Accepting request 404514 from security:netfilter

1

OBS-URL: https://build.opensuse.org/request/show/404514
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=9

0001-src-firewall-core-Drop-unneeded-python-shebangs.patch

@@ -1,40 +0,0 @@
-From 705742816112dffefd3233f2c8dda7c845c6e8b3 Mon Sep 17 00:00:00 2001
-From: Markos Chandras <mchandras@suse.de>
-Date: Tue, 31 May 2016 10:08:28 +0100
-Subject: [PATCH] src: firewall: core: Drop unneeded python shebangs
-
-The fw_ifcfg and fw_nm files are not supposed to be executed as
-standalone files but rather imported by the main firewalld code so drop
-the python shebangs. This also fixes a warning when building firewalld
-in openSUSE OBS:
-
-firewalld.noarch: W: non-executable-script
-/usr/lib/python2.7/site-packages/firewall/core/fw_nm.py 644 /usr/bin/python
-firewalld.noarch: W: non-executable-script
-/usr/lib/python2.7/site-packages/firewall/core/fw_ifcfg.py 644 /usr/bin/python
----
- src/firewall/core/fw_ifcfg.py | 1 -
- src/firewall/core/fw_nm.py    | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
-index 442a6cc..33794a7 100644
---- a/src/firewall/core/fw_ifcfg.py
-+++ b/src/firewall/core/fw_ifcfg.py
-@@ -1,4 +1,3 @@
--#!/usr/bin/python
- # -*- coding: utf-8 -*-
- #
- # Copyright (C) 2010-2016 Red Hat, Inc.
-diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py
-index 38ef8fd..3df94c4 100644
---- a/src/firewall/core/fw_nm.py
-+++ b/src/firewall/core/fw_nm.py
-@@ -1,4 +1,3 @@
--#!/usr/bin/python
- # -*- coding: utf-8 -*-
- #
- # Copyright (C) 2010-2016 Red Hat, Inc.
--- 
-2.8.3
-

0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch

@@ -1,35 +0,0 @@
-From 9ed2c18357d45f8ec1f11723a1d98377387c1039 Mon Sep 17 00:00:00 2001
-From: Markos Chandras <mchandras@suse.de>
-Date: Tue, 31 May 2016 11:14:06 +0100
-Subject: [PATCH] firewall: core: fw_ifcfg: Quickly return if ifcfg directory
- does not exist
-
-It's possible for the ifcfg directory to be missing or named differently
-so do not try to access it if it does not exist. This avoid warnings
-during firewalld start up like the following one:
-
-ERROR: Calling post func <function ifcfg_set_zone_of_interface at
-0x7fb2f0d4fc80> (('', 'enp3s0')) failed: [Errno 2] No such file or
-directory: '/etc/sysconfig/network-scripts'
----
- src/firewall/core/fw_ifcfg.py | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
-index 33794a7..0b049a6 100644
---- a/src/firewall/core/fw_ifcfg.py
-+++ b/src/firewall/core/fw_ifcfg.py
-@@ -32,6 +32,10 @@ from firewall.core.io.ifcfg import ifcfg
- def search_ifcfg_of_interface(interface):
-     """search ifcfg file for the interface in config.IFCFGDIR"""
- 
-+    # Return quickly if config.IFCFGDIR does not exist
-+    if not os.path.exists(config.IFCFGDIR):
-+        return None
-+
-     filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
-     if os.path.exists(filename):
-         ifcfg_file = ifcfg(filename)
--- 
-2.8.3
-

