From 4380877127b902eb9cbb99c87928831b988fc3a1c9b087b46750c68f6e0f0da2 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Fri, 17 Aug 2018 21:59:50 +0000
Subject: [PATCH] Accepting request 629404 from security:netfilter

- Restore nftables as default backend (bsc#1102761). nftables and
  iptables can co-exist but the 'nat' table had a bug which was fixed
  in kernel-4.18.

- Update to 0.6.1. Some of the changes are:
  * Correct source/destination in rich rule masquerade
  * Only modify ifcfg files for permanent configuration changes
  * Fix a backtrace when calling common_reverse_rule()
  * man firewalld.conf: Show nftables is the default FirewallBackend
  * firewall-config: fix some untranslated strings that caused a UI
    bug causing rich rules to not be modify-able (bsc#1096542)
  * fw_direct: avoid log for untracked passthrough queries
  * fixed many issues if iptables is actually iptables-nft
  * Use preferred location for AppData files
  * ipXtables: fix ICMP block inversion with set-log-denied
  * fixes ICMP block inversion with set-log-denied with
    IndividualCalls=yes
  * nftables: fix set-log-denied if target is not ACCEPT
  * fw_direct: strip _direct chain suffix if using nftables
  * NetworkManager integration bugfixes.

OBS-URL: https://build.opensuse.org/request/show/629404
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=33
---
 firewalld-0.6.0.tar.gz |  3 ---
 firewalld-0.6.1.tar.gz |  3 +++
 firewalld.changes      | 27 +++++++++++++++++++++++++++
 firewalld.spec         |  9 +++------
 4 files changed, 33 insertions(+), 9 deletions(-)
 delete mode 100644 firewalld-0.6.0.tar.gz
 create mode 100644 firewalld-0.6.1.tar.gz

diff --git a/firewalld-0.6.0.tar.gz b/firewalld-0.6.0.tar.gz
deleted file mode 100644
index 4ef3871..0000000
--- a/firewalld-0.6.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7aaa73dc95857079aa276e29d7d628d0faa7d50f29f5a0b6bae458ee7a5829a2
-size 2266131
diff --git a/firewalld-0.6.1.tar.gz b/firewalld-0.6.1.tar.gz
new file mode 100644
index 0000000..6779b36
--- /dev/null
+++ b/firewalld-0.6.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9fd94f4a5803ec6d1bf4a15f3b90d46fdf0ffa1b5187ff80a470460e3a1a8538
+size 2269294
diff --git a/firewalld.changes b/firewalld.changes
index 1e3e5ac..662df96 100644
--- a/firewalld.changes
+++ b/firewalld.changes
@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Wed Aug 15 13:08:39 UTC 2018 - mchandras@suse.de
+
+- Restore nftables as default backend (bsc#1102761). nftables and
+  iptables can co-exist but the 'nat' table had a bug which was fixed
+  in kernel-4.18.
+
+-------------------------------------------------------------------
+Fri Aug 10 06:23:35 UTC 2018 - mchandras@suse.de
+
+- Update to 0.6.1. Some of the changes are:
+  * Correct source/destination in rich rule masquerade
+  * Only modify ifcfg files for permanent configuration changes
+  * Fix a backtrace when calling common_reverse_rule()
+  * man firewalld.conf: Show nftables is the default FirewallBackend
+  * firewall-config: fix some untranslated strings that caused a UI
+    bug causing rich rules to not be modify-able (bsc#1096542)
+  * fw_direct: avoid log for untracked passthrough queries
+  * fixed many issues if iptables is actually iptables-nft
+  * Use preferred location for AppData files
+  * ipXtables: fix ICMP block inversion with set-log-denied
+  * fixes ICMP block inversion with set-log-denied with
+    IndividualCalls=yes
+  * nftables: fix set-log-denied if target is not ACCEPT
+  * fw_direct: strip _direct chain suffix if using nftables
+  * NetworkManager integration bugfixes.
+
 -------------------------------------------------------------------
 Mon Aug  6 06:14:07 UTC 2018 - mchandras@suse.de
 
diff --git a/firewalld.spec b/firewalld.spec
index 35149f6..dcd98bd 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -21,7 +21,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           firewalld
-Version:        0.6.0
+Version:        0.6.1
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0-or-later
@@ -114,9 +114,6 @@ firewalld.
 # bsc#1078223
 rm config/services/high-availability.xml
 
-# bsc#1102761 - switch to iptables as default
-sed -i "/^FirewallBackend/s/=.*/=iptables/" config/firewalld.conf
-
 %build
 export PYTHON="%{_bindir}/python3"
 ./autogen.sh
@@ -285,8 +282,8 @@ fi
 %attr(0755,root,root) %{_datadir}/firewalld/gtk3_chooserbutton.py*
 %attr(0755,root,root) %{_datadir}/firewalld/gtk3_niceexpander.py*
 %{_datadir}/applications/firewall-config.desktop
-%dir %{_datadir}/appdata
-%{_datadir}/appdata/firewall-config.appdata.xml
+%dir %{_datadir}/metainfo
+%{_datadir}/metainfo/firewall-config.appdata.xml
 %{_datadir}/icons/hicolor/*/apps/firewall-config*.*
 %{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml
 %{_mandir}/man1/firewall-config*.1%{?ext_man}