Accepting request 571711 from home:markoschandras:network

- Remove high-availability service. SUSE HA uses the cluster service provided by the yast2-cluster package (bsc#1078223) - Update to 0.5.1 * ipXtables: fix iptables-restore wait option detection * python3: use "foo in dict" not dict.has_key(foo) * Fix potential python3 keys() incompatibility in watcher * Fixed python3 compatibility * ebtables: fix missing default value to set_rule() * fw_zone: fix invalid reference to __icmp_block_inversion * zones: Correct and defer check_name for combined zones - Update to 0.5.0 * firewallctl: mark deprecated (gh#firewalld/firewalld##261) * Add nmea-0183 service * Add sycthing-gui service * Add syncthing service * Adding FirewallD jenkins service (gh#firewalld/firewalld#256) * services/high-availability: Add port 9929 * Fix and improve firewalld-sysctls.conf * firewalld: also reload dbus config interface for global options * Add MongoDB service definition * src: firewall: Add support for SUSE ifcfg scripts * Add UPnP client service * firewalld: Allow specifying log file location * firewalld/firewall-offline-cmd: Allow setting system config directories - Drop tests installation OBS-URL: https://build.opensuse.org/request/show/571711 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=59
2018-02-01 16:16:41 +00:00 · 2018-02-01 16:16:41 +00:00 · ad2f6b2337
commit ad2f6b2337
parent 07d429ac11
5 changed files with 45 additions and 179 deletions
--- a/0001-suse-ifcfg-files.patch
+++ b/0001-suse-ifcfg-files.patch
@ -1,168 +0,0 @@
-Combined patch for https://github.com/firewalld/firewalld/pull/262
- https://github.com/firewalld/firewalld/commit/593d3158e9147b230f6b2307dabe6b6d294a539f
- https://github.com/firewalld/firewalld/commit/399cf02ffef846281a67421b2c1d1cf818af8f61
- https://github.com/firewalld/firewalld/commit/278938d754b2ede993992987cc6c2418c82b85a0
-
-diff --git a/configure.ac b/configure.ac
-index 776e627b..7cd11758 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -67,6 +67,11 @@ AC_ARG_WITH([bashcompletiondir],
-        [BASHCOMPLETIONDIR=$withval], [BASHCOMPLETIONDIR="${datadir}/bash-completion/completions"])
- AC_SUBST(BASHCOMPLETIONDIR)
- 
-+AC_ARG_WITH([ifcfgdir],
-+       AS_HELP_STRING([--with-ifcfgdir=DIR], [The ifcfg configuration directory]),
-+       [IFCFGDIR=$withval], [IFCFGDIR="/etc/sysconfig/network-scripts"])
-+AC_SUBST(IFCFGDIR)
-+
- # Extend PATH to include /sbin etc in case we are building as non-root
- FW_TOOLS_PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin"
- 
-diff --git a/doc/xml/Makefile.am b/doc/xml/Makefile.am
-index db649b61..6df3b8c4 100644
--- a/doc/xml/Makefile.am
-+++ b/doc/xml/Makefile.am
-@@ -2,7 +2,8 @@ XSLTPROC = xsltproc
- 
- EXTRA_DIST = $(HTMLS:../html/%.html=%.xml) \
- 	authors.xml notes.xml seealso.xml errorcodes.xml \
-	transform-man.xsl.in transform-html.xsl.in
-+	transform-man.xsl.in transform-html.xsl.in \
-+	firewalld.xml.in firewall-cmd.xml.in firewallctl.xml.in
- 
- man_MANS = $(man1_MANS) $(man5_MANS)
- HTMLS = $(man1_MANS:../man/man1/%.1=../html/%.html) $(man5_MANS:../man/man5/%.5=../html/%.html)
-@@ -29,7 +30,8 @@ man5_MANS = \
- 	../man/man5/firewalld.zones.5
- 
- CLEAN_FILES = *~ errorcodes.xml
-DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl
-+DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl \
-+                 firewalld.xml firewall-cmd.xml firewallctl.xml
- 
- #SGML_CATALOG_FILES
- #XSLTPROC_FLAGS = --catalogs --nonet --xinclude
-@@ -44,9 +46,9 @@ all: $(man_MANS) $(HTMLS)
- clean:
- 	-test -z "$(CLEAN_FILES)" || rm -f $(CLEAN_FILES)
- 
-../man/man1/firewall-cmd.1: errorcodes.xml
-+../man/man1/firewall-cmd.1: errorcodes.xml firewall-cmd.xml
- 
-../html/firewall-cmd.html: errorcodes.xml
-+../html/firewall-cmd.html: errorcodes.xml firewall-cmd.xml
- 
- ../man/man1/%.1: %.xml authors.xml notes.xml seealso.xml transform-man.xsl
- 	$(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $<
-@@ -67,9 +69,16 @@ errorcodes.xml: ../../src/firewall/errors.py
- edit = sed \
- 	-e 's|\@PREFIX\@|$(prefix)|' \
- 	-e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \
-	-e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|'
-+	-e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \
-+	-e 's|\@IFCFGDIR\@|$(IFCFGDIR)|'
- 
- transform-man.xsl: transform-man.xsl.in
- 	$(edit) $< >$@
- transform-html.xsl: transform-html.xsl.in