0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch

@@ -1,72 +0,0 @@
-From dbc30dd2dfee1b4b662aa997cee6a6cb59aa559f Mon Sep 17 00:00:00 2001
-From: Thomas Woerner <twoerner@redhat.com>
-Date: Tue, 7 Jun 2016 16:19:20 +0200
-Subject: [PATCH] firewall.core.fw_nm: Hide NM typelib import, new
- nm_get_dbus_interface function
-
-The typelib import of NM should not be added to __all__. The new function
-nm_get_dbus_interface has been added to be able to add a signal receiver for
-NetworkManager firewall-config and firewall-applet.
-
-Fixes: #119
----
- src/firewall-applet        | 2 +-
- src/firewall-config        | 2 +-
- src/firewall/core/fw_nm.py | 9 +++++++--
- 3 files changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/firewall-applet b/src/firewall-applet
-index a078df8..1cf4633 100755
---- a/src/firewall-applet
-+++ b/src/firewall-applet
-@@ -550,7 +550,7 @@ class TrayApplet(QtGui.QSystemTrayIcon):
-         if nm_is_imported():
-             self.bus.add_signal_receiver(
-                 self.nm_signal_receiver,
--                dbus_interface=NM.DBUS_INTERFACE,
-+                dbus_interface=nm_get_dbus_interface(),
-                 signal_name='PropertiesChanged',
-                 member_keyword='member')
-         self.nm_signal_receiver()
-diff --git a/src/firewall-config b/src/firewall-config
-index b69c69f..e25b058 100755
---- a/src/firewall-config
-+++ b/src/firewall-config
-@@ -1250,7 +1250,7 @@ class FirewallConfig(object):
-         if nm_is_imported():
-             self.fw.bus.add_signal_receiver(
-                 self.nm_signal_receiver,
--                dbus_interface=NM.DBUS_INTERFACE,
-+                dbus_interface=nm_get_dbus_interface(),
-                 signal_name='PropertiesChanged',
-                 member_keyword='member')
-         else:
-diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py
-index 3df94c4..8a8043b 100644
---- a/src/firewall/core/fw_nm.py
-+++ b/src/firewall/core/fw_nm.py
-@@ -21,10 +21,10 @@
- 
- """Functions for NetworkManager interaction"""
- 
--__all__ = [ "NM", "check_nm_imported", "nm_is_imported",
-+__all__ = [ "check_nm_imported", "nm_is_imported",
-             "nm_get_zone_of_connection", "nm_set_zone_of_connection",
-             "nm_get_connections", "nm_get_connection_of_interface",
--            "nm_get_bus_name" ]
-+            "nm_get_bus_name", "nm_get_dbus_interface" ]
- 
- import gi
- try:
-@@ -164,3 +164,8 @@ def nm_get_bus_name():
-     except Exception as msg:
-         log.debug2("Failed to get bus name of NetworkManager")
-     return None
-+
-+def nm_get_dbus_interface():
-+    if not _nm_imported:
-+        return ""
-+    return NM.DBUS_INTERFACE
--- 
-2.8.3
-

_service

@@ -1,7 +0,0 @@
-<services>
- <service name="verify_file" mode="localonly">
-  <param name="file">firewalld-0.4.2.tar.bz2</param>
-  <param name="verifier">sha1</param>
-  <param name="checksum">d730129f592059ee97fc158861b44f8e7b201027</param>
- </service>
-</services>

firewalld-0.4.2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:329e44b7d8de2400222d602d6c87c368865531ffe4004c392803dbe55717068e
-size 649581

firewalld-0.4.3.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:853cc324f08a5daf60316bb9cdd5f27e899e17418d69d294adc9495755788c69
+size 666926

firewalld.changes

@@ -1,3 +1,67 @@
+-------------------------------------------------------------------
+Wed Jun 22 14:15:29 UTC 2016 - mchandras@suse.de
+
+- Update to version 0.4.3
+  * New firewallctl utility (RHBZ#1147959)
+  * doc.xml.seealso: Show firewalld.dbus in See Also sections
+  * firewall.core.fw_config: Create backup on zone, service, ipset and icmptype removal (RHBZ#1339251)
+  * {zone,service,ipset,icmptype}_writer: Do not fail on failed backup
+  * firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd
+  * firewall-cmd: Dropped duplicate setType call in --new-ipset
+  * radius service: Support also tcp ports (RBZ#1219717)
+  * xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset sources
+  * config.xmlschema.service.xsd: Fix service destination conflicts (RHBZ#1296573)
+  * firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg
+  * firewall.command: Only print summary and description in print_X_info with verbose
+  * firewall.command: print_msg should be able to print empty lines
+  * firewall-config: No processing of runtime passthroughs signals in permanent
+  * Landspace.io fixes and pylint calm downs
+  * firewall.core.io.zone: Add zone_reader and zone_writer to all, pylint fixes
+  * firewall-config: Fixed titles of command and context dialogs, also entry lenths
+  * firewall-config: pylint calm downs
+  * firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit
+  * firewall-config: Use self.active_zoens in conf_zone_added_cb
+  * firewall.command: New parse_port, extended parse methods with more checks
+  * firewall.command: Fixed parse_port to use the separator in the split call
+  * firewall.command: New [de]activate_exception_handler, raise error in parse_X
+  * services ha: Allow corosync-qnetd port
+  * firewall-applet: Support for kde5-nm-connection-editor
+  * tests/firewall-offline-cmd_test.sh: New tests for service and icmptype modifications
+  * firewall-offline-cmd: Use FirewallCommand for simplification and sequence options
+  * tests/firewall-cmd_test.sh: New tests for service and icmptype modifications
+  * firewall-cmd: Fixed set, remove and query destination options for services
+  * firewall.core.io.service: Source ports have not been checked in _check_config
+  * firewall.core.fw_zone: Method check_source_port is not used, removed
+  * firewall.core.base: Added default to ZONE_TARGETS
+  * firewall.client: Allow to remove ipv:address pair for service destinations
+  * tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent
+  * firewall-cmd: Landscape.io fixes, pylint calm downs
+  * firewall-cmd: Use FirewallCommand for simplification and sequence options
+  * firewall.command: New FirewallCommand for command line client simplification
+  * New services: kshell, rsh, ganglia-master, ganglia-client
+  * firewalld: Cleanup of unused imports, do not translate some deamon messages
+  * firewalld: With fd close interation in runProg, it is not needed here anymore
+  * firewall.core.prog: Add fd close iteration to runProg
+  * firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface function
+  * firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib
+  * firewall-config: New add/remove ipset entries from file, remove all entries
+  * firewall-applet: Fix tooltip after applet start with connection to firewalld
+  * firewall-config: Select new zone, service or icmptype if the view was empty
+  * firewalld.spec: Added build requires for iptables, ebtables and ipset
+  * Adding nf_conntrack_sip module to the service SIP
+  * firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist
+  * Drop unneeded python shebangs
+  * Translation updates
+- Remove obsolete patches:
+  * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
+  * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
+  * 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
+- Add missing %{?_smp_mflags} during install. This will speed up
+  the installation phase as well as expose build system's problems
+  due to higher level of parallelism.
+- Run make during %build to ensure missing documentation is generated.
+- spec file cleanups.
+
 -------------------------------------------------------------------
 Wed Jun  8 08:10:11 UTC 2016 - mchandras@suse.de
 

