firewalld (0.4.0-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Any logged in user could modify passthrough rules
    and set ipset entries (LP: #1617617)
    - debian/patches/CVE-2016-5410.patch: Enforce appropriate PolicyKit
      authentication requirements, based on upstream 0.4.3.3 commit
    - CVE-2016-5410

 -- Lucas Kocia <lucas.kocia@gmail.com>  Wed, 25 Oct 2017 21:03:52 -0400

firewalld (0.4.0-1) unstable; urgency=medium

  * Team upload.
  [ Michael Biebl ]
  * Unbreak Vcs-Browser

  [ Laurent Bigonville ]
  * Imported Upstream version 0.4.0
  * d/p/01-no-sysconfig.patch: Refreshed
  * d/p/02-fix-changing-zone.patch, d/p/03_avoid-PyGIWarning.patch: Dropped,
    applied upstream.
  * d/firewall-applet.install: Install /etc/firewall/applet.conf
  * debian/control: Add ipset to the Recommends
  * debian/rules: Hardcode the paths to all the *config utilities
  * debian/control: firewalld now needs ebtables-restore which is only
    available starting version 2.0.10.4-3.1~

 -- Laurent Bigonville <bigon@debian.org>  Sun, 07 Feb 2016 22:41:33 +0100

firewalld (0.3.14.2-2) unstable; urgency=medium

  * Team upload.
  * Protect config files by making /etc/firewalld non-world readable
  * Switch to python3

 -- Laurent Bigonville <bigon@debian.org>  Fri, 20 Nov 2015 01:49:18 +0100

firewalld (0.3.14.2-1) unstable; urgency=medium

  * Team upload.
  * Imported Upstream version 0.3.14.2
  * Add dh-python to the build-dependencies
  * Split firewall-config out of the firewall-applet package
  * Update the Vcs-* URL's to please lintian
  * Fix PermissionDenied when trying to change the zone of a connection
    (Closes: #767888)
  * d/p/03_avoid-PyGIWarning.patch: avoid PyGIWarning seen with Gtk-3.17

 -- Laurent Bigonville <bigon@debian.org>  Sat, 17 Oct 2015 00:16:17 +0200

firewalld (0.3.13-1) unstable; urgency=medium

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Thu, 07 May 2015 00:20:34 +0200

firewalld (0.3.12-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 3.9.6. No further changes.

 -- Michael Biebl <biebl@debian.org>  Thu, 16 Oct 2014 06:22:54 +0200

firewalld (0.3.11-1) unstable; urgency=medium

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Thu, 21 Aug 2014 15:25:36 +0200

firewalld (0.3.10-1) unstable; urgency=medium

  * New upstream release.
  * Add Depends on policykit-1, access to the firewalld D-Bus interface is
    protected by PolicyKit.
  * Install AppData file.

 -- Michael Biebl <biebl@debian.org>  Sat, 31 May 2014 00:27:02 +0200

firewalld (0.3.9.3-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 3.9.5. No further changes.
  * Update copyright years.

 -- Michael Biebl <biebl@debian.org>  Sat, 15 Feb 2014 17:08:17 +0100

firewalld (0.3.7-1) unstable; urgency=low

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Thu, 17 Oct 2013 18:01:20 +0200

firewalld (0.3.6.2-1) unstable; urgency=low

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Fri, 04 Oct 2013 19:39:44 +0200

firewalld (0.3.6-1) unstable; urgency=low

  * New upstream release.
  * Remove debian/patches/02-IPv6-NAT-check.patch, merged upstream.

 -- Michael Biebl <biebl@debian.org>  Thu, 03 Oct 2013 00:58:11 +0200

firewalld (0.3.5-1) unstable; urgency=low

  * New upstream release.
  * Use dh-systemd to properly register the systemd service file.
    (Closes: #715250)
  * debian/patches/02-IPv6-NAT-check.patch: Don't use uname and a simple
    kernel version check to determine whether the kernel supports IPv6 NAT.
    This fails with the  Debian kernel versioning scheme and isn't a
    sufficient check anyway. Instead execute "ip6tables -t nat -L" and check
    the return code.
  * Install autostart file for firewall-applet.

 -- Michael Biebl <biebl@debian.org>  Tue, 01 Oct 2013 02:08:54 +0200

firewalld (0.3.4-1) unstable; urgency=low

  * New upstream release.
  * Add Build-Depends on xsltproc, docbook-xsl and docbook-xml for the man
    pages which are created from docbook sources now.

 -- Michael Biebl <biebl@debian.org>  Tue, 30 Jul 2013 21:50:44 +0200

firewalld (0.3.3-1) unstable; urgency=low

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Sat, 08 Jun 2013 01:41:11 +0200

firewalld (0.3.2-1) unstable; urgency=low

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Fri, 10 May 2013 20:42:49 +0200

firewalld (0.3.1-1) unstable; urgency=low

  * New upstream release.
  * Refresh 01-no-sysconfig.patch.
  * Install bash-completion for firewall-cmd.

 -- Michael Biebl <biebl@debian.org>  Thu, 28 Mar 2013 22:27:22 +0100

firewalld (0.3.0-1) unstable; urgency=low

  * New upstream release.
  * Update patches:
    - Refresh 01-no-sysconfig.patch.
    - Drop 02-don-t-keep-file-descriptors-open-when-forking.patch, merged
      upstream.

 -- Michael Biebl <biebl@debian.org>  Wed, 20 Mar 2013 19:39:29 +0100

firewalld (0.2.12-4) unstable; urgency=low

  * Add Depends on dbus. It's a required dependency and insserv will bail out
    if dbus is not installed. (Closes: #702047)

 -- Michael Biebl <biebl@debian.org>  Thu, 14 Mar 2013 18:53:03 +0100

firewalld (0.2.12-3) unstable; urgency=low

  * Add Depends on iptables.

 -- Michael Biebl <biebl@debian.org>  Sat, 09 Feb 2013 21:48:48 +0100

firewalld (0.2.12-2) unstable; urgency=low

  * Add SysV init script.
  * Don't keep file descriptors open when forking.

 -- Michael Biebl <biebl@debian.org>  Sat, 09 Feb 2013 15:33:08 +0100

firewalld (0.2.12-1) unstable; urgency=low

  * Initial release. (Closes: #700154)

 -- Michael Biebl <biebl@debian.org>  Sat, 09 Feb 2013 07:28:08 +0100
