diff --git a/firewalld-0.5.3.tar.gz b/firewalld-0.5.3.tar.gz
new file mode 100644
index 0000000..7a37529
--- /dev/null
+++ b/firewalld-0.5.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ba105de0b6dc75d208cc675718a140973e2eab2f60aa285068b0438331639ebc
+size 1161718
diff --git a/firewalld-0.6.0.tar.gz b/firewalld-0.6.0.tar.gz
deleted file mode 100644
index 4ef3871..0000000
--- a/firewalld-0.6.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7aaa73dc95857079aa276e29d7d628d0faa7d50f29f5a0b6bae458ee7a5829a2
-size 2266131
diff --git a/firewalld-add-additional-services.patch b/firewalld-add-additional-services.patch
new file mode 100644
index 0000000..fc4986d
--- /dev/null
+++ b/firewalld-add-additional-services.patch
@@ -0,0 +1,308 @@
+[mchandras]: Backport patch for additional firewalld services which
+don't exist in stable-0.5 branch. This can be removed when
+https://github.com/firewalld/firewalld/pull/313 is accepted
+
+diff --git a/config/Makefile.am b/config/Makefile.am
+index c202d8fe..9c402329 100644
+--- a/config/Makefile.am
++++ b/config/Makefile.am
+@@ -122,6 +122,9 @@ CONFIG_FILES = \
+ ipsets/README \
+ services/amanda-client.xml \
+ services/amanda-k5-client.xml \
++ services/amqp.xml \
++ services/amqps.xml \
++ services/apcupsd.xml \
+ services/bacula-client.xml \
+ services/bacula.xml \
+ services/bgp.xml \
+@@ -137,11 +140,15 @@ CONFIG_FILES = \
+ services/dhcpv6-client.xml \
+ services/dhcpv6.xml \
+ services/dhcp.xml \
++ services/distcc.xml \
+ services/dns.xml \
+ services/docker-registry.xml \
+ services/docker-swarm.xml \
+ services/dropbox-lansync.xml \
+ services/elasticsearch.xml \
++ services/etcd-client.xml \
++ services/etcd-server.xml \
++ services/finger.xml \
+ services/freeipa-ldaps.xml \
+ services/freeipa-ldap.xml \
+ services/freeipa-replication.xml \
+@@ -179,6 +186,8 @@ CONFIG_FILES = \
+ services/mongodb.xml \
+ services/mosh.xml \
+ services/mountd.xml \
++ services/mqtt.xml \
++ services/mqtt-tls.xml \
+ services/mssql.xml \
+ services/ms-wbt.xml \
+ services/murmur.xml \
+@@ -188,6 +197,7 @@ CONFIG_FILES = \
+ services/nmea-0183.xml \
+ services/nrpe.xml \
+ services/ntp.xml \
++ services/nut.xml \
+ services/openvpn.xml \
+ services/ovirt-imageio.xml \
+ services/ovirt-storageconsole.xml \
+@@ -211,11 +221,13 @@ CONFIG_FILES = \
+ services/rpc-bind.xml \
+ services/rsh.xml \
+ services/rsyncd.xml \
++ services/salt-master.xml \
+ services/samba-client.xml \
+ services/samba.xml \
+ services/sane.xml \
+ services/sips.xml \
+ services/sip.xml \
++ services/slp.xml \
+ services/smtp-submission.xml \
+ services/smtps.xml \
+ services/smtp.xml \
+@@ -224,6 +236,8 @@ CONFIG_FILES = \
+ services/spideroak-lansync.xml \
+ services/squid.xml \
+ services/ssh.xml \
++ services/svdrp.xml \
++ services/svn.xml \
+ services/syncthing.xml \
+ services/syncthing-gui.xml \
+ services/synergy.xml \
+@@ -238,7 +252,11 @@ CONFIG_FILES = \
+ services/upnp-client.xml \
+ services/vdsm.xml \
+ services/vnc-server.xml \
++ services/wbem-http.xml \
+ services/wbem-https.xml \
++ services/wsman.xml \
++ services/wsmans.xml \
++ services/xdmcp.xml \
+ services/xmpp-bosh.xml \
+ services/xmpp-client.xml \
+ services/xmpp-local.xml \
+diff --git a/config/services/amqp.xml b/config/services/amqp.xml
+new file mode 100644
+index 00000000..b9501d9e
+--- /dev/null
++++ b/config/services/amqp.xml
+@@ -0,0 +1,6 @@
++
++
++ amqp
++ The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware.
