Accepting request 709239 from home:mrostecki:branches:security:netfilter

- Update to version 0.6.4: * chore: update translations * treewide: fix over indentation (flake8 E117) * test: travis: add another test matrix for omitting ip6tables * chore: travis: split test matrix by keywords * chore: tests: add AT_KEYWORDS for firewall-offline-cmd * improvement: tests: Use AT_KEYWORDS for backends * fix: tests: guard occurrences of IPv6 * fix: tests/functions: ignore warnings about missing ip6tables * test: add macro IF_IPV6_SUPPORTED OBS-URL: https://build.opensuse.org/request/show/709239 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=94
2019-06-11 17:53:06 +00:00 · 2019-06-11 17:53:06 +00:00 · 0c8cbe2651
commit 0c8cbe2651
parent f00f72b181
8 changed files with 65 additions and 32 deletions
--- a/0001-firewall-backend-Switch-default-backend-to-iptables.patch
+++ b/0001-firewall-backend-Switch-default-backend-to-iptables.patch
@ -1,7 +1,7 @@
-From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001
+From 3456ecc2b0d52a5ed96a44c2013a29893b8f50f6 Mon Sep 17 00:00:00 2001
 From: Markos Chandras <mchandras@suse.de>
 Date: Mon, 13 Aug 2018 22:31:04 +0300
-Subject: [PATCH] firewall: backend: Switch default backend to 'iptables'
+Subject: [PATCH 1/2] firewall: backend: Switch default backend to 'iptables'

 Switch default backend to 'iptables'. Some packages (eg docker)
 are not able to work well with nftables right now, so lets stick
@ -9,6 +9,7 @@ with iptables as default backend.

 Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761
 Signed-off-by: Markos Chandras <mchandras@suse.de>
+Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
 ---
 config/firewalld.conf              | 6 +++---
 doc/xml/firewalld.conf.xml         | 4 ++--
@ -16,7 +17,7 @@ Signed-off-by: Markos Chandras <mchandras@suse.de>
 3 files changed, 6 insertions(+), 6 deletions(-)

 diff --git a/config/firewalld.conf b/config/firewalld.conf
-index b53c0aa5..e6afde19 100644
+index b53c0aa5..15ba6252 100644
 --- a/config/firewalld.conf
 +++ b/config/firewalld.conf
@@ -59,6 +59,6 @@ AutomaticHelpers=system
@ -27,7 +28,7 @@ index b53c0aa5..e6afde19 100644
 -#	- iptables (iptables, ip6tables, ebtables and ipset)
 -FirewallBackend=nftables
 +#	- nftables
-+#	- iptables (default)
+#	- iptables (iptables, ip6tables, ebtables and ipset) (default)
 +FirewallBackend=iptables
 diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
 index df4b9521..fee0d3ca 100644
@ -55,5 +56,5 @@ index 955be320..cff7c3fe 100644
 -FALLBACK_FIREWALL_BACKEND = "nftables"
 +FALLBACK_FIREWALL_BACKEND = "iptables"
 -- 
-2.16.4
+2.21.0

--- a/0002-Add-FlushAllOnReload-config-option.patch
+++ b/0002-Add-FlushAllOnReload-config-option.patch
@ -1,7 +1,7 @@
-From 9103e069cb2983dd814d99de04ca1f9a9d37117f Mon Sep 17 00:00:00 2001
+From cfb06d41caeea0c65c451b09be8e0aad067f2782 Mon Sep 17 00:00:00 2001
 From: Eric Garver <e@erig.me>
 Date: Tue, 16 Oct 2018 10:02:38 -0400
-Subject: [PATCH] Add "FlushAllOnReload" config option
+Subject: [PATCH 2/2] Add "FlushAllOnReload" config option

 Default value is "yes".

@ -13,12 +13,10 @@ behavior of retaining; interface to zone assignments, and direct rules.
 This also adjusts a few test cases that depend on the old
 FlushAllOnReload=no behavior.

-Fixes: suze bz #1109153
 Fixes: #409
-Closes: #408
 ---
- config/firewalld.conf                  |  8 +++
- doc/xml/firewalld.conf.xml             | 13 ++++
+ config/firewalld.conf                  |  7 ++
+ doc/xml/firewalld.conf.xml             | 12 ++++
 doc/xml/firewalld.dbus.xml             |  8 +++
 src/firewall/config/__init__.py.in     |  1 +
 src/firewall/core/fw.py                | 99 +++++++++++++++-----------
@ -28,29 +26,28 @@ Closes: #408
 src/tests/python/firewalld_direct.py   |  6 ++
 src/tests/python/firewalld_test.py     |  9 ++-
 src/tests/regression/rhbz1498923.at    |  4 ++
- 11 files changed, 133 insertions(+), 48 deletions(-)
+ 11 files changed, 131 insertions(+), 48 deletions(-)

