Accepting request 709239 from home:mrostecki:branches:security:netfilter

- Update to version 0.6.4:
  * chore: update translations
  * treewide: fix over indentation (flake8 E117)
  * test: travis: add another test matrix for omitting ip6tables
  * chore: travis: split test matrix by keywords
  * chore: tests: add AT_KEYWORDS for firewall-offline-cmd
  * improvement: tests: Use AT_KEYWORDS for backends
  * fix: tests: guard occurrences of IPv6
  * fix: tests/functions: ignore warnings about missing ip6tables
  * test: add macro IF_IPV6_SUPPORTED

OBS-URL: https://build.opensuse.org/request/show/709239
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=94

0001-firewall-backend-Switch-default-backend-to-iptables.patch

@@ -1,7 +1,7 @@
-From dbbf60a4bb0c7edc83cd8bae2177d96842ad9034 Mon Sep 17 00:00:00 2001
+From 3456ecc2b0d52a5ed96a44c2013a29893b8f50f6 Mon Sep 17 00:00:00 2001
 From: Markos Chandras <mchandras@suse.de>
 Date: Mon, 13 Aug 2018 22:31:04 +0300
-Subject: [PATCH] firewall: backend: Switch default backend to 'iptables'
+Subject: [PATCH 1/2] firewall: backend: Switch default backend to 'iptables'
 
 Switch default backend to 'iptables'. Some packages (eg docker)
 are not able to work well with nftables right now, so lets stick
@@ -9,6 +9,7 @@ with iptables as default backend.
 
 Link: https://bugzilla.suse.com/show_bug.cgi?id=1102761
 Signed-off-by: Markos Chandras <mchandras@suse.de>
+Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
 ---
  config/firewalld.conf              | 6 +++---
  doc/xml/firewalld.conf.xml         | 4 ++--
@@ -16,7 +17,7 @@ Signed-off-by: Markos Chandras <mchandras@suse.de>
  3 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/config/firewalld.conf b/config/firewalld.conf
-index b53c0aa5..e6afde19 100644
+index b53c0aa5..15ba6252 100644
 --- a/config/firewalld.conf
 +++ b/config/firewalld.conf
 @@ -59,6 +59,6 @@ AutomaticHelpers=system
@@ -27,7 +28,7 @@ index b53c0aa5..e6afde19 100644
 -#	- iptables (iptables, ip6tables, ebtables and ipset)
 -FirewallBackend=nftables
 +#	- nftables
-+#	- iptables (default)
++#	- iptables (iptables, ip6tables, ebtables and ipset) (default)
 +FirewallBackend=iptables
 diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
 index df4b9521..fee0d3ca 100644
@@ -55,5 +56,5 @@ index 955be320..cff7c3fe 100644
 -FALLBACK_FIREWALL_BACKEND = "nftables"
 +FALLBACK_FIREWALL_BACKEND = "iptables"
 -- 
-2.16.4
+2.21.0
 

0002-Add-FlushAllOnReload-config-option.patch

@@ -1,7 +1,7 @@
-From 9103e069cb2983dd814d99de04ca1f9a9d37117f Mon Sep 17 00:00:00 2001
+From cfb06d41caeea0c65c451b09be8e0aad067f2782 Mon Sep 17 00:00:00 2001
 From: Eric Garver <e@erig.me>
 Date: Tue, 16 Oct 2018 10:02:38 -0400
-Subject: [PATCH] Add "FlushAllOnReload" config option
+Subject: [PATCH 2/2] Add "FlushAllOnReload" config option
 
 Default value is "yes".
 
@@ -13,12 +13,10 @@ behavior of retaining; interface to zone assignments, and direct rules.
 This also adjusts a few test cases that depend on the old
 FlushAllOnReload=no behavior.
 
-Fixes: suze bz #1109153
 Fixes: #409
-Closes: #408
 ---
- config/firewalld.conf                  |  8 +++
+ config/firewalld.conf                  |  7 ++
- doc/xml/firewalld.conf.xml             | 13 ++++
+ doc/xml/firewalld.conf.xml             | 12 ++++
  doc/xml/firewalld.dbus.xml             |  8 +++
  src/firewall/config/__init__.py.in     |  1 +
  src/firewall/core/fw.py                | 99 +++++++++++++++-----------
@@ -28,29 +26,28 @@ Closes: #408
  src/tests/python/firewalld_direct.py   |  6 ++
  src/tests/python/firewalld_test.py     |  9 ++-
  src/tests/regression/rhbz1498923.at    |  4 ++
- 11 files changed, 133 insertions(+), 48 deletions(-)
+ 11 files changed, 131 insertions(+), 48 deletions(-)
 
