From 4870327e986c1d9a239876b70636a0dd7d4925e5b715ef73e96f191ca4d68552 Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Tue, 4 Sep 2018 07:28:09 +0000 Subject: [PATCH] Accepting request 632901 from home:luc14n0:branches:security:netfilter add firewalld-fix-firewalld-config-crash.patch to fix firewall-config crash OBS-URL: https://build.opensuse.org/request/show/632901 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=80 --- firewalld-fix-firewalld-config-crash.patch | 44 ++++++++++++++++++++++ firewalld.changes | 9 +++++ firewalld.spec | 3 ++ 3 files changed, 56 insertions(+) create mode 100644 firewalld-fix-firewalld-config-crash.patch diff --git a/firewalld-fix-firewalld-config-crash.patch b/firewalld-fix-firewalld-config-crash.patch new file mode 100644 index 0000000..837eca5 --- /dev/null +++ b/firewalld-fix-firewalld-config-crash.patch @@ -0,0 +1,44 @@ +From a24ab61eabe24656b457273f54133fa99087f2f6 Mon Sep 17 00:00:00 2001 +From: Farenjihn +Date: Fri, 17 Aug 2018 11:58:55 +0200 +Subject: [PATCH] firewall/core/fw_nm: nm_get_zone_of_connection should return + None or empty string instead of False + +(cherry picked from commit 5a59a90f449a8bf836e62e2d9ad486301b1aa2bb) +--- + src/firewall/core/fw_nm.py | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py +index 97113d95..37282a1a 100644 +--- a/src/firewall/core/fw_nm.py ++++ b/src/firewall/core/fw_nm.py +@@ -75,21 +75,21 @@ def nm_get_zone_of_connection(connection): + + con = nm_get_client().get_connection_by_uuid(connection) + if con is None: +- return False ++ return None + + setting_con = con.get_setting_connection() + if setting_con is None: +- return False ++ return None + + try: + if con.get_flags() & (NM.SettingsConnectionFlags.NM_GENERATED + | NM.SettingsConnectionFlags.NM_VOLATILE): +- return False ++ return "" + except AttributeError: + # Prior to NetworkManager 1.12, we can only guess + # that a connection was generated/volatile. + if con.get_unsaved(): +- return False ++ return "" + + zone = setting_con.get_zone() + if zone is None: +-- +2.18.0 + diff --git a/firewalld.changes b/firewalld.changes index 662df96..52edd0c 100644 --- a/firewalld.changes +++ b/firewalld.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Sun Sep 2 03:50:37 UTC 2018 - luc14n0@linuxmail.org + +- Add firewalld-fix-firewalld-config-crash.patch: set + nm_get_zone_of_connection to return 'None' instead of 'False' for + automatically generated connections to avoid firewall-config + crashes. Patch provided by upstream (boo#1106319, + gh#firewalld/firewalld#370). + ------------------------------------------------------------------- Wed Aug 15 13:08:39 UTC 2018 - mchandras@suse.de diff --git a/firewalld.spec b/firewalld.spec index dcd98bd..637ea60 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -28,6 +28,8 @@ License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.firewalld.org Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +# PATCH-FIX-UPSTREAM firewalld-fix-firewalld-config-crash.patch luc14n0@linuxmail.org -- fix firewall-config crash when nm_get_zone_of_connection returns "False" +Patch0: firewalld-fix-firewalld-config-crash.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils @@ -110,6 +112,7 @@ firewalld. %prep %setup -q +%patch0 -p1 # bsc#1078223 rm config/services/high-availability.xml