Accepting request 736856 from home:lemmy04:branches:security:netfilter

- rebased the original patch from revision 19 - apply patch only on openSUSE < TW, and SLES. - Added a patch to make iptables the default again on openSUSE - Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4 OBS-URL: https://build.opensuse.org/request/show/736856 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=96
2019-10-10 13:08:15 +00:00 · 2019-10-10 13:08:15 +00:00 · 1bd6d8a100
commit 1bd6d8a100
parent 32c597a355
8 changed files with 92 additions and 9 deletions
--- a/0001-firewall-backend-Switch-default-backend-to-iptables.patch
+++ b/0001-firewall-backend-Switch-default-backend-to-iptables.patch
@ -0,0 +1,41 @@
 diff -burNE firewalld-0.7.2_orig/config/firewalld.conf firewalld-0.7.2/config/firewalld.conf
 --- firewalld-0.7.2_orig/config/firewalld.conf	2019-10-10 14:29:04.022394133 +0200
 +++ firewalld-0.7.2/config/firewalld.conf	2019-10-10 14:30:12.102256167 +0200
@@ -53,9 +53,9 @@
 # FirewallBackend
 # Selects the firewall backend implementation.
 # Choices are:
 -#	- nftables (default)
 -#	- iptables (iptables, ip6tables, ebtables and ipset)
 -FirewallBackend=nftables
 +#	- nftables
 +#	- iptables (iptables, ip6tables, ebtables and ipset) (default)
 +FirewallBackend=iptables
 # FlushAllOnReload
 # Flush all runtime rules on a reload. In previous releases some runtime
 diff -burNE firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml firewalld-0.7.2/doc/xml/firewalld.conf.xml
 --- firewalld-0.7.2_orig/doc/xml/firewalld.conf.xml	2019-10-10 14:29:04.026394125 +0200
 +++ firewalld-0.7.2/doc/xml/firewalld.conf.xml	2019-10-10 14:29:19.766362228 +0200
@@ -149,8 +149,8 @@
             <listitem>
                 <para>
                 Selects the firewall backend implementation. Possible values
 -                are; <replaceable>nftables</replaceable> (default), or
 -                <replaceable>iptables</replaceable>. This applies to all
 +                are; <replaceable>nftables</replaceable>, or
 +                <replaceable>iptables</replaceable> (default). This applies to all
                 firewalld primitives. The only exception is direct and
                 passthrough rules which always use the traditional iptables,
                 ip6tables, and ebtables backends.
 diff -burNE firewalld-0.7.2_orig/src/firewall/config/__init__.py.in firewalld-0.7.2/src/firewall/config/__init__.py.in
 --- firewalld-0.7.2_orig/src/firewall/config/__init__.py.in	2019-10-10 14:29:04.030394117 +0200
 +++ firewalld-0.7.2/src/firewall/config/__init__.py.in	2019-10-10 14:31:06.522145883 +0200
@@ -129,6 +129,6 @@
 FALLBACK_INDIVIDUAL_CALLS = False
 FALLBACK_LOG_DENIED = "off"
 FALLBACK_AUTOMATIC_HELPERS = "system"
 -FALLBACK_FIREWALL_BACKEND = "nftables"
 +FALLBACK_FIREWALL_BACKEND = "iptables"
 FALLBACK_FLUSH_ALL_ON_RELOAD = True
 FALLBACK_RFC3964_IPV4 = True
--- a/2
+++ b/2
@ -5,7 +5,7 @@
    <param name="filename">firewalld</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(.*)</param>
-    <param name="revision">v0.7.1</param>
+    <param name="revision">v0.7.2</param>
    <param name="changesgenerate">enable</param>
  </service>
  <service mode="buildtime" name="tar" />
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/firewalld/firewalld</param>
-              <param name="changesrevision">503cd915c9172903bf2f98466b6e872ba1355f4f</param></service></servicedata>
+              <param name="changesrevision">06de1841cfe41cc8c3c3f7c073aabc1f9f5d0ad0</param></service></servicedata>
--- a/firewalld-0.7.1.obscpio
+++ b/firewalld-0.7.1.obscpio
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:8b39484792f4b8848c90288c3b86b164ae697c2da0c2cb9d50f70f0faff4265f
 size 8258061
--- a/firewalld-0.7.2.obscpio
+++ b/firewalld-0.7.2.obscpio
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e2804c025b0c9de766c6b270251dae977290069b84667c8a32dddfea9b1ecd9a
 size 7193613
--- a/firewalld.changes
+++ b/firewalld.changes
@ -1,3 +1,35 @@
 -------------------------------------------------------------------
 Thu Oct 10 12:40:49 UTC 2019 - Mathias Homann <Mathias.Homann@opensuse.org>
 - rebased the original patch from revision 19
 - apply patch only on openSUSE < TW, and SLES.
 -------------------------------------------------------------------
 Fri Oct  4 09:44:37 UTC 2019 - Mathias Homann <Mathias.Homann@opensuse.org>
 - Added a patch to make iptables the default again on openSUSE
 -------------------------------------------------------------------
 Fri Oct  4 09:10:54 UTC 2019 - Mathias Homann <Mathias.Homann@opensuse.org>
 - Update to version 0.7.2:
 This is a bug fix only release.
  * fix: direct: removeRules() was mistakenly removing all rules
  * fix: guarantee zone source dispatch is sorted by zone name
  * fix: nftables: fix zone dispatch using ipset sources in nat chains
  * doc: add --default-config and --system-config
  * fix: --add-masquerade should only affect ipv4
  * fix: nftables: --forward-ports should only affect IPv4
  * fix: direct: removeRules() not removing all rules in chain
  * dbus: service: fix service includes individual APIs
  * fix: allow custom helpers using standard helper modules
  * fix: service: usage of helpers with '-' in name
  * fix: Revert "ebtables: drop support for broute table"
  * fix: ebtables: don't use tables that aren't available
  * fix: fw: initialize _rfc3964_ipv4
 -------------------------------------------------------------------
 Mon Sep 09 09:59:00 UTC 2019 - mrostecki@opensuse.org
--- a/firewalld.obsinfo
+++ b/firewalld.obsinfo
@ -1,5 +1,5 @@
 name: firewalld
-version: 0.7.1
+version: 0.7.2
-mtime: 1563830196
+mtime: 1569950644
-commit: 503cd915c9172903bf2f98466b6e872ba1355f4f
+commit: 06de1841cfe41cc8c3c3f7c073aabc1f9f5d0ad0
--- a/firewalld.spec
+++ b/firewalld.spec
@ -21,13 +21,15 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           firewalld
-Version:        0.7.1
+Version:        0.7.2
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
 Source:         %{name}-%{version}.tar.xz
 Patch0:		    0001-firewall-backend-Switch-default-backend-to-iptables.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  desktop-file-utils
@ -114,6 +116,14 @@ firewalld.
 # bsc#1078223
 rm config/services/high-availability.xml
 # 
 # Patch added: opensuse still uses iptables by default,
 # so let's make this the default for anything << Tumbleweed
 #
 %if 0%{?sle_version} > 0 && 0%{?suse_version} < 1550 
 %patch0 -p1 
 %endif
 %build
 export PYTHON="%{_bindir}/python3"
 ./autogen.sh