++
++
+diff --git a/config/services/amqps.xml b/config/services/amqps.xml
+new file mode 100644
+index 00000000..02bdae52
+--- /dev/null
++++ b/config/services/amqps.xml
+@@ -0,0 +1,6 @@
++
++
++ amqps
++ The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware.
++
++
+diff --git a/config/services/apcupsd.xml b/config/services/apcupsd.xml
+new file mode 100644
+index 00000000..fac9955c
+--- /dev/null
++++ b/config/services/apcupsd.xml
+@@ -0,0 +1,6 @@
++
++
++ apcupsd
++ The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices.
++
++
+diff --git a/config/services/distcc.xml b/config/services/distcc.xml
+new file mode 100644
+index 00000000..f7b52ec8
+--- /dev/null
++++ b/config/services/distcc.xml
+@@ -0,0 +1,6 @@
++
++
++ distcc
++ Distcc is a protocol used for distributed compilation.
++
++
+diff --git a/config/services/etcd-client.xml b/config/services/etcd-client.xml
+new file mode 100644
+index 00000000..f0fb22af
+--- /dev/null
++++ b/config/services/etcd-client.xml
+@@ -0,0 +1,6 @@
++
++
++ etcd Client
++ etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port.
++
++
+diff --git a/config/services/etcd-server.xml b/config/services/etcd-server.xml
+new file mode 100644
+index 00000000..11688818
+--- /dev/null
++++ b/config/services/etcd-server.xml
+@@ -0,0 +1,6 @@
++
++
++ etcd Server
++ etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port.
++
++
+diff --git a/config/services/finger.xml b/config/services/finger.xml
+new file mode 100644
+index 00000000..f42895f6
+--- /dev/null
++++ b/config/services/finger.xml
+@@ -0,0 +1,6 @@
++
++
++ finger
++ Finger is a protocol for obtaining information about users on remote hosts.
++
++
+diff --git a/config/services/mqtt-tls.xml b/config/services/mqtt-tls.xml
+new file mode 100644
+index 00000000..403455ae
+--- /dev/null
++++ b/config/services/mqtt-tls.xml
+@@ -0,0 +1,6 @@
++
++
++ mqtt-tls
++ The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption.
++
++
+diff --git a/config/services/mqtt.xml b/config/services/mqtt.xml
+new file mode 100644
+index 00000000..ad262cbf
+--- /dev/null
++++ b/config/services/mqtt.xml
+@@ -0,0 +1,6 @@
++
++
++ mqtt
++ The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted.
++
++
+diff --git a/config/services/nut.xml b/config/services/nut.xml
+new file mode 100644
+index 00000000..6e66d735
+--- /dev/null
++++ b/config/services/nut.xml
+@@ -0,0 +1,7 @@
++
++
++ NUT
++ Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies.
++
++
++
+diff --git a/config/services/salt-master.xml b/config/services/salt-master.xml
+new file mode 100644
+index 00000000..799420e3
+--- /dev/null
++++ b/config/services/salt-master.xml
+@@ -0,0 +1,7 @@
++
++
++ Salt Master
++ Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node.
++
++
++
+diff --git a/config/services/slp.xml b/config/services/slp.xml
+new file mode 100644
+index 00000000..da60c651
+--- /dev/null
++++ b/config/services/slp.xml
+@@ -0,0 +1,7 @@
++
++
++ SLP
++ The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration.
++
++
++
+diff --git a/config/services/svdrp.xml b/config/services/svdrp.xml
+new file mode 100644
+index 00000000..4462ebb0
+--- /dev/null
++++ b/config/services/svdrp.xml
+@@ -0,0 +1,7 @@
++
++
++ SVDRP
++ The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality.