firewalld.spec

@@ -17,22 +17,13 @@
 
 
 Name:           firewalld
-Version:        0.4.2
+Version:        0.4.3
 Release:        0
 Summary:        A firewall daemon with D-Bus interface providing a dynamic firewall
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 Url:            http://www.firewalld.org
 Source:         https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2
-# PATCH-FIX-UPSTREAM: 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
-# Drop python shebangs
-Patch0:         0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
-# PATCH-FIX-UPSTREAM: 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
-# Do not access the ifcfg directory if it does not exist
-Patch1:         0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
-# PATCH-FIX-UPSTREAM: 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
-# Hide unneeded NM dependencies
-Patch2:         0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
 BuildRequires:  desktop-file-utils
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  gettext
@@ -42,6 +33,7 @@ BuildRequires:  hicolor-icon-theme
 BuildRequires:  intltool
 BuildRequires:  libxslt-tools
 BuildRequires:  python-devel
+BuildRequires:  systemd-rpm-macros
 # Adding tools to BuildRequires as well so they can be autodetected
 # even though it is probably unlikely for paths to change in the future
 BuildRequires:  ebtables
@@ -59,7 +51,6 @@ Requires(post): %fillup_prereq
 Recommends:     %{name}-lang
 Suggests:       susefirewall2-to-firewalld
 BuildArch:      noarch
-BuildRequires:  systemd-rpm-macros
 
 %description
 firewalld is a firewall service daemon that provides a dynamic customizable
@@ -93,15 +84,16 @@ firewalld.
 
 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
 
 %build
 %configure --enable-sysconfig --enable-rpmmacros
 
+# Normally documentation is shipped but this will ensure that missing
+# files will be generated.
+make %{?_smp_mflags}
+
 %install
-make DESTDIR=%{buildroot} install
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
 
 %py_compile %{buildroot}
 
@@ -123,6 +115,9 @@ ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcfirewalld
 rm %{buildroot}%{_rpmconfigdir}/macros.d/macros.firewalld
 install -D -m644 config/macros.firewalld %{buildroot}%{_sysconfdir}/rpm/macros.firewalld
 
+# Temporary fix for gh#t-woerner/firewalld#127
+cp doc/man/man1/firewallctl.1 %{buildroot}%{_mandir}/man1/
+
 %find_lang %{name} --all-name
 
 %pre
@@ -178,6 +173,7 @@ fi
 %{_sbindir}/rcfirewalld
 %{_bindir}/firewall-cmd
 %{_bindir}/firewall-offline-cmd
+%{_bindir}/firewallctl
 %dir %{_datadir}/bash-completion/completions
 %{_datadir}/bash-completion/completions/firewall-cmd
 %{_libexecdir}/firewalld/xmlschema/*.xsd
@@ -219,6 +215,7 @@ fi
 %{python_sitelib}/firewall/server/*.py*
 %{_mandir}/man1/firewall*cmd*.1*
 %{_mandir}/man1/firewalld*.1*
+%{_mandir}/man1/firewallctl*.1*
 %{_mandir}/man5/firewall*.5*
 
 %files -n firewall-applet
@@ -231,6 +228,7 @@ fi
 %{_mandir}/man1/firewall-applet*.1*
 
 %files -n firewall-config
+%defattr(-,root,root)
 %dir %{_datadir}/firewalld
 %defattr(0644,root,root)
 %attr(0755,root,root) %{_bindir}/firewall-config
@@ -245,5 +243,6 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %files lang -f %{name}.lang
+%defattr(-,root,root)
 
 %changelog