Accepting request 642050 from home:markoschandras:network

- Update to 0.6.3. Some of the changes are:
  * update translations
  * nftables: fix reject statement in "block" zone
  * shell-completion: bash: don't check firewalld state
  * firewalld: fix --runtime-to-permanent if NM not in use.
  * firewall-cmd: sort --list-protocols output
  * firewall-cmd: sort --list-services output
  * command: sort services/protocols in --list-all output
  * services: add audit
  * nftables: fix rich rule log/audit being added to wrong chain
  * nftables: fix destination checks not allowing masks
  * firewall/core/io/*.py: Let SAX handle the encoding of XML files (gh#firewalld/firewalld#395)(bsc#1083361)
  * fw_zone: expose _ipset_match_flags()
  * tests/firewall-cmd: exercise multiple interfaces and zones
  * fw_transaction: On clear zone transaction, must clear fw and other zones
  * Fix translating labels (gh#firewalld/firewalld#392)
- Remove patches which have made it upstream:
  * 0001-Fix-translating-labels-392.patch
  * 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch

OBS-URL: https://build.opensuse.org/request/show/642050
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/firewalld?expand=0&rev=89

0001-Fix-translating-labels-392.patch

@@ -1,35 +0,0 @@
-From 15fb48d04e576edb828abf321ae1e765822a4ee3 Mon Sep 17 00:00:00 2001
-From: MeggyCal <MeggyCal@users.noreply.github.com>
-Date: Thu, 20 Sep 2018 15:37:17 +0200
-Subject: [PATCH] Fix translating labels (#392)
-
-Fix for #344 was incomplete, the "flags" were not translating and the reported bug was still active.
-
-Fixes: #344
-(cherry picked from commit e657200927a9f0f41fbed95640cd47e2a5836c6f)
----
- src/firewall-config.glade | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/firewall-config.glade b/src/firewall-config.glade
-index 22bed58a..75c229b4 100644
---- a/src/firewall-config.glade
-+++ b/src/firewall-config.glade
-@@ -10135,10 +10135,10 @@
-                             <property name="halign">start</property>
-                             <property name="valign">start</property>
-                             <items>
--                              <item>accept</item>
--                              <item>reject</item>
--                              <item>drop</item>
--                              <item>mark</item>
-+                              <item translatable="yes">accept</item>
-+                              <item translatable="yes">reject</item>
-+                              <item translatable="yes">drop</item>
-+                              <item translatable="yes">mark</item>
-                             </items>
-                             <signal name="changed" handler="on_richRuleDialog_changed" swapped="no"/>
-                           </object>
--- 
-2.19.0
-

0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch

@@ -1,41 +0,0 @@
-From fa0bce3d45563e28b8beea1cb0ee325f4a82ebf9 Mon Sep 17 00:00:00 2001
-From: Eric Garver <e@erig.me>
-Date: Fri, 21 Sep 2018 15:55:50 -0400
-Subject: [PATCH] fw_zone: expose _ipset_match_flags()
-
-Rename __ipset_match_flags() to _ipset_match_flags() so it may be used
-outside the class. With the iptables backend this fixes rich rules that
-match a source using an ipset.
-
-Fixes: #374
----
- src/firewall/core/fw_zone.py   | 2 +-
- src/firewall/core/ipXtables.py | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
-index 2d794393..ca90f7fb 100644
---- a/src/firewall/core/fw_zone.py
-+++ b/src/firewall/core/fw_zone.py
-@@ -1519,7 +1519,7 @@ def _ipset_family(self, name):
-     def __ipset_type(self, name):
-         return self._fw.ipset.get_type(name)
- 
--    def __ipset_match_flags(self, name, flag):
-+    def _ipset_match_flags(self, name, flag):
-         return ",".join([flag] * self._fw.ipset.get_dimension(name))
- 
-     def _check_ipset_applied(self, name):
-diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
-index 66af2a26..02a518d2 100644
---- a/src/firewall/core/ipXtables.py
-+++ b/src/firewall/core/ipXtables.py
-@@ -852,7 +852,7 @@ def _rich_rule_source_fragment(self, rich_source):
-             rule_fragment += [ "-m", "set" ]
-             if rich_source.invert:
-                 rule_fragment.append("!")
--            flags = self._fw.zone.__ipset_match_flags(rich_source.ipset, "src")
-+            flags = self._fw.zone._ipset_match_flags(rich_source.ipset, "src")
-             rule_fragment += [ "--match-set", rich_source.ipset, flags ]
- 
-         return rule_fragment

firewalld-0.6.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:76ef7ed41caf67204dc80e1f2640176a481c72cadc30488492b22e45b3757c54
-size 2273831

firewalld-0.6.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:039ad56ea6d6553aadf33243ea5b39802d73519e46a89c80c648b2bd1ec78aeb
+size 2294470

firewalld.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Mon Oct 15 11:04:05 UTC 2018 - Markos Chandras <mchandras@suse.de>
+
+- Update to 0.6.3. Some of the changes are:
+  * update translations
+  * nftables: fix reject statement in "block" zone
+  * shell-completion: bash: don't check firewalld state
+  * firewalld: fix --runtime-to-permanent if NM not in use.
+  * firewall-cmd: sort --list-protocols output
+  * firewall-cmd: sort --list-services output
+  * command: sort services/protocols in --list-all output
+  * services: add audit
+  * nftables: fix rich rule log/audit being added to wrong chain
+  * nftables: fix destination checks not allowing masks
+  * firewall/core/io/*.py: Let SAX handle the encoding of XML files (gh#firewalld/firewalld#395)(bsc#1083361)
+  * fw_zone: expose _ipset_match_flags()
+  * tests/firewall-cmd: exercise multiple interfaces and zones
+  * fw_transaction: On clear zone transaction, must clear fw and other zones
+  * Fix translating labels (gh#firewalld/firewalld#392)
+
+- Remove patches which have made it upstream:
+  * 0001-Fix-translating-labels-392.patch
+  * 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch
+
 -------------------------------------------------------------------
 Mon Sep 24 09:05:52 UTC 2018 - Markos Chandras <mchandras@suse.de>
 

firewalld.spec

@@ -21,7 +21,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           firewalld
-Version:        0.6.2
+Version:        0.6.3
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0-or-later
@@ -30,10 +30,6 @@ Url:            http://www.firewalld.org
 Source:         https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # PATCH-FIX-SUSE: 0001-firewall-backend-Switch-default-backend-to-iptables.patch (bsc#1102761)
 Patch0:         0001-firewall-backend-Switch-default-backend-to-iptables.patch
-# PATCH-FIX-UPSTREAM: 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch (bsc#1104990) 
-Patch1:         0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch
-# PATCH-FIX-UPSTREAM: 0001-Fix-translating-labels-392.patch (bsc#1096542)
-Patch2:         0001-Fix-translating-labels-392.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  desktop-file-utils
@@ -117,8 +113,6 @@ firewalld.
 %prep
 %setup -q
 %patch0 -p1
-%patch1 -p1
-%patch2 -p1
 
 # bsc#1078223
 rm config/services/high-availability.xml