++
++
++
+diff --git a/config/services/svn.xml b/config/services/svn.xml
+new file mode 100644
+index 00000000..bdc6bf94
+--- /dev/null
++++ b/config/services/svn.xml
+@@ -0,0 +1,6 @@
++
++
++ Subversion
++ The custom, unencrypted protocol used the Subversion Version Control System.
++
++
+diff --git a/config/services/wbem-http.xml b/config/services/wbem-http.xml
+new file mode 100644
+index 00000000..4283854e
+--- /dev/null
++++ b/config/services/wbem-http.xml
+@@ -0,0 +1,7 @@
++
++
++ wbem-http
++ Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant.
++
++
++
+diff --git a/config/services/wsman.xml b/config/services/wsman.xml
+new file mode 100644
+index 00000000..fcb55570
+--- /dev/null
++++ b/config/services/wsman.xml
+@@ -0,0 +1,6 @@
++
++
++ wsman
++ Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted
++
++
+diff --git a/config/services/wsmans.xml b/config/services/wsmans.xml
+new file mode 100644
+index 00000000..8f2971b7
+--- /dev/null
++++ b/config/services/wsmans.xml
+@@ -0,0 +1,6 @@
++
++
++ wsmans
++ Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption.
++
++
+diff --git a/config/services/xdmcp.xml b/config/services/xdmcp.xml
+new file mode 100644
+index 00000000..5610e053
+--- /dev/null
++++ b/config/services/xdmcp.xml
+@@ -0,0 +1,7 @@
++
++
++ XDMCP
++ The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client.
++
++
++
diff --git a/firewalld-po-20180417.tar.xz b/firewalld-po-20180417.tar.xz
new file mode 100644
index 0000000..db19d3f
--- /dev/null
+++ b/firewalld-po-20180417.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fe6191a0848e8729c668467c15ecb689451c13bfac3ecce07b44c5ac51868ee1
+size 106232
diff --git a/firewalld.changes b/firewalld.changes
index da30042..e85457b 100644
--- a/firewalld.changes
+++ b/firewalld.changes
@@ -1,22 +1,3 @@
--------------------------------------------------------------------
-Fri Jul 6 15:07:31 UTC 2018 - mchandras@suse.de
-
-- Update to 0.6.0. Some of the changes are:
- * update translations
- * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698)
- * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986)
- * IPv6 rpfilter: explicitly allow neighbor solicitation
- * nftables backend (default)
- * Added loads of new services
- * firewall-cmd: add --check-config option
- * firewall-offline-cmd: add --check-config option
- * firewallctl: completely remove all code and references
- * dbus: expose FirewallBackend
- * dbus: fix erroneous fallback for AutomaticHelpers
-- Remove patches which have made it upstream
- * firewalld-add-additional-services.patch
-- spec-cleaner fixes
-
-------------------------------------------------------------------
Mon May 14 08:41:27 UTC 2018 - mchandras@suse.de
diff --git a/firewalld.spec b/firewalld.spec
index 305d6f2..e304238 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -18,24 +18,28 @@
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
- %define _fillupdir %{_localstatedir}/adm/fillup-templates
+ %define _fillupdir /var/adm/fillup-templates
%endif
+
Name: firewalld
-Version: 0.6.0
+Version: 0.5.3
Release: 0
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
License: GPL-2.0-or-later
Group: Productivity/Networking/Security
Url: http://www.firewalld.org
Source: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1: firewalld-po-20180417.tar.xz
+# PATCH-FIX-SUSE: firewalld-add-additional-services.patch - https://github.com/firewalld/firewalld/pull/313
+Patch0: firewalld-add-additional-services.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: desktop-file-utils
BuildRequires: docbook-xsl-stylesheets
+BuildRequires: fdupes
# Adding tools to BuildRequires as well so they can be autodetected
# even though it is probably unlikely for paths to change in the future
BuildRequires: ebtables
-BuildRequires: fdupes
BuildRequires: gettext
BuildRequires: glib2-devel
BuildRequires: gobject-introspection
@@ -44,13 +48,11 @@ BuildRequires: intltool
BuildRequires: ipset
BuildRequires: iptables
BuildRequires: libxslt-tools
-BuildRequires: nftables
BuildRequires: python3-devel
BuildRequires: systemd-rpm-macros
Requires: ebtables
Requires: ipset
Requires: iptables
-Requires: nftables
Requires: python3-firewall = %{version}
Requires: sysconfig
Requires(post): %fillup_prereq
@@ -109,18 +111,21 @@ firewalld.
