rpm/firewalld
SHA256
1
0
Fork 0
forked from pool/firewalld
Code Pull Requests Activity

Accepting request 404514 from security:netfilter

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/404514
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=9
This commit is contained in:
Dominique Leuenberger 2016-06-29 13:10:22 +00:00 committed by Git OBS Bridge
commit 2d23bc2eea
8 changed files with 81 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
View File

@ -1,40 +0,0 @@
From 705742816112dffefd3233f2c8dda7c845c6e8b3 Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Tue, 31 May 2016 10:08:28 +0100
Subject: [PATCH] src: firewall: core: Drop unneeded python shebangs
The fw_ifcfg and fw_nm files are not supposed to be executed as
standalone files but rather imported by the main firewalld code so drop
the python shebangs. This also fixes a warning when building firewalld
in openSUSE OBS:
firewalld.noarch: W: non-executable-script
/usr/lib/python2.7/site-packages/firewall/core/fw_nm.py 644 /usr/bin/python
firewalld.noarch: W: non-executable-script
/usr/lib/python2.7/site-packages/firewall/core/fw_ifcfg.py 644 /usr/bin/python
---
src/firewall/core/fw_ifcfg.py | 1 -
src/firewall/core/fw_nm.py | 1 -
2 files changed, 2 deletions(-)
diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
index 442a6cc..33794a7 100644
--- a/src/firewall/core/fw_ifcfg.py
+++ b/src/firewall/core/fw_ifcfg.py
@@ -1,4 +1,3 @@
-#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (C) 2010-2016 Red Hat, Inc.
diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py
index 38ef8fd..3df94c4 100644
--- a/src/firewall/core/fw_nm.py
+++ b/src/firewall/core/fw_nm.py
@@ -1,4 +1,3 @@
-#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (C) 2010-2016 Red Hat, Inc.
--
2.8.3

35
0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
View File

@ -1,35 +0,0 @@
From 9ed2c18357d45f8ec1f11723a1d98377387c1039 Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Tue, 31 May 2016 11:14:06 +0100
Subject: [PATCH] firewall: core: fw_ifcfg: Quickly return if ifcfg directory
does not exist
It's possible for the ifcfg directory to be missing or named differently
so do not try to access it if it does not exist. This avoid warnings
during firewalld start up like the following one:
ERROR: Calling post func <function ifcfg_set_zone_of_interface at
0x7fb2f0d4fc80> (('', 'enp3s0')) failed: [Errno 2] No such file or
directory: '/etc/sysconfig/network-scripts'
---
src/firewall/core/fw_ifcfg.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
index 33794a7..0b049a6 100644
--- a/src/firewall/core/fw_ifcfg.py
+++ b/src/firewall/core/fw_ifcfg.py
@@ -32,6 +32,10 @@ from firewall.core.io.ifcfg import ifcfg
def search_ifcfg_of_interface(interface):
"""search ifcfg file for the interface in config.IFCFGDIR"""
+ # Return quickly if config.IFCFGDIR does not exist
+ if not os.path.exists(config.IFCFGDIR):
+ return None
+
filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
if os.path.exists(filename):
ifcfg_file = ifcfg(filename)
--
2.8.3

72
0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
View File

@ -1,72 +0,0 @@
From dbc30dd2dfee1b4b662aa997cee6a6cb59aa559f Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 7 Jun 2016 16:19:20 +0200
Subject: [PATCH] firewall.core.fw_nm: Hide NM typelib import, new
nm_get_dbus_interface function
The typelib import of NM should not be added to __all__. The new function
nm_get_dbus_interface has been added to be able to add a signal receiver for
NetworkManager firewall-config and firewall-applet.
Fixes: #119
---
src/firewall-applet | 2 +-
src/firewall-config | 2 +-
src/firewall/core/fw_nm.py | 9 +++++++--
3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/firewall-applet b/src/firewall-applet
index a078df8..1cf4633 100755
--- a/src/firewall-applet
+++ b/src/firewall-applet
@@ -550,7 +550,7 @@ class TrayApplet(QtGui.QSystemTrayIcon):
if nm_is_imported():
self.bus.add_signal_receiver(
self.nm_signal_receiver,
- dbus_interface=NM.DBUS_INTERFACE,
+ dbus_interface=nm_get_dbus_interface(),
signal_name='PropertiesChanged',
member_keyword='member')
self.nm_signal_receiver()
diff --git a/src/firewall-config b/src/firewall-config
index b69c69f..e25b058 100755
--- a/src/firewall-config
+++ b/src/firewall-config
@@ -1250,7 +1250,7 @@ class FirewallConfig(object):
if nm_is_imported():
self.fw.bus.add_signal_receiver(
self.nm_signal_receiver,
- dbus_interface=NM.DBUS_INTERFACE,
+ dbus_interface=nm_get_dbus_interface(),
signal_name='PropertiesChanged',
member_keyword='member')
else:
diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py
index 3df94c4..8a8043b 100644
--- a/src/firewall/core/fw_nm.py
+++ b/src/firewall/core/fw_nm.py
@@ -21,10 +21,10 @@
"""Functions for NetworkManager interaction"""
-__all__ = [ "NM", "check_nm_imported", "nm_is_imported",
+__all__ = [ "check_nm_imported", "nm_is_imported",
"nm_get_zone_of_connection", "nm_set_zone_of_connection",
"nm_get_connections", "nm_get_connection_of_interface",
- "nm_get_bus_name" ]
+ "nm_get_bus_name", "nm_get_dbus_interface" ]
import gi
try:
@@ -164,3 +164,8 @@ def nm_get_bus_name():
except Exception as msg:
log.debug2("Failed to get bus name of NetworkManager")
return None
+
+def nm_get_dbus_interface():
+ if not _nm_imported:
+ return ""
+ return NM.DBUS_INTERFACE
--
2.8.3