- 	$(edit) $< >$@
-+firewall-cmd.xml: firewall-cmd.xml.in
-+	$(edit) $< >$@
-+firewalld.xml: firewalld.xml.in
-+	$(edit) $< >$@
-+firewallctl.xml: firewallctl.xml.in
-+	$(edit) $< >$@
-diff --git a/doc/xml/firewall-cmd.xml b/doc/xml/firewall-cmd.xml.in
-similarity index 99%
-rename from doc/xml/firewall-cmd.xml
-rename to doc/xml/firewall-cmd.xml.in
-index 0b54b0be..80b1fbe1 100644
--- a/doc/xml/firewall-cmd.xml
-+++ b/doc/xml/firewall-cmd.xml.in
-@@ -910,7 +910,7 @@ For interfaces that are not under control of NetworkManager, firewalld tries to
- 	    </para>
- 	    <para>
- 	      As a end user you don't need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to <option>ZONE=</option> option from ifcfg-<replaceable>interface</replaceable> file) if <replaceable>NM_CONTROLLED=no</replaceable> is not set.
-	      You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-<replaceable>interface</replaceable> file.
-+	      You should do it only if there's no @IFCFGDIR@/ifcfg-<replaceable>interface</replaceable> file.
- 	      If there is such file and you add interface to zone with this <option>--add-interface</option> option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined.
- 	      Please also have a look at the <citerefentry><refentrytitle>firewalld</refentrytitle><manvolnum>1</manvolnum></citerefentry> man page in the <replaceable>Concepts</replaceable> section.
- 	      For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in <citerefentry><refentrytitle>firewalld.zones</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-diff --git a/doc/xml/firewallctl.xml b/doc/xml/firewallctl.xml.in
-similarity index 99%
-rename from doc/xml/firewallctl.xml
-rename to doc/xml/firewallctl.xml.in
-index 30be89f0..1c6d2f22 100644
--- a/doc/xml/firewallctl.xml
-+++ b/doc/xml/firewallctl.xml.in
-@@ -601,7 +601,7 @@
- 	    </para>
- 	    <para>
- 	      As a end user you don't need to create or change zone bindings of interfaces in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to <option>ZONE=</option> option from ifcfg-<replaceable>interface</replaceable> file) if <replaceable>NM_CONTROLLED=no</replaceable> is not set.
-	      You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-<replaceable>interface</replaceable> file.
-+	      You should do it only if there's no @IFCFGDIR@/ifcfg-<replaceable>interface</replaceable> file.
- 	      If there is such file and you add interface to zone with this <option>--add-interface</option> option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined.
- 	      Please also have a look at the <citerefentry><refentrytitle>firewalld</refentrytitle><manvolnum>1</manvolnum></citerefentry> man page in the <replaceable>Concepts</replaceable> section.
- 	      For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in <citerefentry><refentrytitle>firewalld.zones</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-diff --git a/doc/xml/firewalld.xml b/doc/xml/firewalld.xml.in
-similarity index 98%
-rename from doc/xml/firewalld.xml
-rename to doc/xml/firewalld.xml.in
-index f14c3034..de802059 100644
--- a/doc/xml/firewalld.xml
-+++ b/doc/xml/firewalld.xml.in
-@@ -130,7 +130,7 @@
-     </para>
-     <para>
-       You can add these interfaces to a zone with <command>firewall-cmd [--permanent] --zone=<replaceable>zone</replaceable> --add-interface=<replaceable>interface</replaceable></command>.
-      If there is a /etc/sysconfig/network-scripts/ifcfg-<replaceable>interface</replaceable> file, firewalld tries to change the ZONE=<replaceable>zone</replaceable> setting in this file.
-+      If there is a @IFCFGDIR@/ifcfg-<replaceable>interface</replaceable> file, firewalld tries to change the ZONE=<replaceable>zone</replaceable> setting in this file.
-     </para>
-     <para>
-       If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces.
-diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
-index a389c8bf..9262f075 100644
--- a/src/firewall/config/__init__.py.in
-+++ b/src/firewall/config/__init__.py.in
-@@ -88,7 +88,7 @@ FIREWALLD_DIRECT = ETC_FIREWALLD + '/direct.xml'
- LOCKDOWN_WHITELIST = ETC_FIREWALLD + '/lockdown-whitelist.xml'
- 
- SYSCONFIGDIR = '/etc/sysconfig'
-IFCFGDIR = SYSCONFIGDIR + '/network-scripts'
-+IFCFGDIR = "@IFCFGDIR@"
- 
- SYSCTL_CONFIG = '/etc/sysctl.conf'
- 
-diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