%lang_package
%prep
-%setup -q
+%setup -q -a1
+%patch0 -p1
# bsc#1078223
rm config/services/high-availability.xml
%build
-export PYTHON="%{_bindir}/python3"
+export PYTHON="python3"
+sed -i "s|/usr/bin/python -Es|/usr/bin/python3 -Es|g" fix_python_shebang.sh
+sed -i "s|python|python3|g" config/lockdown-whitelist.xml
./autogen.sh
%configure \
--enable-sysconfig \
--enable-rpmmacros \
- --with-ifcfgdir="%{_sysconfdir}/network"
+ --with-ifcfgdir="/etc/sysconfig/network"
# Normally documentation is shipped but this will ensure that missing
# files will be generated.
@@ -203,12 +208,12 @@ fi
%{_bindir}/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%files
-%doc README
-%license COPYING
+%doc COPYING README
%{_sbindir}/firewalld
%{_sbindir}/rcfirewalld
%{_bindir}/firewall-cmd
%{_bindir}/firewall-offline-cmd
+%{_bindir}/firewallctl
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/firewall-cmd
%dir %{_libexecdir}/firewalld
@@ -217,11 +222,14 @@ fi
%dir %{_libexecdir}/firewalld/services
%dir %{_libexecdir}/firewalld/zones
%dir %{_libexecdir}/firewalld/helpers
+%dir %{_libexecdir}/firewalld/xmlschema
%{_libexecdir}/firewalld/icmptypes/*.xml
%{_libexecdir}/firewalld/ipsets/README
%{_libexecdir}/firewalld/services/*.xml
%{_libexecdir}/firewalld/zones/*.xml
%{_libexecdir}/firewalld/helpers/*.xml
+%{_libexecdir}/firewalld/xmlschema/check.sh
+%{_libexecdir}/firewalld/xmlschema/*.xsd
%{_datadir}/polkit-1
%dir %{_sysconfdir}/dbus-1
%dir %{_sysconfdir}/dbus-1/system.d
@@ -238,9 +246,10 @@ fi
%{_unitdir}/firewalld.service
%{_fillupdir}/sysconfig.%{name}
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
-%{_mandir}/man1/firewall*cmd*.1%{?ext_man}
-%{_mandir}/man1/firewalld*.1%{?ext_man}
-%{_mandir}/man5/firewall*.5%{?ext_man}
+%{_mandir}/man1/firewall*cmd*.1*
+%{_mandir}/man1/firewalld*.1*
+%{_mandir}/man1/firewallctl*.1*
+%{_mandir}/man5/firewall*.5*
%files -n python3-firewall
%attr(0755,root,root) %dir %{python3_sitelib}/firewall
@@ -273,7 +282,7 @@ fi
%config(noreplace) %{_sysconfdir}/firewall/applet.conf
%{_sysconfdir}/xdg/autostart/firewall-applet.desktop
%{_datadir}/icons/hicolor/*/apps/firewall-applet*.*
-%{_mandir}/man1/firewall-applet*.1%{?ext_man}
+%{_mandir}/man1/firewall-applet*.1*
%files -n firewall-config
%dir %{_datadir}/firewalld
@@ -286,7 +295,7 @@ fi
%{_datadir}/appdata/firewall-config.appdata.xml
%{_datadir}/icons/hicolor/*/apps/firewall-config*.*
%{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml
-%{_mandir}/man1/firewall-config*.1%{?ext_man}
+%{_mandir}/man1/firewall-config*.1*
%files lang -f %{name}.lang