7
_service
View File

@ -1,7 +0,0 @@
<services>
<service name="verify_file" mode="localonly">
<param name="file">firewalld-0.4.2.tar.bz2</param>
<param name="verifier">sha1</param>
<param name="checksum">d730129f592059ee97fc158861b44f8e7b201027</param>
</service>
</services>

3
firewalld-0.4.2.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:329e44b7d8de2400222d602d6c87c368865531ffe4004c392803dbe55717068e
size 649581

3
firewalld-0.4.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:853cc324f08a5daf60316bb9cdd5f27e899e17418d69d294adc9495755788c69
size 666926

64
firewalld.changes
View File

@ -1,3 +1,67 @@
-------------------------------------------------------------------
Wed Jun 22 14:15:29 UTC 2016 - mchandras@suse.de
- Update to version 0.4.3
* New firewallctl utility (RHBZ#1147959)
* doc.xml.seealso: Show firewalld.dbus in See Also sections
* firewall.core.fw_config: Create backup on zone, service, ipset and icmptype removal (RHBZ#1339251)
* {zone,service,ipset,icmptype}_writer: Do not fail on failed backup
* firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd
* firewall-cmd: Dropped duplicate setType call in --new-ipset
* radius service: Support also tcp ports (RBZ#1219717)
* xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset sources
* config.xmlschema.service.xsd: Fix service destination conflicts (RHBZ#1296573)
* firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg
* firewall.command: Only print summary and description in print_X_info with verbose
* firewall.command: print_msg should be able to print empty lines
* firewall-config: No processing of runtime passthroughs signals in permanent
* Landspace.io fixes and pylint calm downs
* firewall.core.io.zone: Add zone_reader and zone_writer to all, pylint fixes
* firewall-config: Fixed titles of command and context dialogs, also entry lenths
* firewall-config: pylint calm downs
* firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit
* firewall-config: Use self.active_zoens in conf_zone_added_cb
* firewall.command: New parse_port, extended parse methods with more checks
* firewall.command: Fixed parse_port to use the separator in the split call
* firewall.command: New [de]activate_exception_handler, raise error in parse_X
* services ha: Allow corosync-qnetd port
* firewall-applet: Support for kde5-nm-connection-editor
* tests/firewall-offline-cmd_test.sh: New tests for service and icmptype modifications
* firewall-offline-cmd: Use FirewallCommand for simplification and sequence options
* tests/firewall-cmd_test.sh: New tests for service and icmptype modifications
* firewall-cmd: Fixed set, remove and query destination options for services
* firewall.core.io.service: Source ports have not been checked in _check_config
* firewall.core.fw_zone: Method check_source_port is not used, removed
* firewall.core.base: Added default to ZONE_TARGETS
* firewall.client: Allow to remove ipv:address pair for service destinations
* tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent
* firewall-cmd: Landscape.io fixes, pylint calm downs
* firewall-cmd: Use FirewallCommand for simplification and sequence options
* firewall.command: New FirewallCommand for command line client simplification
* New services: kshell, rsh, ganglia-master, ganglia-client
* firewalld: Cleanup of unused imports, do not translate some deamon messages
* firewalld: With fd close interation in runProg, it is not needed here anymore
* firewall.core.prog: Add fd close iteration to runProg
* firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface function
* firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib
* firewall-config: New add/remove ipset entries from file, remove all entries
* firewall-applet: Fix tooltip after applet start with connection to firewalld
* firewall-config: Select new zone, service or icmptype if the view was empty
* firewalld.spec: Added build requires for iptables, ebtables and ipset
* Adding nf_conntrack_sip module to the service SIP
* firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist
* Drop unneeded python shebangs
* Translation updates
- Remove obsolete patches:
* 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
* 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
* 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
- Add missing %{?_smp_mflags} during install. This will speed up
the installation phase as well as expose build system's problems
due to higher level of parallelism.
- Run make during %build to ensure missing documentation is generated.
- spec file cleanups.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 8 08:10:11 UTC 2016 - mchandras@suse.de Wed Jun 8 08:10:11 UTC 2016 - mchandras@suse.de