 diff --git a/config/firewalld.conf b/config/firewalld.conf
-index e6afde19..bc6a8860 100644
+index 15ba6252..a718d68a 100644
 --- a/config/firewalld.conf
 +++ b/config/firewalld.conf
-@@ -62,3 +62,11 @@ AutomaticHelpers=system
+@@ -62,3 +62,10 @@ AutomaticHelpers=system
  #	- nftables
- #	- iptables (default)
+ #	- iptables (iptables, ip6tables, ebtables and ipset) (default)
  FirewallBackend=iptables
 +
 +# FlushAllOnReload
 +# Flush all runtime rules on a reload. In previous releases some runtime
 +# configuration was retained during a reload, namely; interface to zone
-+# assignment, and direct rules. This was confusing to users. To get the old
++# assignment, and direct rules. This was confusing to users.
-+# behavior set this to "no".
 +# Default: yes
 +FlushAllOnReload=yes
 diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
-index fee0d3ca..f9e02b08 100644
+index fee0d3ca..7f353aed 100644
 --- a/doc/xml/firewalld.conf.xml
 +++ b/doc/xml/firewalld.conf.xml
-@@ -158,6 +158,19 @@
+@@ -158,6 +158,18 @@
  	        </listitem>
          </varlistentry>
  
@@ -61,8 +58,7 @@ index fee0d3ca..f9e02b08 100644
 +                Flush all runtime rules on a reload. In previous releases some
 +                runtime configuration was retained during a reload, namely;
 +                interface to zone assignment, and direct rules. This was
-+                confusing to users. To get the old behavior set this to "no".
++                confusing to users.
-+                Defaults to "yes".
 +                </para>
 +            </listitem>
 +        </varlistentry>
@@ -99,7 +95,7 @@ index cff7c3fe..e9595e4c 100644
  FALLBACK_FIREWALL_BACKEND = "iptables"
 +FALLBACK_FLUSH_ALL_ON_RELOAD = True
 diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
-index 9be13a5c..7e6255f7 100644
+index f3ef69e9..b8a93ae0 100644
 --- a/src/firewall/core/fw.py
 +++ b/src/firewall/core/fw.py
 @@ -113,6 +113,7 @@ class Firewall(object):
@@ -126,7 +122,7 @@ index 9be13a5c..7e6255f7 100644
          self.config.set_firewalld_conf(copy.deepcopy(self._firewalld_conf))
  
          self._select_firewall_backend(self._firewall_backend)
-@@ -963,13 +973,17 @@ class Firewall(object):
+@@ -962,13 +972,17 @@ class Firewall(object):
      def reload(self, stop=False):
          _panic = self._panic
  
@@ -149,9 +145,9 @@ index 9be13a5c..7e6255f7 100644
 +            _direct_config = self.direct.get_runtime_config()
 +            _old_dz = self.get_default_zone()
  
-         # stop
+         self.set_policy("DROP")
-         self.cleanup()
+ 
-@@ -984,41 +998,42 @@ class Firewall(object):
+@@ -983,41 +997,42 @@ class Firewall(object):
              # etc. We'll re-raise it at the end.
              start_exception = e
  
@@ -423,5 +419,5 @@ index 9b686781..ed1022fb 100644
  FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag])
  
 -- 
-2.20.1
+2.21.0
 

_service

@@ -0,0 +1,17 @@
+<services>
+  <service mode="disabled" name="obs_scm">
+    <param name="url">https://github.com/firewalld/firewalld</param>
+    <param name="scm">git</param>
+    <param name="filename">firewalld</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="revision">v0.6.4</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="recompress">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+  <service mode="buildtime" name="set_version" />
+</services>

firewalld-0.6.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:039ad56ea6d6553aadf33243ea5b39802d73519e46a89c80c648b2bd1ec78aeb
-size 2294470

firewalld-0.6.4.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eb388be03b6d924cd5318179fb056f92c5b837c44fadcd764ccf9f628f829dee
+size 8130061

firewalld.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Jun 11 16:27:57 UTC 2019 - mrostecki@opensuse.org
+
+- Update to version 0.6.4:
+  * chore: update translations
+  * treewide: fix over indentation (flake8 E117)
+  * test: travis: add another test matrix for omitting ip6tables
+  * chore: travis: split test matrix by keywords
+  * chore: tests: add AT_KEYWORDS for firewall-offline-cmd
+  * improvement: tests: Use AT_KEYWORDS for backends
+  * fix: tests: guard occurrences of IPv6
+  * fix: tests/functions: ignore warnings about missing ip6tables
+  * test: add macro IF_IPV6_SUPPORTED
+
 -------------------------------------------------------------------
 Wed May  8 09:39:08 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 

firewalld.obsinfo

@@ -0,0 +1,5 @@
+name: firewalld
+version: 0.6.4
+mtime: 1558120853
+commit: ec8deda2faef87e1565ec3cc42ca99ca595c1031
+

firewalld.spec

@@ -21,13 +21,13 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           firewalld
-Version:        0.6.3
+Version:        0.6.4
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
-Source:         https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source:         %{name}-%{version}.tar.xz
 # PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
 Patch0:         0001-firewall-backend-Switch-default-backend-to-iptables.patch
 # PATCH-FIX-SUSE: 0002-Add-FlushAllOnReload-config-option.patch (bsc#1121277)