-index 0b049a64..b645ef37 100644
--- a/src/firewall/core/fw_ifcfg.py
-+++ b/src/firewall/core/fw_ifcfg.py
-@@ -36,13 +36,6 @@ def search_ifcfg_of_interface(interface):
-     if not os.path.exists(config.IFCFGDIR):
-         return None
- 
-    filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
-    if os.path.exists(filename):
-        ifcfg_file = ifcfg(filename)
-        ifcfg_file.read()
-        if ifcfg_file.get("DEVICE") == interface:
-            return ifcfg_file
-
-     for filename in sorted(os.listdir(config.IFCFGDIR)):
-         if not filename.startswith("ifcfg-"):
-             continue
-@@ -57,6 +50,13 @@ def search_ifcfg_of_interface(interface):
-         if ifcfg_file.get("DEVICE") == interface:
-             return ifcfg_file
- 
-+    # Wasn't found above, so assume filename matches the device we want
-+    filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
-+    if os.path.exists(filename):
-+        ifcfg_file = ifcfg(filename)
-+        ifcfg_file.read()
-+        return ifcfg_file
-+
-     return None
- 
- def ifcfg_set_zone_of_interface(zone, interface):
--- a/firewalld-0.4.4.6.tar.gz
+++ b/firewalld-0.4.4.6.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a7bf9dd341f3f4c261fa8a8e217160ec815e9dbf32edc25aed44719a2273e94e
-size 1153574
--- a/firewalld-0.5.1.tar.gz
+++ b/firewalld-0.5.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57d0639bed3a845899ea16f52fbd68b2e62fdca75cea50be60d651e4255be00e
+size 1155981
--- a/firewalld.changes
+++ b/firewalld.changes
@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Thu Feb  1 14:32:27 UTC 2018 - mchandras@suse.de
+
+- Remove high-availability service. SUSE HA uses the cluster service
+  provided by the yast2-cluster package (bsc#1078223)
+
+-------------------------------------------------------------------
+Tue Jan 30 21:27:16 UTC 2018 - mchandras@suse.de
+
+- Update to 0.5.1
+  * ipXtables: fix iptables-restore wait option detection
+  * python3: use "foo in dict" not dict.has_key(foo)
+  * Fix potential python3 keys() incompatibility in watcher
+  * Fixed python3 compatibility
+  * ebtables: fix missing default value to set_rule()
+  * fw_zone: fix invalid reference to __icmp_block_inversion
+  * zones: Correct and defer check_name for combined zones
+
+-------------------------------------------------------------------
+Fri Jan 26 12:36:57 UTC 2018 - mchandras@suse.de
+
+- Update to 0.5.0
+  * firewallctl: mark deprecated (gh#firewalld/firewalld##261)
+  * Add nmea-0183 service
+  * Add sycthing-gui service
+  * Add syncthing service
+  * Adding FirewallD jenkins service (gh#firewalld/firewalld#256)
+  * services/high-availability: Add port 9929
+  * Fix and improve firewalld-sysctls.conf
+  * firewalld: also reload dbus config interface for global options
+  * Add MongoDB service definition
+  * src: firewall: Add support for SUSE ifcfg scripts
+  * Add UPnP client service
+  * firewalld: Allow specifying log file location
+  * firewalld/firewall-offline-cmd: Allow setting system config directories
+- Drop tests installation
+
 -------------------------------------------------------------------
 Thu Dec 21 13:03:11 UTC 2017 - mchandras@suse.de

--- a/firewalld.spec
+++ b/firewalld.spec
@ -1,7 +1,7 @@
 #
 # spec file for package firewalld
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -22,16 +22,13 @@
 %endif

 Name:           firewalld
-Version:        0.4.4.6
+Version:        0.5.1
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
 Source:         https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM: 0001-suse-ifcfg-files.patch. Combined patch to support ifcfg files on SUSE based on
-# https://github.com/firewalld/firewalld/pull/262
-Patch:          0001-suse-ifcfg-files.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  desktop-file-utils
@ -112,7 +109,9 @@ firewalld.

 %prep
 %setup -q
-%patch -p1
+
+# bsc#1078223
+rm config/services/high-availability.xml

 %build
 export PYTHON="python3"
@ -232,8 +231,6 @@ fi
 %dir %{_sysconfdir}/dbus-1/system.d
 %dir %{_sysconfdir}/modprobe.d
 %config(noreplace) %{_sysconfdir}/modprobe.d/firewalld-sysctls.conf
-%dir %{_datadir}/firewalld/tests
-%attr(0750,root,root) %{_datadir}/firewalld/tests/*.sh
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
 %config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld