CET 2010 - prusnak@suse.cz
|
|
|
|
- update to 2.0.9-1
|
|
* added ip6 module for filtering IPv6 traffic
|
|
* added --log-ip6 option for logging IPv6 traffic
|
|
* added nflog watcher for logging packets to userspace
|
|
* bugfix in ebtables.sysv
|
|
* bugfix for among match on x86-64
|
|
- fix scriptlets in spec
|
|
- fix init script
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Aug 30 21:21:06 CEST 2008 - cthiel@suse.de
|
|
|
|
- fix init script
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 24 18:55:52 CEST 2007 - ro@suse.de
|
|
|
|
- fix build (use gcc not ld directly)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 17 16:17:18 CEST 2007 - prusnak@suse.cz
|
|
|
|
- fixed specfile not to include debug files in normal package
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 12 16:13:57 CEST 2007 - prusnak@suse.cz
|
|
|
|
- update to 2.0.8-2
|
|
* add sysconfig support (ebtables-save, ebtables-restore, etc)
|
|
* add ulog watcher
|
|
* use shared libraries (making the code easily usable by third parties)
|
|
* improve speed
|
|
* bugfixes, dccp and sctp support
|
|
- dropped obsolete patches:
|
|
* gcc.diff (included in update)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 9 16:27:37 CEST 2007 - olh@suse.de
|
|
|
|
- remove private include/linux/ files
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:35:40 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 29 18:12:37 CEST 2005 - meissner@suse.de
|
|
|
|
- use RPM_OPT_FLAGS.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 21 16:05:31 CEST 2005 - postadal@suse.cz
|
|
|
|
- fixed for gcc 4.0
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 18 16:52:46 CEST 2004 - postadal@suse.cz
|
|
|
|
- new package v2.0.6
|
|
|