29
firewalld.spec
View File

@ -17,22 +17,13 @@
Name: firewalld Name: firewalld
Version: 0.4.2 Version: 0.4.3
Release: 0 Release: 0
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
License: GPL-2.0+ License: GPL-2.0+
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Url: http://www.firewalld.org Url: http://www.firewalld.org
Source: https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2 Source: https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2
# PATCH-FIX-UPSTREAM: 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
# Drop python shebangs
Patch0: 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
# PATCH-FIX-UPSTREAM: 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
# Do not access the ifcfg directory if it does not exist
Patch1: 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
# PATCH-FIX-UPSTREAM: 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
# Hide unneeded NM dependencies
Patch2: 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
BuildRequires: desktop-file-utils BuildRequires: desktop-file-utils
BuildRequires: docbook-xsl-stylesheets BuildRequires: docbook-xsl-stylesheets
BuildRequires: gettext BuildRequires: gettext
@ -42,6 +33,7 @@ BuildRequires: hicolor-icon-theme
BuildRequires: intltool BuildRequires: intltool
BuildRequires: libxslt-tools BuildRequires: libxslt-tools
BuildRequires: python-devel BuildRequires: python-devel
BuildRequires: systemd-rpm-macros
# Adding tools to BuildRequires as well so they can be autodetected # Adding tools to BuildRequires as well so they can be autodetected
# even though it is probably unlikely for paths to change in the future # even though it is probably unlikely for paths to change in the future
BuildRequires: ebtables BuildRequires: ebtables
@ -59,7 +51,6 @@ Requires(post): %fillup_prereq
Recommends: %{name}-lang Recommends: %{name}-lang
Suggests: susefirewall2-to-firewalld Suggests: susefirewall2-to-firewalld
BuildArch: noarch BuildArch: noarch
BuildRequires: systemd-rpm-macros
%description %description
firewalld is a firewall service daemon that provides a dynamic customizable firewalld is a firewall service daemon that provides a dynamic customizable
@ -93,15 +84,16 @@ firewalld.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%build %build
%configure --enable-sysconfig --enable-rpmmacros %configure --enable-sysconfig --enable-rpmmacros
# Normally documentation is shipped but this will ensure that missing
# files will be generated.
make %{?_smp_mflags}
%install %install
make DESTDIR=%{buildroot} install make %{?_smp_mflags} DESTDIR=%{buildroot} install
%py_compile %{buildroot} %py_compile %{buildroot}
@ -123,6 +115,9 @@ ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcfirewalld
rm %{buildroot}%{_rpmconfigdir}/macros.d/macros.firewalld rm %{buildroot}%{_rpmconfigdir}/macros.d/macros.firewalld
install -D -m644 config/macros.firewalld %{buildroot}%{_sysconfdir}/rpm/macros.firewalld install -D -m644 config/macros.firewalld %{buildroot}%{_sysconfdir}/rpm/macros.firewalld
# Temporary fix for gh#t-woerner/firewalld#127
cp doc/man/man1/firewallctl.1 %{buildroot}%{_mandir}/man1/
%find_lang %{name} --all-name %find_lang %{name} --all-name
%pre %pre
@ -178,6 +173,7 @@ fi
%{_sbindir}/rcfirewalld %{_sbindir}/rcfirewalld
%{_bindir}/firewall-cmd %{_bindir}/firewall-cmd
%{_bindir}/firewall-offline-cmd %{_bindir}/firewall-offline-cmd
%{_bindir}/firewallctl
%dir %{_datadir}/bash-completion/completions %dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/firewall-cmd %{_datadir}/bash-completion/completions/firewall-cmd
%{_libexecdir}/firewalld/xmlschema/*.xsd %{_libexecdir}/firewalld/xmlschema/*.xsd
@ -219,6 +215,7 @@ fi
%{python_sitelib}/firewall/server/*.py* %{python_sitelib}/firewall/server/*.py*
%{_mandir}/man1/firewall*cmd*.1* %{_mandir}/man1/firewall*cmd*.1*
%{_mandir}/man1/firewalld*.1* %{_mandir}/man1/firewalld*.1*
%{_mandir}/man1/firewallctl*.1*
%{_mandir}/man5/firewall*.5* %{_mandir}/man5/firewall*.5*
%files -n firewall-applet %files -n firewall-applet
@ -231,6 +228,7 @@ fi
%{_mandir}/man1/firewall-applet*.1* %{_mandir}/man1/firewall-applet*.1*
%files -n firewall-config %files -n firewall-config
%defattr(-,root,root)
%dir %{_datadir}/firewalld %dir %{_datadir}/firewalld
%defattr(0644,root,root) %defattr(0644,root,root)
%attr(0755,root,root) %{_bindir}/firewall-config %attr(0755,root,root) %{_bindir}/firewall-config
@ -245,5 +243,6 @@ fi
%{_mandir}/man1/firewall-config*.1* %{_mandir}/man1/firewall-config*.1*
%files lang -f %{name}.lang %files lang -f %{name}.lang
%defattr(-,root,root)
%changelog %changelog