 diff --git a/config/firewalld.conf b/config/firewalld.conf
-index e6afde19..bc6a8860 100644
+index 15ba6252..a718d68a 100644
 --- a/config/firewalld.conf
 +++ b/config/firewalld.conf
-@@ -62,3 +62,11 @@ AutomaticHelpers=system
+@@ -62,3 +62,10 @@ AutomaticHelpers=system
 #	- nftables
- #	- iptables (default)
+ #	- iptables (iptables, ip6tables, ebtables and ipset) (default)
 FirewallBackend=iptables
 +
 +# FlushAllOnReload
 +# Flush all runtime rules on a reload. In previous releases some runtime
 +# configuration was retained during a reload, namely; interface to zone
-+# assignment, and direct rules. This was confusing to users. To get the old
-+# behavior set this to "no".
+# assignment, and direct rules. This was confusing to users.
 +# Default: yes
 +FlushAllOnReload=yes
 diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
-index fee0d3ca..f9e02b08 100644
+index fee0d3ca..7f353aed 100644
 --- a/doc/xml/firewalld.conf.xml
 +++ b/doc/xml/firewalld.conf.xml
-@@ -158,6 +158,19 @@
+@@ -158,6 +158,18 @@
 	        </listitem>
         </varlistentry>
 
@ -61,8 +58,7 @@ index fee0d3ca..f9e02b08 100644
 +                Flush all runtime rules on a reload. In previous releases some
 +                runtime configuration was retained during a reload, namely;
 +                interface to zone assignment, and direct rules. This was
-+                confusing to users. To get the old behavior set this to "no".
-+                Defaults to "yes".
+                confusing to users.
 +                </para>
 +            </listitem>
 +        </varlistentry>
@ -99,7 +95,7 @@ index cff7c3fe..e9595e4c 100644
 FALLBACK_FIREWALL_BACKEND = "iptables"
 +FALLBACK_FLUSH_ALL_ON_RELOAD = True
 diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
-index 9be13a5c..7e6255f7 100644
+index f3ef69e9..b8a93ae0 100644
 --- a/src/firewall/core/fw.py
 +++ b/src/firewall/core/fw.py
@@ -113,6 +113,7 @@ class Firewall(object):
@ -126,7 +122,7 @@ index 9be13a5c..7e6255f7 100644
         self.config.set_firewalld_conf(copy.deepcopy(self._firewalld_conf))
 
         self._select_firewall_backend(self._firewall_backend)
-@@ -963,13 +973,17 @@ class Firewall(object):
+@@ -962,13 +972,17 @@ class Firewall(object):
     def reload(self, stop=False):
         _panic = self._panic
 
@ -149,9 +145,9 @@ index 9be13a5c..7e6255f7 100644
 +            _direct_config = self.direct.get_runtime_config()
 +            _old_dz = self.get_default_zone()
 
-         # stop
-         self.cleanup()
-@@ -984,41 +998,42 @@ class Firewall(object):
+         self.set_policy("DROP")
+ 
+@@ -983,41 +997,42 @@ class Firewall(object):
             # etc. We'll re-raise it at the end.
             start_exception = e
 
@ -423,5 +419,5 @@ index 9b686781..ed1022fb 100644
 FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag])
 
 -- 
-2.20.1
+2.21.0

--- a/17
+++ b/17
@ -0,0 +1,17 @@
+<services>
+  <service mode="disabled" name="obs_scm">
+    <param name="url">https://github.com/firewalld/firewalld</param>
+    <param name="scm">git</param>
+    <param name="filename">firewalld</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="revision">v0.6.4</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="recompress">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+  <service mode="buildtime" name="set_version" />
+</services>
--- a/firewalld-0.6.3.tar.gz
+++ b/firewalld-0.6.3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:039ad56ea6d6553aadf33243ea5b39802d73519e46a89c80c648b2bd1ec78aeb
-size 2294470
--- a/firewalld-0.6.4.obscpio
+++ b/firewalld-0.6.4.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eb388be03b6d924cd5318179fb056f92c5b837c44fadcd764ccf9f628f829dee
+size 8130061
--- a/firewalld.changes
+++ b/firewalld.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Jun 11 16:27:57 UTC 2019 - mrostecki@opensuse.org
+
+- Update to version 0.6.4:
+  * chore: update translations
+  * treewide: fix over indentation (flake8 E117)
+  * test: travis: add another test matrix for omitting ip6tables
+  * chore: travis: split test matrix by keywords
+  * chore: tests: add AT_KEYWORDS for firewall-offline-cmd
+  * improvement: tests: Use AT_KEYWORDS for backends
+  * fix: tests: guard occurrences of IPv6
+  * fix: tests/functions: ignore warnings about missing ip6tables
+  * test: add macro IF_IPV6_SUPPORTED
+
 -------------------------------------------------------------------
 Wed May  8 09:39:08 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/firewalld.obsinfo
+++ b/firewalld.obsinfo
@ -0,0 +1,5 @@
+name: firewalld
+version: 0.6.4
+mtime: 1558120853
+commit: ec8deda2faef87e1565ec3cc42ca99ca595c1031
+
--- a/firewalld.spec
+++ b/firewalld.spec
@ -21,13 +21,13 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           firewalld
-Version:        0.6.3
+Version:        0.6.4
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
-Source:         https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source:         %{name}-%{version}.tar.xz
 # PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
 Patch0:         0001-firewall-backend-Switch-default-backend-to-iptables.patch
 # PATCH-FIX-SUSE: 0002-Add-FlushAllOnReload-config-option.patch (bsc#1121277)